Re: [Full-disclosure] [OT] pls ignore
On Fri, Feb 21, 2014 at 10:46 PM, Trevor Bergeron wrote: > Looks like root and intermediate certificate hashes to me, but Google > doesn't recognize them. > I was guessing it was hashes to either one pre-compiled exploit with two architectures, or two separate exploits, in the later stages of a sell. Gaurang, your mysterious hashes are not being ignored. > > On 02/20/2014 05:39 PM, Pedro Worcel wrote: > > Are you using reverse psychology so that people will crack your > passwords? > > > > > > 2014-02-21 11:27 GMT+13:00 Gaurang Pandya : > > > >> MD5: 0a763d4c7029b13a1eacb09d71a5b66a > >> MD5: 76964959005d734d32f06d0a6fbabaa3 > >> SHA1: 10e3275a6980eec283cc169e3422b94eed32e119 > >> SHA1: 74464e2b58990fdf4379f8f543ef43eef540d985 > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > > > > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] The Economist, cyber war issue
I just don't find this kind of visualization helpful. -r Gadi Evron wrote: > The upcoming issue will be about cyber war. Check out the front page image: > > http://sphotos.ak.fbcdn.net/hphotos-ak-snc3/hs488.snc3/26668_410367784059_6013004059_4296972_499550_n.jpg > > Gadi. > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] answer
Defending IT is frequently *harder* to do and sometimes involves hacking IT. both enjoy the challenge. -rick RandallM wrote: > answer me this riddle: > > Why do you chose to > > Hack IT? > > Defend IT? > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
On Wed, Jul 15, 2009 at 12:03 PM, Rick R wrote: > Does your mother know you're doing this? It seems curious that Ant-Sec > popped up right around the time summer vacation started. This is what you're > doing with your extra 8 hours a day previously taken up by classes and > homework? > > The charter of Ant-Sec seems to be bent on stifling the flow of > information. If there is one inalienable truth on this planet it is that > Information Wants To Be Free. In all meanings of the word free. Many > multi-billion dollar corporations and governments have tried and failed to > stop those who would wish to share information, but somehow you think you > can do it. Summer break is only a couple months long and you still have to > go on family vacations, take naps, and hang out at the roller-rink or > whatever it is kids do these days. Frankly I think you should take some > summer classes or get a job, so that one day you can be a useful member of > society. > > Just my $0.02. > > > On Wed, Jul 15, 2009 at 5:29 AM, Ant-Sec Movement < > anti.sec.movem...@gmail.com> wrote: > >> Dear members of Hackforums.net, Jesse Labrocca (AKA Omniscient), >> Milw0rm.com, str0ke, and Reader, >> We are the Ant-Sec movement, and we are dedicated >> to eradicating full-disclosure of vulnerabilities and exploits and free >> discussion on hacking related topics. We are dedicated to stalling the ocean >> of script-kiddies currently trawling the Internet, and those so called >> "White Hat Hackers" who benefit financially from full-disclosure; employing >> scare-tactics in order to con people into buying their firewalls and >> anti-virus software. >> >> Thus, our new targets are Hackforums.net and Milw0rm.com. Both are notable >> within the hacking underground and the computer security world, and both >> violate what the Anti-Sec movement is fighting for. Such as it is, both must >> be terminated...utterly. >> >> Let us first discuss Hackforums.net. It is run by a man named Jesse >> Labrocca, also known as "Omniscient" within the hacker underground. Although >> he, himself, claims to not know a thing about penetrating computer systems. >> Hackforums.net is perhaps one of the largest communities of hackers and >> script-kiddies alike currently at large in cyber space. The beginner >> section, alone, is flooded every single day with messages by script-kiddies. >> The "Hacking Tutorials" section is a diamond mine of full-disclosure >> information. And that is not the entirety of it. As a result, this community >> MUST be terminated. >> >> Recently, the Anti-Sec movement became aware that some unknown entity has >> been launching successfully crippling denial of service attacks against >> Hackforums.net. Whoever you are, we of the Anti-Sec movement extend our >> warmest gratitude to you and we ask that, if you're reading this email, >> please do not cease your attack against Hackforums.net. By bringing it down, >> you are helping to recover the health of the Internet. Hackforums.net is a >> hive of knowledge that should only be known by a select few. It MUST be >> terminated. In addition, we also encourage any and all