Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
@Valdis, your correct. He was expelled for other reasons. Despite receiving clear directives not to, he attempted repeatedly to intrude into areas of College information systems that had no relation with student information systems. These actions and behaviours breach the *code of professional conducthttp://www.dawsoncollege.qc.ca/public/72b18975-8251-444e-8af8-224b7df11fb7/info_desk/420a0_-_professional_conduct.pdf * for Computer Science students, a serious breach that requires the College to act. /pd On Thu, Jan 24, 2013 at 12:34 PM, valdis.kletni...@vt.edu wrote: On Thu, 24 Jan 2013 10:16:29 -0500, Benjamin Kreuter said: There is also the matter of the school itself. They were presented with a student who had found a vulnerability, reported it, and then checked to see if there were still problems. Does expulsion really sound like a reasonable punishment to you? Does any punishment seem in order, given that the student made no attempt to maliciously exploit his discoveries? It seems to me that a much better approach would have been to offer the student a chance to present the vulnerability in a computer security class. The school's mission is, theoretically, to teach its students -- why, then, would they remove from the student body someone who could do just that? I've seen reference to a few more details on this - namely: 1) The kid, as part of his major, signed an ethics document. 2) He was either told or agreed to not run the scanner again. 3) He did so anyhow. and that he didn't get kicked out because he ran the scanner, but because he did so *in violation of the ethics standard*. I'll probably have to go back and find references for all that - but even without that, it's something to think about. If somebody agrees not to do something, and then does it anyhow, is he *trustworthy* enough for a degree in that field? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 92, Issue 34 - 1. Microsoft Windows Help program (WinHlp32.exe) memory
Dont feed the trolls ! On Tue, Oct 30, 2012 at 11:21 AM, Mikhail A. Utin mu...@commonwealthcare.org wrote: Normal way of doing security research business (for normal people of course) is to inform the vendor and discuss the issue. I would not describe further steps as they are well-known. Kaveh Ghaemmaghami aka (coolkaveh) is either driven by his/her ego or never read this list posts. Or both. Mikhail utin, CISSP -Original Message- Today's Topics: 1. Microsoft Windows Help program (WinHlp32.exe) memory corruption (kaveh ghaemmaghami) 2. Microsoft Paint 5.1 memory corruption (kaveh ghaemmaghami) ** Hello list! I want to warn you about Microsoft Windows Help program (WinHlp32.exe) memory corruption Best Regards Kaveh Ghaemmaghami aka (coolkaveh) _ CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Your account could be at risk of state-sponsored attacks
this become news this am. but its been noted quite some time back ...its like #whattookthemsolong to make it pub http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/ On Fri, Oct 5, 2012 at 1:51 PM, Nick Boyce nick.bo...@gmail.com wrote: On Fri, Oct 5, 2012 at 8:04 AM, Aftermath aftermath.thegr...@gmail.com wrote: In the last two weeks some of my cyber friends have been getting this message in their gmail. http://support.google.com/mail/bin/answer.py?hl=enctx=mailanswer=2591015 [...] Has anyone else gotten this message from Google in the last 3 days? Mine was Tue, 2 Oct 2012 22:34:31 -0700 Nope - no such messages received at this Gmail address - I also looked in the Spam folder back as far as 25th.Sept .. none there either. Nor have I received any emails with suspicious attachments at this address though I'm bombarded by them at various other non-Google addresses. Googlemail seems to have pretty good filtering of mainstream malware and spam, so I find your story a little puzzling. NB: the Googlemail support page the link points to says you should have been directed there by a message above your inbox, *not* in the body of an actual email. As the support page says, they also use other indicators to decide you may be being targeted, such as suspicious login attempts. Maybe your cyber-friend-group is resident in a particularly targeted geographical region and Google knows it or maybe Google *has* successfully detected _some_ malware on its way to you, and noticed that the malware is sufficiently mutable in character (polymorphic) that other variants may have made it through undetected. Nick -- Q: How many Bavarian Illuminati does it take to screw in a lightbulb? A: Three: one to screw it in, and one to confuse the issue. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nishang: PowerShell for Penetration Testing
and this is coming from person who is has many years experience in Penetration Testing of many Government Organizations of India and other global corporate giants. Who the friggin hell hires such peeps who give away key /userid/pwd eh ? /pd On Wed, Aug 15, 2012 at 2:52 PM, Harry Hoffman hhoff...@ip-solutions.netwrote: Probably at the least want to change your pastebin password and api key: From Credentials.ps1: Post_http http://pastebin.com/api/api_login.php; api_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25api_user_name=koshishapi_user_password=nikhilpastebin Post_http http://pastebin.com/api/api_post.php; api_user_key=$session_keyapi_option=pasteapi_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25api_paste_name=credsapi_paste_code=$pastevalueapi_paste_private=2 Cheers, Harry On 08/15/2012 05:49 AM, Nikhil Mittal wrote: Hi List, I have written a tool in PowerShell which helps in usage of PowerShell for post exploitation activity. The tool, called, Nishang. is a framework and collection of PowerShell scripts. Details about it could be found on my blog at http://labofapenetrationtester.blogspot.com/2012/08/introducing-nishang-powereshell-for.html The toolkit is available at: http://code.google.com/p/nishang/ Please feel free to report bugs, feedbacks and feature requests. Regards, Nikhil _SamratAshok_ Mittal http://labofapenetrationtester.blogspot.com/ @nikhil_mitt https://twitter.com/#%21/nikhil_mitt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gauss is out !
Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran's nuclear program, Kaspersky Lab said on Thursday. http://www.reuters.com/article/2012/08/09/net-us-cybersecurity-gauss-idUSBRE8780NJ20120809 /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacker Highschool v2
not sure. I think its lesson on how2 pwn the troll n bully l! On Thu, Aug 9, 2012 at 4:16 PM, Benji m...@b3nji.com wrote: ah fantastic, a lesson on trolling and bullying. what a valuable service you are providing. On Thu, Aug 9, 2012 at 8:19 PM, Pete Herzog p...@isecom.org wrote: Hi, Version 2 of Hacker Highschool (www.hackerhighschool.org) is wrapping up. We will begin publishing/replacing each lesson as we finish it. Of course we can always use more dedicated experts to contribute which would speed the whole process up. More details on the project are available in a new article: http://opensource.com/life/12/8/hacker-highschool-students-learn-redesign-future FYI: since then, we've added 1 more lesson #22 Trolling and Bullying Enjoy! Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Comments group
nice infografixs http://go.bloomberg.com/multimedia/china-hackers-activity-logged-reveals-multiple-victims-worldwide/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How much time is appropriate for fixing a bug?
Thor (Hammer of God) : If and when they fix it is up to them. so if vendor don't fix it /ack the bug.. then what ?? Responsibility works both ways.. Advise the vendor.. if they say fuck it.. I say fuck u.. and will advise the community ! There is a responsibility to disclose a venerability to the community so that they can take down/block /deactivate a service . .All that is necessary for the triumph of evil is that good men do nothing. -whoever ..fuck it ! /pd On Fri, Jul 6, 2012 at 12:46 PM, Thor (Hammer of God) t...@hammerofgod.comwrote: Well, I have to say, at least he's being honest. If the guy is chomping at the bit to release the info so he can get some attention, then let him. That, of course, is what it is all about. He's not releasing the info so that the community can be safe by forcing the vendor to fix it. He's doing it so people can see how smart he is and that he found some bug. So Joro's reply of fuck em is actually refreshingly honest. Regarding how long does it take, it is completely impossible to tell. If someone fixed it in 10 minutes, good for them. It could take someone else 10 months. Any time I see things like Wikipedia advising things like 5 months I have to lol. They have no freaking idea whatsoever as to the company's dev processes and the extend that the fix could impact legacy code or any number of other factors. I would actually have expected code bug-finders to have a better clue about these things, but apparently they don't. MSFT's process is nuts – they have SO many dependancies, so many different products with shared code, so many legacy products, so many vendors with drivers and all manner of other stuff that the process is actually quite difficult and time consuming. Oracle is worse – they have the same but multiplied by x platforms. Apple I think has it the easiest of the big ones, but even OSX is massively complex (and completely awesome). It is all about intent: if you want to be recognized publicly for some fame or whatever, just FD it because chances are you will anyway. If you really care about the security of the industry, then submit it and be done with it. If and when they fix it is up to them. t From: Gary Baribault g...@baribault.net Date: Friday, July 6, 2012 7:59 AM To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How much time is appropriate for fixing a bug? Hey Georgi, Didn't take your happy pill this morning? I would say that the answer depends on how the owner/company answers you, if you feel that their stringing you along and you have given them some time, then warn them that your publishing, give them 24 hours and then go for it. Obviously it depends on the bug and the software, I major bug in a large program will take longer, and so long as they are talking to you, and you don't miss your morning happy pill, you can wait, a small bug in a small program shouldn't take as long. There is no one answer to your question, if you are having an interactive discussion with them, then be patient, otherwise, Georgi's answer is a good one if they are ignoring you or stringing you along. Gary B On 07/06/2012 10:33 AM, Georgi Guninski wrote: On Wed, Jul 04, 2012 at 10:49:18PM +0200, Jann Horn wrote: After having reported a security-relevant bug about a smartphone, how long would you wait for the vendor to fix it? What are typical times? I remember telling someone about a security-relevant bug in his library some time ago - he fixed it and published the fixed version within ten minutes. On the other hand, I often see mails on bugtraq or so in which the given dates show that the vendor took maybe a year or so to fix the issue... when i was young i asked a similar question. if you ask me now, the short answer is fuck them, if you are killing a bug the time is completely up to you. responsible disclosure is just a buzzword (the RFC on it failed). you have bugs, they don't have. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Please remove my e-mail and IP from internet
Well that guys an idiot.. Orange has data network coverage, spanning 220 countries and territories, 967 cities 1,468 PoPs worldwide.. nice way to draw attention to themselves.. Best comment you should consider a job outside of the IT /pd On Tue, Jul 3, 2012 at 11:28 AM, Gage Bystrom themadichi...@gmail.comwrote: Not to mention as others pointed out it is implied that the guy might've let out information he didn't have permission to let out, which could get him into some serious trouble. Also I could be wrong since I don't remember the full thing but did the guy said they were doing a pentest soon? No need to report the guy when any remotely competent pentest team is gunna find this and probably start laughing :) On Jul 3, 2012 8:18 AM, Jacqui Caren jacqui.ca...@ntlworld.com wrote: On 29/06/2012 06:47, Tonu Samuel wrote: Really funny thread is going on in Postfix-Users list. Scroll down about half of content here: http://comments.gmane.org/gmane.mail.postfix.user/227441 Just good example how NOT to do. I fwd'd details to lester haines of vulture central fame but doubt he will see it a a story. This outsourced orange sysadmin really needs the striesand effect to hit him and orange - hard! Has anyone contacted any of the email addresses in the logs pointing out the disclosure. I suspect kia as a company may not be too happy that a SAP reports email address has been disclosed. Far easier to soclially engineer something when you have even this minor sort of info. Jacqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?
