[Full-disclosure] Misquoted here on FD...
Clearly someone has misused what I have written in kindness and turned it into something I would never say. List members; please be aware that the person who quoted me apparently has added some words of his or her own. Let us know how you really feel since you hide behind a pseudonym anyhow. Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] in Memory of Dude VanWinkle / JustinPlazzo
On Feb 11th Exibar said: It truly is a sad day today that JP died. I know some people didn't like his postings, but that doesn't really matter. It's truly sad when one of our own dies unexpectedly like this, truly sad. Does anyone have any news as to how this tragedy happened? He surely will be missed, he always added a little spice to certain topics that will forever be gone. Rest in peace JP, the universe is now yours to explore... Exibar Exibar, that was well said and heartfelt. JP was a good guy even if he did appear to bother some people on this list. He and I had a dialogue off-list and he was a bright, funny man with keen insight. He never mentioned any illness or anything wrong. I hope someone will say the same about me one day. Hopefully it will be in another 30 plus years as he certainly went home long before work was through most sincerely, Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gadi Bashing, enough already....
I have been friends with Gadi through email for many years now and he needs to have someone represent for him. He is a good guy, signs his own email instead of the hushmail or Gmail mask. On top of all that he is also a knowledgeable and friendly guy. He does a great job exploring and reporting the areas of interest to him and has helped many people remove bot-net problems from their own nets. Give the guy a break, he is a good dude. P.S. Punks do not know what federal agencies read these dumb ass lists but should be aware that email threats can be taken very far in courts these days. Ask old Kevin! Richard Golodner [EMAIL PROTECTED] PGP 0x50F20D0C ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
Get a good job where you can find best security practices being used and learn from others who have been in the field. You will develop your own set of tools and ideas, but the concepts are almost always the same. Defense in depth is a good idea and it works. 11th most important rule. Never ever take advice that has ten rules about something they know nothing about. N3TD3V, please go away. Come back under a different alias if you must but please STFU! The guy wanted a serious answer and you broke many of your own rules. Don't get your kilt all bunched up, just be serious for once in your net-sec career. Richard Golodner Infratection IT Services ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v denounces the actions ofwww.derangedsecurity.com
Just who are the secret services and where do you get this stuff from? I want to know as I don't want the shitters up me. Thanks, Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of worried security Sent: Friday, November 16, 2007 3:47 PM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] n3td3v denounces the actions ofwww.derangedsecurity.com On Nov 14, 2007 11:33 PM, Dan Egerstad [EMAIL PROTECTED] wrote: Do you know the powers? Powerrangers? Can they help me? Ohhh please help me ohhh you mighty... I'm free, kicking and not charged for shit... don't know who you are and couldn't care less but it does give something to laugh at =) Go play with the other kids now //D At the end of the day you're the dude with the secret service following you everywhere you go now in real life for at least the next 6 /12 months or longer I would imagine. Enjoy the privacy or not as the case maybe. Sleepless nights, looking out your window every five minutes, turning round in the street seeing if anyones following you and generally not being able to trust people around you because they might be the secret service. Not knowing who the next phone call will be from, knowing everything you do on the internet is being watched by a human, every keystroke, every e-mail, every draft. I've been there, done that, bought the t-shirt. Its paranoia and it destroys you!!! It crushes you, this whole derangedsecurity.com stuff will crush you mentally if it hasn't already. I'm talking from experience, i've gone through these phrases of paranoia, it'll eat you alive. Maybe you're not feeling it yet, but it will creep up on you in a short while. Thats the down side to doing big hacks, the mental strain of not knowing if you've got away with it or not. One day you'll wish you hadn't your picture on those news articles and you hadn't drawn attention to yourself, it may take a few months for it to kick in if it hasn't already. The only reason its not already kicked in if it hasn't is you're young, guilible and immature, and you're still feeding off the ego rush of the media attention right now, but later in life it'll hit you!!! You're thinking i've not been charged for shit. The possibility of a criminal charge is the least of the problems which comes with fame, being known by a large amount of people is a bad experience walking down the street, trying to get employed by people and generally operating as a normal person in life. You wonder all the time Does he know!, Do they know. And you get the people who do know, know everything about you, but you've never met them in your life before, and it scares you! I've been approached by people in real life who know more about me and what I do online than I do, it ain't nice. Strange people start being a part of your life, and you know why, but its never officially confirmed by anyone. The paranoia and suspicion destroys you. But basically you get the worlds intelligence services following you around from different countries with different agendas to find out things about you. I imagined at first it would just be one team of survallience from one country, but you end up having folks from a handful of countries following you about in everyday life. And those individual survallience teams aren't connected with each other. You can be walking down a busy high street with a crowd of folks all around you, you think are legitimate folks, but they are actually secret service from multiple countries working independently of each other, who don't know each other, but they all have one thing in common, they are following you It sent the shitters up me and it'll do the same to you. And you get the folks who have nothing to do with government following you around, and thats the scarist part. You get independant investigators following you around from the worlds security companies who have their own intelligence wings. The big corporations hire folks to do this, just for the sake of knowing intelligence about you. And then you just get the normal weirdos following you about who aren't a part of any government or private investigation company, and thats what is the worst part. Oh, and the random people who claim to be news journalists, who could actually be anyone, walking upto you, knocking at your door, e-mailing etc. You take the first interview, then you realise, that could of been anyone. It screws you up in the head afterwards. When you become public in the security community, its not the secret service which are the biggest problems, there are 100's of companies who follow you about because they want their own intelligence about you. You see all these websites that offer intelligence, who aren't the government but offer yahoo,google etc intelligence on folks and get paid for it, its not just technical intelligence they have, they've got folks checking up on you in real life too. who's
