Re: [Full-disclosure] i hate it when some one beats me to a bug
On Thu, 2010-12-16 at 02:26 +1100, dave b wrote: I hate it when some one beats me to a bug report. https://addons.mozilla.org/en-US/firefox/user/5578717/ (this example will only work against firefox). The xss occurs due to no filtering / escaping the display name attribute for a user. Cute. Very cute. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] virus in email RTF message MS OE almost disabled
On Tue, 23 Nov 2010 09:26:49 -0500 Mikhail A. Utin mu...@commonwealthcare.org wrote: As we see, our list has a few (luckily just a few) unprofessional people thinking of themselves as gods, and hiding in such Russian-born domains. The person's domain that you were replying to is Canadian. They guy is also not doing much to hide his name. Such skills that I employed are beyond the normal abilities of a CISSP certified person, but I will now disclose a special, top-secret tool that I used to probe to deepest, darkest reaches of the Internet. It finally allowed me to find out about Mr. Mullen. Now, just for you, I will tell you about it: It's called whois. This is just between me and you, so keep it under your hat, OK? On a more serious note, you need a thick skin for this list. I use heavy filtration to weed out what I don't need, and focus on the security announcements that interest me. Then, every once and a while something comes along that makes the list worth while, like the thread on SSH scans and the Chuck Norris bot. Take care. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Help Files (.CHM): 'Locked File' Feature Bypass
On Wed, 23 Jun 2010 20:12:24 + Thor (Hammer of God) t...@hammerofgod.com wrote: I know better than to bring up the Australia vs New Zealand bit. Speaking of which, was there an Old Zealand? ;) Yes, it's a province in Holland. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
On Mon, 7 Jun 2010 21:23:22 +0100 Benji m...@b3nji.com wrote: on an unrelated note, would anyone know how to uninstall this? thx intentrnets. Boy, I sure hope you are joking. Just in case any newbies get ideas: Never install anything offered on this list. Be very careful about opening attachments offered on this list. If you must install something, you typically do it on a recently snapshotted version of Windows running in a virtual machine. When you are done playing, you revert to your last snapshot. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
On Mon, 7 Jun 2010 21:31:03 +0100 Benji m...@b3nji.com wrote: Im new to computers, what is wrong with antimalware programs? All anti-malware programs slow your computer. With the good ones, you expect to get some protection from the bad guys out there. Unfortunately, the bad ones are really malware disguised as anti-malware programs. There are more of these fake, anti-malware programs than the legitimate anti-malware programs. You installed a fake anti-malware program. The only question left is how bad is the program? You might want to read this link and get educated: http://en.wikipedia.org/wiki/Rogue_security_software If you want to spend money on anti-malware, consider Bitdefender. If you want to go the free route, consider ClamAV. http://www.bitdefender.com/ http://www.clamav.net/lang/en/ -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On Sat, 15 May 2010 14:40:29 + Thor (Hammer of God) t...@hammerofgod.com wrote: And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. To be fair to the original poster, there are activities that I wouldn't want to do on a Windows machine, and if you read Brian Krebs' blog, the same goes double for small businesses: Online banking comes to mind. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On Sat, 15 May 2010 16:22:26 -0400 Jeffrey Walton noloa...@gmail.com wrote: This is along the lines of, 'Linux does not get viruses' argument. Give me a break... I set up a dual boot arrangement on a friend's machine. The Windows side promptly got infected. The guy was furious and blamed his son. Fortunately, it was a relatively easy infection to clean. The tip off that all was not as the man claimed, was when I found several copies of the virus saved to his home directory in the Linux side. It seems he hadn't been able to get the attachment to run under Linux, and had switched to Windows. Now, I am NOT arguing about Linux being safe because no-one writes malware for it. I am arguing that that the guy was safe running Linux because: a) He could only save the attachment to disk. b) Had it been Linux malware, he would have had to make it executable. The guy wasn't knowledgeable enough to do all that. He also didn't know that much about how malware gets delivered. I suspect that there is a broad correlation between computer knowledge and safe on-line behavior. The irony is that the less a person, or employee knows about computers, the better off everyone would be if that person ran Linux. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] All China, All The Time
On Thursday 14 January 2010 21:49:05 Christian Sciberras wrote: They used an IE exploit to get in. The people at *Google* use *IE*?!! Besides, how does an exploit in IE affect the server? It would affect a person with login rights to a server. This wasn't just an attack on Google, btw, it was an attack on 32 different companies. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
On Wednesday 16 September 2009 05:15:23 Thor (Hammer of God) wrote: P.S. I get the whole XP code to too old to care bit, but it seems odd to take that old code and re-market it around compatibility and re-distribute it with free downloads for Win7 while saying we won't patch old code. Let's not forget that the majority of netbooks come with Windows XP Home, and are likely to for a while. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
On Friday 28 August 2009 03:39:14 Thor (Hammer of God) wrote: If the entire argument is around the default escalation behavior being enter a password (which they already know) vs clicking OK because you assume entering the password is more of a deterrent, then OK, but the premise of the people I work with are too stupid to know the difference kind of takes away from that. And one should also note that in a domain environment, the default behavior is indeed username and password. Just thought I'd throw that in as well. It is entirely what the escalation behavior is. My objection to Vista is two-fold: Clicking OK instead of entering a password. As I have argued before, there really is a difference between clicking OK and entering a password. That brings me to my second objection. Vista puts up more escalations than Ubuntu, further exacerbating that difference. Your point about using a password to log into domains might be valid, but only in limited instances, as I would hope that the department that set up the domain would have its users not running as administrators. We basically agree on the main point: Separate user and administrator accounts are better. I wonder if Microsoft will start enforcing that? -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
On Friday 28 August 2009 08:29:48 Thor (Hammer of God) wrote: Maybe I'm not saying it properly... (and I won't belabor the point anymore). If you want a password instead of a click, then set it to prompt for credentials rather than prompt for consent for *administrators*. Understood. I also understand you can set up Vista to use normal users. My objection is to Microsoft's default behavior. We basically agree on the main point: Separate user and administrator accounts are better. I wonder if Micosoft will start enforcing that? The wonder if MSFT will start enforcing that is already answered - they do, and HAVE been. Even with XP you could run as administrator. I used to do it all the time. I actually like the UAC in Vista/Win7 better as it gives seamless admin capabilities while interactively logged on as a normal user. There is a difference between being able to do something, and enforcing it. The OS on my machines will not allow a person to run an administrative desktop. It enforces the separation between the administrator and a normal user by requiring the creation of at least one normal user at install. Only that normal user can log in. Microsoft encourages the opposite behavior by default. I know of no Vista home user who runs as a normal user. I guess it's good we had this conversation; I got to meet someone who sets up Windows properly on his personal machines. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