quick quick nuke the co-ord [ 49°28'14 North | 16°56'48 East ] On Mon, Jun 25, 2012 at 2:49 PM, Jardel Weyrich jweyr...@gmail.com wrote: And you're trying to impersonate someone by using my email address as sender? I don't get it. Received: from emkei.cz (emkei.cz [46.167.245.118]) by lists.grok.org.uk (Postfix) with ESMTP id BBB2CCB for full-disclosure@lists.grok.org.uk; Mon, 25 Jun 2012 19:14:27 +0100 (BST) Received: by emkei.cz (Postfix, from userid 33) id BC04FD58DA; Mon, 25 Jun 2012 20:06:43 +0200 (CEST) To: full-disclosure@lists.grok.org.uk From: Jardel jweyr...@gmail.com -- jardel On Mon, Jun 25, 2012 at 3:06 PM, Jardel jweyr...@gmail.com wrote: Do you know? Even in DNS take down you can youcan access your favourite sites. People may think that in DNS shoutdown they can lost access to their addicted websites. But after reading this article you will know how easily you can access your websites. You can access them by typing their IP address in your web-browser. Copy the IP addresses given below: tumblr.com 174.121.194.34 wikipedia.org 208.80.152.201 Original Article: http://cybermughal.blogspot.com/2012/06/how-to-access-your-favorite-sites-in.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Publication References on Criminalisation of Hacking Tools Needed
http://www.europarl.europa.eu/news/en/pressroom/content/20120326IPR41843/html/Hacking-IT-systems-to-become-a-criminal-offence On Sun, Jun 10, 2012 at 10:33 PM, Pablo Ximenes pa...@ximen.es wrote: Hi Folks, I was wondering if any of you could point out any good references (academic preferebly) on the consequences of the Criminalisation of sales, distribution, advertisement, and cretation of Hacking Tools (those that can be used to facilitate a computer breach, especially software). I have find a few and would very much apreciate any contribution. Thank you. Regards, Pablo Ximenes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
++Thor !! On Fri, Jun 8, 2012 at 1:03 PM, Thor (Hammer of God) t...@hammerofgod.comwrote: finding solutions to countries using cyberwar and using innocent peoples machines to carry it out, invading peoples privacy and generally doing terrible stuff in the name of god and country. What solution? And who exactly is going to “find” it? The entire history of mankind is based on the “terrible stuff we do in the name of god and country.” We, of course, being humans. All we need is one of the two and we’ve got all the justification we need to go off and kill someone else for having a different god or different country. Note I said “justification” and not “motivation.” God and country are just excuses – means to an end. There’s always another agenda. ** ** Man does things for two reasons: to get laid, or to get paid. Everything else is just a nice fuzzy wrap to make us feel better about ourselves. “Finding some other solution” is naïve and a waste of time. We, and everyone else, will do whatever we want to do, and do whatever it takes to get away with it. It’s as simple as that. It’s easy and convenient for you to bitch about the injustices from behind a keyboard when men and woman are out there DYING for their country and the integrity of what they believe in, irrespective of the basis of the decisions their commanding bodies have for sending them out there. It’s called “real life.” Grow up and go get that bleeding heart sewn up at some free clinic, paid for by the government that has to do the hard work in order to preserve your right to whine about it. ** ** *[image: Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]*** * * *Timothy “Thor” Mullen* *www.hammerofgod.com* *Thor’s Microsoft Security Biblehttp://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727 * ** ** ** ** *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Laurelai *Sent:* Friday, June 08, 2012 9:04 AM *To:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran ** ** ___ F image001.png___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
haha..da retrun of da farewell dossier !! On Wed, Jun 6, 2012 at 2:21 PM, coderman coder...@gmail.com wrote: On Wed, Jun 6, 2012 at 11:16 AM, coderman coder...@gmail.com wrote: ... uncle sam has been up in yer SCADA for two decades. three decades; too early for maths! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
lets not 4get = Waychopee and Electric Skillet http://www.theage.com.au/news/breaking/weathering-the-cyber-storm/2006/02/11/1139542441421.html http://www.wired.com/politics/law/news/2005/05/67644 On Tue, Jun 5, 2012 at 11:53 AM, valdis.kletni...@vt.edu wrote: On Tue, 05 Jun 2012 17:01:49 +0300, Georgi Guninski said: http://www.theregister.co.uk/2012/06/01/stuxnet_joint_us_israeli_op/ US officials confirm Stuxnet was a joint US-Israeli op Well, sure ... so why are you telling us, Mr President? Posturing and positioning, mostly. Before the announcement, foreign states had to base their strategies on The US *may* have the ability to create a Stuxnet, but it's not certain they have any ability at all. Now, they have to plan based on They certainly have Stuxnet-level ability, and almost certainly have even more in their bag of tricks that they haven't admitted to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
..and what good will that do ?? US have not signed the Rome Statute of the ICC .. so The Hague has no jurisdciation of US citizens ! /pd On Tue, Jun 5, 2012 at 1:57 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: Why isn't anyone launching a criminal investigation into US Govt involvement in Stuxnet and Flame? Interpol should be investigating it and issuing arrest warrants, then individuals taken to The Hague for war crimes. --- Andrew Wallace @n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Info about attack trees
== there are no such thing as an attack tree. Eh ?? Seems that Schneier was blowing smoke up in the air with his thoughts on attack trees !! Anyhoot, here's another good old linky Military Operations Research V10, N2, 2005, http://www.innovativedecisions.com/documents/Buckshaw-Parnelletal.pdf http://www.innovativedecisions.com/documents/Buckshaw-Parnelletal.pdf /pd On Fri, May 25, 2012 at 9:46 AM, Daniel Hadfield d...@pingsweep.co.ukwrote: You can create an XSS with a SQLi If you can output on the page, you can inject HTML/JS with that variable On 25/05/2012 09:58, Federico De Meo wrote: Hello everybody, I'm new to this maling-list and to security in general. I'm here to learn and I'm starting with a question :) I'm looking for some informations about attack trees usage in web application analysis. For my master thesis I decided to study the usage of this formalism in order to reppresent attacks to a web applications. I need a lot of use cases from which to start learning common attacks which can help building a proper tree. From where can I start? I've already read the OWASP top 10 vulnerabilities an I'm familiar with XSS, SQLi, ecc. however I've no clue on how to combine them together in order to perform the steps needed to attack a system. I'm looking for some examples and maybe to some famous attacks from which I can understand which steps are performed and how commons vulnerabilities can being combined together. Any help is really appreciated. --- Federico. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Flame= cyberwar
is FLAME is actually a cyberweapon ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Flame= cyberwar
What is a cyberweapon ? How does one define codeset without actually doing the code review. If it took stuxnet 20 wks to dismantle .. Flame seems is 20 times more complex.. so how can one easily define it as a cyberweapon ?? btw.. seems that Kaspersky called 4 Cyber-Weapons Convention at the CeBIT /AU zone., that was a week ago.. waht a co-incidence !! /pd On Mon, May 28, 2012 at 11:46 AM, yersinia yersinia.spi...@gmail.comwrote: On Mon, May 28, 2012 at 5:34 PM, Peter Dawson slash...@gmail.com wrote: is FLAME is actually a cyberweapon ? Apparently YES http://securityaffairs.co/wordpress/5858/malware/call-it-flame-flamer-or-skywiper-its-a-new-cyber-weapon.html?goback=.gmp_60173.gde_60173_member_119190526.gde_60173_member_119178241 http://www.jpost.com/MiddleEast/Article.aspx?ID=271709R=R1 regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Certificacion - Profesional Pentester
yes thats true ..but lets not 4get one needs to forkup $150/- before you can finger their servers 2012/5/23 Thor (Hammer of God) t...@hammerofgod.com Hell Juan. As per the conditions of the contract I forwarded, I am pleased to see that you have given me full permission to assess any systems of yours I feel are within scope. I’m copying in FD again so they can all be witness to the fact you acting in a manner consistent with the terms of my contract, and that you have given me full permission to do as I wish with any aspect of your network without repercussions. ** ** I’m looking forward to it! Thank you. ** ** *[image: Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]*** * * *Timothy “Thor” Mullen* *www.hammerofgod.com* *Thor’s Microsoft Security Biblehttp://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727 * ** ** ** ** *From:* Juan Sacco [mailto:jsa...@exploitpack.com] *Sent:* Wednesday, May 23, 2012 7:59 AM *Subject:* Certificacion - Profesional Pentester ** ** Certificate como un profesional de la seguridad informática y aprende a realizar tu mismo un penetration testing. El curso tiene una duración de ( 15 horas de practica en laboratorio ) y se entrega diploma y certificado de asistencia. ( Con examen final aprobado ) Primer clase empieza este sabado 26, es ONLINE y en VIVO. El contenido del curso es técnico y practico, ademas se incluye licencia de Exploit Pack ( de regalo ) herramienta la cual utilizaremos para realizar testeos de intrusión. Costo total con descuento: 150 USD Registrate ahora: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=UXC4U5BSVP4P4 ** ** Como se realiza un Buffer Overflow y como prevenirlos? - Manejo de memoria - Procesamiento y threads - Escritura en memoria - Compilacion usando GCC - Debugging con GDB - Tecnicas de proteccion - Seguridad web SQL y XSS - Debugging de sitios - Programacion en Javacript - Politicas de segurida - Arquitectura de computadores - Lenguaje ensamblador - Buffer Overflows - Escritura y manejo de pilas - Exploits con Python No se requiere ningún conocimiento previo para asistir ya que se empieza desde cero. ** ** Saludos Juan Sacco Exploit Pack http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ image001.png___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vi.sualize. us hacked ?
does any1 know about abnormal user patterns emerging fom http://vi.sualize.us ?? Seems that other sites are being flooded with user streams form this property. has http://vi.sualize.us has been compromised ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos
It made news all over the interwebs too- Zack jerkin da chicken !! So much for privacy.. On Wed, Dec 7, 2011 at 9:59 AM, Peter Dawson slash...@gmail.com wrote: Yes this was closed pretty fast. FB is already facing numerous Privacy breach issues.. in US/Canada http://ftc.gov/opa/2011/11/privacysettlement.shtm On Tue, Dec 6, 2011 at 11:55 AM, Lamar Spells lamar.spe...@gmail.comwrote: Is it possible that FB fixed that quickly? It worked for me at about 10:00 AM Eastern this morning. Sent from my iPhone 4 On Dec 6, 2011, at 10:36 AM, darway yohansen darway.lev...@gmail.com wrote: I just tested this and i don't get the same options as in step 5 *Help us take action by selecting additional photos to include with your report * On Tue, Dec 6, 2011 at 2:41 PM, Peter Dawson slash...@gmail.com wrote: Has this been ACK'ed by anyone else ?? Seems that FB's Report in/Block process breaks their own privacy stds ! http://forum.bodybuilding.com/showthread.php?t=140261733 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos
Yes this was closed pretty fast. FB is already facing numerous Privacy breach issues.. in US/Canada http://ftc.gov/opa/2011/11/privacysettlement.shtm On Tue, Dec 6, 2011 at 11:55 AM, Lamar Spells lamar.spe...@gmail.comwrote: Is it possible that FB fixed that quickly? It worked for me at about 10:00 AM Eastern this morning. Sent from my iPhone 4 On Dec 6, 2011, at 10:36 AM, darway yohansen darway.lev...@gmail.com wrote: I just tested this and i don't get the same options as in step 5 *Help us take action by selecting additional photos to include with your report* On Tue, Dec 6, 2011 at 2:41 PM, Peter Dawson slash...@gmail.com wrote: Has this been ACK'ed by anyone else ?? Seems that FB's Report in/Block process breaks their own privacy stds ! http://forum.bodybuilding.com/showthread.php?t=140261733 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FB privacy breach - view PRIVATE Facebook photos
Has this been ACK'ed by anyone else ?? Seems that FB's Report in/Block process breaks their own privacy stds ! http://forum.bodybuilding.com/showthread.php?t=140261733 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Client aproach
Send site owner/admin anon email and leave it at that.. as Thor mentioned give em the info for free! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fujacks Variant Using ACH Lure
any know the CC vectors for this ?? http://isc.sans.edu/diary.html?storyid=12061rss ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Yes to a certain degree its all about Saving FACE. .. however FB's 30member integrity team is only bothered about how to manage the vectors that have been primed to protect. FB is the largest network protected .. (YES big word Protected !! / they have over 25B checks per day and reaching upto 65K/sec at peak. Building an Immune System as large as FB's takes time, but its only on known vectors. The unknown is never realized unless one is willing to collaborate and confirm with user/community. Large Org's have the syndrome if living in the ivory tower and that is the biggest downfall. What could have happened if a zero day was filed and alternative markets were sought with this bug ? Yes, alternative markets pay better !.. but just saying. .what was damage ratios to users ? /pd On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin mu...@commonwealthcare.orgwrote: Face Book is trying to save its face. It's typical. I got the same answer from SonicWALL one year ago when discovered that simple internal network scanning (Nessus, Nmap, etc.) brings down entire network. The firewall internal TCP connections stack was overloaded within a few seconds (IPS is not enabled, thus was not accepting new connections. Mikhail A. Utin, CISSP Information Security Analyst ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com/www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
oh ok..i c ur point.. if they did tell him to wait and he failed their NDA.. then its an issue /pd On Fri, Oct 28, 2011 at 12:04 PM, Pablo Ximenes pa...@ximen.es wrote: Agreed. What I'm asking is whether Facebook did ask him to wait. Did it? If it did it's a whole different ball game. Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 28/10/2011, às 13:01, Peter Dawson slash...@gmail.com escreveu: I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
if I get it right this dude is supposed to be - Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof Whatever happened on protocol's for responsible disclosure ? On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 sec...@gmail.com wrote: Screw you dude, attaching executable doc files , and then pushing out a few *0days* I wont be looking at *any* thing attached as a doc, thats just common sense. nowdays, and there is abs NO need on this list for it, it is FD, your meant to put it in the BODY of email, or atleast maybe next time, change the type to linux 0day and attach .S file... ?? screw u and ur advisorys, fix them into proper order asin written as any would be, and ill read it, but never ask a dood to open the attachment! On 7 October 2011 22:48, asish agarwalla asishagarwa...@gmail.comwrote: Hi, LinkedIn_User Account Delete using Click jacking. This Vulnerability is accepted by LinkedIn they are in a process to patched it but not yet patched. Please find the document describing the vulnerability. Regards Asish ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Questions regarding cryptography laws
Canada Law and policy http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/h_gv00084.html /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacked servers mining for bitcoins?
