Re: [Full-disclosure] Hacking in Schools

[Sanguinarious Rose]

You have my Axe!

https://www.youtube.com/watch?v=pxPGzj2L3n0


On Tue, Feb 25, 2014 at 9:33 AM, Pete Herzog  wrote:

> How to teach hacking in school and open up education:
>
> https://opensource.com/education/14/2/teach-hacking-schools-open-education
>
> Sincerely,
> -pete.
>
> --
> Pete Herzog - Managing Director - p...@isecom.org
> ISECOM - Institute for Security and Open Methodologies
>
> Need impartial, expert advice? Request a call:
> http://clarity.fm/peteherzog
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] how do I know the fbi is followin

[Sanguinarious Rose]

I got a new laptop a few days ago, I wouldn't worry too much because you'll
just get a new laptop too!

Sabu got a new laptop, i'm sure it had decent specs because mine does!

"In time, his handlers allowed him to work from the home from which he
previously wrought destruction, using a PC laptop provided by the FBI. "

http://www.foxnews.com/tech/2012/03/06/exclusive-inside-lulzsec-mastermind-turns-on-his-minions/

Quad-core with hyper threading... 8gb of ram... 750gb HD... I wish those
vans and that FBI wifi showed up sooner! I got mine about a week ago and
dedicated it to my favorite informants!

Pic of my new FBI Laptop ->
https://twitter.com/Sanguinarious/status/305641497942966272

White Vans are awesome dude!

On Sat, Mar 2, 2013 at 10:15 PM, Stefan Jon Silverman wrote:

>  <<<=== gets out popcorn maker, this is going to be a fun movie.
>
>
>  Regards,
> Stefan
>
> **
> **
>   Weebles wobble but they don't fall down
> **
>
>  On 3/2/2013 7:04 PM, Chris L wrote:
>
> If you think they are following, go down a dark rural road that you know
> has a few loops. You need to have a goat in the back of the van.
> Deliberately drive down one of these loops, if they're still behind you,
> they're following you. That doesn't mean they're FBI though, they could
> just be stalkers or serial killers. STOP randomly in the road. Jump out of
> the car as fast as you can. Start visibly consuming as many drugs as you
> can while stripping off your clothes and dancing. Then, pull out the goat
> and begin to ritually sacrifice it. If they're FBI you'll be arrested, if
> not you'll have likely scared off the crazies following you by being more
> crazy then them.
>
> Then you'll know.
>
> On Sat, Mar 2, 2013 at 6:42 PM, Jeff Kell  wrote:
>
>>  On 3/2/2013 9:29 PM, Reed Loden wrote:
>>
>> Check your nearby WiFi SSIDs for "FBI Surveillance Van". That's always a
>> dead giveaway that you're being monitored.
>>
>>
>>  Yeah, what is it with those guys?  (or the ones that perpetuate the
>> myth...)
>>
>>
>>
>> Jeff
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] how do I know the fbi is followin

[Sanguinarious Rose]

That is a rather interesting question...

Carry On!

On Sat, Mar 2, 2013 at 8:47 PM, Jerry dePriest  wrote:
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000

[Sanguinarious Rose]

And that is the reason why no one wants to report anything they find,
it's because of people like you and your kind of thinking.

Did they public post all the private information?
No

Did they try to use it for malious or illicit purposes?
No

Did they report it when they found it?
Yes

A horrible moral compass indeed! Arrest these people for being
concerned and reporting it after stumbling upon security flaws!
Amiright?

On Mon, Jan 21, 2013 at 8:06 PM, Nick FitzGerald
 wrote:
> Jeffrey Walton wrote:
>
>> On Mon, Jan 21, 2013 at 5:42 PM, Philip Whitehouse  wrote:
>> > Moreover, he ran it again after reporting it to see if it was still there.
>> > Essentially he's doing an unauthorised pen test having alerted them that
>> > he'd done one already.
>> If his personal information is in the proprietary system, I believe he
>> has every right to very the security of the system.
>
> BUT how can he "verify" (I assume that was the word you meant?") proper
> security of _his_ personal details?  He would have to test using
> someone _else's_ access credentials.  That is "unauthorized access" by
> most relevant legislation in most jurisdictions.
>
> Alternately, he could try accessing someone else's data from his login,
> and that is equally clearly unauthorized access.
>
> He and his colleague who originally discovered the flaw may have used
> each other's access credentials to access their own data, or used their
> own credentials to access the other's data _in agreement between
> themselves_ BUT in so doing most likely broke the terms of service of
> the system/their school/etc, _equally_ putting them afoul of most
> unauthorized access legislation.
>
>> Is he allowed to "opt-out" of the system (probably not)? If not, he
>> has a responsibility to check.
>
> BUT he has no resposibility to check on anyone _else's_ data and no
> _authority_ to use anyone else's credentials to check on his own.
>
> So, what "responsibility" does he really have?
>
> It sounds like he should have left well alone once he had reported this
> to the university and the vendors.  That he did not have the sense or
> moral compass to recognize that tells us something important about him.
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The World's Largest Hacker Database

[Sanguinarious Rose]

Correct I'm not, read near the end.

On Wed, Jan 9, 2013 at 7:31 AM, doc mombasa  wrote:
> dont think rose == thejester
> why would he expose himself?
>
> 2013/1/9 John Bambenek 
>>
>> I wasted 2 minutes of my life glancing at that and I won't get it back.
>>
>> Lame.
>>
>> But if the Jester approves, that's something.
>>
>>
>> On 1/8/13 4:19 AM, Sanguinarious Rose wrote:
>> > I rather like my honorable mention
>> > https://www.soldierx.com/hdb/th3j35t3r
>> >
>> > I approve
>> >
>> > On Mon, Jan 7, 2013 at 10:36 AM, scryptz0 SOLDIERX
>> >  wrote:
>> >> Infosec Institute made a write up on the largest public hacker database
>> >> on
>> >> the net that is rumored to be rivaled by the FBI. Check it out at
>> >>
>> >> http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/
>> >>
>> >>> The SOLDIERX HDB is the world’s largest public hacker database on the
>> >>> net
>> >>> and is rumored to be rivaled only by the FBI’s hacker database. Their
>> >>> hacker
>> >>> database contains a list of programmers, developers, black hats, white
>> >>> hats,
>> >>> security researchers, fake ethical hackers, hacktivists, packet
>> >>> kiddies,
>> >>> click kiddies, script kiddies, security professionals, heroes of
>> >>> computer
>> >>> revolution (Hello Steven Levy), hardware hackers, ch1xors (oh yes!
>> >>> although
>> >>> some people believe that they are non-existent), game hackers, and
>> >>> those who
>> >>> have embraced and embodied the hacker culture.
>> >>
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The World's Largest Hacker Database

[Sanguinarious Rose]

I rather like my honorable mention https://www.soldierx.com/hdb/th3j35t3r

I approve

On Mon, Jan 7, 2013 at 10:36 AM, scryptz0 SOLDIERX
 wrote:
> Infosec Institute made a write up on the largest public hacker database on
> the net that is rumored to be rivaled by the FBI. Check it out at
> http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/
>
>> The SOLDIERX HDB is the world’s largest public hacker database on the net
>> and is rumored to be rivaled only by the FBI’s hacker database. Their hacker
>> database contains a list of programmers, developers, black hats, white hats,
>> security researchers, fake ethical hackers, hacktivists, packet kiddies,
>> click kiddies, script kiddies, security professionals, heroes of computer
>> revolution (Hello Steven Levy), hardware hackers, ch1xors (oh yes! although
>> some people believe that they are non-existent), game hackers, and those who
>> have embraced and embodied the hacker culture.
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (no subject)

[Sanguinarious Rose]

I found this to be of high informational value, I do agree completely
with the statement thus given.

Please, tell us more about how to came to these conclusions, how this
impacts this community, and the social dynamics of our society as a
whole.