Re: [Full-disclosure] gadi evron
You may think this whole Gadi thing funny, but remember that some of the readers who are on these lists really do professional security work and that includes more than just data networks. Be careful what you wish for. Richard Golodner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, September 29, 2007 9:40 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] gadi evron -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 New research results out: http://lul-disclosure.net -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3 ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI u6dx4/s= =4Dx3 -END PGP SIGNATURE- -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3G w0Eyvevu4/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gadi Evron strikes again
WoriedSecurity saidblah, blah, nothing. Do you know Gadi? Have you ever corresponded with him? He adds some valuable knowledge to a legitimate issue that most Service Providers down to the home user should be aware of. I read the serious 0-day thread and I think you are just pissed off. If you had some balls you would use your real name like most legitimate networkers do instead of hiding behind a pseudonym. Check Gadi's work and see for yourself instead of letting your hurt feelings get in the way. Talk about script kiddies. Jesus man, are you sure you real name is not n3td3v? I do not see anyone soliciting your opinion about anything. What have you contributed to the body of knowledge? All I read is juvenile BS. Mail from WorriedSecurity now gets dumped before it even sees my mail client. Thanks for making it clear that you're an ass. Richard Golodner _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of worried security Sent: Saturday, September 22, 2007 9:11 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Gadi Evron strikes again Who seen Gadi Evron on the mailing lists trolling about what a 0day is and what a 0day isn't, in the middle of a serious disclosure about a PDF flaw? Hilarious. Well, just incase you missed it, here it is again... http://seclists.org/bugtraq/2007/Sep/0229.html And this guy wants to be a high profile guy at the forefront of information security discussion? lolzers. Script kiddos unite behind the big man Evron. He leads, where the rest of us follow. And he comes on the lists complaining people are mimicing his e-mail addresses and calling him a dick. *I wonder why?* Its funny, he strongly keeps an eye on Funsec mailing list and keeps everyone in check,Yet, he has a total disregard for quality control else where, especially on Bugtraq My question is Who is Gadi Evron?. This guy you would think would add something special to a discussion, but he doesn't, and you know what I know his excuse is? He is keeping his knowledge secret so bad guys can't learn from his knowledge. lolzers Gadi Evron. The truth is, Gadi just wants to make sure his name and e-mail address is in every major flaw disclosure, no matter how lame the comment is, just as long as his name and e-mail is in high profile disclosures, then Gadi Evron can sleep at night. Thanks Gadi!!! My hero. Bugtraq is moderated for a reason, so Bugtraq moderators, start moderating it!!! Symantec arsewipes. Securityfocus, no really, why are you allowing Gadi Evron troll on such a high profile respected moderated list? Gadi's comment mentioned above was a true breach of the rules, so start moderating his comments more in future. Leave the trolling for F-D Gadi, Bugtraq readers don't want to see your shit in future, and Bugtraq moderators, actually read what Gadi Evron is posting in future, instead of just reading the name and sender and approving the message without actually reading the body. *Oh its Gadi, its automatically approved* Lets look at Bugtraq's description: BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. http://www.securityfocus.com/archive/1/description#0.1.1 lolzers, Bugtraq moderators don't read thier own shit or inforce it! Someone snip a bit of that description that gives Gadi right of way to troll on Bugtraq in the middle of serious flaw disclosures! Gadi, seriously f**king learn about the stuff you read , so you can actually input into the threads and help with the topic infront of you, instead of random off-topic messages about what defines a 0-day and what doesn't. Why didn't you start your own thread on Bugtraq about what is a 0-day?, because they wouldn't let you Instead you sneak your shit into high profile threads, to get a name for yourself. Your conversation, as always Gadi, is best suited for Full-Disclosure or security-basics, so get the f*** off Bugtraq you idiot. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
Nikolay, best thing I have read on Fool Disclosure for a least a week now. Aditya, STFU and please with sugar on it. Listen to what we are saying. Your professional reputation is through unless you post some real work and vulnerabilities. I really am tired of the S/N ratio at If's current level. Let's bring it down to where it once was. YOU do not impress anyone on here except yourself. Great suggestion Nikolay. Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimby Sharp Sent: Friday, September 21, 2007 5:55 AM To: Nikolay Kichukov Cc: Aditya K Sood; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] A Request To Everyone Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pro US government hackerganda
Hacking from your own machine is obviously not a good idea. What does this have to do with the topic? Not being a dick, just trying to understand what you are saying. Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geo. Sent: Saturday, September 15, 2007 9:32 AM To: 'full-disclosure' Subject: Re: [Full-disclosure] Pro US government hackerganda The U.S and China have been at cyber war for a long time. All you need to do is look at your logs and see how much junk originates from 221/8 which is Beijing. 202/8 shows the same lame attempts to brute force home routers, access points and the like. I see it on a daily basis where I work, from my home. Kids, virus/worms, definitely not real hackers. First rule of hacking is never hack directly from your own IP address. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pro US government hackerganda
The U.S and China have been at cyber war for a long time. All you need to do is look at your logs and see how much junk originates from 221/8 which is Beijing. 202/8 shows the same lame attempts to brute force home routers, access points and the like. I see it on a daily basis where I work, from my home. Richard Golodner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another 0day to sell.