I think that Bitcoin to (linden$ ) L$ | USD is another method of morphing the economics to support real vector values. Bitcoin's design allows for pseudonymous ownership and transfers and thereby making it attractive space to begin with. Plus with an overall growth anticpated to be approx $21M, it is lucrative for small black transaction ...just saying /pd On Tue, Jul 19, 2011 at 3:21 PM, Chris M ch...@nullroute.net wrote: Yes, it is well known that certain individuals are using compromised *nix servers particularly to run bitcoin miners into pools. Its only been happening for.. a long time. On Tue, Jul 19, 2011 at 8:20 PM, Zach C. fxc...@gmail.com wrote: Hmm -- that's interesting. I wonder if it would be possible/feasible to build a botnet in this fashion that would overtake legitimate bitcoin nodes in terms of CPU power. (You probably know what would happen then) On Jul 19, 2011 12:11 PM, Robin ro...@rbsec.net wrote: Had to deal with a server today that had been hacked (still running realVNC 4.0, so there's that lovely bypass exploit released 4 years ago). This server was an exchange/domain controller for a small business. Not much seemed to have been done to it. From the looks of it, all the attacker had done was make themselves a new account (domain user, local admin, username 'sys'), and had then logged into it, downloaded the Ufasoft bitcoin miner from a russian file sharing site, and then run it. The file was called `mmc.exe`, and was saved in the new account's `My Documents`. No other attempts to hide what was being done. Has anyone seen this before? Can you make more money from generating bitcoins on a hacked server than sending spam from it? The value of bitcoin is usually offset by the cost of generating it, but if you're using other people's resources to do it, it suddenly seems much more attractive. This looked like a fairly amateur attempt, so it could be a one-off skiddy, but maybe others will follow... ~Robin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated and bio-degradable. I interface with my database, my database is in cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m radioactive. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook name extraction based on email/wrong password + POC
I did not report this, as I am unsure on what to call it, a bug, vuln or a feature. How very convenient !! )- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites
http://www.afcyber.af.mil/news/story.asp?id=123110806 seems the cybercommand is not ramping up.. On Mon, Aug 18, 2008 at 5:02 AM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There's no need as n3td3v got see-throught powa + thight pants On Mon, 18 Aug 2008 02:23:36 +0200 William McAfee sec- [EMAIL PROTECTED] wrote: Would you mind elaborating on your actual evidence? All I see is logic, but I do not see much hard fact. I'm not agreeing, I'm not disagreeing. I'm just asking for clarification. On Mon, 2008-08-18 at 01:08 +0100, n3td3v wrote: By the way, Russian sites have been hacked as well. So why is everyone only talking about the Georgian sites and infrastructure? If Russian sites and infrastructure is down as well that means the Georgian government has hacked them, doesn't it Or does it? Or is the whole thing just a false flag by the U.S government underworld to infulence McCain and Obama as they are potentially coming in to the white house? It seems to me that there is bias towards Russia in the security community and that people don't really care if Russia was hacked, because the community seem to have already chosen who they like and who they are going to support and who they are going to point blame at. I don't think westerners have ever liked Russia, so as soon as something like this happens, folks straight away are bias towards Russia. You've got to remember this could easily be a false flag cyber attack to setup Russia to make them look bad while ramping up cyber security as a national security agenda as Marcus Sachs http://www.youtube.com/watch?v=FSUPTZVlkyU says in the Youtube video. The reasons for a false flag cyber attack is there, the evidence has been put in front of you by n3td3v. This isn't just some false flag conspiracy, there are plausible reasons why this could be a false flag. In the video Marcus Sachs asked the audience for ways we could make cyber security a national security agenda, false flagging something like the Georgian and Russian websites and infrastructure is not a way the government underworld might make cyber security a national security agenda? I call a false flag, and I find it suspicious that people are only talking about the Georgian websites and infrastructure being cyber attacked and not the Russian stuff as well. I would be interested in what answers the audience gave to Marcus Sachs, but thats not in the video unfortunately. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkipOsAACgkQFDPTJDb6CslMrAP+MLrr3GWUd/fN1yp8pbReJ0y/fHpt OwBVolTaGO074JpAMKm91c20/EdlnkUZXtJhu3C2oPGQFNwmcrIkv/Swn64Vqz4GdsNY PxFlLBnF5VdG/R5f03i/4vr7+wxbELBh9apPNhKcR8pymd0E1gdClg9+VGnhSDqe9fNz TKqkbf8= =1mrT -END PGP SIGNATURE- -- Don't leave everything up in the air. Click here for great quotes on flight insurance! http://tagline.hushmail.com/fc/Ioyw6h4ethS67i0iU8P5AvwzT1kCYC46p1UbQtxLq0CqcbkxAWAD6g/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The cat is indeed out of the bag
On Wed, Jul 23, 2008 at 10:57 AM, mokum von Amsterdam [EMAIL PROTECTED] wrote: Are you not supposed to keep DNS issues under your hat and disclose at BH only? I think that rule /Nda exists only for Dan Kaminsky .. Rest of world is still in FD mode !! /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] so this is FD...
I agree with G. Blogs are the best. I use google alerts for terms and items of interest. Set an auto filter and fwd to a pvt group setup on google. So now I have an list of Security/ hacks and stuff like that for personal mining and monitoring.. takes a little time to setup and maintain is easy for closed loop of this sort and its all free :)- hope this helps.. /pd On Fri, Jun 27, 2008 at 9:09 AM, Garrett M. Groff [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suggestion - check out the array of good security blogs if you're not already doing so. G ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
yeah it already it exists and it's called a scrambler (e.g SIGSALY) **On Fri, Jun 20, 2008 at 6:21 AM, Fabio Pietrosanti (naif) [EMAIL PROTECTED] wrote: That' s a very interesting point... Would be possible, somehow, to make a software that encrypt skype calls independently from skype encryption? Something like detecting the audio sample and enciphering it before are sent to the ip channel and decrypted before are received by the skype application? -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Write Software, Change Washington
http://my.barackobama.com/page/s/sectechinterest ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free Iraq
so much for being the friggin US of A !! http://tpmmuckraker.talkingpointsmemo.com/2008/03/todays_must_read_304.php ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free Tibet..
yeah, Fux..how about th US getting into FD mode on the minuteman missile heads sent into Taiwan.. yeah and the chinese had their hands on them for 2yrs .. On Tue, Mar 25, 2008 at 6:47 PM, Gautam [EMAIL PROTECTED] wrote: Well, I was in Dharamshala a week back, my mother is Tibetan I know from her that many of our relatives in Tibet have disappeared over time. I speak from my heart that Tibet needs to be free but my brain thinks this is not possible.. From what I know, China has beein actively spying everywhere, there were incidents where meeting rooms, conferences were bugged, telephone tapped when Tibetan govt in exile in *India* wanted to conduct meetings. There already are many reports that China actively attacking US govt sites penetrating it.. I think it is possible that some of the hardware/firmware that is manufactured in China may already be backdoored.. as most of us .. what we use already comes from China this is really scary. (China: All your ADSL routers belong to us) On Tue, Mar 25, 2008 at 6:01 PM, Byron Sonne [EMAIL PROTECTED] wrote: This list is about whatever I want it to be. You see any moderation around here? Everything is political, my friend. Get your head out of the sand, and let's do something about those murderous thugs called the Chinese government. Did you forget Tiananmen square? You seen how Falun Gong members are treated? Did you forget that the Chinese have been attacking USA sites, gov't and commercial? Well, I think it's time to do some more 'Full Disclosure' and start disclosing China's infrastructure weaknesses. For folks in the Cell 'Primary': XAHGS-KDJGQ-OIUQA-MMASD-TTXPN-GQPFJ, 23:00 UTC, hopping: mu Dead drops to follow, schema: blue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] new crimeware package
Researchers at Finjan say they recently stumbled upon a Website selling and trading these stolen FTP server administrator credentials in a software-as-a-service model. http://www.darkreading.com/document.asp?doc_id=147123WT.svl=news2_1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum
Bloody hell. that site took away nearly 30 minutes of my time.. thanks for sharing /pd On Fri, Feb 22, 2008 at 1:38 PM, Peter Besenbruch [EMAIL PROTECTED] wrote: On Thursday 21 February 2008 22:18:05 Gadi Evron wrote: http://www.videojug.com/film/how-to-behave-on-an-internet-forum :) Gadi. I AGREE! LOL -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SCADA Security Corruption
huh ?? could you pls share the search term / final URL of archived page !! On Feb 17, 2008 12:28 PM, Ghost Rider [EMAIL PROTECTED] wrote: Well through my Google searching I also came across an interesting archived Google Talk chat with his name in it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
You insensitive bastard . TASK will get you !! :)- .pd On Thu, Feb 14, 2008 at 7:00 PM, Byron Sonne [EMAIL PROTECTED] wrote: People die all the time, I don't care, and I don't need to hear about it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
I can ...but I won't ! WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? On Feb 11, 2008 3:46 PM, Abilash Praveen [EMAIL PROTECTED] wrote: Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @ gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? Abilash ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
Ok yeah I hear u on the jump points vectors. Makes sense ! On Feb 11, 2008 5:10 PM, [EMAIL PROTECTED] wrote: On Mon, 11 Feb 2008 16:57:40 EST, Peter Dawson said: WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? If you're a black hat, it's often worth a *LOT* to see your actual high-value target say: WTF is abilashpraveen.com and how come they just hacked us? Remember - an uninteresting host has actual value to a black hat - everything from a throw-away jump point for launching an attack, to sending spam, to hosting the websites the spam points back to, and other creative uses. And the *more* uninteresting it is, the *more* likely that it's running on autopilot and the hacking won't be noticed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