who can to launch >> denial of service attacks against Hackforums.net in order to support us in >> furthering our goals. >> >> We would like to stress that we will not be participating in DDOSing >> Hackforums.net. The reasons for this bring us to our next topic of >> discussion. >> >> In addition to our OpenSSH 0-day exploit, the Anti-Sec movement have also >> unearthed an Apache 0-day vulnerability and we have subsequently developed >> exploit code in order to take advantage of this vulnerability. It affects >> ALL versions. We will be using this as well as our OpenSSH exploit to hack >> into Hackforums.net and rm its contents, thus terminating it. >> >> As soon as, if ever, the recent crippling DDOS attacks against >> Hackforums.net cease, we will strike. And in that moment, Hackforums.net >> will be history. Your only hope, Hackforums, is for the heavy DDOS attacks >> to never stop. >> >> Once we have dealt with Hackforums.net, we will terminate Milw0rm. Better >> you had quit and left it at that, Str0ke, for now milw0rm.com will be >> completely and utterly wiped. It is the second highest target after >> Hackforums.net. >> >> This is our message to all. You have seen what the Anti-Sec movement can >> do. We will do it again, and again, and again, until our goals are >> achieved. >> >> This we promise. >> >> Sincerely, >> >&
Re: [Full-disclosure] Sasser or other nasty worm needed
On Mon, 27 Nov 2006, [EMAIL PROTECTED] wrote: >> so when you go to mcdonalds and hand over your $5 for your MCbig meal, do >> you consider the repercussions of supporting an industry which pays low >> wages, is under-staffed, and promotes world-hunger by using enough grain >> to feed a continent, etc...? > > WTF does that have to do with the topic? Unless you want to make the point > that often, the McDonald's staff fails to use a level of food-preparation > hygiene that matches the computer-security hygiene requirements to work with > known malware? it seemed to me that you were arguing a reason for not distributing the binary was "the guy is" (not) "clued enough to run a 'closed lab' without screwing up..." making this a 'we shouldn't support this because we do not know this person is responsible' approach. so the context of my statement relates to consistency of accountability. >> do *you* know where to find a copy? > Yes. >> did you always? > Yes. i'm sorry, but i have a hard time believing this. >> have you always been able to configure a network to talk via EIGRP? > No, because when I first got on the net, RFC1058 was still 4 years in the > future. So it wasn't "always" possible, because the option didn't always > exist. and once it did there was a point in time in which you learned. you learned because you had access to information. somone else provided this information. >>> There are a lot of people who are of the opinion that "if you have to ask >>> where to find a copy of Sasser, you're not clued enough to be trusted with >>> a copy". >> >> perhaps the next time you need a doctor, the one you find will laugh at >> you with the same sense of elitism you demonstrate. > > Did I say I was one of the lot of people? Did you notice that I was > replying *in the context of KF's comments* saying "It's cool because it's > in a closed lab?" i must've missed that part. i jumped into this because i was once a student at university who benefited from this type of 'closed lab learning environment.' you are absolutely correct that something could go wrong, but fear of failure ought not keep one from trying. i'm reminded of Roosevelt's saying: ""It is not the critic who counts: not the man who points out how the strong man stumbles or where the doer of deeds could have done better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood, who strives valiantly, who errs and comes up short again and again, because there is no effort without error or shortcoming, but who knows the great enthusiasms, the great devotions, who spends himself for a worthy cause; who, at the best, knows, in the end, the triumph of high achievement, and who, at the worst, if he fails, at least he fails while daring greatly, so that his place shall never be with those cold and timid souls who knew neither victory nor defeat." cheers, Rick ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sasser or other nasty worm needed
On Mon, 27 Nov 2006, Peter Dawson wrote: > I doubt schools have CLOSED LAB. I would like to know where the budget comes > from, for this type of network. If so , then every school district board > needs one.. :)- some do. schools partnered with, or using the curriculum of the Center for System Security and Information Assurance (www.cssia.org) come to mind. i'm sure there are others. Rick ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sasser or other nasty worm needed
