Re: [Full-disclosure] www.LEORAT.com is scam

2012-04-04 Thread Sebastian Rakowski 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 4/3/2012 11:10 PM, Dave wrote:
> Would that stop them charging the card again or passing the card 
> details to a third party?
> 
> Legal disclaimer: Not saying they would, only that such a thing is
> not impossible. Got to be careful what one writes to the Internet 
> or how one breathes in public these day's.

Point taken. Let's just hope that he wasn't stupid enough to buy a RAT
with a personal CC.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPfA7iAAoJEBh9jInBoC6buGcH/3ockJS5mHPQotcZ7JwbVPap
WztFyy5gn8TMv/XFiQEFdgFclKcP43IO8L9f5xBqgsYrhSkYoOEmfJvK/faeGbRp
WIvMQx7JNMG5qlxJlhaEJqFpw2TxoYpIGncVEfkpTn8xcKiW0gbAjoPRdLtVhvjO
1SJwGjGfadmprFzklIR1Y+VDSRtpcX5UmGyH9kqFEy4+32ti5m1I/532W1efdbsm
97+mRZPivksWtq/CzOpGMQCLi8lT7/Yo+ekVZXa9oQgzCzZyGMYXaeTHxG+6+EPe
2fUS+dnkKFIUzmweoOKMhuMxf20s3m2iEaM4LKqchCXwLrnRQF77tnDa5v3QaYM=
=wg8b
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] www.LEORAT.com is scam

2012-04-03 Thread Sebastian Rakowski 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2012 7:28 AM, Dave wrote:
> p.s. Word of advice, if you did pay for this with you own
> credit/debit card... Cancel the card now.

If he paid for it with his own CC, he probably would have reversed the
charges by now.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPem3iAAoJEBh9jInBoC6bpdsH/RcX8s7BnsC7WXV0neh6/QjN
GN3yZBtPa3PyfK3H+NaB5/14PrI3C52bMCaMh//MtTelh15hqsxIO51Fidl6l4uR
vCs77F/u/ERGv/RjPoEZoy8B8aLOGaDR6xVuikNRGpksrU408aA8XyPt2D1JIrKX
5deBa7ZPA1LgXVfVLCIAo6/RndjzjguH0PXRk32YIzMGK851GZ2b51tpU5Z0r8wO
nck86eXrGTeGuPdfm1XRnuSNOVpfGyayrQIGgQ2stoelmyPusUmjmN4dd87d0eiz
EE2YOhBwV7jKwUrXaewDzK26jCZZB9uzAaBmw2Wz5qViv4uuht8LbtTjGa2T05M=
=meKY
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Stakeout: how the FBI tracked and busted a Chicago Anon

2012-03-09 Thread Sebastian Rakowski 
On Thu, Mar 8, 2012 at 10:44 AM, Laurelai  wrote:

>  On 3/8/2012 12:23 PM, Elly_Tran_Ha wrote:
>
> A few lessons I learned:
>
>  1. Don't use a Mac
> 2. Don't use wireless
> 3. Trust no one.
>
> On Wed, Mar 7, 2012 at 6:09 PM, Ivan .Heca  wrote:
>
>> *"Yesterday, we learned that one of the top members of LulzSec (Sabu)
>> had been an FBI informant for almost 6 
>> months,
>> and that this confidant of the LulzSec leader 'anarchaos' had given the
>> feds what they needed to take him down. More details have come out 
>> now,
>> completing a picture of how the sting took place from start to finish. It
>> turns out that even the server space given from Sabu to anarchaos storing
>> the details of 30,000 credit cards (from the Stratfor hack) had been funded
>> by the FBI."
>>
>> *
>> http://arstechnica.com/tech-policy/news/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon.ars
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>  4. Don't declare open cyberwar on the US government.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

5. If you choose to disregard #4, don't live in the US.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Iran is doing ip-and-port filtering of SSL

2012-02-12 Thread Sebastian Rakowski 
thought they filtered specific URLs, but now they filter all SSL (to defeat
VPNs, Tor, etc).
On 2012-02-11 9:51 PM, "Robert Kim App and Facebook Marketing" <
evdo.hs...@gmail.com> wrote:

> Hasn't Iran and China always been filtering? Do VPNs work in this case?
>
> On Thu, Feb 9, 2012 at 9:54 AM, Sai  wrote:
>
>> I have pretty definitive proof that Iran is doing ip-and-port based
>> filtering of SSL.
>>
>> Filtering is being done by 217.218.154.250 after a hop through
>> 217.219.96.120 / 217.219.96.132. This hop is after my source's ISP,
>
> --
> Robert Q Kim
> eBook Programmer and iBooks Consultant
> http://www.youtube.com/watch?v=INXa_eTlHWk
> 2611 S Coast Highway
> San Diego, CA 92007
> 310 598 1606
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'

2012-01-25 Thread Sebastian Rakowski 
+1
On 2012-01-25 12:17 PM, "adam"  wrote:

> If we cared, we'd visit that site of our own volition. Secondly, even if
> we were interested: most of the people on these lists are intelligent
> enough not to click on links from spammers. Third, even if the content were
> interesting, even if this were the place for it and even if you hadn't
> spammed: "pay and register" is incentive enough for me *not* to join and *
> not* to ever visit that site again.
>
> Short version: this purpose of this list isn't for you to spam your new
> state-of-the-art website. Instead, it's typically to discuss/disclose
> issues/concepts related to computer/network security. Once in a while,
> there are discussions about the overflowing stupidity that some site
> owners/coders have. For example, people that stupidly (and blindly) inject
> code (e.g. for tracking purposes) into every single file on their site,
> regardless of extension:
>
> http://www.karmacyberintel.net/robots.txt
>
> Another one is blatantly disclosing paths in robots.txt that aren't even
> linked to and would never be found anyway (at least by bots that honor
> robots.txt, which ends up being the exact opposite of the desired effect).
> An example of how/why this can be a problem:
>
> md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3,
> if we perform a simple Google search - we can determine that you're likely
> running version 3.3.1 of Wordpress. From there, we have enough information
> to perform a targeted attack on your server. Except, we don't need to
> because you've already made it more than easy enough for us.
>
> Pretty much every single field on http://www.karmacyberintel.net/pay/ is
> vulnerable to SQL injection, which could easily allow anyone to completely
> compromise the database and possibly the entire site. On top of that,
> register.php also allows for session fixation attacks, as a result of
> header/cookie manipulation. If that weren't bad enough, the admin section
> for your karma theme is also vulnerable to cross-site scripting.
>
> Not to mention, all the problems with with how you've configured SSL and
> everything else. If you're going to spam, at least make sure the website
> you're spamming has been tested and determined to be *somewhat* secure.
>
>
> On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel <
> karmacyberint...@gmail.com> wrote:
>
>> *UPDATE* After attacking several government sites to protest
>> controversial US legislation in past weeks, hacktivist group Anonymous is
>> setting its sights on one of the Internet's biggest targets: Facebook. Or
>> maybe not.
>>
>> Sources Form karmacyberintel.net
>>
>> for more details
>>
>>
>> http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it

2012-01-23 Thread Sebastian Rakowski 
Appears legit.

https://www.facebook.com/help/?faq=292760454081612

-Sebastian

On Fri, Jan 20, 2012 at 1:29 PM, Gage Bystrom wrote:

> Yeah good luck with reproducing it cause it REALLY sounds like a mitm or a
> phishing attack trying to get people to download fake av. I would do a dns
> lookup and then compare those results to that of a public web service, and
> save the links for the AVs to check if they have any malicious history
> associated with them.
> On Jan 20, 2012 1:21 PM, "Wesley Kerfoot"  wrote:
>
>> It turns out that it was a problem with firefox. However, I do not
>> believe I had any malicious addons or extensions for a few reasons. 1) I
>> only had 4 extensions, adblock plus, pentadactyl, firebug, and noscript.
>> 2) they were all vetted (presumably) by mozilla.
>>
>> I believe, and this is simply speculation, that the problem may have been
>> caused by noscript stopping/interfering with some scripts on facebook.
>> Facebook would assume it was malware interfering with the site, and attempt
>> to block it. I am 99% sure my browser was not really compromised.
>>
>> I'm going to try and reproduce it later.
>>
>>
>> On 19 January 2012 22:57, Byron Sonne  wrote:
>>
>>> Hello,
>>>
>>> > “Your computer has malware!” Facebook says to me.
>>>
>>> I am really curious to know, assuming that everything you've said is
>>> accurate, how they determine you've got malware. This is rather curious.
>>>
>>> The more I think about it, the more I wonder if something's come between
>>> you and facebook pretending to be official, hoping to trick you into
>>> downloading something.
>>>
>>> Cheers
>>>
>>> --
>>>  freebyron.org
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/