The OS on my machines will not allow a person to run an administrative desktop. It enforces the separation between the administrator and a normal user by requiring the creation of at least one normal user at install. Only that normal user can log in. On Friday 28 August 2009 09:30:26 Thor (Hammer of God) wrote: Oh, now that's cool. I didn't know that. The force to create a normal user and only use that was not something I was aware of. What's the OS? So, even if you wanted to, you couldn't log on as administrator and just do whatever you needed to? I'm not sure if I like that, but I assume this is customizable behavior, yes? The OS is Debian Linux. Virtually all behavior in Debian is customizable, but you would have to look look long and hard to find a Debian user who would want to allow logging into an administrative desktop. You may become administrator in a terminal or shell. All administrative tasks can be run from the shell (sometimes called the command line in Windows) in Linux. On a graphical desktop, programs may be run as administrator; they provide a login prompt before the program will execute. Programs relying on the X server (that's the underpinning for the graphical interface) cannot be launched from an administrative shell by default. At the very least, remote administrators are blocked from doing that. Finer controls are available for normal users. Linux (and other Unixes, I assume) assigns users to groups with names like cd-rom, tape, sudo, and backup. Assigning a normal user to these groups allows limited extra rights. I understand Windows also has similar fine grained controls. My point is that at least some Linux distributions lock things down more by default. The major distributions all do. That's a good thing. That makes the OS a more hostile malware environment by default. That and the more diverse environment that Linux presents, means that Linux desktop users will probably never have to worry much about malware infections. One distribution catering to Windows users (initially called Lindows, then Linspire) set their distribution up the Windows way (making the administrator the default user). They caught hell for it. Mercifully, they are defunct. Microsoft's defaults created an environment where software houses assumed you ran with full privileges. A lot of productivity and game software required being an administrator to run. Back in my Windows 2000 days that was a huge problem. I don't know if the problem remains today, but I ran across it with a multi-platform program called RawTherapee under Linux. It writes its configuration files where it's installed, not to the user's configuration area. That means running it as an administrator, or installing it to one's home directory (the Windows equivalent is Documents and settings). Not good, especially if you set the home directory to refuse all executable files. Clearly the author of the software used Windows first, and assumed that all users would run as administrator. Absolutely - and I learned something about other default options on other OS's too ;) Now if we can only teach people that there is no fortune to be made off the transfer of funds of defunct African dictators. Piece of cake. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation
On Thursday 27 August 2009 02:11:10 morla wrote: when i $ aptitude update ; aptitude safe-upgrade or $ apt-get update ; apt-get upgrade it tells me that im up 2 date. but in this release the bug is still included,.,. i had to install linux-image-2.6.26-2-686-bigmem via $ aptitude install linux-image-2.6.26-2-686-bigmem by hand. why is this? and how do i ensure that im not being fooled by aptitude or apt? That depends. Do you include proposed-updates in your sources.list? -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
On Thursday 27 August 2009 05:04:16 Rohit Patnaik wrote: Of course, all this is based on an extrapolation of the current strategy of blacklisting. My feeling is that, once malware levels grow beyond this threshold, we'll see a mass switch to whitelists. In other words, apps will go from being innocent until proven guilty, to being guilty until proven innocent. We're already seeing some if this with Vista's UAC pestering when one wants to install a new application. Given that, I'm not sure how the rest of your scenario plays out. I'm not sure this is a solution. Most of the people I work with will unquestioningly click every UAC prompt. Knowing what to whitelist requires a fair degree of technical skill beyond most users' ability. A few thoughts on the previous post: In biology, most parasites do not kill their host. If the analogy fits, it is possible for Windows to stumble along, rather infected, but still functional. In a business setting, malware scanning is often done at the periphery of the LAN, not by each individual computer. In another biological analogy, doctors see lots of sick patients, but don't get sick themselves. They wash their hands a lot. In the computer world, people who don't install that fake codec, and who do keep their systems up to date, may not need anti-virus. Given the proliferation of malware over the last few years, I have my doubts about the effectiveness of anti-virus software today. In other words, anti-virus software will stop being effective before it consumes all available computer resources trying to protect the computer. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
I'm not sure this is a solution. Most of the people I work with will unquestioningly click every UAC prompt. Knowing what to whitelist requires a fair degree of technical skill beyond most users' ability. On Thursday 27 August 2009 08:34:54 Thor (Hammer of God) wrote: If they can just unquestionably click the UAC prompt, then they are already running as administrators, or your DA has changed the default setting for UAC, which requires normal users to enter the admin username and password to run code with escalated permissions. In either case, it's not Vista's fault. It is somewhat Vista's (or Windows') fault if the default user is also the administrator by default. Yes, knowledgeable people will know to set up a separate user account, but in a home environment such people are few and far between. In my own business situation, I am the computer goto guy. Our equipment isn't capable of Vista. When I arrived it ran XP Home. It took about a year, but we migrated to something more open source, and to an OS that insists on regular user accounts by default. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
On Thursday 27 August 2009 13:33:37 Thor (Hammer of God) wrote: But that's the same on my Mac and Ubuntu distro too. The first user is the admin. Granted, the default behavior on Mac/nix requires the admin password That's a big difference. Entering a password counts as more of a deterrence. Having seen my co-workers on their home machines, it's pretty clear that it's too easy to click OK without thinking. Entering a password, especially when the prompt doesn't occur as often as the UAC prompt is a more significant action. Personally, I prefer arrangements where the administrator uses a separate password. Not only do you need a password, but it's a different one. It's seldom used. The end user probably has to go look it up. I'm not a big fan of sudo. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Notice to all employees
On Friday 27 February 2009 16:42:27 Stephen Menard wrote: Original Message Subject: FW: Notice to all employees Date: Fri, 27 Feb 2009 15:42:20 -0300 Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early). It's cute. Checking the Web, this one has been making the rounds for about a month. Very cute. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] metasploit.com = 127.0.0.1