Best Regards

On Thu, Nov 15, 2012 at 7:02 AM, mohit tyagi  wrote:
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Brute Force vulnerability in WordPress

[Sanguinarious Rose]

So:

1. Any login page is a "Brute Force Vulnerability" or accepting user
input for that matter is probably a "Brute Force Vulnerability"
2. There is no way to protect against it that can not be overcome (but
apparently there is some magickal way when implemented corrected?) so
its still a "Brute Force Vulnerability"
3. Magick

I would, in fact, challenge you to describe a practical method to
prevent a "Brute Force Vulnerability".

On Wed, Apr 4, 2012 at 6:40 AM, MustLive  wrote:
> Dear MaXe!
>
> First, you need to take into account that I'm busy man and no need to
> overload me with letters on non important subjects, especially if you want
> to quickly receive an answer (or receive it at all). And especially no need
> to overload me with letters, when you already wrote me a letter (I'm talking
> about January's letter), for which you need to receive an answer first (and
> be sure I'll answer you on that letter when will find time). It's very
> important - do not send me new letters before you'll receive answers on
> previous ones :-). So always wait until you receive answers on previous
> letters, before sending new ones.
>
>> No offense intended of course.
>
> Second, no need to write offense. You've already for second time (in last
> two letters) write me an offensive text (it's present in your letters) and
> at that same time saying "No offense intended". So ask yourself, why you're
> offending me and at that claiming opposite. For you it'll be better to save
> your and my time and not write offense, so there will be no need to justify
> yourself and write "No offense intended" phrases. So you will can use more
> time for other important things, like getting visa to Australia ;-).
>
>> Same type of vulnerabilities exist in 99,999...% of all web applications
>
> >From where you got such statistic, that 99,999% of webapps had Brute Force
> vulnerabilities? Or 99,999% of web sites? It's completely incorrect
> statement and is far away from real statistic. Not 99,999%, nor even 99% -
> not webapps, nor web sites. There are a lot of web applications that have no
> authentication (a lot of such one were made in 90s and beginning of 2000s,
> and even are making nowadays) and the same with websites - there are sites
> with no authentication. All such webapps and web sites have no Brute Force,
> and of course there is some percentage among those webapps and web sites
> with authentication that have no BF because they have protection against it.
>
> And in this advisory I was talking about Brute Force vulnerability via
> XML-RPC functionality (and in the next one I was talking about Brute
> Force vulnerability via APP functionality). How many webapps do you know
> with BF holes in XML-RPC and APP functionalities and which percentage it
> will be for them among all webapps? Far away from your 99,999%.
>
> So even hypothetical statistic much be close to real numbers. And there are
> a lot of classes of vulnerabilities, which are more widespread then Brute
> Force. Like among vulnerabilities from WASC TC v.2. Including there are such
> more widespread vulnerabilities then BF in WordPress. I'll not starting the
> discussion about them, because don't see need in it, nor have time for it.
>
>> including your website.
>
> In this letter I've wrote about BF via XML-RPC functionality. Where did you
> see XML-RPC or BF in it at my site? There is no XML-RPC at all for a long
> time. So it's a lie. in the next letter I've wrote about BF via APP
> functionality. Where did you see APP or BF in it at my site? There never was
> APP at my site at all. So it's a lie again.
>
> And concerning other BFs, which I've wrote about in 2008 and 2010 (against
> which I had reliable protection from begging of 2008). Did you see BF in
> password protected page/post - no, then why lying. Did you see and exactly
> confirm existence of BF in login form - no, then why lying. So no need to
> claim without confirming of existence of holes, because it'll be a lie.
>
> I'm protecting my web sites against BF since beginning of 2001, when made my
> first back-end for my site, and for vulnerable WordPress, after seeing that
> developers are ignoring to fix BF at all, I've also fixed such holes in
> begging of 2008. And all lamers who everyday trying to bruteforce my
> honeypot login form are going away with nothing.
>
>> Even if you can't bruteforce all the time, you can adjust it with timing
>
> Yes, there are methods of bypassing BF protections. But there are also more
> advanced methods of protection. But even they can by bypassed if not
> implement correctly - as I've wrote last year in my articles (translation of
> which you could read in WASC mailing list).
>
>> Did you also mention this 5-10 years ago on your web site about website
>> security named websitesecurity.com.ua?
>
> I've mentioned as about BF, as about other important things at my site, and
> was doing it for six years. And you are writing with such not serious tone
> about my site a

Re: [Full-disclosure] www.LEORAT.com is scam

[Sanguinarious Rose]

Was there a memo I missed or is Full Disclosure the new reviews list
for malware shopping?

On a side note you seem to be rather mad, perhaps a life of crime is
just not for you. I would suggest getting a hair cut, perhaps showing
and at the very least some deodorant, and finding a Real Job.

On Fri, Mar 30, 2012 at 7:53 AM, smith joseph  wrote:
> LEORAT.COM is SCAM | LEOIMPACT.COM is SCAM | LEORAT.COM is SCAM
>
> Yes. . I bought this RAT software from him. He claims that he is having is
> own RAT but they all are freeware.
> 1. Darkcomet
> 2.Xtream Rat
> google it
> even you can find better RAT free of cost on net.
>
> he will give you BOT which is again freely available on net. And last he
> uses "Father Crypter" to crypt all RAT output files. and this is pure
> bullshiz. All will be detected by Anti viruses after few hours.
> Before buying they said they will be giving FUD server, (Commercial Exploits
> Packs for Reliable Deployment in ZIP, EXE, Single XLS(office 2007), JPG+LNK,
> PDF File(9.3.0) & Browser Pack) but nothing given.
> Once you start using it nothing goes according to his claimed way and fails.
> You have only option left is KEEL EMAILING and CALLING. He will never
> respond to you again.. Bloody money sucker.
>
> Result:
> LEOIMPACT.COM is SCAM
>
> LEORAT.COM is SCAM
>
> LEORAT.COM is SCAM
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Mystery of the Duqu Framework

[Sanguinarious Rose]

https://www.securelist.com/en/blog/677/The_mystery_of_Duqu_Framework_solved

"The code was written using a custom OO C framework, based on macros
or custom preprocessor directives. This was suggested by your
comments, because it is the most common way to combine object-oriented
programming with C. "


Not Told [ ]
Told [x]

Here let me re-quote my email for prosperity

>Yea, I have been thinking on ideas for that as well, I see no one has
>thought outside the box yet.

>I would look into OO'ed C (www.planetpdf.com/codecuts/pdfs/ooc.pdf) as
>being a possibility. Long before in the time when the mighty C++ was
>young, it was translated to C code for compilation. I have not had the
>time to dig into it yet to see how you could code it in OO C style
>code yet. You can implement much of the functionality of OO parts of
>C++ including virtual functions and other things.

>Well, these are my thoughts on it. More speculation at the moment but
>might be of use to someone.

So, next time I would suggest actually reading and understanding what
I post to the mailing list instead of cheerleader with that crappy
"told" and "not told" meme.

On Sat, Mar 10, 2012 at 1:40 PM, Laurelai  wrote:
> On 3/10/12 2:16 PM, William Pitcock wrote:
>> On 3/10/2012 9:00 AM, 夜神　岩男 wrote:
>>> On 03/10/2012 03:51 AM, f...@deserted.net wrote:
>>>
 http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework

 Haven't seen this (or much discussion around this) here yet, so I
 figured I'd share.