Adam I don't recall Rsnake or id posting a review on secreview. Is there a link you could share ? tia /pd On Jan 2, 2008 9:45 AM, Adam Muntner [EMAIL PROTECTED] wrote: Dre thx for pointing out the ha.ckers.org posts. More evidence of secreview selective quotation and/or ability to 'research' ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers -Exposed] Cybertrust ( C + )
Agreed. !! I think theres a lot of 'fair play' with the secreview folks. -- We're going to give Cybertrust a C but if you can convince us that they deserve a different grade then we'll revise our opinion. So they are open for rebuttals and to changing their opinions ! On Dec 20, 2007 9:55 AM, Epic [EMAIL PROTECTED] wrote: Isn't ANY review subjective to opinion?I do not understand the basis of this flame. It appears to me that a lot of the reviews on this site offer some great insight into the companies being presented. Granted it is an opinion, but that is what a blog is isn't it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview [EMAIL PROTECTED] wrote: The Denim Group http://www.denimgroup.com/service.html located at http://www.denimgroup.com is Security Serviceshttp://www.denimgroup.com/service.htmlProvider that focuses strictly on Web Application Security Services http://www.denimgroup.com/service.html. We asked them why they chose the name Denim Grouphttp://www.denimgroup.com/service.htmland they said that it was a marketing idea that enables them to stand out from the rest of the providers. (the name was actually thought up by a founders X wife) As it turns out, it was a good idea and it works! When we think Denim Group http://www.denimgroup.com/service.html the first thing that comes to mind is Clothing and what the hell does that have to do Application Security? Can't forget the name and the total lack of correlation. Aside from the name, we are actually pleased with what we found when we reviewed the Denim Group http://www.denimgroup.com/service.html. When we spoke with John Dickson we learned a lot about their methodology. We learned that the Denim Group http://www.denimgroup.com/service.html does use automated tools such as WebInspect to perform preliminary scans against target applications. They also use tools like fortify to perform source code reviews. That being said, automation only covers about 20% of the workload for the services that they deliver. The remaining 80% of the workload is done by high talent Web Application Security Specialists that truly understand how to harden a Web Application. They not only look for the common issues like Cross Site Scripting (No Sacure, its not called Cross-Site Shipping) , Cross Site Request Forgery, Remote File Inclusion, etc. but they also look for logic issues and other types of design flaws. The Denim Group http://www.denimgroup.com/service.html does use tools to help them perform their manual testing, as do most worthy security providers. The tools that they use are special interception proxies that enable them to view and manipulate conversations between client and server, amongst other similar manually intensive tools. This enables the Denim Group http://www.denimgroup.com to truly impact the quality of their deliverables with strong manual testing. All in all, if you are looking for a provider to perform Web Application Security type services, we think that the Denim Group http://www.denimgroup.com/service.htmlis a great fit. If you are looking for a full service Professional Security Services shop, well you'll probably have to look somewhere else because they do not offer Network Penetration Testing Services, Vulnerability Assessments, etc. That being said we were so impressed with the Denim Group http://www.denimgroup.com/service.htmland the caliber of their service offerings, that we decided to give them an A-. The only reason why they didn't get an A or an A+ is because they are technically not a full service shop. So, we recommend using the Denim Group, http://www.denimgroup.com/ they kick ass! If you'd like to comment on this, please visit http://secreview.blogspot.com and post a comment. If you feel that this post is inaccurate, please let us know why and we'll consider your opinion for a review. Thanks for reading! -- Posted By secreview to Professional IT Security Providers - Exposedhttp://secreview.blogspot.com/2007/12/denim-group.htmlat 12/14/2007 12:13:00 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
Yeah .. a) Social engineer victim to open it. b) Persuade victim to run the command is kind funky.. On Nov 28, 2007 5:21 PM, Stan Bubrouski [EMAIL PROTECTED] wrote: Not to mention the obvious fact that if you have to trick someone into running a batch file then you could probably just tell the genius to execute a special EXE you crafted for them. -sb On Nov 28, 2007 4:43 PM, dev code [EMAIL PROTECTED] wrote: lolerowned, kinda like the 20 other non exploitable stack overflow exceptions that someone else has been reporting on full disclosure Date: Wed, 28 Nov 2007 09:11:30 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability so... what fuzzer that you didnt code did you use to find these amazing vulns? Also nice 'payload' in your exploits meaning 'nice long lists of as'. You should not claim code execution when your code does not perform it. Well I guess it has been good talking until your fuzzer crashes another application and you copy and paste the results On 11/28/07, Rajesh Sethumadhavan [EMAIL PROTECTED] wrote: Microsoft FTP Client Multiple Bufferoverflow Vulnerability # XDisclose Advisory : XD100096 Vulnerability Discovered: November 20th 2007 Advisory Reported : November 28th 2007 Credit : Rajesh Sethumadhavan Class : Buffer Overflow Denial Of Service Solution Status : Unpatched Vendor : Microsoft Corporation Affected applications : Microsoft FTP Client Affected Platform : Windows 2000 server Windows 2000 Professional Windows XP (Other Versions may be also effected) # Overview: Bufferoverflow vulnerability is discovered in microsoft ftp client. Attackers can crash the ftp client of the victim user by tricking the user. Description: A remote attacker can craft packet with payload in the mget, ls, dir, username and password commands as demonstrated below. When victim execute POC or specially crafted packets, ftp client will crash possible arbitrary code execution in contest of logged in user. This vulnerability is hard to exploit since it requires social engineering and shellcode has to be injected as argument in vulnerable commands. The vulnerability is caused due to an error in the Windows FTP client in validating commands like mget, dir, user, password and ls Exploitation method: Method 1: -Send POC with payload to user. -Social engineer victim to open it. Method 2: -Attacker creates a directory with long folder or filename in his FTP server (should be other than IIS server) -Persuade victim to run the command mget, ls or dir on specially crafted folder using microsoft ftp client -FTP client will crash and payload will get executed Proof Of Concept: http://www.xdisclose.com/poc/mget.bat.txt http://www.xdisclose.com/poc/username.bat.txt http://www.xdisclose.com/poc/directory.bat.txt http://www.xdisclose.com/poc/list.bat.txt Note: Modify POC to connect to lab FTP Server (As of now it will connect to ftp://xdisclose.com) Demonstration: Note: Demonstration leads to crashing of Microsoft FTP Client Download POC rename to .bat file and execute anyone of the batch file http://www.xdisclose.com/poc/mget.bat.txt http://www.xdisclose.com/poc/username.bat.txt http://www.xdisclose.com/poc/directory.bat.txt http://www.xdisclose.com/poc/list.bat.txt Solution: No Solution Screenshot: http://www.xdisclose.com/images/msftpbof.jpg Impact: Successful exploitation may allows execution of arbitrary code with privilege of currently logged in user. Impact of the vulnerability is system level. Original Advisory: http://www.xdisclose.com/advisory/XD100096.html Credits: Rajesh Sethumadhavan has been credited with the discovery of this vulnerability Disclaimer: This entire document is strictly for educational, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your own risk. The exploit code/Proof Of Concept is to be used on test environment only. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: [Full-disclosure] Police swoop on 'hacker of the year'
yeah , but he's still on no charge status.. so all is good .. but he's still out of pocket for the h/w.. On Nov 14, 2007 8:02 PM, worried security [EMAIL PROTECTED] wrote: The Swedish hacker who perpetrated the so-called hack of the year has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated. http://www.smh.com.au/news/security/police-swoop-on-hacker-of-the-year/2007/11/15/1194766821481.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail == Narqz
We both agree Hushmail deserves credit for its frank and open replieshttp://blog.wired.com/27bstroke6/files/hush_klp.pdf(.pdf). Such candor is hard to come by these days, especially since most ISPs won't even tell you how long they hold onto your IP address or if they sell your web-surfing habits to the highest bidders. Did HushMail inform their users that their emails were goin to be handed over to government agencies ?? Yeah it kewl to be nice to the MSM and Fed's but what about the user (s) ?? /pd On Nov 8, 2007 1:43 PM, Paul Melson [EMAIL PROTECTED] wrote: http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html I thought it seemed a little quiet on fd today. :-) PaulM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers can divert Vonage calls: security firm =?
y would they be looking for VC ? Sequoia is already on thier board !! On 10/25/07, Muskegon Whitehall [EMAIL PROTECTED] wrote: I have not heard of any chatter on this one.. http://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNewsstoryID=2007-10-24T183023Z_01_N24160249_RTRIDST_0_TECH-VONAGE-HACKERS-COL.XMLarchived=Falsehttp://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNewsstoryID=2007-10-24T183023Z_01_N24160249_RTRIDST_0_TECH-VONAGE-HACKERS-COL.XMLarchived=Falsedoes anyone know different or is this just some company pimping ?? Someone is fishing for VC. http://www.sipera.com/index.php?action=company,press_releaseid=366 http://www.sipera.com/index.php?action=resources,threat_advisory Sipera kindly alerted the media, so none would miss this groundbreaking research: cleartext protocols can be intercepted! Not since military-grade XSS 0day on cable modems has a clearer, and more present danger existed. ThreatCon: Critical. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hackers can divert Vonage calls: security firm =?