On Wednesday 11 February 2009 06:51:36 Lehman, Jim wrote: The incoming connection rate has exceeded 15Mbps of just SYN packets, so we decided to point www.metasploit.com and metasploit.com back to 127.0.0.1 for a little while. This is more to keep our ISP happy than any fear of bandwidth charges. We ran a packet capture of the incoming SYN traffic for about 8 hours; it takes up approximately 60Gb of disk space. In the meantime, if you want to access the Metasploit web site, please use: http://metasploit.org Also from the Metasploit site: Feb-09-2009 Pathetic DDoS vs Metasploit (round 2) (hdm) It looks like our little DDoS buddy got sent home from school early today -- the flood started up again, this time ignoring the DNS name for the metasploit.com web site and instead targeting both IP addresses configured on the server. While SSL service is still unaffected (including Online Update over SVN), folks who wish to visit the Metasploit web site will need to do so using an alternate port until we roll out the next countermeasure. http://metasploit.com:8000/ We also host the main web server for Attack Research, which can now be accessed at: http://www.attackresearch.com:8000/ Thanks for your patience, Feb-08-2009 Pathetic DDoS vs Security Sites (hdm) On Friday, starting around 9:00pm CST, the main metasploit.com was hit with a highly-annoying, if pretty useless distributed denial of service. The attack consisted of a botnet-sourced connection flood against port 80 for the metasploit.com host name. This flood consisted of about 80,000 connections per second, all from real hosts trying to send a simple HTTP request. At the same time, Packet Storm and Milw0rm were being hit as well. About 95% of the bots would intermittently resolve metasploit.com and follow the target address with the connection flood. The other 5% continued to bang on the main metasploit.com IP address and port even after the host record was changed. Solving this involved parking the metasploit.com host record at 127.0.0.1 and moving the other host names and services to a spare IP address. This allows for www.metasploit.com and most of our other domains and services to work properly. The only drawback is that until the flooding stops, we can't use the metasploit.com A record, which happens to be the default for updating the Metasploit Framework installation. A fun side effect is that they handed us full control of the DDoS stream: we can point the metasploit.com record anywhere we like and the connection flood will follow it. We will continue to find other ways to mitigate the flood; but until we can safely use the metasploit.com name again, our standard online update mechanism is going to fail. If you are trying to check out a fresh copy of Metasploit from subversion, use the https://www.metasploit.com/svn/framework3/ URL for now. As of 9:30am CST, the Immunity web site is being hit as well. If anyone has information on the folks involved, we would love to hear from you :-) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Administrivia: Spring Cleaning
On Sunday 01 February 2009 08:27:41 vulcanius wrote: Thank you. I have five Full Disclosure filtering lists, three of which are affected by John's decision. I went back and read this thread at one of the sites that archives Full Disclosure, because some of the users trigger the filters if they appear anywhere in the message; that's how bad it has gotten. So let me add my thanks to Vulcanius', and ask if you have a list of the banned names, so I can adjust my filters. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] About Israel-Palestine affair
On Tuesday 06 January 2009 03:47:24 john doe wrote: First of all, I apologiye for talking about this in a security mailing list, If you were truly sorry, you would post this stuff. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD subject line/name of org suggestion...
On Thursday 11 December 2008 23:33:53 - o z - wrote: even calling Pine a great way to read email...I guess u took that seriously? I know a couple of people that swear by, and not at Pine, for some reason. So if that was supposed to signal a joke, it didn't work. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
On Monday 06 October 2008 23:21:22 Anders Klixbull wrote: You're obviously retarded Hey everybody! A proper use of you're! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of imipak Sent: 7. oktober 2008 10:46 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] pause for reflection Keep your talentless tripe to yourself I liked it. Some of the metaphysical imagery was particularly effective... -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I guess nothing is safe
On Friday 03 October 2008 03:42:38 Costel Lupoaie wrote: Sorry for the spam guys but this seemed interesting: http://technology.newscientist.com/article/dn14866-laser-cracks-unbreakable -quantum-communications.html You're right, it's an interesting link. It's even somewhat germane to the list, which means it's not spam. Thanks. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] simple phishing fix
On Tuesday 29 July 2008 23:27:45 Nick FitzGerald wrote: You really have no f*ing clue how ordinary users' tiny little brains work, have you??? I got an inkling when a phishing spam asked me for the usual information, and also requested my future password. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] simple phishing fix
On Monday 28 July 2008 20:55:10 Stian Øvrevåge wrote: You mention phising, but I think quite a few points from the why-your-spam-solution-wont-work-list are relevant: (x) Mailing lists and other legitimate email uses would be affected If we stick with the narrowly focused problem of bank phishing spam, I doubt mailing lists would be affected. Yes, stuart, the original poster, spoke of deny all tactics, but he certainly wasn't implementing anything like that in practice. At least, I couldn't see it. (x) It will stop spam for two weeks and then we'll be stuck with it Yes, you would need to add a new filter from time to time. This would work on your own e-mail account, but I would see problems generalizing to more people. (x) Users of email will not put up with it On the other hand, it sounded like the original poster wanted to share lists, so that anyone who wanted to could tweak theirs. People sharing such lists would put up with it. (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical I get my share of phishing spam, and most involve about a dozen domains, or less. These domains have remained relatively stable over the last two years. Paypal still dominates. So yes, a list of the common banking sites might reduce the annoyance factor. (x) Whitelists suck They do indeed. http://craphound.com/spamsolutions.txt 1. Your filter will never be complete, there are too many banks/institutions (with ever-changing domains etc). See above. 2. Banks/institutions actually sends legitimate mail. Yes, but I would not do business with a bank that did. Phishing spam has eliminated e-mail as a viable means of communication between banks and their customers. My bank doesn't know my e-mail address, and I don't bank on-line (but that's a whole other kettle of fish). 3. Phishers will find ways to get around the filters, either by registering similar domain-names or by numerous browser/MTA tricks. 4. Users likely to fall for a phish is not very likely to even know what a filter is. What we are talking about here is the sharing of filter material on a small list of people who can spot a phish from a mile off. Full Disclosure isn't big enough to change the habits of spammers. That said, I haven't made use of any filters specifically to weed out phishing spam. I use Kmail and Bogofilter, and they have caught almost every phishing spam I have received in the last year. Such spam was one of the firsts things that the Bayesian based Bogofilter learned to flag reliably. Bogofilter flags a far greater variety of spam reliably than flagging domains in the from field could ever hope to accomplish. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] simple phishing fix
As for email, judge by its content. This posting for example will do nothing to your money, sells you nothing. Nor does it ask any information of you. If it were spoofed it would be harmless. I might also add that Bogofilter didn't flag it as spam, either (X-Bogosity: Ham, tests=bogofilter, spamicity=0.00). ;) I stand by my assertion, however, that banks should not communicate with their customers via e-mail. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Kaminsky DNS bug leaked
On Tuesday 15 July 2008 08:17:30 Alexander Sotirov wrote: Dino Dai Zovi finally spilled the beans: http://twitter.com/dinodaizovi/statuses/858981957 The DNS bug was such a perfect setup for this. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
On Thursday 01 May 2008 13:23:42 [EMAIL PROTECTED] wrote: I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry It is what it has always been. To stay on the list, it helps to have a thick skin, and good filters. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidence from cyberscene of crime
On Tuesday 29 April 2008 14:31:18 Ivan . wrote: http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html It looks like the Microsoft version of a Knoppix disk. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Greedy Jews fact of the day