>>>  From the description, it looks like someone pushed some code from a
>>> Lisp[1] variant (like Common Lisp, which is preprocesed into ANSI C by
>>> GCL, for example, before compilation) into a C++ DLL. Normal in the
>>> deper end of Linux dev or Hurd communities, but definitely not standard
>>> practice in any established industry that makes use of Windows.
>>>
>>> I could be wrong, I didn't take the time to walk myself through the
>>> decompile with any thoroughness and compare it to code I generate.
>>> Anyway, I have no idea the differences between how VC++ and g++ do
>>> things -- so my analysis would probably be trash. But from the way the
>>> Mr. Soumenkov describes things it seems this, or something similar,
>>> could be the case and why the code doesn't conform to what's expected in
>>> a C++ binary.
>>>
>>>
>> LISP would refer to specific constructor/destructor vtable entries as
>> "cons" and there would be no destructor at all.  The structs use vtables
>> which refer to "ctor" and "dtor", which indicates that the vtables were
>> most likely generated using a C++ compiler (since that is standard
>> nomenclature for C++ compiler symbols).  It pretty much has to be
>> Microsoft COM.  The struct layouts pretty much *reek* of Microsoft COM
>> when used with a detached vtable (such as if the implementation is
>> loaded from a COM object file).  The fact that specific vtable entries
>> aren't mangled is also strong evidence of it being Microsoft COM (since
>> there is no need to mangle vtable entries of a COM object due to type
>> information already being known in the COM object).
>>
>> If it looks like COM, smells like COM, and acts like COM, then it's
>> probably COM.  It certainly isn't "some new programming language" like
>> Kaspersky says.  That's just the dumbest thing I've heard this year.
>>
>> William
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> I think William just told everyone...again.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] QR code and the jester

[Sanguinarious Rose]

There is a lot of issues that don't make sense and problems with his
write up. I asked him about it and he couldn't say much about it
besides a single admission of one of my points I outlined about usage
of netcat. My talk with him regarding the issues I noticed in his blog
post here http://pastebin.com/XbUTmjsp .

Rather then re-posting all my thoughts on it, you can find it here:
http://reapersec.wordpress.com/2012/03/13/th3j35t3r-and-qr-exploits-exposed/

Basic summary as follows:

He is using a 2 year old exploit with apparently no compensation for
iOS or Android shellcodes. He then goes on to explain that he used
netcat which is a very inefficient tool to use for mass exploitation.
Then there is the issue of how he extracted the data off the phones
using a reverse shell, which I point out should optimally have been
done with a native executable. I am honestly not that familiar with
what exactly is installed on iOS and Androids but I would imagine it
would require the 'strings' command at the very least.

If any other information comes to light or he responds to any
criticisms so far reasonably I would say it's a complete fabrication.
I, of course, can admit if I am wrong but so far I just don't see
anything validating what he claimed to have done.

On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop  wrote:
> So, anyone read the jesters "exploit" usage with QR code and netcat to catch 
> bad guys?
>
> From: Randy
>
> It's an iPhone Thang!
> Was learning cursive necessary?
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Mystery of the Duqu Framework

[Sanguinarious Rose]

Do you have any suggestions as to what C++ compiler could generate
such code in such a case and how one could generate similar code that
matches the decompiled parts? Granted their theory of a new language
is moonbatty but I think they have the knowledge to recognize a common
compiler.

As for ctor and dtor, I am pretty sure they were marked by the
researcher doing the decompiling or the decompiler and no such symbol
names are in the executable. I would conclude as such for the other
symbols named due to how they were named.

I do agree on the new language being possibly the dumbest insane
moonbat speculation of the year however I have heard a few other
things that win over that hands down ;)

On Sat, Mar 10, 2012 at 1:16 PM, William Pitcock
 wrote:
> On 3/10/2012 9:00 AM, 夜神　岩男 wrote:
>> On 03/10/2012 03:51 AM, f...@deserted.net wrote:
>>
>>> http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework
>>>
>>> Haven't seen this (or much discussion around this) here yet, so I
>>> figured I'd share.
>>>
>>From the description, it looks like someone pushed some code from a
>> Lisp[1] variant (like Common Lisp, which is preprocesed into ANSI C by
>> GCL, for example, before compilation) into a C++ DLL. Normal in the
>> deper end of Linux dev or Hurd communities, but definitely not standard
>> practice in any established industry that makes use of Windows.
>>
>> I could be wrong, I didn't take the time to walk myself through the
>> decompile with any thoroughness and compare it to code I generate.
>> Anyway, I have no idea the differences between how VC++ and g++ do
>> things -- so my analysis would probably be trash. But from the way the
>> Mr. Soumenkov describes things it seems this, or something similar,
>> could be the case and why the code doesn't conform to what's expected in
>> a C++ binary.
>>
>>
>
> LISP would refer to specific constructor/destructor vtable entries as
> "cons" and there would be no destructor at all.  The structs use vtables
> which refer to "ctor" and "dtor", which indicates that the vtables were
> most likely generated using a C++ compiler (since that is standard
> nomenclature for C++ compiler symbols).  It pretty much has to be
> Microsoft COM.  The struct layouts pretty much *reek* of Microsoft COM
> when used with a detached vtable (such as if the implementation is
> loaded from a COM object file).  The fact that specific vtable entries
> aren't mangled is also strong evidence of it being Microsoft COM (since
> there is no need to mangle vtable entries of a COM object due to type
> information already being known in the COM object).
>
> If it looks like COM, smells like COM, and acts like COM, then it's
> probably COM.  It certainly isn't "some new programming language" like
> Kaspersky says.  That's just the dumbest thing I've heard this year.
>
> William
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Mystery of the Duqu Framework

[Sanguinarious Rose]

Trying to cover up you being "told", that's Cute <3

On Sat, Mar 10, 2012 at 3:34 AM, Laurelai  wrote:
> On 3/10/2012 4:31 AM, Sanguinarious Rose wrote:
>
> Not really, it looks like speculation same as I just admitted my idea
> was. There is no proof as of yet besides for just a single tweet
> suggesting an idea much in the same mine just was. Unless someone does
> the proper research into it, it is just that, 140 chars speculation.
>
> Told [x]
> Not Told [ ]
>
> umad?
>
> On Sat, Mar 10, 2012 at 3:23 AM, Laurelai  wrote:
>
> On 3/10/2012 4:13 AM, Sanguinarious Rose wrote:
>
> Yea, I have been thinking on ideas for that as well, I see no one has
> thought outside the box yet.
>
> I would look into OO'ed C (www.planetpdf.com/codecuts/pdfs/ooc.pdf) as
> being a possibility. Long before in the time when the mighty C++ was
> young, it was translated to C code for compilation. I have not had the
> time to dig into it yet to see how you could code it in OO C style
> code yet. You can implement much of the functionality of OO parts of
> C++ including virtual functions and other things.
>
> Well, these are my thoughts on it. More speculation at the moment but
> might be of use to someone.
>
> On Fri, Mar 9, 2012 at 11:51 AM,   wrote:
>
> http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework
>
> Haven't seen this (or much discussion around this) here yet, so I figured
> I'd share.
>
> --
> -Joe.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> https://twitter.com/#!/nenolod/status/178352865667067904
> <https://twitter.com/#%21/nenolod/status/178352865667067904>
>
> not told [ ]
> told [x ]
>
>
> Put the crack pipe down.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> My post was Williams response to Kaspersky, wasn't directed to you. Do try
> and keep up.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Mystery of the Duqu Framework

[Sanguinarious Rose]

Not really, it looks like speculation same as I just admitted my idea
was. There is no proof as of yet besides for just a single tweet
suggesting an idea much in the same mine just was. Unless someone does
the proper research into it, it is just that, 140 chars speculation.

Told [x]
Not Told [ ]

umad?

On Sat, Mar 10, 2012 at 3:23 AM, Laurelai  wrote:
> On 3/10/2012 4:13 AM, Sanguinarious Rose wrote:
>> Yea, I have been thinking on ideas for that as well, I see no one has
>> thought outside the box yet.
>>
>> I would look into OO'ed C (www.planetpdf.com/codecuts/pdfs/ooc.pdf) as
>> being a possibility. Long before in the time when the mighty C++ was
>> young, it was translated to C code for compilation. I have not had the
>> time to dig into it yet to see how you could code it in OO C style
>> code yet. You can implement much of the functionality of OO parts of
>> C++ including virtual functions and other things.
>>
>> Well, these are my thoughts on it. More speculation at the moment but
>> might be of use to someone.
>>
>> On Fri, Mar 9, 2012 at 11:51 AM,   wrote:
>>> http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework
>>>
>>> Haven't seen this (or much discussion around this) here yet, so I figured
>>> I'd share.
>>>
>>> --
>>> -Joe.
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> https://twitter.com/#!/nenolod/status/178352865667067904
> <https://twitter.com/#%21/nenolod/status/178352865667067904>
>
> not told [ ]
> told [x ]
>
>
> Put the crack pipe down.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The Mystery of the Duqu Framework

[Sanguinarious Rose]

Yea, I have been thinking on ideas for that as well, I see no one has
thought outside the box yet.