I have not heard of any chatter on this one.. http://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNewsstoryID=2007-10-24T183023Z_01_N24160249_RTRIDST_0_TECH-VONAGE-HACKERS-COL.XMLarchived=False does anyone know different or is this just some company pimping ?? /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zone-H.org: 10 reasons websites get hacked
Why shot the messenger..kill zat darn army (OWASP ) that create the mess in the first place !! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] are the NetBIOS-like hacking days over? - wide open citrix services on critical domains
all of them wide open and susceptible to attacks Unless you probes those vectors, will you be able to tell if they are suceptible to attacks. !! be rest assued nobody wants to dick around wiht us-cert. noneless, pdp -thats a good write writeup !! /pd On 10/4/07, pdp (architect) [EMAIL PROTECTED] wrote: The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains. This is madness! No, this is the Web. Through, I wasn't expecting what I have found. Hacking like in the movies? I did not poke any of the services I found, although it is obvious what is insecure and what is not when it comes to citrix. It is enough to look into the ICA files. With a few lines in bash combined with my Google python script, I was able to dump all the ICA files that Google knows about and do some interesting grepping on them. What I discovered was unbelievable. Shall we start with the Global Logistics systems or the US Government Federal Funding Citrix portals - all of them wide open and susceptible to attacks. Again, no poking on my side, just simple observation exercises on the information provided by Google. Just by looking into Google, I was able to find 114 wide open CITRIX instances: 10 .gov, 4 .mil, 20 .edu, 27 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn't even dare look at theirs ICA files. I am trying to raise the consumer awareness with this article. I mean, it is 2007 people, it shouldn't be that simple. I did write and article about my findings which you can read from here: http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ I've also created a video that show the lamest way someone can use to break into unprotected citrix just to show the concepts. CITRIX hacking is just like back in the old days with NetBIOS. It simple. It is malicious. It is highly effective. And the problem is that CITRIX is pretty useful. Here is a dilemma for you: Let's say that you have a pretty stable desktop app which you would like to be available on the Web. What you gonna do? Port it to XHTML, JavaScript and CSS? No way! You are most likely going to put it over CITRIX. I've also wrote a script which makes use of ICAClient ActiveX controller to enumerate remote Application, Servers and Farms: http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/enum.js Let me know if you find this useful. cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Life cycle of a hacker by n3td3v
what about an SOB ?? /pd On 10/3/07, worried security [EMAIL PROTECTED] wrote: new-bie - hangs around web based chat: yahoo chat, msn chat. watches what hackers are doing, hangs about with them to befriend them and gain intelligence on how they hack, and ask for the tools from the people who make them to hack a few yahoo or msn accounts for themselves. while this isn't true hacker, its the beginning of a career of electronic hacking. kool-bie - has made friends with hackers who make the tools, has gained their trust and is welcomed into the real hacker social circles that the newbie wasn't socially accepted into as a newbie. koolbies are poked and probed and groomed, as in, if an insect is in your furr, then the real hackers will tell you and remove the pest irritating their skin. koolbie is given beta releases of the hackers tools before the newbie general public. curious-bie - the curiousbie,now bored with what the new-bie and kool-bie scene had on offer, starts wanting to dismantle, the tools they've been using. the curiousbie starts wanting to have the popularity, respect and chicks the real-bies have in the scene. the curious-bie will discover a hex editor and start exploring the real world of infosec, may start discovering new things by typing catchphrases into search engines, and finding security news articles interesting. starts finding mailing lists to do with real vulnerabilies. real-bie - the real hacker, has finally been reading mailing lists and news articles for a while, starts thinking about linux distros, joining internet relay chat, joining real discussion about technical emphasis of vulnerabilities, wants to start hacking. true-bie - has sucessfully penetrated an online application, maybe e-mail, gathers intelligence, gets interested in forming views of government and other people who are active members of mailing lists. at this point the industry discovers the person, the true-bie becomes vocal on online communities such as lists, social media sites, and news feedback forums. student-bie - has formed strong views and believes he is right, now wants to make money in a career of information security. goes to collage to become professional. hides hacking background from student peers, feels guilty about being part of the underground, keeps it secret. pro-bie - graduates from university, expects a full pay and a successful life, ends up just working in the local supermarket, this person is highly skilled hacker with knowledge of ethical stardards. doesn't get the job the course advertised the student would get, gets frustrated about life, feels lost and cheated, starts acting as a security professional online anyway, to live the dream they never got, even though they put the sweat and tears into achieving their university degree. at this point the government becomes concerned, pro-bie sets up websites, with professional text, claming to be a research group, or company that'll protect companies. the pro-bie will release real vulnerabilities to mailing lists and will get attention headlines from security journalists. job-bie - has, through exposure of releasing vulnerabilities and getting talked about in news articles, is offered a job at a real vendor company. the job-bie has managed to get the job and pay the pro-bie wanted, although admittedly, the university years ended up being a waste of time in reality. mature-bie - has been in known named company for a while, is known as an expert. older and more wiser, the mature-bie may start a blog, and commentry made by the mature-bie is often seen in quotes in news articles, commenting on security incidents and other security related current affairs. the mature-bie is respected member of the security community, the goal of everyones life in the industry, the mature-bie is looked on by government, and the government actually listen to what the mature-bie says on his blog, and quotes seen in news articles. mature-bie may be invited to vendor-security conferences, and government meetings, and the mature-bie may be approached by telecom companies to consult and help develop new cutting edge technologies and initiatives. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wachovia Bank website sends confidential information
Reconfirming time stamp(s) !-- Vignette V6 Wed Jul 11 16:13:41 2007 -- their policy pages was updated On 7/11/07, Bob Toxen [EMAIL PROTECTED] wrote: On Wed, Jul 11, 2007 at 12:38:54PM -0400, Steve Ragan wrote: It has comments with time-stamps of late yesterday, after I disclosed on the list: !-- Vignette V6 Tue Jul 10 19:28:33 2007 -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
On 7/8/07, Michal Zalewski [EMAIL PROTECTED] wrote: [..]pretty much stands against *all* the core values of the hacker culture - a culture to which this field of research owes quite a bit. Agreed, but values have changed.. thats why there are terms as white/black and shades of gray all over !! Yeah, it can be done. It might be legal by itself, too - though I'm sure the moment your code is used for malicious purposes (or simply against your government), Oh yeah you got that right-- ask the .gov stealth man who wants to bid out a contract to dev a hack which then can be used against another government Now is that *core values* ??? Following the money trail will always point back to either a .gov or large company. who eventually buy the 0day or w/ever.. this is the nature of the world.. it spins around money.. and money touches everything. ..and btw I am not talking about a virus/worm that some researcher dev'ed and it gets into the wild - they normally just do it for fun and get their hands slapped in the bargain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Polycom hacking
interesting concept.. harvesting a polycom device for Botnet's. hm.. the key would be how the heck to get the stealthware on such a device ?? On 6/27/07, Paul Schmehl [EMAIL PROTECTED] wrote: --On June 27, 2007 3:27:28 PM -0400 Adriel T. Desautels [EMAIL PROTECTED] wrote: Paul, Specifically what are you looking for? As I mentioned earlier, I'm not interested in DoSes. I'm looking at how to hack a Polycom to use it to infect users, perhaps be a CC for a botnet, that sort of thing. I think it's entirely possible. I just wondered if anyone else had looked at it. There's lots of DoS type stuff for the Polycom, but those don't interest me. Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Invitation to connect on LinkedIn
Increasingly, if you're not LinkedIn, you're left out. --Business 2.0 It's interesting to see what they'll say in Business 2.1 Service Pack 3, once they've gotten the bugs out. yeah, Business2.1 SP3 Pack will have a msg which will sez : thank you for responding to an email harvester- now your inbox is going to be pickled in a jar, to avoid this situation, please upgrade to version 2.2 of the s/w- its free to use for 30 days !! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Oday release
On 6/13/07, Joanna Rutkowska [EMAIL PROTECTED] wrote: One (I guess some responsible disclosure purist) could ask why they waited 6 months before reporting this vulnerability to the vendor? What were they doing with this exploit for the whole 6 months? maybe they were waiting for VistaX64 to be fixed ?? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] You shady bastards.
On 6/6/07, Joey Mengele [EMAIL PROTECTED] wrote: In any event, I have alerted the FBI to your hacking attempt. I do not wish to become your latest victim of police kidnapping, choking, and beating. Woot Woot ..what Hacking attempt ?? Send Bait. Check Log. Pub finding - the recon worked well, IMHO. I think the big deal here is that some peep(s) were caught with their hands in the Cookie jar.. trying the baited URL. Thats crossing the line, if you are not the intended receiptent !! /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vista typographical vulnerability
I'm surprised. Normally, it's the Americans who fail to realize that there is more than one way to speak English. Oh don't be !! The Americans fail to realize that there is more than one one way of living. (sic the american dream !!) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers uniting against Iran?
On 4/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: It can be argued that the German's siege of Leningrad, which lasted almost 900 days but they never managed to take the city, was the first indication that the Germans had run into trouble... Operation Barbarossa triggered the downfall of the Nazi's. *We have only to kick in the door and the whole rotten structure will come crashing down *— Adolf Hitler ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers uniting against Iran?
هذا هو موضوع هذه الدراسه ، شد و On 4/5/07, Troy Cregger [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I wondered how long it would take you to chime in on this thread Chris, I hope you are well. - -Troy. rek2 GNU/Linux LO LO LO wrote: err, look up the definition of communism (no, not what 'the US' says what communism is, but what Marx Engels, Lenin, Mandel, Thaelmann etc. wrote). 100% I agree.. some people needs to stop watching TV and get some books. Japan - 3 to 10 million Cambodia - approximately 4 million Turkey - 3.5 to 4.3 million Vietnam - 3.8 million Poland - 1 million Pakistan - 1.5 million Yugoslavia - 1.7 million North Korea - 1.6 to 3.5 million Nazi Germany - 7 to 10 million Mexico - 1.4 to 3.3 million Russia - 52 million China - 35 million what about the Death by the Atomic Bomb, the invasion of Granada, Panama, Iraq, .? the Guantamo Camp?.. go and go and go.. first of all, this is not true; there were several democratic countries starting a wars between them. on the other hand, the recent example of non-democratic countries is the faschist US invading a dictatorship, iraq. funnily, almost 80% of the iraq people say it was a better life for them before the US spread their, err, democracy there with bombs. I agree... this war it was Illegal and wrong from the start.. Texas. that sez all. do the planet a favor and shoot yourself into the sun. thanks. he just needs to stop listening to his government propaganda may people in the US don't think the way he does.. World citizen. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFVpxnBEWLrrYRl8RAoboAJ4u/ahkDewKGoiOXhreds+X2BJAmgCdFotg bbtCkOME7guL98Y5RTo3+rs= =Unom -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Buy 0day vulnerability
maybe it just an invite to the dark side of the force On 3/30/07, Guasconi Vincent [EMAIL PROTECTED] wrote: Correct me if I'm wrong, but wouldn't that defeat the point of Full Disclosure? Correct him if I'm right, but wouldn't that defeat the point of Full Disclosure? -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Xbox live accounts are being stolen
why ?? Is there not a secondary layer of economics for points ?? WoW and SL has virtual $$ being bartered into real world value... On 3/17/07, Jason Miller [EMAIL PROTECTED] wrote: I'm sorry but I find this funny actually. :-P Seems Microsoft has a weakness. On 3/17/07, Kevin Finisterre (lists) [EMAIL PROTECTED] wrote: There have been rumor going around that Bungie.net was hacked and that a portion of Xbox live has been taken over because of it. Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag. I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that Hackers have control of Xbox live and there is nothing we can do about it If anyone else has experienced their Xbox live account info being stolen let me know. I am trying to archive as much info on this as possible. During the conversations I have had with Xbox live support I would certainly say that Microsoft staff is more than negligent in dealing with this issue especially with regard to the potential theft of personal information. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bank of America [phising email]
was not this part of the pharming attack that was exucted over the last 2d ? On 2/21/07, James Matthews [EMAIL PROTECTED] wrote: Yes yes! They will make sure of course however the dumb person that falls for it thinks hey look Bank Of America can't spell heheheh On 2/21/07, James Rankin [EMAIL PROTECTED] wrote: Dear phishers, If ever you need someone to help you with your spelling and grammar to make your phishing emails just a bit convincing, drop me a mail and I will proof-read your scam texts. I have a degree in English and I was regularly top of my class for spelling. Whilst I do not doubt your technical bot-writing capability, the standard of your text is generally poor and a dead giveaway. I will help! Ta, JR On 21/02/07, Troy Cregger [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got an email today that was crafted to look like it came from Bank of America, the message contained the following: Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on A href=http://www.candy-pop.com/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm target=_blanksign in to Online Banking/A to continue to the verification process and ensure your account security. It is all about your security. Thank you, and visit the customer service section. Which of course loads a phishing page that would capture login credentials should anyone fall for the ruse. This may be old news though and possibly related to another story I read earlier on Zone-H here: http://www.zone-h.org/content/view/14577/31/ Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3HPLnBEWLrrYRl8RAmPbAJsEhggVS+bHdwHYAi6Zrax+azPPXwCfd2T8 gKSsfPlF/9a+kPWEYacykVg= =aepj -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
just asking... Is this std practice by vendor to state ??? [..] we ask you respect responsible disclosure guidelines and not report this publicly /pd On 2/19/07, Michal Zalewski [EMAIL PROTECTED] wrote: On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote: Microsoft Internet Explorer is a default browser bundled with all versions of Microsoft Windows operating system. Any luck with sending the data back to the attacker? SCRIPT and STYLE ones can be used to steal data from very specifically formatted files, but that's not a whole lot. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Grab a myspace credential
but at some point all this abuse will likely start sending users off to another service. thats only --if the know if they are being abused.. most of them are not coherent about any such issues.. On 1/15/07, Kevin Pawloski [EMAIL PROTECTED] wrote: The level of phishing sites targeting MySpace and bot related activity that has been targeting MySpace lately is pretty alarming. Granted there is no real financial risk if an account gets compromised for the user but at some point all this abuse will likely start sending users off to another service. Kevin On 1/15/07, North, Quinn [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:doyouhonestlythinkiwillputmyrealpass wordhere ...at least there is some hope left in the world :-\ --=Q=-- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Emma Perdue Sent: Monday, January 15, 2007 7:48 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Grab a myspace credential 56000+ and counting http://www.marcolano.com/login/myspace.txt -- *Emma aka TINK* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sasser or other nasty worm needed
On 11/27/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And yet he's not clued enough to know how to find a copy of Sasser by himself. There are a lot of people who are of the opinion that if you have to ask where to find a copy of Sasser, you're not clued enough to be trusted with a copy. yeah I agree, whoever posted/ started this orginal thread was on gmail and is not clued in enough to take a quick left glance at the adsense frame and s/eh will get tonnes of bait from google :)- go figure.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sasser or other nasty worm needed
I doubt schools have CLOSED LAB. I would like to know where the budget comes from, for this type of network. If so , then every school district board needs one.. :)- On 11/27/06, K F (lists) [EMAIL PROTECTED] wrote: Dude... settle the hell down. I see little problem with this guy doing this on a closed LAN in a lab setting. What part of CLOSED LAB did you miss? Its not like he is intentionally letting it loose on the entire school LAN. -KF [EMAIL PROTECTED] wrote: Chris - I don't know what to make of your please reply off-list; I'm not a member comment. It's almost as ridiculous as what you are requesting. If I take your question at face value, you are an INSTRUCTOR, not an Admin. That means you probably teach an A+ class, maybe an abbreviated CCNA program. You have NO FUCKING BUSINESS WHATSOEVER even THINKING about turning loose a dangerous piece of Malware in someone else's network. And it IS someone else's network; specifically it belongs to the district. Speak as a network engineer for a large midwestern schooldistrict, if you did that in MY network, I'd have your job. GOD HELP YOU if it turns out that you actually ARE a teacher in my district. I don't recognize the name, but you can bet your ass that every time we have an infection in one of our schools from now until the stars burn out; that I'll be making a point of asking who the computer teachers are in that building. You want to teach these kids a lesson? Write it on the blackboard. We have enough work to do just keeping up with the kids, without an alleged professional turning loose a worm in our network. = I'm a high school network administration teacher looking for a creative means of teaching my students the importance of patch management. I was hoping to let a particularly nasty worm loose on a closed lab so my students could see what happens during an outbreak, but I'm running into a hitch - I can't find a worm that would spread quickly enough to be useful. Does anyone have a copy of Sasser or a similar worm that they would be willing to send or link me to? Please contact me off-list. I would be happy to verify my identity as a high school teacher off-list as I'm sure that is a concern for most anyone who has what I am looking for. Please do not reply on list as I am not currently a member. Thank you, Chris mail2web - Check your email from the web at http://mail2web.com/ . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ask for spam...
