Re: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez without Consent
You may be interested in getting acquainted with the fact that life is possible (it's actually stupendously better) without crapware. On Thu, Sep 6, 2012 at 2:09 PM, Jeffrey Walton noloa...@gmail.com wrote: The company that writes the worlds most insecure software [1,2,3] has figured out a way to further increase an attack surface. Adobe now includes additional warez in their updates without consent. The warez includes a browser and tools bar. The attached image is what I got when I agreed to update Adobe Flash because of recent security vulnerability fixes. It appears Adobe has become a whore to Google like Mozilla. +1 Adobe. [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com. [2] http://web.nvd.nist.gov/view/vuln/search-results?query=adobesearch_type=allcves=on [3] http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
Mission accomplished. Corporatocrat White House puppet, the Times once more manages to distract even conscious American citizens, removing focus of what really matters, that is, an imminent *real* war against China: http://www.bbc.co.uk/news/world-us-canada-18305750 On Mon, Jun 4, 2012 at 3:52 PM, Jeffrey Walton noloa...@gmail.com wrote: https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program. Hasan Sarbakhshian/Associated Press Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet. At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised. ... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
Time will tell. 8 years, 10 years. That may seem medium-term in face of human beings' average life expectancy. My remark was about historical moments. Beware, Americans. That is not Candid Camera stuff. ... None are more hopelessly enslaved than those who falsely believe they are free... — Goethe On Tue, Jun 5, 2012 at 4:43 PM, valdis.kletni...@vt.edu wrote: On Tue, 05 Jun 2012 16:20:04 -0300, Marcio B. Jr. said: really matters, that is, an imminent *real* war against China: http://www.bbc.co.uk/news/world-us-canada-18305750 One could equally well read that as We're fed up and about to pound North Korea even further back into the Stone Age. Also, a move of 10% of the navy over the next 8 years doesn't translate to imminent. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
On Tue, Apr 24, 2012 at 11:07 AM, Jim Harrison j...@isatools.org wrote: IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. It would be less inconsistent if their main web services were open source. At least we would have sort of a Bazaar model. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
Hi Levente, On Thu, Jan 26, 2012 at 8:25 AM, Levente Peres sheri...@sansz.org wrote: On 01/26/2012 03:04 AM, Marcio B. Jr. wrote: On Wed, Jan 25, 2012 at 6:53 PM, Levente Peressheri...@sansz.org wrote: This will give decision makers EXACTLY what they WANT. Those who have already given up democracy think that way. I don't want to get into any conspiracy theory - either one thinks that way or doesn't, but if you look at the patterns, then let's just say that strong interest groups somehow always seem to get past these democratic barriers to create situations in which they can generate profit. conspiracy theory?? let's just say?? That happens. It is, say, a fact. Fortunately, most of the time they still need to play for the public and ask nicely first before they can do whatever they damn well please. Wrong. Corporations do whatever they please, and that is achieved through propaganda, which in turn, prepares the masses to think they are being asked nicely. But I feel that is changing. Yes, it's getting internationally worst. Search for ACTA. One crackdown we're living in. Goal is: keeping knowledge away from the people. Yes, we have such thing as democracy out there Where is it? Switzerland maybe? The kibbutzim of Israel? - but we also have self-interest, and this self-interest also exists in officials, and it can be exploited. And non-officials can react to that. Lately, after Wikipedia and many others stood by the people, peacefully but with great resolve, public will has won. Not necessarily because that was the will of the people - to have none of PIPA etc... - Not the people as a whole (which would be ideal) but a small part of it who is trying to participate more often in wide scope decisions. but more likely because we have triggered this protection of self interest in the officials. Which is still a will. Quite simply, elected ones got afraid of not being re-elected, or just going too far and getting into something they cannot handle with a popular face. They appeared to have no