[Full-disclosure] Re: Full-Disclosure Digest, Vol 18, Issue 65
Message: 16Date: Sat, 26 Aug 2006 22:23:29 +0100From: Jeb Bush [EMAIL PROTECTED]Subject: [Full-disclosure] Alias update alertTo: full-disclosure@lists.grok.org.ukMessage-ID: [EMAIL PROTECTED]Content-Type: text/plain; charset=ISO-8859-1; format=flowed Update your spy alert scriptsn3td3v alias is being killed off... all vulnerabilities from now onwill be post from the Jeb Bush alias.This falls in line with our 4 year policy. Microsoft stopped Windows 98, so we stop n3td3v and begin Jeb BushJeb Bush is more secure than n3td3v and we're going to be at securityconferences promoting Jeb Bush.Think of it kind of it like the XP Vista transition, its exactly the same. Many thanks-Jeb I mean, the witty ones are flooding me.. Alright, so hence forth I shall be known as Jeb Osama. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Microsoft product vs Microsoft patch
I missed you n3tty :)From: n3td3v [EMAIL PROTECTED] My request to security researchers:I have for a long time now been under the theory that *some* Microsoftpatches once added together outweigh the actual file size of theoriginal Microsoft product. yahoo gmail m$ blah blahContact me (on or off list) to help us get this research compiled and pushedout.Why? what do you have in mind ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: AOL data being mirrored everywhere
Are you n3td3v?? Why all the [EMAIL PROTECTED]@?? he could sue you.Date: Mon, 07 Aug 2006 10:49:20 -0700 From: kaiser scapegoat [EMAIL PROTECTED] Hi, all -AOL released data for 500,000 out in the wild for 500,000:http://tinyurl.com/ky6ekSince it has been widely mirrored, AOL will next find a scapegoat so the public will be more worried about those villains that dared to point out theproblem and mirror the evidence.Here is the instant recipe:1) PR department reaches out to their media contacts. Journalists then tell sensationalist story of hackers or bloggers who mirrored *your* privatedata. AOL worms out of responsibility for letting the data loose in thefirst place by declaring war on the evil bloggers. 2) Now that there's no public support for the blogger, AOL can safely tricka government agency into publicly denouncing the blogger. Since the bloggeris clearly a danger to public safety, the government is allowed to ignore all applicable law. After all their heart was in the right place, and thatmatter's more than an individual's rights. Also, since the press is alreadycommitted to portraying the blogger as a villain, the government knows that they will never have to apologize if they make a mistake. The press has avested interest not to report the error.3) Next AOL's team of corporate lawyers will file a lawsuit. It doesn'tmatter if the lawsuit is frivolous - they are after the PR value of prosecuting on behalf of the public, and reinforcing to the media that theblogger who dared link to the info is the evil one. If the blogger is poor,weak, and has no media platform of their own, then AOL might actually win the lawsuit by default, adding further legitimacy to their public defenderposture.4) The public doesn't understand that killing the messenger only guaranteessuccessful cover ups in the future. And as far as I can tell, they don't care that there is a layer of people who corporations can calculate ashaving no Constitutional rights in this country (if a person can't defendtheir rights, they might as well not exist). AOL's issues management team is weaving these assumptions into their strategy.Scapegoating worked for Kaiser Permanente. It'll work for AOL. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: n3td3v yahoo crap
n3ntl3 wrote : The same happens on Yahoo Messenger file share. If the client cannot connectpeer to peer then the file being sent will be stored on the server as a temp file. The Yahoo system cannot verify that the file has been successfullydownloaded by the intended party, so the file is left on the server, untilYahoo decides to expire the file. What folks were doing is linking the temp files to victims (via any chat or e-mail), the file extension could beanything, so the malicious file was being used in virus and phishing runs.The hacker would keep rotating the temp file storage system, everytime the file expired (which can be hours at a time, enough time to infect and phishyour way through thousands of hosts), therefore you have continued storageof virus and phishing on the Yahoo servers, undetected. The Yahoo virus and phishing detection system trusts 'yahoo.com', so it isn't stored on theiranti-spam url collection system, and even if it did, the unique temp fileURL is changing every rotation, everytime the temp file expires, so the URL is always changing its character, so stayed trusted and stealth. This wasbeing exploited by my connections three or so years ago, although, yahoo wascontacted in private, I think it was treated as a non-issue. Lolz. Can someone check0r it out and tell me it can still be exploited today? :) I'llneed to check0r it out too. Thats Yahoo for you. Sorry to poison a Gmailthread with this, but it just reminded me of what we exploit on Yahoo :) haw haw haw... keep hax0ring peeps. I grew up with the vulnerability in my teenyears, it was so common place, no one thought to report it, but eventually Istopped using Yahoo Messenger temp file storage for when we blocked