On Mon, 27 Nov 2006, [EMAIL PROTECTED] wrote: > You would have us believe that the guy is clued enough to run a "closed > lab" without screwing up (and there's *lots* of ways to screw up, starting > with forgetting to wipe the drives afterwards, forgetting to disable a > wireless card, forgetting to not plug any of the boxes into the normal net, > forgetting to...). so when you go to mcdonalds and hand over your $5 for your MCbig meal, do you consider the repercussions of supporting an industry which pays low wages, is under-staffed, and promotes world-hunger by using enough grain to feed a continent, etc...? > And yet he's not clued enough to know how to find a copy of Sasser by > himself. so what? do *you* know where to find a copy? did you always? have you always been able to configure a network to talk via EIGRP? > There are a lot of people who are of the opinion that "if you have to ask > where to find a copy of Sasser, you're not clued enough to be trusted with > a copy". perhaps the next time you need a doctor, the one you find will laugh at you with the same sense of elitism you demonstrate. Rick ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Secure OWA
-Original Message- From: Brendan Dolan-Gavitt [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 30, 2006 9:58 AM To: Renshaw, Rick (C.) Cc: Dude VanWinkle; Adriel Desautels; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Secure OWA >On 8/30/06, Renshaw, Rick (C.) <[EMAIL PROTECTED]> wrote: >> >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Dude >> VanWinkle >> Sent: Saturday, August 26, 2006 2:30 PM >> To: Adriel Desautels >> Cc: full-disclosure@lists.grok.org.uk >> Subject: Re: [Full-disclosure] Secure OWA >> >> > The only real fault I know about is the fact that you can guess >> > passwords >> eternally without locking out user accounts. >> >> There's two sides to this risk. If you allow OWA logins to lock out >> accounts, and your OWA page is available from anywhere on the >> Internet, you are handing an easy DOS tool to anyone that knows the >> account names for people on your server. >> >Perhaps. But a temporary lockout period would deter brute-force attempts >while still making an attacker do some work to keep the accounts locked >(eg, if you have a lockout of 5 minutes, brute forcing is no longer >practical, but at the same time, if you want to DoS someone's account >you have to keep coming back every 5 minutes. And that increases the >risk you'll get caught.) >-Brendan My point was not matter which way you go on this issue, there is some risk. The only thing that you can do is balance one risk against the other and find the point where you feel comfortable with the risks. You could implement something like an exponential backoff wait between failed logins without lockouts, which would make it more difficult to brute-force the account, but there are ways around that too. At the end of the day, you have to pick which risk you are more comfortable dealing with, brute-force attacks or DOS attacks. Personally, I'd take the DOS, because it's better than allowing passwords to be brute-forced (in my mind). Rick smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Secure OWA
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dude VanWinkle Sent: Saturday, August 26, 2006 2:30 PM To: Adriel Desautels Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Secure OWA > The only real fault I know about is the fact that you can guess passwords eternally without locking out user accounts. There's two sides to this risk. If you allow OWA logins to lock out accounts, and your OWA page is available from anywhere on the Internet, you are handing an easy DOS tool to anyone that knows the account names for people on your server. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] [Clips] A small editorial about recent events.(fwd)
