Re: [Full-disclosure] Warning is about vulnerability

[Jubei Trippataka]

You are the Borat of FD.



2011/6/4 Григорий Братислава 

> Hello is list!!
>
> I is like to warn you is about vulnerability. Is vulnerability is what
> get Sony, RSA, L3, Google and is Hilary Clinton hacked. Please is
> watch vulnerabilities and is never forgot when is you use !! many
> times, is many more take your advisories is serious!!
>
> http://www.thinkgeek.com/tshirts-apparel/unisex/popculture/78c6/
>
> --
>
> `I am epic win`
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Andrew Auernheimer aka weev accused of peddling kiddie porn, sexual blackmail against woman

[Jubei Trippataka]

You could probably find a My Little Pony list somewhere, princess.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 0-day "vulnerability"

[Jubei Trippataka]

zero day can happen to anyone.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] African ISP SekuritY

[Jubei Trippataka]

A password dump by any other name would smell as sweet.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Identifying handler and agency of police informant?

[Jubei Trippataka]

Tell them your mom says that they have to stop it.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Tool] - inundator - an intrusion detection false positives generator.

[Jubei Trippataka]

Want yet another go at replying to try and salvage what little credibility
you have left? Or you just going to accept you got worked.

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

[Jubei Trippataka]

On Tue, Jun 22, 2010 at 9:41 PM,  wrote:

> On Tue, 22 Jun 2010 12:55:25 +1000, "Ivan ." said:
> > Security is as easy as that..
> >
> >
> http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490
>
> OK. I'll bite.
>
> 1) What antivirus are they going to force me to install on my Fedora
> laptop?
>
> 2) How will they verify the presense of A/V software on a properly
> firewalled
> system?
>
> 3) If the answer to (2) is "run some sort of agent software on every box",
> in how many different ways can this end badly?
>
>
Trust you to break through the idealistic AV discussion with an ACTUAL
logical implementation question. Shame on you! You've just made Belinda's
shitlist.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Andrew???

[Jubei Trippataka]

But if you look like this you deserve it:

http://pics.livejournal.com/weev/pic/00090a2r/s640x480

Funny cuz it's true.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

[Jubei Trippataka]

They had a committee working on this for a year and that's the best they
could come up with? HAHAHAHA.

Belinda Neal - With idiots like you and your colleagues tackling this issue,
tax payers deserve to burn you at the stake. BTW... are you really a du0d?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[Jubei Trippataka]

On Wed, Mar 24, 2010 at 1:05 AM,  wrote:

> Could you please stop all this fucking noise ?
> On such a mailing-list people want to read of technical facts, not all
> this shit that has been polluting the list recently.
> Retarted teens and computer nuts, please get out of here.
>
> Thanks.
>
>

Recently? This list has always been like this... You must be new. STFU and
enjoy your stay :-)

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] about jit and dep+aslr

[Jubei Trippataka]

No u.

Yuange - opt out you useless dogshit.

2010/2/5 Charles Skoglund 

>  Ravi stop being a douchebag
>
>
>
> On 2/5/10 11:58 AM, "yuange"  wrote:
>
> My native language is not English, if  Full-disclosure rejected the
> non-English connection, I can opt out!
>
> --
> Date: Fri, 5 Feb 2010 10:28:46 +0100
> Subject: Re: [Full-disclosure] about jit and dep+aslr
> From: ravi.borgaon...@gmail.com
> To: yuange1...@hotmail.com
>
> dude,
>
> dont you know that we speak english on Full-Disclosure list.
>
> R
>
> 2010/2/5 yuange 
>
>
>
> http://hi.baidu.com/yuange1975/blog/item/4e57c3c2474a183ee5dd3b58.html
>
> --
> 更多热辣资讯尽在新版MSN首页！ 立刻访问！ 
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> 搜索本应是彩色的,快来体验新一代搜索引擎-必应,精美图片每天换哦! 立即试用！ 
>
> --
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [gif2png] long filename Buffer Overrun

[Jubei Trippataka]

On Mon, Dec 14, 2009 at 6:14 AM, Razuel Akaharnath  wrote:

> Oh I see, Funny... this needs to be brought in notice of the original
> creator to fix the upstream version.
>
>
Posting other peoples bugs for fame! HAHAHAHAHAHAHA.

Love your tekneeqz!

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple ptrace panic PoC - R.I.P str0ke

[Jubei Trippataka]

"There are people at the end of the computers. Don't ever forget it."

Did you and them get your degree from the same university of trolls?
>
> I have mistaken nothing for nothing. Fuck you.
>
>
Regardless, you should have known he wasn't dead. Your tongue is so far up
his ass didn't you feel he was still at 37c ?

You remind me of: LEAVE BRITNEY ALONE

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event

[Jubei Trippataka]

What the fuck is this world coming to. A million plagues to whoever
complained. Yahoo don't apologize for shit!

The dude in the photo looks sus too, pocket rocket titties right in front
and he's looking at the nerds on the sideline. Don't worry faggot, Jesus
isn't crying for you.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] milw0rm

[Jubei Trippataka]

str0ke phone home!