I think the point here is that you seed you email addy to these freebie newsletters and then wait for the spammer to harverst the email addy's. Propagation window shoud be about 10-15 days and then you can counter anlaysis the source data within smtp On 10/16/06, Louis Wang [EMAIL PROTECTED] wrote: May most of these emails are newsletters, not spam, huh?Does anyone could give me some spam archive, or spam to [EMAIL PROTECTED],thanks.--homepage:http://www.wang-labs.com2006/10/17, Michael Holstein [EMAIL PROTECTED]: Here's what I did when researching the same thing ... Google free stuff. Find a page with thousands of free offers. Fill one out and check *every* box. Reply to whatever confirm emails come in. I did a few of those thousand freebie things to various bogus email addresses in a fake subdomain and was getting thousands per day (and it wasn't long until the DHA attacks started on that newly created subdomain either -- configure your first-touch MTA to blindly accept anything as valid if you're curious, just be careful not to relay it). The nice thing about doing the subdomain trick is you can just delete the subdomain when you're done and not waste your bandwidth (and disk space) dealing with test SPAM. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/--Have a Good Day___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ***SPAM*** Re: UNOFFICIAL ZERT PATCH CAUSES NYC PLANECRASH
On 10/12/06, Nick Oliver [EMAIL PROTECTED] wrote: This country, with all its faults, is the only country on this sad planet with the guts and determination to TRY to right wrongs. Oh fuck off -- What a condecending statement !! Why dont the americans just try to right the wrongs within their soverign area and dont stick their noses elsewhere ! Try cleaning up all that Native Indian disputes and abuse first. Clean up that wrong first. Give them back their land, which the so called american robbed from the natives. Secondly try to make all the rights for all the blacks that your forefathers made to sit the back of the bus or made to shop and eat , live in zoned areas. hey fuckface- remember that America is the only country which freakin dropped an A-Bomb and you call that TRY to right wrongs. ?? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Blogger bug?
Symantec is report the same flaw http://www.symantec.com/enterprise/security_response/weblog/2006/10/host_overflow_application_exce.html On 10/8/06, Peter Dawson [EMAIL PROTECTED] wrote: Host Overflow Application eXception vulnerability is in the wild – any blog that supports RSS and MetaWeblogAPI can be h4x0red. We don't have confirmed vectors yet for this incident On 10/8/06, Mike McMan [EMAIL PROTECTED] wrote: Looks like there was a bug in blogger that let someone make a fake post onthe official Google blog. http://googleblog.blogspot.com/2006/10/about-that-fake-post.html http://www.techcrunch.com/2006/10/07/strange-things-afoot-at-the-google-blog/ Anyone have any details on the bug?_Be seen and heard with Windows Live Messenger and Microsoft LifeCams http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href="" ___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Blogger bug?
Host Overflow Application eXception vulnerability is in the wild – any blog that supports RSS and MetaWeblogAPI can be h4x0red. We don't have confirmed vectors yet for this incident On 10/8/06, Mike McMan [EMAIL PROTECTED] wrote: Looks like there was a bug in blogger that let someone make a fake post onthe official Google blog. http://googleblog.blogspot.com/2006/10/about-that-fake-post.html http://www.techcrunch.com/2006/10/07/strange-things-afoot-at-the-google-blog/Anyone have any details on the bug?_Be seen and heard with Windows Live Messenger and Microsoft LifeCams http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href="" ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Rss Feeds
Add two more to that list http://portal.spidynamics.com/blogs/msutton/rss.aspx http://ha.ckers.org/blog/feed/ Paul, thanks for the new add's to me reader :)- On 9/30/06, Paul Schmehl [EMAIL PROTECTED] wrote: --On September 30, 2006 10:21:51 PM +0530 crazy frog crazy frog [EMAIL PROTECTED] wrote: Hi, Please share various security related rss feeds you read daily.http://sunbeltblog.blogspot.com/ http://www.schneier.com/blog/http://blogs.technet.com/antimalware/default.aspx http://www.f-secure.com/weblog/http://taosecurity.blogspot.com/ http://www.avertlabs.com/research/bloghttp://blogs.technet.com/markrussinovich/default.aspx http://blogs.technet.com/msrc/default.aspxhttp://technobabylon.typepad.com/tb/http://isc.sans.org/ http://www.securityfocus.com/Paul Schmehl ([EMAIL PROTECTED])Adjunct Information Security OfficerThe University of Texas at Dallas http://www.utdallas.edu/ir/security/___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] end of the interent ?
I had to share this wierd err http://www.google.com/reader/next?go=noitems-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] GOOGLE BUG
It looks like a thrip, a very small (1mm or so) insect. The size might explain how it got involved in the printing process. The brown glob at the posterior end is bug poop, forced out of the poor critter as it got squished between a glass plate and the film during the scanning process http://bbs.keyhole.com/ubb/showthreaded.php/Cat/0/Number/400242/page/vc/vc/1 Oh well, so much for the bug . it got squished in the process dynamics of map rendering.. So the process literaly works onbug elimination :)- On 9/28/06, Huri Huri [EMAIL PROTECTED] wrote: http://maps.google.com/maps?hl=ent=kq=Germanyie=UTF8z=18ll=48.857699,10.205451spn=0.002404,0.006738om=1THE GIANT BUG !!! lolfound by LuPorOx Huri_ Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gmail phishing attacks
A clever exploit in a little known Google service could be used to launch phishing attacks, by imitating Google services -- hosted on Google's own servers !! more details here http://ericfarraro.com/?p=6 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [botnets] the world of botnets article and wrong numbers
I cant' present data, but I'll opinion that Gadi is pretty much on track with figures and numbers. In fact his stat's are on the lower side our current intel reports indicatesoverall incidents by Zombie machines on organization's network/ bots/use of network by BotNets = 20%.which is ANYNETbased data sets for incident mngt. this indiates a 36% increase from July 2004 - June 2005 with a mean unknown base being equated to 15.1%. This pecentimplies the rate of fresh nodes being propagated, or rather the rate of growth forBotnets!! hypothecially, you can if flatline these stats against whatever date sets you have ...I'll leave you all to you better judgements :)- /pd On 9/14/06, Gadi Evron [EMAIL PROTECTED] wrote: On Thu, 14 Sep 2006, Dude VanWinkle wrote: On 9/14/06, Gadi Evron [EMAIL PROTECTED] wrote: This counts bot samples. Whether they are variants (changed) or insignificant changes such as only the IP address to the CC, they are counted as unique. So if you have multiple machines NAT'ed under one IP, that is one pot. err bot eh? OK.And if I see 10 bots usingthe same address on a dynamic range.. ever heardof DHCP? The number crunching schemes arenever perfect but they are pretty good.I count, much like many others, unique IPs. A bot is defined as aninstance of an installed Trojan horse. One machine mayhave (and probablydoes have) several. We can count IPs and we do.3.5 Million hosts, note, for spam alone. The total population count ismind-boggling. I believe spamhaus has it pinned at 3.2 millions, otherhave higher numbers. That's about where it is for EMAIL based spam, perday. This is why we now run different sharing projects between established honey nets. So you dont count botnets that detect honeynets eh?Honey pot detection is an interesting field, I am familiar with it and even consider myself somewhat of a knowledgable person on it, but thereare those who research it actively.As interesting as it may be, it's not much of a field yet, sorry tosay. Honey pots of different kinds work marvelously. Not all our sources for samples are the same. It would be silly of me todivulge them all (especially as personally I have no use for samples thesedays and others do). Still, we can only report what we see, what do you see? or other trivial changes?Do you attempt to correct for complex polymorphic variants? Nah, just contributors who dont all have publicly routable IP's and this herders that know about VMware/Honeywall There aren't many of those.. really. :) Really? Ok.Further, the anti virus world sees about the same numbers. Using the same methods?And their reporting user-base, alliances and sharing artners, and whatnot. Yes. D o you think all bots are extremely smart rootkits? I amquite happy to say most botnets are nothing if not the re-use of old code, which is freely available, using the same old methods.There are other types of malware out there.The Microsoft anti malware team (and Ziv Mador specifically) spoke of15K avg bot samples a month, as well. Gotcha, you MS and Symantec share numbers based of who doesnt know how to disable your detection methodsYou assume too much Dude.Still, you are right, 100%. I can only detect what I know how to detect. But samples are not the only way to follow botnets, and there aremany ends on how to approach one problems.Cryptic? I suppose, but hey, Google for methods, see what you find, andtell me what you think. I believe we have pretty good coverage, but I also need to admit most anti viruses do not cover bot detection very well. I am just saying, the larger the organization, the sharper the focus from the other side. Maybe a loose coalition of known non-bullshitters would have a more accurate picture.The picture you got is pretty accurate. Don't take my word for itthough. I am happy to examine and share (as much as I can, which is morethan enough to show the numbers (lower numbers) we chose to show in the article.What numbers do you need? What makes you doubt what we have given? I'd bemore than happy to answer any question you have or counter-numbers youhave, but your love for me is as irrelevant as you calling me a *** when you don't show your own data or challange mine withactual questions like Dave (the other dave) did.Thanks, Gadi. still love ja tho Gadi, -JPthe douchebg Got a link/quote/reference to that?Does Ziv explain the methodology that they are using? Nope, but I will ask. Most of the numbers I get are at 15K. I can only prove *on my own* without relying on other sources, as reliable as they may be, 12K, which is the number we mentioned in the article. We were being conservative due to that reason, but the number is higher. I don't know what others may be seeing, but this is our best estimateas to what's going on with the number of unique samples releasedevery month. Jose Nazarijo from Arbor replied on the botnets list that he seessimilar numbers. I hope this
Re: [Full-disclosure] Orkut URL Redirection Vulnerability
add another country ..:)- In Turkish, Orkut means the holy meeting place. and yes, Googles Orkut was built by a Turkish Google engineer – Orkut Buyukkokten On 9/7/06, cardoso [EMAIL PROTECTED] wrote: Well, so now TWO countries care about orkut stuff, Brazil and Finland ;)I think its creator, Orkut Büyükkökten, had a hell of a childhood, with such name.On Thu, 7 Sep 2006 20:53:53 +0300Olli Haukkovaara [EMAIL PROTECTED] wrote: Sorry guys, but this particular URL, www.orkut.com , makes us Finns smile... Orkut means in our language orgasms. I just had to share this with you, please forgive me, it's almost friday night ;-) Regards, Olli On 9/7/06, Julio Cesar Fort [EMAIL PROTECTED] wrote:I have found url redirection vulnerability on www.orkut.com. Man, I don't want to disappoint you but this redirection vulnerability is pretty old and has been being used in Brazil for sometime. This vulnerability was noticed in the begining of the year, maybe, when orkut had changed its authentication scheme. I'm sure orkut was already notified by other people but they hadn't patched it yet and the phishing keeps going on :) Sorry about any gramatical errors. Regards, Julio Cesar Fort Recife, PE, Brazil www.rfdslabs.com.br - computers, sex, human mind, music and more. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- terveisin, Olli- Carlos Cardoso - Blogueiro Inconformado^http://www.carloscardoso.com == sacanagemhttp://www.contraditorium.com == ProBlogging e cultura digital ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.com PeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Vista's IPv6: Dangerous Information Leak?