On Tuesday 01 April 2008 14:28:57 T Biehn wrote: Valdis, Never took you for a anti-Semite. Maybe you haven't read enough of Valdis' posts. He knows a lot about security, but often writes with tongue firmly planted in cheek. There really isn't a better response to these kinds of rants. On Tue, Apr 1, 2008 at 8:06 PM, [EMAIL PROTECTED] wrote: On Tue, 01 Apr 2008 16:21:55 PDT, Andrew A said: Why should we leave a single follower of such a filthy, greedy religion alive? Do any of you have an idea? You're just sore because they thought of the meme All the riches rightfully belong to those of our religion before your religion did... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum
On Thursday 21 February 2008 22:18:05 Gadi Evron wrote: http://www.videojug.com/film/how-to-behave-on-an-internet-forum :) Gadi. I AGREE! LOL -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Wednesday 30 January 2008 08:32:36 scott wrote: Yes and MS quietly extended 98 for a few more years until they came out with 2000.A much better OS than ME at the time,IMHO. While Windows 98 SE was the best of the 9x series, I don't think anyone really mourned its passing (I still use it under Qemu). XP would have been hands down a better system except for its obnoxious copy protection. Even so, the stability advantages XP yielded made it a better system. Windows 2000 and ME were released the same year (2000 first, if I remember). 2000 was seen as an update to NT4, not 98. 2000 was the first NT OS to include plug and play, but the conversion from 98 to 2000 required a full reinstall. XP let you upgrade your Windows 9x system directly, although that was probably not a good idea. If there is a best Windows candidate, I would vote for Windows 2000. It was relatively light weight, stable, and it offered minimal copy protection. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Wednesday 12 December 2007 08:05:35 Steven Adair wrote: You aren't really able to take action on Google's site per the real definition of CSRF. CRSF: Canadian Rope Skipping Federation (Google's I'm feeling lucky) Center for Research on Sustainable Forests Canadian Rhodes Scholars Foundation CReative Santa Fe Consolidated Rail System Federation I keep wondering when people on this thread will discuss the relative merits of various rope materials? That is the real definition isn't it? ;) On a more serious note, I agree with the question; it doesn't sound like a full cross site request forgery. Still Coderman's reply to your questions lead me to search for information on the Firefox browser.chrome.favicons. That lead to this bit of information: Caveats * browser.chrome.site_icons must be true for this preference to have an effect. * Conversely, browser.chrome.site_icons should be false when this preference is false to disable site icons and favicons completely. http://kb.mozillazine.org/Browser.chrome.favicons Given Coderman's statement about meeting fortuitously in a black hat tryst, I set both to false. Thanks all for the info. And for those people, like myself, who aren't up on all the acronymns, here is a link for CRSF: https://secure.wikimedia.org/wikipedia/en/wiki/Csrf -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
On Wednesday 12 December 2007 11:27:28 Steven Adair wrote: Glad to see we figured it out. :) Yes, Cross Site Request Forgery would be the correct term referenced by the acronym in all of the replies (subsequently also the first result in a normal Google query). And there you have it: I can use Google and Wikipedia. ;) I'm still not quite sure what the big deal on the favicon stuff in terms of this issue. So lets say you completely disabled favicons altogether. Now when you visit the original PoC - it no longer works. However, if you simply had a 302 or mod_rewrite rule for any image that you actually had written into the source of your page, you could achieve the same result. You are probably asking the wrong guy, but one of the comments made earlier in this thread claimed that the favicon method bypasses Noscript protections. Aside from XSS blocking, Noscript would eliminate IFRAMEs and most Javascript. Would your technique bypass it? -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Captive Portal bypassing
Of course you might want to keep the legal aspects in mind before doing any of that. On Monday 10 December 2007 12:04:05 gmaggro wrote: Bah. Who cares about that. Our governments have proven they do not respect the rule of law; why should we? Because what you espouse would result in general lawlessness, a situation that is worse for the common good than what we have now. More specifically, the impact on captive portals would be an escalating arms race between the portals in question, and the purveyors of the software you envision. The end result would be either a locked down portal, or a closed down portal. More effective in opening up WiFi access in places like airports will be a dawning recognition by communities that open access provides a community a business advantage. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
On Saturday 08 December 2007 14:01:28 coderman wrote: http://www.freehaven.net/anonbib/ http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ Thanks for the links. Having seen good crypto ruined by lousy implementations, I thought it timely to remind ourselves of the lesson that implementation is at least as important as the underlying theory. this is actually a significant aspect for Tor, given that so many applications and services which were never intended to be anonymized are now getting sent over the network. the implementation / side channel issue is huge, and one reason i am such a proponent of the transparent Tor proxy model where all network traffic is either sent through Tor or dropped. My goals are a little more modest. I browse using TOR, except for SSL links. Essentially, I want everything I do encrypted, and it wouldn't hurt to anonymize my IP address. I try not to abuse the TOR network with Bittorrent downloads. Given the NSA monitoring of the Internet in real time, I would just as soon make them work for my browsing habits. it is simply too difficult for most people and/or most applications to be configured to properly communicate through Tor as a proxy, compared to simply routing traffic through a transparent Tor proxy. there are some caveats with this approach, and using multiple VM's is stronger than host / anon router vm. however, the drawbacks are minor compared to the risks of vulnerable side channels with an explicit SOCKS or application protocol layer proxy... My only concern would be with the sturdiness of the TOR network itself. I hope it expands to the point where all traffic could flow through it, but right now, it get pretty bogged down from time to time. (i should pimp JanusVM here, but you can also configure for *nix easily) see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy The Linux instructions are suitably geeky, but straightforward. I tend to use FoxyProxy on Firefox. Right now, I am checking out TorK. I hear its the latest and greatest for configuring things easily on Linux. Unfortunately, I have to compile it, and the list of requirements is a mile long. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
On Saturday 08 December 2007 05:58:51 gmaggro wrote: So I guess CIA - CSIS, FBI - RCMP, and NSA - CSE/GCHQ/DSD/GCSB. The last bit being the standard bunch of Echelon sons-of-bitches. Those lads must have some fat pipes. Now are they hidden, or hidden in plain sight? Not that fat, as Tor is usually quite slow. In any case, it is a certainty than that some law enforcement agencies are running tor nodes; it has been spotted in actual use at many such locales. Tor might a great idea but it is sadly lacking in many aspects of its implementation. Let us consider it a good first step, but now it's time to move on. It would help if you were more specific here. Especially, could you flesh out what you mean by, it is sadly lacking in many aspects of its implementation. From now on we should all operate under the assumption that every anonymizing network is rife with law enforcement infiltration. The most useful node to compromise is the exit node, as that is the one frequently handling the DNS process, as well as the node actually making requests from the Web site in question. The exit node also knows which node just upstream it's talking to, but not any further upstream. In addition, it knows nothing about the original requester. I understand it's sometimes possible to backtrack painstakingly based on timings, but it would be easier if law enforcement had control of all nodes. As it is, law enforcement would have to deal with multiple nodes, spread over multiple, not always friendly jurisdictions. In fact, future designs should incorporate this infiltration into their development; there has got to be a way to use this against them. Which is what TOR has done. Tactically, do folks think it would be better to withdraw from Tor use slowly whilst replacing the resulting traffic with filler to keep up appearances? Or ditch it wholesale in the hopes that larger and abrupt changes in usage will disrupt or confuse our friends with badges? I think a better question would be: How does TOR compare with your bog standard anonymizing proxy server? To go further, how does TOR compare with a scheme like JAP combined with another anonymizing proxy. I'll toss this out as something to think about: Perfect anonymity is like perfect security; with enough work both can be broken. The point is to make it hard to do. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] High Value Target Selection