I would look into OO'ed C (www.planetpdf.com/codecuts/pdfs/ooc.pdf) as
being a possibility. Long before in the time when the mighty C++ was
young, it was translated to C code for compilation. I have not had the
time to dig into it yet to see how you could code it in OO C style
code yet. You can implement much of the functionality of OO parts of
C++ including virtual functions and other things.

Well, these are my thoughts on it. More speculation at the moment but
might be of use to someone.

On Fri, Mar 9, 2012 at 11:51 AM,   wrote:
> http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework
>
> Haven't seen this (or much discussion around this) here yet, so I figured
> I'd share.
>
> --
> -Joe.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full disclosure is arrest of Sabu

[Sanguinarious Rose]

lol, as far as I know she didn't accuse nenolod of a botnet, you did
and said he built the botnet for her from what it looks like to me.
Then you went on an epic lulz spree comparable to that of a retarded
child trying to bit his ear calling it winning.

Sorry, forgot to add FD in the to field

On Tue, Mar 6, 2012 at 4:35 PM, Laurelai  wrote:
> On 3/6/2012 5:32 PM, Sanguinarious Rose wrote:
>> I raise you this: http://pastebin.com/R3AL0im6
>>
>> On Tue, Mar 6, 2012 at 3:51 PM, Laurelai  wrote:
>>> On 3/6/2012 2:24 PM, Ferenc Kovacs wrote:
>>>
>>>
>>> 2011/7/25 Laurelai Storm 
>>>> Oh and im not a part of lulzsec, FYI sabu tweeted 2 minutes ago wtf are
>>>> you on about sir?
>>>
>>> maybe we could resurrect this thread. :)
>>>
>>> Sure lets.
>>>
>>> http://gizmodo.com/5890825/lulzsec-leader-betrays-all-of-anonymous
>>>
>>> Im going to paste my favorite part of this article.
>>>
>>> 6:12:32 PM virus: I don't have proof of him being a snitch, and he doesn't
>>> have proof of me being a snitch. it's my word against his.
>>> 6:15:39 PM virus: he disappeared for a week, I don't recall what day
>>> 6:15:52 PM virus: but when he returned he said his grand mother died and
>>> that's why he was MIA
>>> 6:16:01 PM virus: after that he started offering me money to own people
>>> 6:16:14 PM Sam Biddle: anyone important?
>>> 6:16:55 PM virus: backtrace security and laurelai
>>> 6:17:22 PM virus: he gave me IPs, asked me to access their accounts with
>>> their IP and asked me to access their emails
>>> 6:17:25 PM virus: told me he would pay me
>>> 6:17:42 PM Sam Biddle: did you?
>>> 6:17:53 PM virus: no, I found that to be suspicious and declined
>>>
>>> Sabu tried to pay someone to hack me and it didn't work, sabu also got
>>> caught because he connected to IRC one time with his real IP, so this proves
>>> what i said already, sabu hated me and i didn't know anything that the feds
>>> didn't already. For a supposed ring leader of a group of "master cyber
>>> terrorists" as the feds like to paint them they couldn't take down one loud
>>> mouthed trans woman on the internet. Hell even their ddos against my
>>> imageboard failed and i didn't even have cloudflare.
>>>
>>>
>>> And speaking of backtrace security here is Jen giving away government
>>> secrets to win internet points on reddit
>>>
>>> http://imgur.com/a/0g9VG
>>>
>>> Looks like Jen can't be trusted by anon or the feds.
>>>
>>>
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
> Sorry sanguine i had too, i do feel bad about lying to you. I figured
> she would hear about it and she would go full retard on nenolod , and
> she did today. She can't help herself . This of course was great timing
> with the screenshots so im pretty sure her days as a fed contractor are
> over since her dumb ass accused the creator of dronebl of having a botnet.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Best DoS Tool

[Sanguinarious Rose]

Super Proxy Botnets!

https://github.com/lfamorim/barrelroll

On Tue, Feb 28, 2012 at 7:44 AM, PsychoBilly  wrote:
> hping3 --flood
>
> [[   Manuel Moreno   ]] @ [[   27/02/2012 04:35   
> ]]--
>> Hi List!!
>>
>> I made some research about DoS Tools for my regulars PenTesting. What is 
>> considered the best tool for DoS? I made some test with scapy with god 
>> results.
>>
>> wait for your comments,
>>
>> Best Regards
>>
>> Manuel Moreno
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents

[Sanguinarious Rose]

This isn't anything new

On Sun, Feb 26, 2012 at 11:58 PM, Laurelai  wrote:
> http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Botnet Traffic

[Sanguinarious Rose]

That is a rather broad request considering how many flavors of
botnets, various software, and purposes of of them. I would have to
ask what possible purpose could want them for considering such
broadness?

However I would watch this
https://twitter.com/#!/pastebin/status/172625863970529280 &
http://pastebin.com/eJqhCjca

On Thu, Feb 23, 2012 at 3:20 PM, James Smith  wrote:
> Hello,
>
> Can anyone on this list provide botnet network traffic for analysis, or Ip’s
> which have been infected.
> --
> Sincerely;
>
>
> James Smith
> CEO, CEH, Security Analyst
> Email: ja...@smithwaysecurity.com
> Phone: 1877-760-1953
> Website: www.SmithwaySecurity.com
>
>
> CONFIDENTIALITY NOTICE: This communication with its contents may contain
> confidential and/or legally privileged information. It is solely for the use
> of the intended recipient(s). Unauthorized interception, review, use or
> disclosure is prohibited and may violate applicable laws including the
> Electronic Communications Privacy Act. If you are not the intended
> recipient, please contact the sender and destroy all copies of the
> communication.
>
> - This communication is confidential to the parties it was intended to serve
> -
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Downloads Folder: A Binary Planting Minefield

[Sanguinarious Rose]

On Mon, Feb 20, 2012 at 2:28 PM, Jeffrey Walton  wrote:
> Hi Mitja,
>
> On Fri, Feb 17, 2012 at 11:32 AM, ACROS Security Lists  wrote:
>>
>> This blog post reveals a bit of our research and provides an advance 
>> notification of
>> a largely unknown remote exploit technique on Windows. More importantly, it 
>> provides
>> instructions for protecting your computers from this technique while waiting 
>> for the
>> affected software to correct its behavior.
>>
>> http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html
>
> $ Look for the presence of any *.dll files in the Downloads
> $ folder and do the same as in the previous step.
> $ Delete all files from the Downloads folder.
> I don't believe a PE/PE+ executable needs a DLL extension to be loaded
> by LoadLibrary and friends.
>

They do not need a specific extension for LoadLibrary() to work.

This is more having to do with dll search paths which has been a known
exploit vector for a long while now. I do know Win7 fixes this by just
not checking the local directories when it loads a .exe, I am unsure
if Vista does the same, and I am positive WinXP checks local
directories first since I've done so under WinXP.

They might have something interesting with the msiexec.exe with it
checking the local directory first. I would call this a programming
issue by the installer not specifying a full path and no validations.

If a dev was really concerned when they called LoadLibrary() they
could just use SetDllDirectory(), GetDllDirectory(), and friends to
manipulate where they look for dlls.

Since I responded to something in this subject, I would like to share
my personal opinion this doesn't really seem like a major exploit
vector. It appears to fall to usual do and do not of basic security.
Obviously downloading files from a suspect website is a security risk.

> Perhaps a scanning/cleansing tool would be helpful.
>
> Jeff
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Arbitrary DDoS PoC

[Sanguinarious Rose]

On Wed, Feb 15, 2012 at 7:53 AM, Lucas Fernando Amorim
 wrote:
> How do I subscribe only to the short list have to keep answering this
> bizarre way, so I apologize. If someone has an alternative way, please tell
> me.

Change your settings where you subscribed.