valid moral reason anymore to cooperate with the passing, so they bailed out. That is not democracy but a rotten representative system. Masses were taught to accept it as fair. But these interest groups know that officials also have a mandate to protect security, which is a largely different matter. Man, why you keep separating officials from interest groups? They are the same thing. SAME THING. If they can picture it so that security's being violated somehow, and start making enough noise about security and telling people that you could be attacked next as so on, then quite simply, people will start demanding them to do whatever they wanted to do in the first place. Naivety detected. Conglomerates' propaganda indoctrinates most of the people to see insecurity and fear where and when is appropriate. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On Wed, Jan 25, 2012 at 6:53 PM, Levente Peres sheri...@sansz.org wrote: This will give decision makers EXACTLY what they WANT. Those who have already given up democracy think that way. People must choose (participate more often in decision making), not a few conglomerates' puppets. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT: Firefox question / poll
On Tue, Dec 20, 2011 at 3:40 PM, Charles Morris cmor...@cs.odu.edu wrote: Do you think that the Firefox warning: unresponsive script is meant as a security feature or a usability feature? Good question. A secure usability feature ;-) for it covers both human patience and software application's stability. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Welcome to Shuttleworth's real open software. #traceability On Wed, Nov 16, 2011 at 4:23 PM, Olivier feui...@bibibox.fr wrote: Hi list, Backdoors in ubuntu are now called features : https://answers.launchpad.net/ubuntu/+source/lightdm/+question/175756 Unfortunately remote SSH connection are not allowed, I suggest guest account to be silently add in /etc/shadow for 12.04. It could be the best Ubuntu April fool ever. Maybe calibre could also be installed by default, for a root shell out of the box. -- Olivier ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure - sick of your nonsense
faggot... On Wed, Oct 5, 2011 at 8:31 PM, Sam Goody trashm...@hush.com wrote: Dude, I think many people including myself are sick of your nonsense on top of trying to provoke fights on full-disc. This list is not for chatting and 90% of what you've written is subpar. Please keep the nonsense to yourself. You will now be added to the n3td3v e-mail black list. Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
PrivacyProtect [dot] org → traditionally involved with crap. On Fri, Aug 26, 2011 at 11:02 PM, Juan Sacco jsa...@insecurityresearch.com wrote: We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Geolocation storage
On Wed, Apr 20, 2011 at 4:41 PM, Michael Holstein michael.holst...@csuohio.edu wrote: Pretty scary btw. I hope there's not the equivalent for Android. anyone can git the android repository and look at the source I'm sorry? http://www.zdnet.com/blog/google/google-android-30-honeycomb-open-source-no-more/2845 Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Geolocation storage
On Wed, Apr 20, 2011 at 10:27 PM, Zach C. fxc...@gmail.com wrote: On Wed, Apr 20, 2011 at 6:04 PM, Marcio B. Jr. marcio.barb...@gmail.com wrote: On Wed, Apr 20, 2011 at 9:45 PM, Zach C. fxc...@gmail.com wrote: That only seems to apply to Android 3.x, only seems to apply is a sloppy euphemism. Correct sentence is: IT DOES APPLY. I guess context is for the weak, since Android 2.3 (the latest non-3.x version) source is out ( http://www.androidcentral.com/samsung-releases-gingerbread-source-code-i9000 ), and the source was also released for all previous versions -- specifically, every version except 3.0. So, it applies to Android 3.0, sure, but that's the only version it applies to, and Google indicates they will be releasing source when it's actually finished and ready to be released on all the platforms Android currently runs on. Alright, you state context is for the weak and soon after that, you agree with me. That's really fantastic, Google-boy. Well, considering every version prior is more prevalent than 3.0 is, and Google will be releasing source... Cut all that enthusiastic mumbo-jumbo crap. Say WHEN it's going to happen (if so). When will Honeycomb's sources be available? But keep clutching that teddy-bear of spiteful vindication that Google didn't release the source code for *one* version of Android! This one version happens to be the latest. Moreover, I really want to bow to your proselytism but I see no sensible reason for hiding Honeycomb. Oh mommy, GSoC rules! Google is so into FOSS! They sure are. :D Quod erat demonstrandum. On Wed, Apr 20, 2011 at 5:34 PM, Marcio B. Jr. marcio.barb...@gmail.com wrote: On Wed, Apr 20, 2011 at 4:41 PM, Michael Holstein michael.holst...@csuohio.edu wrote: Pretty scary btw. I hope there's not the equivalent for Android. anyone can git the android repository and look at the source I'm sorry? http://www.zdnet.com/blog/google/google-android-30-honeycomb-open-source-no-more/2845 Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Materials regarding Cyber-war