V6 tunnel over V4 shouldbe ok. I really dont see only UDP *ONLY* packets at the stack level. TCP/IP is enabled too within vista. http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx#ESG /pd On 8/27/06, TJ [EMAIL PROTECTED] wrote: Yes, Teredo is a concern - both for Vista (V6 enabled by default) and for those who have enabled V6 in WinXP (takes one command) ... or for those who have installed a 'nix Teredo client.All predicated on Teredo servers + eelays being available, of course. And, for the enterprise / managed env. - easily blockable if you try, even assuming you aren't following a default deny policy :).(BTW - blocking IP prot41 tunnels is also recommended, unless you mean to let them out!) /TJ (mobile)PS - there is atleast one other UDP-encapsulating 'transition mechanism' as well ... thinking specifically of TSP.-Original Message-From: Hadmut Danisch [EMAIL PROTECTED]To: full-disclosure@lists.grok.org.ukSent: 08/27/06 06:32Subject: [Full-disclosure] Microsoft Vista's IPv6: Dangerous InformationLeak? Hi,I haven't been using a Microsoft Windows Vista so far, just read someannouncements and white papers. However, it appears to me at a firstglance, as if it had a significat information leak. Microsoft introduced a new IPv6 over IPv4 tunneling mechanism calledTeredo. (See e.g. RFC 4380). It is somehow similar to 6to4, but thedifferences are:- IPv6 packages are wrapped in UDP- Thus, they run more easily through Firewalls and NAT devices - You can do it with RFC1918 addresses- In contrast to 6to4 it is intended to be used host-to-host.While 6to4 is something you would run on your outermost router(the one with an official IPv4 address) and provide plain IPv6 to your internal network (then you know what your're doing, youactively have to configure it), Teredo is designed to runautomatically on the local host. So every desktop machine becomes atunneling client. As announced by Microsoft, Teredo is activated by default. WindowsVista will allways prefer IPv6 to IPv4 where possible. So mostVista users, especially common users with network experience, would not even realize that they are using IPv6.Most network and security devices, and network admins will not realizethis either, since they see only plain IPv4 UDP packets. I haven'tseen any firewall so far able to unpack Teredo packets. So the implications can be severe. As far as I can see at the moment:- You are using IPv6 without realizing or enabling it.- You are running it from your desktop machine.- You are thus opening a tunnel through your NAT/Firewall device passing _all_ kind of traffice unfiltered through, no logging.- Many connections (i.e. Teredo-Teredo and Teredo-IPv6) will be routedover a central Teredo server or relay, which is helping in the configuration of the Teredo client and routing Teredo packets toother Teredo clients or plain IPv6.So these servers (and thus network devices and IP providers close tothe servers) can easily wiretap your traffic. - I guess that every Vista client will try to register at a Teredoserver, so the server will/can generate an almost complete list ofall clients.Can anyone experienced with Windows Vista comment on? Am I correct or did I overlook anything? (Did not have a running Vista yet...)regardsHadmut___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ICMP Destination Unreachable Port Unreachable
for an instance, I thought it wasa ping sweep varitionin occurance..snort logs s/have some more info .. were thesrc and dst IP'srandom or static.. ? On 8/15/06, Richard Bejtlich [EMAIL PROTECTED] wrote: Adriel T. Desautels wrote: Hi List, I've been receiving this traffic for a while from the same IP address. Does anyone \ have any idea what type of traffic this might be. Neither the source IP or the target \ IP have any ports associated with them in this event. Any ideas would be appreciated. \Hello,Looking at the presumed ICMP payload you posted, and starting with 0x45, you have a UDP packet from 70.91.131.49:16229 to82.246.252.214:2597.I decoded this quickly -- someone feel free to correct me if I'm wrong. Nothing appears to be listening on port 2597 UDP, so you are seeing aICMP Destination Unreachable Port Unreachable ICMP error message.Your IDS is not reporting ports because ICMP doesn't use ports. Sincerely,Richardhttp://taosecurity.blogspot.com___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Getting rid of Gadi Evron and Dude VanWinkle
thats seems to be MERIT issue, take it up with those mod's . FD is still FD.. theres nowhining in here ! On 8/13/06, vodka hooch [EMAIL PROTECTED] wrote: Eliah Kagan [EMAIL PROTECTED] wrote: On 8/13/06, vodka hooch wrote: no sir full dis for exploits no off topic security chats about botnets etcFrom the list charter at http://lists.grok.org.uk/full-disclosure-charter.html:Any information pertaining to vulnerabilities is acceptable, forinstance announcement and discussion thereof, exploit techniques andcode, related tools and papers, and other useful information. You should really read the list charter yourself before attackingothers for supposedly violating it.-Eliah sir you no understand gadi be told off elsewhere same non sense subject nanoggadi evron no welcome and no welcome full dis below i paste what said -gs -- Forwarded message --From: Paul Vixie [EMAIL PROTECTED]Date: 13 Aug 2006 19:02:02 +Subject: i am not a list moderator, but i do have a requestTo: nanog@merit.eduwhich is, please move these threads to a non-SP mailing list.R[41: Danny McPherson ] Re: mitigating botnet CCs has become uselessR[22: Laurence F. Sheldon] R45: Danny McPherson R[62: Laurence F. Sheldon]R[ 162: J. Oquendo] Re: [Full-disclosure] what can be done with botnet CC's?R 211: Payam Tarverdyan Ch R[66: Michael Nicks ]i already apologized to the moderators for participating in a non-ops threadhere.there are plenty of mailing lists for which botnets are on-topic.nanog is not one and should not become one.nanog has other useful purposes. --Paul Vixie Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min. ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] BlackBerry Vulnerabilities
this is the last BB vulnerabilities (thatI know of) which was deemed to be elevated. http://www.kb.cert.org/vuls/id/570768 On 8/11/06, Nicolas RUFF [EMAIL PROTECTED] wrote: Does anyone have any details on the 2 BB vulnerabilities.Some more substantial then rumors? Which one ? ;)If you are talking about the DEFCON buzz, have a look at:http://www.praetoriang.net/presentations/blackjack.html Regards,- Nicolas RUFF___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.com PeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New Laptop Polices
We have done some storming on this issue. The issue is basically forked in terms of 1) Airline security 2) Data Security Wrt to item(1) , it is deemed to be possible that IATA will move to banning any electronic devices as carryon. This certainly is the way that other entities are looking into risk negation from a view point on airlines security. As someone mentioned, IATA gives a rats ass about your corporate data This leave us with the delimma of protecting localized dataon a Laptop, Blackberry. iPod and/or other hand held devices. Checked in luggage can easily be stolen. misplaced and/or HDD yanked out Corporate Policy changes are needed- its just a matter of time On 8/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, 11 Aug 2006 11:32:50 CDT, Bob Radvanovsky said: corporate assets.I think that they should make it easier for the removal of hard disk drives to be removed so they aren't stolen.OK, so you pull the hard drive - where do you *put* it?Remember, if it'spackaged to be removable, it's going to look a lot like an MP3 player or some other thing-with-a-battery, and you end up having to check it.___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New Laptop Polices
LA time is reporting If you're going international, stash your laptop; US airports are banning carry-on electronics for overseas flights !! On 8/11/06, Jeremy Bishop [EMAIL PROTECTED] wrote: On Friday 11 August 2006 10:54, Michael Holstein wrote: Then your traveling salesman needs only the DVD and thumbdrive -- neither of which contain batteries.Aside from the piezoelectric quartz earrings, it's only a matter of timebefore someone in DHS discovers static electricity.(Actually, Idecided to rely on USB + knoppix for my last trip, so it's perfectly feasible for when you want an expendable solution.) Personally, I'm worried about what happens when some wacky terrorist gets caught with a stick of Semtex in his keister...Bend over sir; it's for America. Jeremy--Andrea: Unhappy the land that has no heroes.Galileo: No, unhappy the land that needs heroes. -- Bertolt Brecht, Life of Galileo___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] If we can read 19, 832 n3td3v posts, we can do 1 open hate mail to Lieberman!
ACK that !! :)- On 8/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: What a maroon http://www.google.com/search?hl=enq=%22Alif+Terranson%22btnG=Google+Search -- http://peterdawson.typepad.com PeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LONG LIVE HEZBOLLAH AND LEBANON; DOWN WITH AMERICA AND ISRAEL
googlemail.com...its a UK/EU based gDC On 8/5/06, Alice Bryson [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: your email address is interesting, googlemail.com, not gmail.com? areyou from google?--mailto:[EMAIL PROTECTED]http://www.lwang.org-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail emails issue
if thats on the gmail server, then the same gmail servers /clusters hold all other information collateral .. that is CC#, Phones, names. pwds etc ...andwhen GHhealth comes out your blood type and if you want your SIN# too..!! So whats the big deal with the temp folder atthe server end being unflushed ? Bad practice or a secruity risk. temp folder on the gmail server. I verified an attachment being available even after being signed out .. and then my primary question would be .. how did you peek into the gserver cluster ?? could you share that info ?? or is this domain hosting your talking about ?? /pd On 8/4/06, Thomas Pollet [EMAIL PROTECTED] wrote: He means a temp folder on the gmail server.I verified an attachment being available even after being signed out. On 04/08/06, Stan Bubrouski [EMAIL PROTECTED] wrote: I'm reading your message in gmail and there is nothing in my temp folder... not that i'd expect there to be.Gmail can't just create files on your computer without your permission, it it can yoursettings are wrong or your browser is broken.In other words if yourgmail mails are ending up in your temp folder your web browser is putting them there...what browser are you using BTW.I'm using firefox and it doesn't store my mails in the temp folder under my NTaccount.-sbOn 8/4/06, 6ackpace [EMAIL PROTECTED] wrote: Hi All, Gmail stores mails in Temp folder for faster access.but i have observer it fails to remove mail from the temp files after the session is ended. any user who has access physical access to the system can read mail and contact information of the Gmail user. Discloses information which is private and confidential? thank you ratna ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Gmail emails issue
FWIW-- All replies [less one], on this thread was seeded thru a gmail account :)- go figure.. thread titled Gmail emails issue !!! On 8/4/06, John Dietz [EMAIL PROTECTED] wrote: Yes, I realize SSL is not that secure either, but I was just using it as an example in comparison to plain ole pure-text email. The point I was making is not to assume your emails are in any way private/secure. You must use something else if you want any kind of secure communications medium. There are plenty of solutions out there with varying levels of security, but I had no intent on going through these and comparing them all. On 8/4/06, L. Victor [EMAIL PROTECTED] wrote: 2006/8/5, Denis Jedig [EMAIL PROTECTED]: On Fri, 4 Aug 2006 11:45:01 -0500 John Dietz wrote: if it were.If the information you are sending/receiving is of a particularly sensitive nature, I would suggest you find some other medium, such as SSL with encryption. Even connections with SSL can be dumped, analysed by providers and successfully decrypted in some cases such as if only the destination server has its own sertificate, but user doesn't. -- There is intelligence is in having all the answers, but wisdom lies in knowing which of the questions to answer. ___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ProtectFly/RegisterFly - Whois information - Non-Disclosure legal??