>
> I do not know what you expect of public repos at Github, really do not
> understand, you think that I would deliver the gold as well? Well, I think
> you're a guy too uninformed to find that the maximum is 200 threads with
> pthread. Have you tried ulimit -a? I even described in the readme.
>

Missing the point that async would have drastic improvements on
anything network base, even if you increase it to say 500 threads a
async model still pawns anything using threads for simple
connect/disconnect handling.

> As the algorithm recaptcha, you really thought it would have all code in the
> main file? Why would I do that? I distributed in classes.

No, there wasn't. It was 12 lines of code which just called another
OCR library. (could be why you deleted the public repo this morning)

I did hear google cache does a good job of uncovering "OMG RAGE DELETE"

http://webcache.googleusercontent.com/search?q=cache%3Ahttps%3A%2F%2Fgithub.com%2Flfamorim%2Frebreaker&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

I do have to declare myself the defaulted winner of this engagement
now because if you have to delete stuff in order to claim facts about
it...

>
> And why do you think IntensiveDoS accepts arguments and opens and closes a
> socket? Why is a snippet of code to not only HTTP DoS.

I read the code could be why.

>
> As for the trojan, you really think I would do something better and leave
> the public?
>
> What planet do you live?
>

Totally because a bindshell trojan that connects to a port is
something highly special that the world will end if someone got a hold
of such a dangerous piece of code. In fact, why isn't the world ended
yet when you can just google and get a few dozen of them?

Should I tell you how "dangerous" and what "planet" do you live on to
release your so so very dangerous innovative python code? (hypocrisy
for the win!)

> And Curl is a great project to parallel HTTP connections, python is not so
> much, and that is why only the fork stays with him.
>

Curl is indeed great I agree. The rest I don't see as even a point
going anywhere?

>
> On 14-02-2012 02:48, Lucas Fernando Amorim wrote:
>
> On Feb 13, 2012 4:37 AM, "Lucas Fernando Amorim" 
> wrote:
>>
>> With the recent wave of DDoS, a concern that was not taken is the model
>> where the zombies were not compromised by a Trojan. In the standard
>> modeling of DDoS attack, the machines are purchased, usually in a VPS,
>> or are obtained through Trojans, thus forming a botnet. But the
>> arbitrary shape doesn't need acquire a collection of computers.
>> Programs, servers and protocols are used to arbitrarily make requests on
>> the target. P2P programs are especially vulnerable, DNS, internet
>> proxies, and many sites that make requests of user like Facebook or W3C,
>> also are.
>>
>> Precisely I made a proof-of-concept script of 60 lines hitting most of
>> HTTP servers on the Internet, even if they have protections likely
>> mod_security, mod_evasive. This can be found on this link [1] at GitHub.
>> The solution of the problem depends only on the reformulation of
>> protocols and limitations on the number of concurrent requests and
>> totals by proxies and programs for a given site, when exceeded returning
>> a cached copy of the last request.
>>
>> [1] https://github.com/lfamorim/barrelroll
>>
>> Cheers,
>> Lucas Fernando Amorim
>> http://twitter.com/lfamorim
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Arbitrary DDoS PoC

[Sanguinarious Rose]

Now, I had to do it. I took a look at his other projects (I know, I
know..., it has begun)

https://github.com/lfamorim/IntensiveDoS

If you thought the python code was bad... It doesn't even do anything
remotely effective. Now, pthreads has a cap of around 200 max threads
(depends on compile options, platform, etc.) a single process can do.
If this was even remotely "Intensive" it would be using async sockets
which you can at least get a few K of connections. Should I even
mention it just disconnects after connecting kinda rendering well, I
can't think of a polite way to say it, utterly useless. Any properly
setup http, apache even, can reflect this like throwing cotton balls
but in his case he is claiming the cotton balls are somehow really
bowling balls.

*http_header = "GET / HTTP/1.1\r\n\r\n";

This HTTP request doesn't include a "Host" field hence breaking the
HTTP 1.1 standard before we even begin.

I also noticed he doesn't believe in functions with variables instead
relying on globals.

Sections of the code sometimes use { } for a single
if/while/else/for/etc. statement and some don't which makes me wonder
if it's copy/paste. In my experience and in my own programming they
usually don't dash their code with such style irregularities.

Now inside his Makefile:

rm -rf IntensiveDoS IntensiveDoS.o

Do you seriously need to recursively deleted two files forcefully?

Now on this: https://github.com/lfamorim/Connect-Back-Win32-Trojan

All I can really say is it's not a very good trojan if it leaves a big
black console screen and if you click the 'X' it goes away /
terminates the reverse shell. The standard reverse shell code can be
found on google with many more improvements and there is nothing
really innovative or interesting here.

Now This: https://github.com/lfamorim/rebreaker

All I can say is 12 lines of code being called "Extremely advanced
algorithm to remove distortions from recaptcha images, allowing OCR."
using http://projects.scipy.org/scipy/milestone/0.10.0 is rather well.
Just take a look (the main 2 lines of the program that do anything).

for i in WordSlice(imread(argv[1], True)).get_words():
Hough(i).find_ellipses(lambda img: imresize(img, 0.4, 'bilinear'))

I don't think I have to say anything else for those two lines of
"Extremely advanced algorithm" besides this single line.

lfamorim pushed to master at lfamorim/rebreaker February 14, 2012 =>
40369be making things more efficient.


Combine the above with his "proxy botnet" using curl I have to ask
why would anyone respond to this guy in a logical fashion when it is
obvious he does not know what he is doing. He is as bad as Steve
Gibson ranting about raw socket support in WindowsXP and how it's
going to end the entire internet, only in this case he is referring to
open proxies.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Arbitrary DDoS PoC

[Sanguinarious Rose]

I do not understand why you are wasting time on an obvious troll to
downright, and I don't normally call people names but he well deserves
it, a retard. I think I ironically illustrated the fundamental flaw in
that you can't possibly generate more bandwidth by using proxies for
the python code provided due to it violates the laws of physics
(literally). In fact, if we want to be technical, we could say it is
less effective due to the handshake required to initiate the proxy
connection in fact decreasing efficiency of input compared to input.
If there was something besides making lots of proxy request there
might be something there but it, in fact, has nothing.

Taking into account THN retweeted his FD post and his obvious
inability to understand why everyone is not taking him seriously I
have concluded he is just trying to seek fame and fortune passing off
as some kind of sec expert. Maybe get some brownie points with the
skiddie crowd who wouldn't know better. Throwing fancy terms and
pretending to know what they are talking about doesn't work up against
real researchers who understand what they are doing. Poorly written
scripts also do not impress anyone here considering that I could just
put into google "HTTP Proxy Flooder" and a find superior equivalent
(Even with Point and Click!).

To this effect, I propose we look into Unicorns as a possible
unconventional medium of DDoS due to their mythical properties in a
network environment over-ruled by Pink Lepricons.

Conclusion: Christian Magick.