All of the security industries pen testers are losing valuable business!

Perhaps str0ke is locked up someones basement being sodomized by a gimp.


On Tue, Oct 20, 2009 at 7:06 AM, xsr  wrote:

>
> The french blog url was posted in July, i think i've read somewhere that
> str0ke had changed his mind after that to continue milw0rm again. For a
> site, even being referenced by cve.mitre, i still fail to understand the
> current update delay though.
>
>
> --
> xsr
>
>
-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd

[Jubei Trippataka]

> WTF is up with this mailing list? I signed up a few weeks ago expecting
> "full disclosure" of security exploits or at least good security discussion.
> Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be.
>
> BMF
>
>
>
Im sorry, all I read there was WHINE WHINE FUCKIN WHINE.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] AntiSec Lamers Exposed

[Jubei Trippataka]

On Tue, Jul 28, 2009 at 12:54 PM, antisec exposed
wrote:

>
> Also may I add, Mr. Romeo's real ip address usage on some other lame
> "antisec" forum he frequents. The lil idiot is so arrogant and thinks he is
> so untouchable he does not even use proxies:
> Used between the dates of 5-10-09 to 7-10-09
>
> You think this info is not useful to FBI mr FaGeO? Think again...
>
> 188.50.41.73
> 87.109.227.67
> 77.30.176.89
> 77.30.226.251
> 77.31.57.64
> 77.30.128.170
> 77.30.182.53
> 77.30.188.173
> 77.30.180.169
> 77.30.195.91
> 212.71.37.110
> 87.109.134.196
> 77.30.143.27
> 77.31.98.221
> 188.52.58.14
> 188.50.84.224
>


How Tsutomu Shimomura of you. Please show us more kung-fu!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability

[Jubei Trippataka]

On Fri, Feb 27, 2009 at 5:04 PM, bob jones  wrote:

> http://uninformed.org/?v=4&a=5&t=sumry
>
>
This exploitation relies on the ability to have the top-level UEF point to
an arbitrary address which hopefully you have the ability to control. The
NULL pointer is only used as a mechanism to trigger the exception necessary
to execute code where the handler now points. This doesn't need to be a NULL
deref, it can be any unhandled exception. I guess you could compare the NULL
pointer in this situation to a memory leak necesary to exploit another
condition. The memory leak itself wouldn't be called a vulnerability, it's
just used instrumentally to assist in exploitation. In this paper the NULL
pointer is used to assist in the exploitation of a hijacked UEF by
triggering the unhandled exception.

My original point stands, the NULL pointer dereference can be used to assist
in another explotiation, but in itself is not a vulnerability.

Do you disagree?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability

[Jubei Trippataka]

>
>
> I'll clarify for everyone since you seem lost.
> EVERYONE, THE NULL POINTER DOES NOT GET DEREFERENCED. It only
> gets referenced. And Jubei isn't even sure a null pointer is involved
> at all =)
>
> With that out of the way, I'd just like to say that I only meant to
> encourage people to check out an excellent paper. I didn't mean to say
> anything related to your argument other than to say that that
> paper is a must-read. If you can't appreciate that, why the fuck are you
> on F-D? Think about it.
>
>
>
I'm didn't even comment on Mark's paper, it is definitely a great piece of
research, there is no doubt. It's just that some people have read this paper
and thought, wow, all those NULL bugs are now exploitable. It's important to
separate these bug classes.

I'd even go to say that while this paper is a must-read, please also spend
some time understanding it, otherwise don't bother.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability

[Jubei Trippataka]

On Fri, Feb 27, 2009 at 12:26 PM,  wrote:

> BM_X-Force_WP_final.pdf is called "Application-Specific Attacks:
> Leveraging the ActionScript Virtual Machine" and if you haven't read it,
> you should. It'll make you smile.
>
>
>
OK, and what about this vulnerability makes use of a NULL pointer? This goes
to show the shallow exploitation knowledge of this community. If you
actually understood the paper it's (NULL + offset). This is NOT the same as
a plain NULL deref bug. Also, you need to be able to map the NULL address,
so I ask again, in examples such as this, in users-space apps name one
exploitable condition.


-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability

[Jubei Trippataka]

On Fri, Feb 27, 2009 at 10:54 AM, jf  wrote:

> also keep in mind that null ptr deref's can sometimes be exploitable--
> especially on certain processors that store important things at 0x0;
> of which, from what i recall, the iphone is one.
>
>
Can you please give one example of a NULL deref that was exploitable?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability

[Jubei Trippataka]

Why does the industry incessantly call any bug a "DoS Vulnerability". Why
are these bugs even published to a security mailing list and not privately
dealt with by the vendor? Just because a bug class can crash an application
doesn't make it a security issue.

Does this frustrate anyone else?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Exploiting buffer overflows via protected GCC

[Jubei Trippataka]

>
>
> > memset(buf, 'A', 528);
>
> Don't do that.  This sort of "whoops" is exactly what the gcc SSP canary is
> designed to stop.
>

I could comment on this, but... I'll leave it.