the peer to peer via our programs, but yeah, I forgot to check if they patched it.Many good lucks and researchingI expect someone with a formal advisoryto be posting what i'm talking about in the coming dazepeace out for now my homies. Long live server side temp file storage on Yahoo, it rocks vxerssocks. Shouts to [EMAIL PROTECTED] who was the security engineer at thetime I reported it to him, so the buck stops at him, I believe the buck should stop with someone in YAHOO, and should not get away with sloppysecurity. [EMAIL PROTECTED] is still off the hook for the Yahoo Financedefacement (which happened last weekend), so I guess henri gets off with the temp storage thingy too. These people are paid thousands of dollars a yearto detect these easy holes before the bad guys. Time and time again, theyget paid even if security incidents keep happening on their turf :) Reject their wage for each month theres a security incident on their turf and youcan be sure they'll suddenly have all the holes reported and patched to[EMAIL PROTECTED] , yahoo stop relying on free-lance securityresearchers to tell your thousands of dollars a year ethical hackers aboutbugs, and make your researchers wokr for their money. The rejected wagepacket for that month should obviously goto the free-lance researcher who showed up the ethical hacker for not detecting the bug before them. Thatwould solve Yahoo security problems once and for all. Yahoo security staff,take it for granted they'll ne given there wage regardless of what happens, that should change, to keep them on their toes and always worried if theregetting paid that month. In the security industry, getting paid should be aearned not assumed. Security companies and corporations need to get tough with employees and security consultants, to make sure standards are kept incheck, to garentee their working 110% to protect your network from attacks.I love you henri and mark, both do great work at yahoo, when you're not being hacked Did your grammar teacher tell you about paragraphs?? Oh wait.. you were attending the [EMAIL PROTECTED]@ classes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Yahoo security consultant shrugs off Yahoo Finance defacement
So you've started with theatre now. Good Good.. I like variation.From: n3td3v [EMAIL PROTECTED]Subject: [Full-disclosure] Yahoo security consultant shrugs off YahooFinance defacementTo: n3td3v [EMAIL PROTECTED]Cc: Yahoo Security Contact [EMAIL PROTECTED],full-disclosure@lists.grok.org.uk Message-ID:[EMAIL PROTECTED]Content-Type: text/plain; charset=ISO-8859-1; format=flowed n3td3v: silence is a sign of ignorancemarkiseiden: it's a sign of being an hour late for something.n3td3v: what about yahoo finance?n3td3v: are you not to blame?n3td3v: you were supposed to be protecting yahoo markiseiden: you're a tedious pain in the ass.Deja vu. n3td3v: yahoo pay you thousands of dollars a year not to get hacked bybrazilian script kiddiesmarkiseiden: well, at least they're brasilian, so they know how tohave a good time.n3td3v: the buck never stops at anyone at yahoo, no one ever gets into trouble markiseiden: you have no standing to make accusations.markiseiden: i'm going now.n3td3v: someone was responsible for keeping those servers securen3td3v: someone failed in their job descriptionmarkiseiden: and it's your job to be witchhunter, accuser, judge, jury and executioner, right?all on a volunteer basis.of course, you'venever had a job in any company working with other people or withactual products.markiseiden: i'm going now.n3td3v: trust me i'll say what i want this is a democratic country i live in n3td3v: i'll put this on fdn3td3v: i'm sick of people getting paid money to secure yahoo and whenthey get hacked no one gets into troublen3td3v: where were yahoo's ethical hackers when yahoo got hacked? n3td3v: scracting their balls looking at their wage packet and sippingon a martinin3td3v: shaken not stirredn3td3v: wankersn3td3v: you were the one who is ment to have automated tools to scannetblocks at least once a week n3td3v: and pen testn3td3v: it looks like the kiddies pen tested for youn3td3v: you can bet they scanned with an automated tool and couldn't believe itn3td3v: they got so excited and made a custom yahoo owned logo n3td3v: got to go, byen3td3v: this just prooves yahoo is worthlessn3td3v: no matter how much money is pumped into securing yahoon3td3v: you let yourselves downn3td3v: the money gone to your headsn3td3v: bye Love ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Continued threat continues
From: n3td3v [EMAIL PROTECTED] Date: Oct 25, 2005 3:59 PMSubject: Continued threat continuesTo: full-disclosure@lists.grok.org.ukIt has been reported via the n3td3v group news wire that the group has surpassed its 600th member, adding to speculation that the group,hosted on the Google Groups network is only going to grow larger.The founder n3td3v since 1999 has been responsible for a number ofvendor-side reported incidents and vulnerabilities on the Google and Yahoo network.We're working with people to making the group as comfortable as possible.Consumers are obviously being attacked via e-mail and IM right nowwith phishing and pharming hacks. Although theres been alot of corporate user hacking going on, its been noted, due to an up raise ofthe Yahoo 360 service.Corporate users with who are socially networking via Yahoo 360 