On Friday 30 November 2007 09:02:26 gmaggro wrote: I think it'd be interesting if we started a discussion on the selection of high value targets to be used in the staging of attacks that damage significant infrastructure. The end goals, ranked equal in importance, would be as follows: [big snip] So, you wanted to send a little Christmas present to the NSA folks monitoring the Internet backbone? Make their unutterably boring lives a little more interesting? We live in interesting times (not a good thing). I was over at the Mycroft site, and noticed that there was a Firefox search extension for Scroogle that uses encryption. There was another encrypted search tool for Wikipedia. http://mycroft.mozdev.org/download.html?name=scrooglesherlock=yesopensearch=yessubmitform=Search http://mycroft.mozdev.org/download.html?name=secure+wikipediasherlock=yesopensearch=yessubmitform=Search -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft FTP Client Multiple
On Thursday 29 November 2007 07:11:58 [EMAIL PROTECTED] wrote: I wouldn't be surprised if a large percentage of those FTP client users aren't suffering from the same smug I'm too klewed to fall for it attitude that many Mac users have One would hope they would be klewed enough to use a better FTP program. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mac trojan in-the-wild
On Thu, Nov 01, 2007 at 03:36:00PM -1000, Peter Besenbruch wrote: Firefox throws up a download dialog, asking what I should do with prettyyoungthing.rpm, while a Javascript pop-up explains that to see these great images, I need to save the file, and type rpm -i prettyyoungthing.rpm, and that I need to do it as root. On Monday 05 November 2007 00:34:18 Ben Wheeler [EMAIL PROTECTED] wrote: Ok, let's make it easier. What can you install with one click, or maybe two, but definitely just clicky-clicky-don't-bother-to-read-it-just-click-ok rather than having to type anything? A: Firefox extension. As well as ripping off your internet banking login details (probably more valuable than pwning your machine anyway), maybe it can add a special MIME type which opens with an application that prompts, as innocuously as possible, for the root pw so it can install a new codec or whatever. Yes, but not you are talking about a different kind of exploit than what has been previously discussed. We were, in fact discussing the kind of exploits that owned machines. What you raise is a separate issue that should be discussed in a separate thread. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mac trojan in-the-wild
On Wednesday 31 October 2007 13:21:00 Gadi Evron wrote: This means one thing: Apple's day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind. I can sum it up in one sentence: OS X is the new Windows 98. Windows 98 has no way to isolate administrative functions. Everyone has full access to all aspects of the operating system. I should know, I still use it for certain functions. Windows 98 may benefit from security by obscurity, but I would still hesitate to take it out onto the big, bad Internet. The Mac OS is far better designed, but the option automatically to execute trusted file formats on download should never have been put there. Other things I wish Apple would do better: Have their security updates approach the speed achieved in many Linux distributions. Share a bit more, heck, have them share anything at all when it comes serious, reported vulnerabilities. Finally, from a security perspective, they should banish Quicktime. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mac trojan in-the-wild
On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote: The future of malware is going to be largely through social engineering. Does that mean we ignore every threat that comes out because it requires user interaction? Seems like whistling past the graveyard to me. Alex, no-one is saying we should ignore it. I would say we downgrade the level of threat if it requires user interaction. If it requires a lot of interaction to launch the threat, we downgrade it some more. Apple is faced with a significant design flaw in OS-X: You can have trusted file types auto-execute when downloaded in Safari. This is an old problem, partially mitigated by Apple in later versions of the OS. This has been coupled with the ancient scam of the fake CODEC. The one unique aspect of this attack is the target, Apple users. I suppose Linux users are next. When they get targeted, I will be ready. I don't typically browse porn sites, so I see a greater danger in targeted attacks from third party advertisers. Of course, these tend to target drive by download flaws in Windows, but I'll be ready. I suppose, though, that other Linux users browse porn. I can see it now... Firefox throws up a download dialog, asking what I should do with prettyyoungthing.rpm, while a Javascript pop-up explains that to see these great images, I need to save the file, and type rpm -i prettyyoungthing.rpm, and that I need to do it as root. If running Suse or Mandriva, this may not work. If I run Debian or Ubuntu, I should run alien -dci prettyyoungthing.rpm as root. If this doesn't quite work, please find a Deb file with prettyyoungthing in its name, using find prettyyoungthing*.deb and issue the command dpkg -i prettyyoungthing*.deb. Regardless of installation method, please have the following dependencies installed... Oh yes, I'll be ready. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mac trojan in-the-wild
On Thursday 01 November 2007 16:13:10 Paul Schmehl wrote: --On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch [EMAIL PROTECTED] wrote: Firefox throws up a download dialog, asking what I should do with prettyyoungthing.rpm, while a Javascript pop-up explains that to see these great images, I need to save the file, and type rpm -i prettyyoungthing.rpm, and that I need to do it as root. There is no need to do that. In both Macs and Gnome or KDE on Unix, if you try to run rpm -i (of whatever the install paradigm is on your flavor of OS), you'll be *prompted* for the root password, not asked to run it as root. Big difference, and one that many users do not appreciate at all. Sadly, that doesn't seem to work on Debian. Yes, I have RPM installed. When an internationally recognized Ph.D psychologist can lose $3 million US to the 419 scam and be prepared to lose more, is it really a stretch to think that a fake codec trojan will make inroads on the Mac? The question is, HAS it made inroads? From what I read, it hasn't. What are the factors limiting the spread? Making inroads on the Mac would be analogous to the Nigerians tricking many PhDs in psychology. As I implied in my last post, the spread of malware is somewhat proportional to the level of interaction. Even on a Mac, you have to go through a number of steps to install this stuff. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Someone is impersonating Gadi Evron and spamming this list
Anthony V. Vitale wrote: From past postings on this list, I know that there are people that do not like Mr. Evron. Now, it seems that someone has resorted to impersonating him and is spamming this list! That goes on all the time. The real Gadi generally has good stuff to say, so I just delete, or filter the Gadi impersonation crap. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote: Some people don't know when to quit when they're behind. Thank you for volunteering to be the first on my ban list. Your stupidity has been duly rewarded. I small tip: Ban all of Hushmail. Nothing good ever comes from that domain. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why criticize security researchers? On the recent PDP case.