>-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie C. Pole >Sent: Sunday, December 18, 2005 11:13 PM >To: full-disclosure@lists.grok.org.uk >Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd) > >On Dec 18, 2005, at 10:11 PM, coderman wrote: > >> On 12/18/05, Jamie C. Pole <[EMAIL PROTECTED]> wrote: >>> ... >>> Even with a government that is actively protecting us from these >>> terrorist scumbags, we in the USA are still the luckiest people on >>> Earth. We've got it better than any other country on Earth. If you >>> like some other place better, please feel free to move yourself >>> there. >> >> sycophants and apologists like yourself excusing the illegal and >> totalitarian tendencies of one of the most corrupt administrations in >> recent memory are destroying the very attributes of this country that >> make it great. >> >> how 'bout you and all the others tied of "that goddamned piece of >> paper" get the fuck out instead? > >Well, for one thing, I am a veteran, and have EARNED these rights >that you liberal whiners take for granted. When you believe in >something enough to die for it, come back and talk to me. > >JCP I am a veteran, so I only have one question for you: If you're a veteran, then what part of this didn't you understand? (emphasis mine) I, _, do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and DOMESTIC; that I will bear true faith and allegiance to the same; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Most common keystroke loggers?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 02, 2005 6:39 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Most common keystroke loggers? On Sat, Dec 03, 2005 at 12:22:17PM +1300, Nick FitzGerald wrote: >> Ahh, no... >> >>http://en.wikipedia.org/wiki/Halting_problem >> >> Basically (and simplifying a lot), the Halting Problem means that you >> cannot write a computer program to determine if some other program >> exhibits "function X", _in finite time_. >I don't think this is what the Halting Problem means. My understanding is that it means you can't write a program to determine if *any* other program exhibits "function X", >in finite time. For a particular program, however, this may be quite feasible. You're right, the particular problem of finding if a program exhibits "function X" is Rice's Theorem, which is related to the Halting problem, but is properly a subset of the problem. http://en.wikipedia.org/wiki/Rice%27s_theorem >> Thus, you cannot write a >> program to detect all viruses, you cannot write a program to detect key >> loggers, you cannot write a prorgram to detect all spyware, etc, etc. >How do you know that the problem of detecting all keystroke loggers is >equivalent to the Halting Program? Is there a proof somewhere that > keystroke loggers do not share some characteristic that makes them detectable? > <-- I am not being sarcastic; this is an earnest question. Quoted (with minor changes of what the function does) from the Rice's theorem page referenced above: Suppose we have an algorithm for examining a program p and determining infallibly whether p is an implementation of a keystroke logger. The claim is that we can convert our algorithm for identifying key loggers into one which identifies functions that halt. We will describe an algorithm with takes inputs a and I and determines whether program a halts when given input i. The algorithm is simple, we construct a new program t which (1) temporarily ignores its input while it tries to execute program a on input i, and then, if that halts, (2) returns whether a keylogger was detected. Clearly, t is a function for finding keyloggers if and only if step 1 halts. Since we've assumed that we can infallibly identify programs for finding keyloggers, we can determine whether t is such a program, and therefore whether program a halts on input i. Note that we needn't actually execute t, we need only decide whether it is a squaring program, and, by hypothesis, we know how to do this. >My formal CS background is weak, but I don't think the problem of programmatically detecting compromised machines of a given OS (not the general case of "compromised machines >of any sort) has been proven >to be undecidable in the strong way that the Halting Problem has. I may >be wrong, though, which is why I ask. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Researching IMISERV (wupdt.exe)
On Thu, 7 Jul 2005, Reece Mills wrote: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A http://securityresponse.symantec.com/avcenter/venc/data/backdoor.imiserv.html Why did you include these links? Where, in my original mail, did I intimate this was the type of information I was after? PLEASE!!! Your neighbor is you and the friend is your wife. You formated and re-installed the machine. Childish. You want to infect a butt-load of educational systems (no doubt on an .edu network, no doubt exposed to the public) with a virus (Trojan really). See above. The rest of your mail suggests you A.) Don't understand English very well. B.) Are really fucking dense. C.) Are about 13 years-old How much do you make maybe I'll want to work for you. Frankly Reece, I wouldn't hire you. Sincerely, rlh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/