serviceis definitely a threat to corporate security. We can't see any way out of it until Yahoo allows flexibility of privacy level for Yahoo 360,with regards to its public social circle list.Ultimately we've been calling for Yahoo 360 friends list to beviewable by friends only by default. Allowing for this to be changed later, by the consumer and corporate user, after security warnings,which we are also calling for at this time.Right now, Yahoo 360 is a social networking service, with no option tohide your social cirlcles. Many users especially corporate users, are unaware of how exposed they've become to malicious hackers since theservice was launched March.The Yahoo 360 service is allowing users to transfer whole YahooMessenger lists and E-mail address book lists, over to the public Yahoo 360 service, even if the user is unaware of privacycomplications this may cause.Many folks are just unaware to how much information they've beengiving out. Its the responsibility of Yahoo to make those corporate and consumer users on the service aware of what they're doing, beforethey do it, instead of offering to allow users to expose socialcircles on the fly.Alot of this is allowing for phishing and pharming attacks, as well as corporate hacking of employee computers with known and unkwownvulnerabilities.Just don't say mutter the words Yahoo 360 worm, people might get worried.Why are Yahoo helping the growth of global trends when they don't need to, which will also have a side affect on their own users. OMIGAWD!!! You've surpassed all previously known drama-queeniness ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: F-Secure to release XSS potential dangers
Drama queenFrom: n3td3v [EMAIL PROTECTED] Subject: [Full-disclosure] F-Secure to release XSS potential dangersTo: n3td3v [EMAIL PROTECTED]Cc: full-disclosure@lists.grok.org.ukMessage-ID:[EMAIL PROTECTED]Content-Type: text/plain; charset=ISO-8859-1; format=flowed [snip]Fortunately no one has tried to inject malcious code... yet.We'll finish our draft with more on the potential dangers of XSS foryou soon.[/snip]See: http://www.f-secure.com/weblog/It is a blog entry titled Netscape hacked.F-Secure to encourage Digg script kiddies to hack Netscape properly?This is highly irresponsible of F-Secure and they should be held legally responsible if the information they release in relation totheir Netscape hacked blog entry is used maliciously.F-Secure know the enemy of the Netscape web site are reading their blog: See:http://www.digg.com/tech_news/Netscape_com_HACKED_2Yet, F-Secure are going to release XSS information anyway, to betterassist those would-be Digg script kids who want to bring harm to the Netscape, Digg styled web site.The only potential danger will be caused by F-Secure, if they go aheadand release the XSS information they promise to release, in thecontext of Netscape being hacked. It is the wrong context in which to be talking about releasing malicious XSS code examples. F-Secure willbe F-Secure I guess though. Time for important people in the securityindustry to back me up on this one.Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Full-Disclosure Digest, Vol 17, Issue 48
Drama queen.. Enough said.Although I can tell you what's going on here.XSS is suffering an identity crisis and a public relations disaster. There is a lack of high profile hacks with XSS now.We had the Myspace worm, although that was really a harmless proof ofconcept incident and no harm really came of it.What XSS really needs is a major incident to bring it back into the credibility ratings.[blah blah blah] yahoo [blah blah] google [blah..is needed.I think it says more [blah blah blah] yahoo [blah blah] google [blah.. There should be stiff penalties within corporations. If programmerswere told your dick would be chopped off if you let a product go livewithout penetration testing it first with an automated XSS auditing tool, then you can bet the XSS flaws would go away tomorrow. Ok, maybejust cut their pay for that month, not their dicks off, but you getthe idea. [blah blah blah] yahoo [blah blah] google [blah..[blah blah blah] yahoo [blah blah] google [blah.. The developer shrugs his shoulders and carries on coding... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Please help to spam
Also reply to all the spam you get your hands on.. Just put the email address with a mailto tag on any fairly popular web page. Gets me a lot of spam.Regards,Nancy KramerWebmaster http://www.americandreamcars.comFree Color Picture Ads for Collector CarsOne of the Ten Best Places To Buy or Sell a Collector Car on the Web At 03:58 AM 7/24/2006, Alice Bryson wrote:I am collecting spam for research using the mailbox[EMAIL PROTECTED]. I have try a lot to spread this mailbox to get more spam. But I can only receive about 60 spams per day. Couldanybody help me to get more spam at [EMAIL PROTECTED]?Thanks in advance! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Google Malware Search
Message: 11Date: Sun, 16 Jul 2006 23:58:30 -0500From: H D Moore [EMAIL PROTECTED]Subject: [Full-disclosure] Google Malware SearchTo: full-disclosure@lists.grok.org.ukMessage-ID: [EMAIL PROTECTED]Content-Type: text/plain;charset=us-asciihttp://metasploit.com/research/misc/mwsearch/?q=bagle Enjoy,-HD Didnt know google crawls scr's and com's.. Since when? MM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/