Full Disclosure ha! This is better than the crap my wife watches on T.V. Fully Entertaining is more like it. This list was once useful many years ago. Now it is just a comical post for egotistic geeks with no social life and a P.C. which probably runs Windows. Post some vulnerabilities or STFU. Richard Golodner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [botnets] the world of botnets article and wrong numbers
As we had seen today everybody has an opinion about how the Botnet metrics are computed. I have been reading Gadi's post for many years now and believe he is a very knowledgeable and competent person. Give the guy a break, he has supplied us with very useful and interesting facts on Botnets and that is a lot more than I see coming from all the rest of the group involved in this thread. Where is everyone else's data? Richard Golodner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Hackers Tomorrow
Please stop with this. We are all so sick of you forcing this thing. I think you called it cyber suicide on your web article. Just let it go. Jeez! Richard Golodner (my real name) From: n3td3v n3td3v [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 10:14 AM To: n3td3v v3dt3n Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hackers Tomorrow Lame ass wanabee On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Help put a stop to incompetent computer forensics
Everyone wrote all of this belowbut Trojan, and or, Backdoor basically still means pain in the ass! RG -Original Message- From: Chuck Fullerton [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 10, 2005 10:07 PM To: [EMAIL PROTECTED]; 'James Tucker' Cc: 'Full-Disclosure' Subject: RE: [Full-disclosure] Re: Help put a stop to incompetent computerforensics Ok.. In one reply you typed... In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. Below you said... This is part of why I'm saying that the definition of Trojan must include the access and control that a backdoor gives. In your reply to me earlier (First example above), The trojan can do its damage without giving control to an outside attacker. That's the difference between the two. A backdoor gives access to an outside attacker while a Trojan doesn't. It can however use a backdoor combined with the trojan to deliver access. Chuck Fullerton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Coombs Sent: Wednesday, August 10, 2005 9:34 PM To: James Tucker Cc: Full-Disclosure Subject: Re: [Full-disclosure] Re: Help put a stop to incompetent computerforensics James Tucker wrote: Sorry, how many programs which you class as Trojans add what you define as a backdoor, given that a backdoor is generally pre-compiled code which allows access via previously un-announced or commonly unused connection methods? Malware doesn't typically ADD backdoors, it comes shipped with them, thus the classification Trojan.Backdoor, as opposed to just Trojan. Many of the more common Trojans these days are Worms, Trojans, and Backdoors and some are Viri too. The reason is simple - short of breaking the kernel process scheduler it is useful to be a Trojan when present as an active virus. Similarly due to the current nature of desktop and server side application logic, most viri are unsuccessful without being worms - although this may change in a few decades as applications become more data driven and automatic. Nothing will ever substitute a full description of a particular malware's actions in describing what it does, unless you expect malware authors to start conforming to standards. Applying the broader definition of Trojan, I can't even make sense out of your paragraph above. But I know that you aren't using the term to communicate the idea of malware that enables the attacker to gain control over, and future access to, the infected system ... If that's the definition you had in mind, then the paragraph you wrote makes logical sense. Otherwise, not. I agree that calling it a backdoor isn't comfortable, it just doesn't fit. This is part of why I'm saying that the definition of Trojan must include the access and control that a backdoor gives. It doesn't make sense to me that Many of the more common Trojans these days are Worms, Trojans, and Backdoors ... unless you are using Trojan to communicate the feature of remote access to the infected box. Sincerely, Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