rpcxfsmd rpcxfsmd wrote: Fist of all sorry for my English, I'm from Russia and can't speak very well. Your English is better than my Russian. ;) I'm very sad for the current state of security, that includes people who contest great contributions to the industry from people like pdp (architect) and call them bullshit. Filters are your friend. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Tracking
Cyberheb wrote: Noscript is ur friend?! Beside using that firefox add-on to block the google-analytics thing, you can also use the anonymity tools to hide from other analysis tracking application. Layering defenses helps counter tracking. Start with a hosts file, such as the one found here: http://mvps.org/winhelp2002/hosts.txt It blocks the Urchin tracker, as well as many others. Noscript helps; so does Adblock Plus, which makes it easier to see the little nasties than by simply viewing the page source. Let's not forget the various cookie managing tools out there, although for Firefox it's simple enough to tell the browser to dump them all when you close the browser. There are the locally installed proxies, like Proxomitron (a Windows program that runs flawlessly under Wine) and Privoxy. Finally, for the truly paranoid, you combine the above with IP obfuscation tools like TOR, or JAP. Even Stupid Censorship helps some. I do a lot of my browsing from a fixed IP address. Consequently, I use all of the above techniques when I browse. I just don't like the rampant profiling that goes on. Neither do I like the stepped up spying on the Internet that my government engages in. I like being able to browse with the knowledge that people will have to work very hard to track me. Consequently, when it comes time to search for how to build a nuclear bomb, I can find out how to do it in complete privacy here: http://home.earthlink.net/~enigmaep/annihilation/buildabomb.html -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
With apologies to Alexander. I keep forgetting that replying to full disclosure messages sends an e-mail to him, and not the list. Here is my reply to the list: Alexander Klink wrote: ... I realised that you can do something with Firefox 2.0.x that you could not do with Firefox 1.5.x: track an unsuspecting user using TLS client certificates. ... Proof of Concept: - http://0x90.eu/ff_tls_poc.html So, one can use certificates as a kind of super-cookie. You mention in a follow-up message that all kinds of information can be stored in a certificate. With cookies, a third party advertiser can place a cookie and track you across sites, building up a profile of your interests. While I can see the same use here, it seems you are saying anyone could have a look at certificates on your system, while cookies generally are limited to viewing by the issuing domain. What I don't understand is if there is a simple of knowing what certificate to ask for? For this to be useful, that would be pretty important. Another question, is it possible to issue a give me all your stored certificates command? The follow-on link to Apache's cert-export page can't seem to do that. I made two certs and the cert-export page grabbed that last one. Oh well, time to change Firefox's default certificate handling. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
Brendan Dolan-Gavitt wrote: Can anyone see if this works through Privoxy and the other things in the standard Tor bundle? It works with Tor with, and without Privoxy. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hash
Tremaine Lea wrote: Sure, it's possible. Possibly Sergio is lazy. As he sent it via gmail's auth smtp servers and not from webmail, it's just as possible it happened in his mail client. And he still could have, and should have edited it. And all of that aside, who cares? We see signatures like that all the time on mailing lists. It's pretty obvious they're useless in this context. Useless in any context. Sigs. like that are very unprofessional. Even if I know they are nonsense, such disclaimers come across as mildly bullying. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1270-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 20th, 2007http://www.debian.org/security/faq - -- Package: openoffice.org Vulnerability : several Problem type : local (remote) Debian-specific: no CVE IDs: CVE-2007-0002 CVE-2007-0238 CVE-2007-0239 For the testing distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-6. For the unstable distribution (sid) these problems have been fixed in version 2.0.4.dfsg.2-6. Of course, it would be more helpful to have the actual, fixed, versions uploaded and available, when announcing that we should update. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Stealing Browser History Without Using JavaScript
Matthew Flaschen wrote: We all know there are still people out there who think turning off JavaScript protects them from everything. It protects from an awful lot, and so far, from the worst stuff. Damn it... Good job. I guess NoScript isn't good enough anymore... I couldn't get the demo to work over here, because of the Safe History extension. For reference, I'll put out the links for Safe History, Safe Cache, and Noscript: https://addons.mozilla.org/firefox/1502/ https://addons.mozilla.org/firefox/1474/ https://addons.mozilla.org/firefox/722/ And I agree with you, RSnake did well. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
Ben Bucksch wrote: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 ___ Full-Disclosure - We believe in it. Hi Ben, Are we going to see a version 2.0.0.2 of Firefox soon? With all the Firefox bugs, we are about due. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Enron Mail archive..... oops
Thierry Zoller wrote: Dear List , Search the Enron mail archives, for example Password : http://enron.trampolinesystems.com/search/FBI#focus=/search/password Oops is right. I hope none of those are still active. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment
--On Monday, August 28, 2006 09:54:42 -0400 [EMAIL PROTECTED] wrote: Who needs that XSS shit when there's Fox News? Paul Schmehl wrote: Like the other news agencies are any better. Actually, some of them are. Some may be as air headed, but Fox has as its mission to promote a Republican, right wing agenda. Fox makes no secret of it; it's what they do; it's why they exist. I think that's what Valdis had in mind with his comment. It's not exactly disinformation, when you know up front that an organization is lying, but I don't think he was using a strict definition of disinformation. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wireless hacks
Fetch, Brandon wrote: /secures tinfoil hat And didn't Intel just announce here recently they were making their hardware drivers open source for the ...betterment of the Linux community...? Me calls BS on Intel /secures tinfoil hat The news reports I read said nothing about open sourcing the wireless drivers, but spoke of opening elements of the 965 series graphics chipset. Macrovision supplied elements of the driver would remain binary only. The drivers would function without the Macrovision binaries, however. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Reverse LOL HELLO FURRY PORN
Dude VanWinkle wrote: What? you can dish it but you cant take it? No, I just filter. I suspect a lot fewer people will be reading your e-mails, Dude. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] what can be done with botnet CC's? (fwd)