is not registration by proxy an accepatable practice by Registers ? If harvesting is being done and malious activites [spam and whatever] then just contact the register admin and let them know.. On 8/4/06, Nancy Kramer [EMAIL PROTECTED] wrote: Yes having a private registration is legal at least in the US.Godaddyalso does it.They charge extra for it. People do this so spam bots will not harvest their email on their domainregistration.I personally don't think it is a good idea unless someonewants to do something wrong with the domain but that is just my opinion. If the people who own those domains are doing something wrong like spammingyour blog I think you can contact the registrar and tell them.They shouldeither give you the contact information or do something about the domain owner themselves.I know Godaddy would probably be helpful because theyare a pretty good company but don't know about these companies since Idon't deal with them myself.Regards,Nancy Kramer Webmaster http://www.americandreamcars.comFree Color Picture Ads for Collector CarsOne of the Ten Best Places To Buy or Sell a Collector Car on the Web At 09:21 AM 8/4/2006, Dan B wrote:Hi,I recently noticed some spam comments to my blog. Upon looking at thelink they were linking back to it is an aggregation of various peopleRSS from their blogs. Upon examining the domains and their whois info they all appear to beregistered with ProtectFly. Their whois information does not give outthe contact details of the domain owner. Some random looking email address, that I guess might forward back to the real owner.Is this non-disclosure of the contact details legal?Am I missing some method to find the correct info?Example:- [EMAIL PROTECTED] ~ $ whois nags-head-real-estate.infoDomain ID:D13743171-LRMSDomain Name:NAGS-HEAD-REAL-ESTATE.INFO Created On:10-Jun-2006 02:42:27 UTCLast Updated On:22-Jun-2006 07:15:54 UTCExpiration Date:10-Jun-2007 02:42:27 UTCSponsoring Registrar:RegisterFly.com, Inc. (R318-LRMS)Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITEDStatus:TRANSFER PROHIBITEDRegistrant ID:tuxfIgCP2SraElSjRegistrant Name:Whois Protection Service - ProtectFly.comRegistrant Organization:RegisterFly.com - Ref-R# 37871268Registrant Street1:404 Main StreetRegistrant Street2:4th FloorRegistrant Street3:Registrant City:BoontonRegistrant State/Province:NJRegistrant Postal Code:07005 Registrant Country:USRegistrant Phone:+1.9737362545Registrant Phone Ext.:Registrant FAX:+1.9737361355Registrant FAX Ext.:Registrant Email:[EMAIL PROTECTED]Admin ID:tu0yrgMvIcEJ2aIHAdmin Name:Whois Protection Service - ProtectFly.comAdmin Organization:RegisterFly.com - Ref-A# 37871268Admin Street1:404 Main Street Admin Street2:4th FloorAdmin Street3:Admin City:BoontonAdmin State/Province:NJAdmin Postal Code:07005Admin Country:USAdmin Phone:+1.9737362545Admin Phone Ext.: Admin FAX:+1.9737361355Admin FAX Ext.:Admin Email:[EMAIL PROTECTED]Billing ID:tuI0AzeEf97LKzMoBilling Name:Whois Protection Service - ProtectFly.comBilling Organization:RegisterFly.com - Ref-B# 37871268Billing Street1:404 Main StreetBilling Street2:4th FloorBilling Street3:Billing City:BoontonBilling State/Province:NJ Billing Postal Code:07005Billing Country:USBilling Phone:+1.9737362545Billing Phone Ext.:Billing FAX:+1.9737361355Billing FAX Ext.:Billing Email:[EMAIL PROTECTED]Tech ID:tuTOQTTrtOUs5GASTech Name:Whois Protection Service - ProtectFly.comTech Organization:RegisterFly.com - Ref-T# 37871268Tech Street1:404 Main Street Tech Street2:4th FloorTech Street3:Tech City:BoontonTech State/Province:NJTech Postal Code:07005Tech Country:USTech Phone:+1.9737362545Tech Phone Ext.:Tech FAX:+1.9737361355 Tech FAX Ext.:Tech Email:[EMAIL PROTECTED]Name Server:DNS1.REGISTERFLY.COMName Server: DNS2.REGISTERFLY.COMCheers,DanB.___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ --No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006-- No virus found in this outgoing message.Checked by AVG Anti-Virus.Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail emails issue
==You're wrong there, lets look at Yahoo Messenger Dude, screw yahoo..who cares !! Everyone here, is posting using gmail , includingyourself !! On 8/4/06, n3td3v [EMAIL PROTECTED] wrote: On 8/4/06, Stan Bubrouski [EMAIL PROTECTED] wrote: I'm reading your message in gmail and there is nothing in my tempfolder... not that i'd expect there to be.Gmail can't just create files on your computer without your permission, it it can yoursettings are wrong or your browser is broken.In other words if yourgmail mails are ending up in your temp folder your web browser isputting them there...what browser are you using BTW.I'm using firefox and it doesn't store my mails in the temp folder under my NTaccount.-sb You're wrong there, lets look at Yahoo Messenger: yupdater.exe The above little executable stays in the default Yahoo Messenger directory and can modify any files within that directory and sub-directories, the yupdater.exe can create and delete any file in those directories, and has the power to create new files and folders on the command of Yahoo. At no time is there notification by Yahoo to the end-user. I've witnessed when Yahoo were testing their backend anti-spam system, that blank folders were appearing within the default Yahoo Messenger directory. If an attacker can hack Yahoo and control everyones yupdater.exe then Yahoo will turn into a very dark place. Here is another executable that does discrete little directory updates to your system without end-user interaction or notification: YServer.exe We tried to protest what Yahoo was doing other the years in private, and even thought at one point about putting out trojan horses and viruses under the same file names so Symantec etc would flag them as malware, although we didn't So yeah, Yahoo have the ability to and do infact modify your system without permission :) This is done randomly at Yahoo's own discretion and is seperate from legitmate announced Yahoo Messenger updates :) Its about time Yahoo came clean about yupdater.exe and YServer.exe instead of anonymously sending commands to operating systems, to modify, delete and create files and (or) folders without anyone knowing. No one is saying Yahoo is doing anything evil, but what if an accident happened? Yahoo would get its ass kicked No one can say what unexpected modifications to folder and files might do to individual end-user systems. Yahoo, sort yourselves out. Foul play ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HackingRFID group
I agree with Mike. and I am still awaiting for an answer to the Mike's q :why is this private ?? I scope and track RFID hacks. I would join your group but only if its open to public no strings attached. I would love to share infonuggets with folks of akin interests. but, not in pvt mode... I prefer thenuggets to be in fd mode.. Knowledge is a commodity that needs to be shared with the community... but how the community views that knowledge is highly debatable.. and that's OT on this thread !! On 8/3/06, mikeiscool [EMAIL PROTECTED] wrote: On 8/3/06, Josh L. Perrymon [EMAIL PROTECTED] wrote: http://groups.google.com/group/hackingRFID I have started a private google group for discussing hacking RFID if anyone is interested. why is it private?kind of ironic that you'd send a request for members in a private list via fd.-- mic___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Attacking the local LAN via XSS
interesting..but forgive my ignorance can you further articulate ...a URL that will exploit the XSS flow in the border router in a broader context ?? On 8/3/06, pdp (architect) [EMAIL PROTECTED] wrote: this is my humble opinionhttp://www.gnucitizen.org/blog/xssing-the-lan I didn't go to BlackHat but since a lot of people are getting reallyinterested in XSS attacks, right now when it is sort of blooming, Iwill try to put in theory how border routers/gateways can be trivially compromised (over the web).For that purpose three prerequisites are needed:1. page that is controlled by the attacker, lets call it evil.com2. border router vulnerable to XSS 3. user attending evil.comOnce the user attends evil.com malicious _javascript_ code executes andtries to figure out what machines are alive on local LAN and where the border router is located. This is usually achieved in a similar waythe _javascript_ port scanner works.Once the router is identified, the malicious script needs to figureout the software version. This is not quite trivial task since most modern browsers have cross domain restrictions which means that fancyAjax techniques such as the XmlHttpRequest object wont work. Theattack vector explained by SPI Dynamics though, should work on allbrowsers. For that purpose the malicious _javascript_ fires several requests against the router looking for common image files. Differenttypes of routers have different images, so, obviously this is a way ofidentifying the server software.Depending on the results collected by the scanning process, an already published XSS flow is flagged. This XSS flow is used by the malicious_javascript_ to propagate its logic to the border router domain. Thisstep is crucial since modern browsers wont allow you to perform cross domain requests unless a forth prerequisite is introduced – the buggybrowser.Anyway, the malicious _javascript_ creates an invisible iframe insideevil.com that carries the attack. The iframe src (source) attribute contains a URL that will exploit the XSS flow in the border router.Since the code is executed of the border router domain, no crossdomain restrictions are applied. This means that the malicious logiccan be constructed out of XMLHttpRequest objects which provide greater control on the input and the output.At the final stage the logic transported by the border router XSS flowperforms login and retrieves the user credentials which are submittedto a remote resource that is controlled by the attacker. However, in corporate environments the attacker might wish to put down thesecurity level of the exploited device and open a worm hole.It is quite simple and it is less complicated then it sounds.--pdp (architect) http://www.gnucitizen.org___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Limited Google access in China.
your ip is blocked for 40 min. Repeated queries thereafter will get the cops on you !! Golden Project is in production status !! If in the .cn zone, I would be prudent what I query..use your common sense.. as if we have any !! :)- On 8/3/06, Alice Bryson [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In China, if you google some sensitive word, your ip will be block fora while to visit google, these words includes government leader's name, political sensitve words and may some others i didn't try.--mailto:[EMAIL PROTECTED]Have a Good Day___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] Shellcoder's Handbook, 2nd edition?
Is this available order ?? I am only seeing the 1st edition in the stores - paperback 648pp On 7/12/06, Aaron Gray [EMAIL PROTECTED] wrote: 2nd edition is 800 pages compared to the 620 pages of the first edition.Aaron- Original Message - From: Byron Sonne [EMAIL PROTECTED]To: full-disclosure@lists.grok.org.ukSent: Wednesday, July 12, 2006 7:11 PM Subject: [Full-disclosure] [OT] Shellcoder's Handbook, 2nd edition? Fantastic book - great stuff and an excellent read. Does anyone know if a 2nd edition is planned to correct the errors in the book and/or fine tune the examples? Didn't find anything on the wiley.com. Cheers, B ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 12/07/2006___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google
On 7/7/06, Mike Duncan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE-And the debate continues... I think its a closed an issue.. google was quick to react on this round http://www.threadwatch.org/node/7266#comment-41639 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