>
> > I have googled my brains out for a solution, but all I have gathered is
> that
> > my Ubuntu's gcc is compiled with SSP and everytime I try to overwrite the
> > return address it also overwrites the canary's value, and triggers a stop
> in
> > the program. I've disassembled it and anybody who can help me probably
> > doesn't need me to explain much more, but I would like to know a way to
> get
> > this. There seems to be some people on this list who may know something
> on
> > how to exploit on *nix systems with this protection enabled.
>
> What you want to do is be more precise in your splatting.  Instead of
> one memset, see if you can come up with a way to do *two* memsets, which
> leave your stack looking like:
>
>  'A' (above the canary)
>  <4 unmolested bytes of canary>
>  'A' (below the canary)
>
> Of course, if you're trying to exploit already-existing code, you probably
> only have one memset/strcpy you can abuse, and the starting address of the
> destination is already nailed down, which means you need to fill in the
> 4 bytes of canary correctly.  This means you need to find a way to obtain
> the value so you can use it.  One hint - sometimes you're better off
> targeting
> the stack frame 2 or 3 function calls back, rather than the *current*
> frame.
>
>
You commenting on exploitation is kind of like asking a deaf person what
their favorite song is. You obviously have no clue what you are talking
about due to the fact you offered absolutely no insight in to the protection
mechanism he was asking about, nor potential means of exploitation. Given
this the real question remains, do you actually believe you have any clue
about this stuff, or are you like Wallace and just want to post useless
shit?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Barack Obama

[Jubei Trippataka]

On Fri, Jan 23, 2009 at 6:06 AM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> I'm the only one who thinks cyber security politics are allowed on
> full-disclosure?
>
>
>
You're the only one on this list that thinks a lot of things.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] mr wallace must be stopped and i know how

[Jubei Trippataka]

Anyone that can cop that much abuse and prosper has to be extremely
sadomasochistic. The delusion that a blogger such as Mr Wallace somehow
contributes to the security community is hilarious at first and when the
comical side clears you have that pathetic little failed abortion asking why
he's the target of abuse. To be honest, I'd rather have my children babysat
by Josef Fritzel than take security advice from this schizo.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] News for Ureleet

[Jubei Trippataka]

On Fri, Dec 5, 2008 at 11:49 AM, ghost <[EMAIL PROTECTED]> wrote:

> a wanka mate? well i be a fag from down unda, cheers & jolly ho ol
> chap. This is the only contribution youve made to full-disclosure. So
> whos the useless wanka then? go on back to your bread pudding before i
> take a piss on ya and give you a good rodging.
>


Wrong country, that's all British slang you extra chromosomal piss-freak.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] What Christianity means to me

[Jubei Trippataka]

On Sat, Nov 8, 2008 at 8:55 AM, Michael Krymson <[EMAIL PROTECTED]> wrote:

> Valdis, if you're not careful, going down this route will lead a certain
> spammy/ranty/unwanted someone to have a defense for all his meandering and
> fitful email crap he sends daily. :)
>
> To response, however, let me just say there is something to be said about
> exercising certain skills in appropriate places so as not to waste
> everyone's time and patience. Want an employee who can intelligently dive
> into metaphysics/religion/rhetoric? There are better places to look and/or
> test.
>
>

Intelligence and religion shouldn't be in the same sentence. To even
pretend, yet alone believe, that some pathetic moron has an insight in to
the mindset of a celestial dictator is ridiculous.

Religion may have been a foolish first attempt at science, but the fact that
it still has a place in modern times where science explains so much shows
how subservient people want to be.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Let's make a spy-proof communications infrastructure

[Jubei Trippataka]

>
> Yes as i've been saying already the intelligence services for years like
> MI5, MI6 have been laughing at Full-Disclosure for years about us and the
> media getting excited about internet explorer, fire fox, opera, safari drama
> and the other likes.
>
> While that may be stimulating for some, it hasn't chipped a single inch out
> of the government and the intelligence services.
>
> The biggest government hack of all time? Some faggot weirdo called Gary
> Mckinnon probing the Pentagon and other government networks with a text file
> of manufacturer default passwords, and he is about to be extradited to the
> U.S.A for it and be put in jail for 65 years, lmao!!!
>
> The government are laughing their asses off at how softcore the world elite
> hackers are, we need to crank up a gear and give the government something to
> think about.
>
> I'm not talking about anything illegal or breaking the law, i'm talking
> about lawful critical vulnerability discosure on the mailing lists thats
> going to make the intelligence services and the government wake up and bring
> real credibility to the mailing list.
>
> Right now, folks releasing quicktime flaws and other gay shit, thats so
> 1999, its time to research and disclose stuff thats going to get you stopped
> at passport control and have your vulnerability research taken off you for
> analysis when you plan to do a speech at a security conference etc.
>
> Like say, we need to move away from gay shit, and think about the
> government and the intelligence services, they are currently walking all
> over all of us, its time to get even technically.
>
> All the best,
>
> n3td3v
>
>
Put your money where your mouth is. What have you released that will make
the government respect this list?

Secondly, what does FD and the "world of elite hackers" have in common?
Nothing.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/