I keep hitting reply, and not posting to the list. Original Message [EMAIL PROTECTED] wrote: On Sun, 13 Aug 2006 08:32:16 EDT, Dude VanWinkle said: When I worked at a university, the students were always getting compromised till we implemented sandboxing. People DHCP'ing into the network were placed in a subnet by themselves till a scan revealed that they had: 1: up to date AV 2: up to date patches 3: a Functioning firewall OK, I'll bite - if you detect a functioning firewall, how do you scan for up to date patches and A/V? Seems like you'd have to have at least a stub client on the machine to answer the What patchlevel you at? query. I would also like to know how Mac and Linux machines were differentiated from the Windows machines. It can't just be on the basis of user agent strings. Would it be Javascript trickery on logging on to the network? Flash objects, Java, ActiveX? Was it a simple ban on everyone, unless they ran a secured Windows system, and everyone else be damned (as insecure)? Do you just give the users of alternate OSes a fixed IP? (And this is the sort of thing that is easy to force install in a corporate environment where you own the machine. It's also easy to do if you're a regular ISP, and you can get away with saying If you don't like it, go to another ISP. It's a can of worms when you don't own the machine, and you're a de facto monopoly because the student lives in the dorms - a Hobson's choice install this or don't get net access doesn't make you many friends...) Sandboxing suspicious activity might work better. If a student got nailed a few times, the hassle of getting reconnected might force changes in on-line behavior. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Getting rid of Gadi Evron and Dude VanWinkle
vodka hooch wrote: hi for months now we've had to put up A piece of advice: Don't speak for others unless the others tell you it's OK to do so. now its time to shut up how do i setup my gmail? Let's see, an e-mail from a Yahoo mail account that was posted from Argentina, and you want help setting up Gmail. There are some who might not believe you. ;) i know this is unmoderated list but im pulling my hair out to sift through the real email First off, Gadi is a constructive contributor to this list. Dude doesn't disrupt things, and writes semi-coherent English. please dont turn full dis into symantec trolltraq, hlp me! :) On the other hand, your post resorts to broad attacks and contributes nothing of value to the list. I have various filters set up in Thunderbird for Full Disclosure. Most of them are in a single filter collectively called Full Disclosure Annoyances. This includes the address of various individuals, plus a blanket block of anything from Hushmail. Oddly enough, Gmail is most strongly represented here. I have another filter called Full Disclosure - No Interest which contains announcements for software I don't use, or monitor. Finally, there is a certain individual who gets his (?) own filter. I block his name in every portion of an e-mail message I can think of. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnAnonymizer
H D Moore wrote: A fun browser toy that depends on Java for complete results: - http://metasploit.com/research/misc/decloak/ Fun indeed: Field DataDependency External Address: 24.199.198.152 None Internal Host: unknown Java Internal Address: unknown Java DNS Server (API): unknown Java DNS Server (HTTP): 24.199.198.158 None External NAT: unknown Java The External Address listed belongs to a TOR server hosted on RoadRunner. The DNS server is also part of that system. I'm assuming the Internal Host should have been mine? The Internal Address mine, also? The DNS Server (API) my ISP's? Something isn't working. Here's another page that tries something similar with Java: http://gemal.dk/browserspy/ipjava.html I get similar results to the above. Yes, Java is installed (version 1.5). -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnAnonymizer
Cardoso wrote: If the app uses an unknow DNS server, I think it's enough of a risk to worry about. I refer folks to the following page on TOR: Using privoxy is necessary because browsers leak your DNS requests when they use a SOCKS proxy directly, which is bad for your anonymity. http://tor.eff.org/docs/tor-doc-unix.html.en That means, your DNS server becomes the DNS server used by the TOR exit node. I have no idea how many DNS servers operate with poisoned caches, and the like. If I wanted to do some financial transaction, I think Cardoso is suggesting a direct connection, instead. In earlier discussions, people argued that an SSL connection offered some protection, or warning about pharming attacks. On Tue, 27 Jun 2006 08:49:13 + (GMT) Brate Sanders [EMAIL PROTECTED] wrote: BS BS Is there a security issue hidden somewhere in there or is it just a bug report sent to the wrong mailing list address? :-) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnAnonymizer
H D Moore wrote: If your real internal and external NAT addresses did not appear when using a proxy, either the Java applet did not load or a race condition failed. From browsing the database backend, it looks like just over 1,000 people were successfully identified (internal + nat gw + external + dns). The database is wiped every 24 hours. I doubt it's a race condition, as the failure is consistent. As for the failure of something to load, that's possible, although Java applets run just fine, when I enable them, as I did with the Metasploit site. As you can no doubt tell, I used a *nix based system for the test, where there are a variety of ways to install both the browser and Java. In my case, I went to Sun and Mozilla directly. I placed a link from Java's plug-in to Firefox's plugin directory. That was about the extent of my installation. Thanks for testing! No, thank you. It was interesting. On Monday 26 June 2006 20:07, H D Moore wrote: A fun browser toy that depends on Java for complete results: - http://metasploit.com/research/misc/decloak/ -HD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnAnonymizer
Michael Holstein wrote: The 'trick' is to obtain this information regardless of proxy settings and in the case of SOCKS4, be able to identify your real DNS servers. This is accomplished using a custom DNS service along with a Java applet that abuses the DatagramSocket/GetByName APIs to bypass any configured proxy. The source code of the applet is online as well: - http://metasploit.com/research/misc/decloak/HelloWorld.java Smart TOR users are using Firefox + NoScript + Flashblock to begin with .. and you'd really have to be stupid/trusting to allow Javascript (and even dumber still to allow Java Applets) when you're trying to be anonymous. As I normally do. Let's also mention that settings in Adblock and entries in the hosts file could mess up the experiment. For those not familiar with the Noscript extension, it can be set to block Flash as well. Flash itself can also be configured for tighter privacy, though if I were serious about anonymity, I wouldn't trust it. Using a WRT54g+Linux+Tor (or running the TOR router on a seperate machine) prevents this entirely since *all* traffic is routed into TOR and anything that's not falls into the bitbucket. Here is a person that wants a SLW connection. ;) Those that wish to be anonymous .. always will be :) Let's not forget that those wanting anonymity make mistakes like the rest of us. That's the kind of thing that Moore is trying to capitalize on. Some simply don't like the tracking associated with having a fixed IP, therefore the stakes behind a revealed IP are fairly low. The stakes go up when someone engages in bad behavior, or when his/her Web browsing habits arouse government interest. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