By the way, if you have kernel sources installed mainly, interesting stuff appears when you grep warfare as root: # grep --recursive --ignore-case -s warfare / including some SPACE NAVAL WARFARE SYSTEMS' drivers' information and all. Oh, and espionage is a part of the thing, not a distinct subject. Regards, On Wed, Mar 23, 2011 at 5:33 PM, coderman coder...@gmail.com wrote: On Wed, Mar 23, 2011 at 12:22 PM, imipak imi...@gmail.com wrote: ... *cough* http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/ re: The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran. A web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP. The server in question stopped responding to requests shortly after the certificate was revoked While the involvement of two IP addresses assigned to Iranian ISPs is suggestive of an origin, this may be the result of an attacker attempting to lay a false trail. iran is pretty incompetent in most information technology respects. odds strongly favor pwn hops through their unmonitored, unmaintained, unhardened, sloppy conglomerations of servers and switches...* and, i suppose we can add RSA to the thread: http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html although any time someone blames ADVANCED persistent threat i like to recall fondly the Aleatory threat, https://media.blackhat.com/bh-us-10/presentations/Waisman/BlackHat-USA-2010-Waisman-APT-slides.pdf if you've been lazy on infosec, opsec for a while without calamity by sheer luck, this is definitely the year your luck will run out. lazy == pwned * like all generalizations this is false. , in whole yet frequently true in parts. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
Such a gay thread subject, ain't it? On Fri, Dec 24, 2010 at 11:24 PM, Marsh Ray ma...@extendedsubset.com wrote: On 12/24/2010 07:08 PM, Dan Kaminsky wrote: Don't we have hardware RNG in most motherboard chipsets nowadays? (Not that you should exclusively trust it, but the nature of RNG's is that it's easy to mix in sources.) Haha, you're going to love this: http://code.bsd64.org/cvsweb/openbsd/src/sys/dev/rnd.c?rev=1.106;content-type=text%2Fplain switch(minor(dev)) { case RND_RND: ret = EIO; /* no chip -- error */ break; case RND_SRND: case RND_URND: case RND_ARND_OLD: case RND_ARND: arc4random_buf(buf, n); break; default: ret = ENXIO; } - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
Well, awesome. This sounds near-identical to some issues that the Sun JRE had a few years back[1]. I wonder if the code shares a common lineage? :) Yes, Chris, though unnecessary (the lineage), it makes sense, really. And this is due to Adobe and Sun, partnering in the ICC's foundation. Regards, On Thu, Oct 7, 2010 at 2:05 AM, Chris Evans scarybea...@gmail.com wrote: On Wed, Oct 6, 2010 at 11:28 AM, ZDI Disclosures zdi-disclosu...@tippingpoint.com wrote: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-191 October 6, 2010 -- CVE ID: CVE-2010-3621 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0x a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process. Well, awesome. This sounds near-identical to some issues that the Sun JRE had a few years back[1]. I wonder if the code shares a common lineage? :) Cheers Chris [1] - http://scary.beasts.org/security/CESA-2006-004.html http://scary.beasts.org/misc/jdk/badicc.jpg (And additional integer problems not released at the time) http://scary.beasts.org/misc/jdk/badicc2.jpg http://scary.beasts.org/misc/jdk/badicc3.jpg http://scary.beasts.org/misc/jdk/badicc4.jpg http://scary.beasts.org/security/CESA-2007-005.html In addition, there have been plenty of bugs against lcms[2] and Apple's ICC profile parser. So it seems like ICC profile parsing is hard ;-) [2] - http://scary.beasts.org/security/CESA-2009-003.html -- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb10-21.html -- Disclosure Timeline: 2010-06-23 - Vulnerability reported to vendor 2010-10-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sebastian Apelt (www.siberas.de) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/