On Tue, Feb 14, 2012 at 10:19 AM, Gage Bystrom  wrote:
> If the design is broken than the implementation is broken. Have you READ
> your own source code? Do you understand what its actually doing? Rhetorical
> questions of course but still.
>
> Your poc calls curl multiple times via a list of proxies. No more, no less.
> If you are going to claim that such a thing is an effective general
> technique YOU have to back up that claim, not me or anyone else on this
> list. I never bothered running it because anyone who read that simple python
> code(which was a good thing its simple), can understand what it is doing,
> and do a mental comparison to what they previously knew about the subject of
> dos. Your poc does not demonstrate anything new, it demonstrates existing
> knowledge that is generally known to not be an effective method for dosing
> for all the reasons I explained in my previous mails.
>
> I think its quite pedantic of you to only criticize me for calling out the
> ineffectiveness of your poc. You did not address anything I or anyone else
> said about your claim. If you think I am wrong or mistaken in my personal
> assessment of your claim than you are the one who must show how and why to
> defend your claim. Belittling someone who criticizes you is not
> professional, not productive, does not give strength to your claim, and does
> not make you right.
>
> The end of the line is I don't care what you claim your code does, I care
> about what the code does, and your code is not an effective general
> technique for denial of service attacks.
>
> On Feb 13, 2012 8:48 PM, "Lucas Fernando Amorim" 
> wrote:
>>
>> I could argue that an attack targeted at a service, especially HTTP, is
>> not measured by the band, but the requests, especially the heavier, could
>> argue that a technique is the most inherent characteristic of multiple
>> sources of traffic and still relying on trust. I could still say that is an
>> implementation that relates only to say - Look, it exists!, I could still
>> prolong explaining about overheads, and using about the same time many sites
>> that make the requests, thus reducing the wake of a failure, even if you say
>> easily diagnosable.
>>
>> But I'd rather say that it is actually very pedantic of you label
>> something as inefficient, especially when not done a single test, only the
>> pedantic observation of someone whose interests it is reprehensible. I will
>> not say you're one of those, but this is really an attitude typical of this
>> kind, which is certainly not a hacker. Thanks to people like that, do not
>> know if you like, there are many flaws yet to be explored.
>>
>> If anyone wants more information, obviously I will ask to send an email or
>> call me to give a presentation, I will not think about anything. My goal in
>> was invited researchers to study DDoS on this model, because anytime someone
>> can direct thousands to generate a network congestion.
>>
>>
>> On 13-02-2012 11:17, Gage Bystrom wrote:
>>
>> Uhh...looks pretty standard boss. You aren't going to DoS a halfway decent
>> server with that using a single box. Sending your request through multiple
>> proxies does not magically increase the resource usage of the target, its
>> still your output power vs their input pipe. Sure it gives a slight boost in
>> anonymity and obfuscation but does not actually increase effectiveness. It
>> would even decrease effectiveness because you bear the burden of having to
>> se

Re: [Full-disclosure] Arbitrary DDoS PoC

[Sanguinarious Rose]

Ah what a wonderful gem of pure and real research into todays upcoming
threats. Today is the day we learn to phear sites like xroxy.com
because God forbid some of those silly kids using their 9001 proxies
from their 56k dial-ups will over-run google, youtube, facebook, and
the world! Dear God what will we do?!?!? When will it end! Think of
the cute kittens you deprive us of evil proxy hackers!

Today is the day I learned hackers can cast magick upon outgoing
packets through proxies to somehow make them more bigger. I propose
these are some kind of Christian hackers with God on their side to
manipulate the very foundational laws of physics and electricity!

Excuse me Mr. Amorim but what God alas do you pray to for this? Is it
some kind of Christian Magick?

On Sun, Feb 12, 2012 at 9:09 AM, Lucas Fernando Amorim
 wrote:
> With the recent wave of DDoS, a concern that was not taken is the model
> where the zombies were not compromised by a Trojan. In the standard
> modeling of DDoS attack, the machines are purchased, usually in a VPS,
> or are obtained through Trojans, thus forming a botnet. But the
> arbitrary shape doesn't need acquire a collection of computers.
> Programs, servers and protocols are used to arbitrarily make requests on
> the target. P2P programs are especially vulnerable, DNS, internet
> proxies, and many sites that make requests of user like Facebook or W3C,
> also are.
>
> Precisely I made a proof-of-concept script of 60 lines hitting most of
> HTTP servers on the Internet, even if they have protections likely
> mod_security, mod_evasive. This can be found on this link [1] at GitHub.
> The solution of the problem depends only on the reformulation of
> protocols and limitations on the number of concurrent requests and
> totals by proxies and programs for a given site, when exceeded returning
> a cached copy of the last request.
>
> [1] https://github.com/lfamorim/barrelroll
>
> Cheers,
> Lucas Fernando Amorim
> http://twitter.com/lfamorim
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.

[Sanguinarious Rose]

On Sat, Feb 11, 2012 at 2:23 PM,   wrote:
> _
> "Use Tomato-USB OS on them."
> _
>
> Besides you void warranty...
> list of DD-WRT Supported routers:
>
>  E1000        supported
>  E1000 v2     supported
>  E1000 v2.1   supported
>  E1200 v1     ???
>  E1200 v2     ???
>  E1500        ???
>  E1550        ???
>  E2000        supported
>  E2100L       supported
>  E2500        not supported
>  E3000        supported
>  E3200        supported
>  E4200 v1     not supported yet
>  E4200 v2     not supported
>  M10          
>  M20          
>  M20 v2       
>  RE1000       
>  WAG120N      not supported
>  WAG160N      not supported
>  WAG160N v2   not supported
>  WAG310G      not supported
>  WAG320N      not supported
>  WAG54G2      not supported
>  WAP610N      not supported
>  WRT110       not supported
>  WRT120N      not supported
>  WRT160N v1   supported
>  WRT160N v2   not supported
>  WRT160N v3   supported
>  WRT160NL     supported
>  WRT310N v1   supported
>  WRT310N v2   not supported yet
>  WRT320N      supported
>  WRT400N      supported
>  WRT54G2 v1   supported
>  WRT54G2 v1.3 supported
>  WRT54G2 v1.5 not supported
>  WRT54GS2 v1  supported
>  WRT610N v1   supported
>  WRT610N v2   supported
>  X2000        not supported
>  X2000 v2     not supported
>  X3000        not supported.
>
> _
>
> "Fixing?  Heh.
>
> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn 
> it off either."
> _
>
> What about removing WuPS entirely?
>
> WuPS is a total failure because:
>
> 1. Even if everything is fine 8 digits long is very weak because once you got 
> the pin after 7 month - 2 years for example, you are completely pwned.
>

I can't see someone sitting outside my house for 7 months let alone 2
years trying to get my PIN for my router.

> 2. Pin number is fixed you can't change it to a longer number or maybe a 
> string like "omgponnies"
>

A valid point and easy security improvement

> 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad 
> only cell phones), if some people are lazy, you don't have to weakening the 
> security of a strong protocol.
>

People are lazy by default and I see it honestly as their fault for
not taking simple precautions or god forbid reading up a bit.

> Farth Vader
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability-lab.com XSS

[Sanguinarious Rose]

His story seemed rather odd and BS to begin with so thanks for
cleaning that up for much entertainment and ownage.

Excellent day to you good sir.

On Mon, Feb 6, 2012 at 5:55 PM, resea...@vulnerability-lab.com
 wrote:
> i recomment your desinformation with 2 short links ...
>
> article: http://www.vulnerability-lab.com/dev/?p=382
> news: http://www.vulnerability-lab.com/news/get_news.php?id=74
>
> ... we will not respond to this crap anymore ... false envy.
>
> by ;)
>
> --
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability-lab.com XSS

[Sanguinarious Rose]

I've been laughing for like 20m straight after I searched youtube for
the clip and watched it. It is the most perfect way to describe and
see him I've ever seen.

Very good one sir :)

On Mon, Feb 6, 2012 at 6:03 PM, Ian Hayes  wrote:
> On Mon, Feb 6, 2012 at 4:57 PM, Sanguinarious Rose
>  wrote:
>>
>> Um Can I get a translation in English please? K thnx.
>>
>> On Fri, Feb 3, 2012 at 2:06 PM, doo...@gmail.com  wrote:
>>>
>>> Your the idiot here.. Boone,will give u guys crap ya cuntzzz
>
>
> Ever see "Jay and Silent Bob Strike Back"? The scene where they were at
> Mooby's, posting on the Internet.
> Whenever I read this guy's mail, I hear it i Jay's voice
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability-lab.com XSS

[Sanguinarious Rose]

Um Can I get a translation in English please? K thnx.