John Sprocket wrote: hehe. look at it metaphorically (like guest inside establishment) you're head of security at a casino you monitor a specific area full of people/users. you have your normal people you can see and possibly identify if you so care. there's a group of people that walk in and are wearing clothing that is obviously meant to obscure their intentions. would you let them stay in your casino, or would you ask them politely to take off their masks? Bad analogy. A better one is: Do you ask all people for some form of identification before they can enter your establishment? In effect, the act of visiting a Web site discloses information about the visitor. Even if the person blocks cookies, Javascript, Java, Flash, and all the rest, there is still the IP address. If the IP address is fixed, it is possible to build a profile on that user, or small group of users. Perhaps the person isn't interested in being profiled. Do you (it's a generic you) value profiling over having visitors to your site? One also needs to keep in mind that it's not just the visited Web site collecting information. There are certain governments collecting information that is, as Valdis put it, none of [their] damned business to collect. The visitor may be using TOR to inhibit such data collection. Wired has a good essay by Bruce Schneier called The Eternal Value of Privacy. I commend it to all: http://www.wired.com/news/columns/0,70886-0.html -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] blue security folds
Mike Adams wrote: I'm really disappointed. All this will do is give all the other scumbag spammers out there proof that using these tactics will work, and they will be able to extort anyone. Who will be next, Trend Micro? Fortinet? Symantec? SANS? If they actually do something effective against spam, then yes. Blue Security was effective in hitting spammers in the pocketbook. Therefore, they were targeted. More than that, the spammers began targeting broader swaths of the Internet, taking out Typepad, Livejournal, and Tucows. The attacker, a person whose handle is Pharma Master, basically stated, if he couldn't spam, there would be no Internet. Given that botnets are so cheap, that was not an idle threat. Bill Gates, I would personally like to thank you for creating a monopoly operating system that is so easy to compromise. I'm sure Pharma Master thanks you as well, though he may never publicly express it. He really should consider a generous donation to the Bill and Melinda Gates foundation as a token of appreciation. Any Mafia boss worth his salt would do the same. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IE7 Zero Day
[EMAIL PROTECTED] wrote: As a spectator, I wonder who's going to bid on it, and how much, without any clues as to what exactly the extent is (crash, code execution as user, code exec as system, etc), or even any proof you have the goods.. ;) If the guy provided more information, such as his full name, address, and phone number, his bank account info, his social security number, that sort of thing, I might trust him. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
On Thu, 27 Apr 2006, Brian Eaton wrote: Please note that I ask this out of curiousity, and not in an attempt to be critical. Why not give MSRC a head start of one week? Michal Zalewski wrote: Because, among other things I've already mentioned, it will in no way affect when they're going to release a patch. Their official policy is to stick to a weird schedule. Unfortunately, given Microsoft's recent behavior, Michal's right. Further, I too have seen the data showing much faster response times when Microsoft is blindsided. The only question that remains is whether some inherent sense of fairness on the part of the reporter dictates notifying the vendor first, even though it likely won't do any good. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: A Move to Remove
Stuart Dunkeld [EMAIL PROTECTED] wrote: If you had filtered out all n*td*v related mail you wouldn't have responded to this thread.. Steve Russell wrote: I *have* filtered the posts into another folder, and if I choose I can just delete all of those posts with one click. Doesn't mean I lack the choice to sometimes read one or two of them and indeed reply to any of them, I wonder why sometimes... Perhaps time for a new hobby... A list like this needs filtering, regardless of the presence of trolls. A lot of my filters target outfits like Gentoo, or Mandriva, not because they are bad citizens, but because I am not using their product. As for the trolls, they get added as an extra to to my list filters. It doesn't take long to recognize which people never contribute anything positive. It's easy enough to do, and Full Disclosure becomes pretty useful when you do that. It's a lot like Usenet. Filters made the place usable. What people kept forgetting was that one rule: Don't feed the troll. This is the first netdev related thread on this list that I have seen in a while, and for that I am grateful. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 DoS Vulnerability in Apple iTunes
Advisory 2006-03-11 DoS Vulnerability in Apple iTunes I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Apple iTunes has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-596484 to this issue. APPENDIX A. - Vendor Information http://www.apple.com/itunes/ APPENDIX B. - References NONE CONTACT: *Peter Besenbruch [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
Steve Shockley wrote: Renaud Lifchitz wrote: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities The css part of this exploit is actively used by Intellicontact (or whatever they call themselves this week), the host of the factcheck.org mailing list. For example: LINK href=http://mail1.icptrack.com/track/relay.php?r=###msgid= =###act=admin=0destination=http://www.factcheck.org/styles/subpage_nn.css type=text/css rel=stylesheet To work around this, set: user_pref(mailnews.display.html_as, 3); A value of 1, rendering HTML as text, would be even better, I would think. A value of 2, simply showing the HTML source, is the safest of all. I'm not a big fan of HTML in e-mail, sanitized, or otherwise. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Need some advice for a new customer
Here's the question: Should the company notify their customers of a POSSIBLE compromise of their data? I have been trying to convince them that they should operate as though the data is compromised. Is that the right position to take as a security consultant? What would be the consequence to their business be if the news of compromise came from a third party, and not the business itself? They need to get out front on this. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Jason Coombs wrote: The following script error message was noted being displayed this morning on an airline check-in kiosk manufactured by Kinetics USA. Vendor: Kinetics USA www.kineticsUSA.com Line: 107 Char: 2 Error: object expected Code: 0 URL: http://151.151.10.46:64080/attract ?time=1124376480TransactionID=HNL_KIOSK09-050818044716 I have have seen that exact same error message, probably at the exact same kiosk. Those things are always going down at Honolulu Airport. When they work, it is reassuring that the first thing they ask for is a credit card swipe. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/