On Fri, Feb 3, 2012 at 2:06 PM, doo...@gmail.com  wrote:

> Your the idiot here.. Boone,will give u guys crap ya cuntzzz and I hope
> yur havin great time tryin to figure out how badly this list got owned,off
> yad do,forcing ppl to sho 0days,yet some ppl,nomatter how big yu may
> think,are anon,and that's simple,yu fd a good bug,well it gets patched,yur
> ass gets kicks from any groups ya in,and remembr ,yur bases are mine,and
> intercepting yu will be fun,been funny stall the latest bigs,sudo,etc,all
> thanks to me.ppl watched me massacre your entire network,and not one packet
> sent.I will day,thankx to Dana white,UFC.com,all of my irc channel,yea Fuji
> bout tht,do the math.. anonymous,anonymity is everything,and 2other groups
> who I can only day,are sum Srs hardcore bitch3z,rrspect
> always,ISG,magikh0e,peanuter,the rest..thx,it underground,and the aussies
> spread thru the world..anyone who sticks up for they're own,unlike lamer
> kcope and his pathetically dos code.Fuku budz. And greets also to-Richard
> goldner,mz,nullsecurity-noptrix,pi3,gizmore who runs our own coded
> wargames,Fernando gont,for helping to secure Ipv6.and to mouse the
> silent..and for my channel members,all of them,and to United hackers,I
> salute you..now,go ahead its me n3td3v..LOL.he can happily useme as some
> form if cover,now he just list any battles he had with u guys,coz
> simple,he's an idiotic,wannabe fedz.
> Adios mothrfukrs..and happily go fuck yurseves
>
> Sent from my HTC Incredible S on Yes Optus network.
>
>
> - Reply message -
> From: "Luis Santana" 
> To: 
> Subject: [Full-disclosure] Vulnerability-lab.com XSS
> Date: Sat, Feb 4, 2012 2:21 am
>
>
> Earlier today I tried to contact the people over at
> http://vulnerability-lab.com about an XSS vulnerability I found on their
> site (ironic) but it appears they want nothing to do with me. Praise
> Full-Disclosure.
>
> [image: Vulnerability-lab.com XSS - HackTalk 
> Security]
>
> http://i.imgur.com/CripA.jpg
>
> The Irony Of A Site For Disclosing Site Being Itself Vuln To Something So
> Trivial
>
>
>
> Basically I tried to report this issue to them through a private message
> on youtube and then a follow request on twitter (so I could DM them) but to
> no avail. Eventually rem0ve joined freenode and messaged me and told me he
> didn’t want to be cooperative with me or even be friendly. Sometimes being
> a prick just makes you look like an idiot.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins

[Sanguinarious Rose]

I have found the perfect image to describe my thoughts on this current
clash of intellectuals.

http://www.threadbombing.com/data/media/27/arguing.jpg

On Wed, Jan 25, 2012 at 4:26 PM, xD 0x41  wrote:
> You are not anonymous, you are reachable anywhere in the world.
>
>
> hahah yes sir.
> suck my dick now, and stfu, actually no keep talking, itll give me
> more reasons, to own you and put you in my 'army' also :)
> so, ill ddos your own site, with your own box, k :)
> enjoy, security expert :P
> hahahahaha
>
>
>
>
> On 26 January 2012 09:36, andrew.wallace  
> wrote:
>> That is unfortunate for them because defamation is against the law.
>>
>> I take a tough approach these days to anyone using the list in this way.
>>
>> You are not anonymous, you are reachable anywhere in the world.
>>
>> Andrew
>>
>> 
>> From: xD 0x41 
>> To: andrew.wallace 
>> Cc: full-disclosure@lists.grok.org.uk
>> Sent: Wednesday, January 25, 2012 10:20 PM
>> Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation,
>> nobody wins
>>
>> yea...well, they think I am you...so...
>> lol, i hope they do :P
>> coz, you will get fuxed, for anything i have said :)
>> later!
>>
>>
>> On 26 January 2012 09:10, andrew.wallace 
>> wrote:
>>> My lawyers are looking through this thread to see if anything libelous has
>>> been said against me or the n3td3v organisation.
>>>
>>> ---
>>>
>>> Andrew Wallace
>>>
>>> Independent consultant
>>>
>>> www.n3td3v.org.uk
>>>
>>> 
>>> From: xD 0x41 
>>> To: Levente Peres 
>>> Cc: full-disclosure@lists.grok.org.uk
>>> Sent: Wednesday, January 25, 2012 9:24 PM
>>> Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation,
>>> nobody wins
>>>
>>> stfu idiot.
>>> they can do wtf they want, think about that!
>>> now, go fuck yaself...and enjoy mailing on FD and secunia is like,
>>> got smtp problems now ;)
>>> tc.
>>> GLOW
>>>
>>> you all thought im some fuckwit called n3td3v ,for this, you all pay!
>>> I, single fucking handedly, will destroy secunia , and this bs list.
>>> BELIEVE THAT TO!
>>>
>>>
>>>
>>> On 26 January 2012 07:53, Levente Peres  wrote:
 On a personal note, maybe OFF...

 I fail to see the gain in such retaliations, especially in organized
 ones...
 First the Megaupload retaliation, now the UN... and for what... I know
 people want to be heard, but this is plainly sending the wrong message.

 This will give decision makers EXACTLY what they WANT. They coax
 otherwise
 smart people into acting out violently, thereby creating just the
 false-flag
 "anarchy" to prove their point, which is: "yes, we need to censor and
 control everything especially the Internet, because see, there's already
 a
 'war out there at the gates and we need to protect etc. whatever'". We've
 seen it before countless times and this reverse strategy almost always
 works.

 If anyone from the "responsible" groups are reading this, please know
 that
 I'm not against the point that you are trying to make... You are all
 learned
 and knowledgable people, otherwise you wouldn't have been able to pull
 this
 complicated scheme off... but I implore you to reconsider such outbursts
 in
 the future for the sake of the very thing that you are trying to
 protect...
 What's done is done, but let's not give these goons one more reason to
 take
 away freedom even more so... Please. Just consider this. That's all I'm
 asking... And I guess that's all I wanted to say.

 Levente

 On 01/25/2012 08:20 AM, karma cyberintel wrote:




 (CBS) - The week began on a high note for Internet activist. The biggest
 organized effort to blackout websites in solidarity over the Stop Online
 Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success

 sources form


 for more details


 http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://s

Re: [Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next

[Sanguinarious Rose]

This guy is full of win, it's like watching the special Olympics in HD.

On Wed, Jan 25, 2012 at 12:51 PM, Henry M  wrote:
> Reporting three day old news to Full-Disclosure.
>
> Awesome.
>
> On Wed, Jan 25, 2012 at 1:51 AM, karma cyberintel
>  wrote:
>>
>> Anonymous deletes CBS.com, solicits opinions on who to hack next
>>
>> sources form karmacyberintel.net
>>
>> for more details
>>
>>
>> http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Rate Stratfor's Incident Response

[Sanguinarious Rose]

On Sat, Jan 14, 2012 at 12:32 PM, Ferenc Kovacs  wrote:
>
>
> On Sat, Jan 14, 2012 at 4:33 PM, Sanguinarious Rose
>  wrote:
>>
>> I've been watching this chat for a while
>
>
> you didn't watched properly.
> nobody said that you shouldn't report vulnerabilities.
> we discussed whether would it help or not if one would hire the kiddies
> owning their sites.
> and we discussed why is it bad if you report the vulnerability and back it
> up with the proof that you compromised that said system.
>

It was the tone of the discussion and implying that people reporting
it are down right criminals that sparked me. I added a bit of my own
personal viewpoints in there as well.

On the kiddies, I can't see the advantage of hiring a professional
sqlmap and havij operator.

> I always report the vulns that I stumble upon (from my own email and such)
> and while I'm doing this in good faith, I would never dare to actively
> exploit that vuln for better proof, because if they sue me, they would win.
> So I try to keep it that way, that I cannot be held responsible, because I
> didn't broke any law.

I do agree and can't see the real need for someone to actually prove
it like that which is rather over the line in being illegal. It also
requires more work then is even required to report it.

> I also think that for a full penetration testing, one shouldn't act without
> prior agreement with the owner and having that written down.
> To go back to the irl analogy: even if I'm doing it in good faith, so that I
> would report the owner or fix the lock myself, I shouldn't try to open every
> door and window on a "random" house, nor should I take a photo of his
> belongings that I can prove that I was there.
>

That is an obvious or it is illegal.

> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Rate Stratfor's Incident Response

[Sanguinarious Rose]

On Sat, Jan 14, 2012 at 12:11 PM, Paul Schmehl  wrote:
> --On January 14, 2012 8:33:13 AM -0700 Sanguinarious Rose
>  wrote:
>
>> I've been watching this chat for a while and I have to say a lot of
>> views here does not impress me and in fact why I will never report a
>> vulnerability if I found one. Why would I want to even risk getting
>> arrested and/or FBI trouble from observing a security flaw? My policy
>> on finding them is to quietly just move a long. I'm sure I am not the
>> only one that does this or come to such a conclusion of is it even
>> worth the trouble.
>>
>
> The reaction of a security professional like me to this is, why aren't you
> looking for security flaws on your own site?  Why are you looking for
> security flaws on other people's sites?  If you want to do security
> research, setup a site virtually and bang away at it to your heart's
> content.  Then report your findings.
>

I don't normally go around looking unless asked. However it's rather
hard not to notice sites that display php errors and sometimes in
normal usage sql errors. Some of them are so bad it's like having a
pink elephant in the middle of a room with a sign that says
"vulnerable". A good example which I've personally seen more than once
is during normal website usage is searching the website using their
built in search and noticing it doesn't sanitize it's input. It's
rather hard not to notice that once you have the eye for it.

I have also noticed software that is way too old running and keeping
up with security bulletins I often know it's vulnerable. it's like
another pink elephant.

There is of course an exception to that is a guy trying to come off as
some big hot shot security expert super hacker which I will leave
nameless that I really love tormenting. He loves downloading and
running these really really bad free php scripts from the 90s by how
some of them are coded. It usually only takes 10 minutes tops before I
found a few flaws, point them out by line number, and watch him silent
rage and remove the script from his server. For clarification the
source code of these scripts being freely available and I did not
actively test the located flaws on his server so nothing I did was
illegal.Given the non-importance I did not confirm them on my own dev
server.

>
>> I like how the assumptions are always this person is horrible and bad
>> for have founding a security flaw, he must not be trusted and treated
>> like a criminal.
>
>
> You missed the point.  It isn't that I think that you're a criminal.  It's
> that, as a security professional, I cannot take the chance that you are not.
>  I am forced to do due diligence, take the server offline, do forensics,
> etc.  That's a lot of work, time spent and disruption of my normal duties,
> all you so you can feel proud about finding a vulnerability.  The cost to
> you is minimal.  To me, it's expensive.
>

I never doubted fixing the problem can sometimes be work intensive in
some situations and if someone else has used it maliciously.

> So why do you think it's acceptable for you to do some minimal work to force
> others to do lots of extra work?
>

Fixing a problem reported as part of your job description is so...
bad? I would be happier if someone reported it rather than reading
about it in the news.

>
>> Why would he even be reporting it to begin with if
>> his goal is abusing the security flaw? After all the audacity of this
>> dangerous cyber criminal took the time to tell you about the flaw in
>> an email and should be punished for their indiscretion of reporting
>> it.
>>
>
> Nobody's talking about punishing people for finding security flaws, but
> you're punishing the security professionals for the "pleasure" of finding
> vulnerabilities on their site.  If I find a vulnerability in our assets, I
> can simply fix or remediate the problem.  If you find it, I have to treat it
> as a breach, or I'm not doing my job.
>

I would call "punishing people" using the flaw to embarrass and damage
the company rather then discreetly reporting it but that is just me
apparently.

>
>> The analogies of a house is a very very bad one. Do you expect
>> thousands of people to be walking around your house akin to viewing
>> the website?
>
>
> I think thousands of people walking or driving past my house and looking at
> it as they go by is perfectly normal.  What's not normal is for one of them
> to pull over, get out of their car, walk up to my door and check to see if
> it's unlocked, walk around the house checking all the windows and doors,
> etc., etc.
>
>
>> A more appropriate

Re: [Full-disclosure] Rate Stratfor's Incident Response

[Sanguinarious Rose]

I've been watching this chat for a while and I have to say a lot of
views here does not impress me and in fact why I will never report a
vulnerability if I found one. Why would I want to even risk getting
arrested and/or FBI trouble from observing a security flaw? My policy
on finding them is to quietly just move a long. I'm sure I am not the
only one that does this or come to such a conclusion of is it even
worth the trouble.

I like how the assumptions are always this person is horrible and bad
for have founding a security flaw, he must not be trusted and treated
like a criminal. Why would he even be reporting it to begin with if
his goal is abusing the security flaw? After all the audacity of this
dangerous cyber criminal took the time to tell you about the flaw in
an email and should be punished for their indiscretion of reporting
it.

The analogies of a house is a very very bad one. Do you expect
thousands of people to be walking around your house akin to viewing
the website? A more appropriate one would be a public store with doors
happen to be unlocked to completely open.

"If it's not broken don't fix it" is the classical saying of many
individuals and sadly even more apply it to security. Even reporting
the flaw in some cases results not in fixing it but legal troubles for
the person reporting it. You would think they might want to fix it
after being informed about it right? After all if it works why fix it?
Why not silence that bad apple that found the flaw and no one else
will know kinda like daddy's little secret.

In conclusion I don't care to report anything and why is perfectly
illustrated by some of the replies to this discussion and the above is
why.

Flaming Welcome :)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] New FREE security tool!

[Sanguinarious Rose]

Why did you rewrite metasploit?


On Tue, Nov 29, 2011 at 9:09 PM,   wrote:
> Exploit Pack is an open source security tool that will help you test
> the security of your computer or servers. It combines the benefits of a
> Java GUI, Python as  engine and the latest exploits on the wild. It has
> an IDE to make the task of developing new exploits easier, Instant
> Search and XML-based modules.
>
> The latest release, version 1.1 is available for download right away!
> Take a look of the new features on this quick video:
> http://www.youtube.com/watch?v=cMa2OrB7b5A
>
> Download it directly from the main site:
> http://www.youtube.com/watch?v=DPX7JdvTRmg
>
> We are looking for investors or donations to maintain this project
> alive!
>
> Thank you!
>
> The only one who has daily updates
> Exploit Pack
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Large password list

[Sanguinarious Rose]

I am at a lack of words for this, why pay $4.99 when you can just do
some simple googling? You can even search pastebin and get a mass
collection of password lists from dbases. Add a dash of awk and maybe
a pinch of sed and viola!

If you are like me I always download and store the various dbase leaks
because it makes an awesome dictionary. Some more simple magic and you
have a cut down list of all the common passwords used.

I'd rather spend the money on some coffee to drink while I do the
above examples.

On Thu, Dec 1, 2011 at 10:14 AM, Addy Yeow  wrote:
> I thought some of you may find this large password list useful, over 27
> million entries.
> http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99)
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

[Sanguinarious Rose]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everyone again,

As I said to various people I would release an updated version that
works lacking the bugs. The leaked version being fairly bad and was
never intended to be released.

http://pastebin.com/j6uVQ3yF

- - William Welna
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAk4XyQQACgkQdBwqj+jihCW0XAEAsBrnQJrOLMsiV6mQw+/PA1F9
xyA6YoFeIsep9A8nE+sBALcLr+6VUkGLqhhFYyjYLo/nXTEWZXHxvHDRj1mhfqTi
=uL54
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

[Sanguinarious Rose]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,
I hate to break it to you but that isn't the tool used by jester. I
wrote it during research on possibilities on how his tool functioned.
There is allot of bugs since it was more of a hack together of code
rather then being 100% viable. I designed it to run using torsocks
wrapper (http://code.google.com/p/torsocks/) with a 2nd copy running
to cycle the tor nodes due to me being lazy at wanting to code SOCKS5
in C. If you do some beta runs per above how to use it you find it
doesn't switch tor exit nodes either. I also found out latter the null
byte, "\0", was not required for it to have the same effects.

- - William Welna
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAk4XYW0ACgkQdBwqj+jihCWGtwD+N6hUtr+aXj8xJVZjKvdX1wes
Uxr4DOyWuXVQmhkjXv8A/20bdh5tMA2wVqrSPdtJCvZzuU1Tgii/+Isopskxp1Qv
=qWIU
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/