Re: [Full-disclosure] Unreal: a movement to block Firefox
My answer, if I wanted to view his site it the user agent switcher plug-in, that allows FF to masquerade as IE. In fact Every Firefox user should use this plug in to visit his site with No-script and adblock turned on, then he in an attempt to block us again would have to block everyone else on the internet as well. Oh yes he is checking on if your browser is explorer or not, if it isn't IE then you're blocked, feel the love Mac users. Craig Soderland Systems Engineer E: [EMAIL PROTECTED] T: 610-661-8887 F: 610-661- I was just considering the immortal words of Socrates who said... I Drank What!?!? http://whyfirefoxisblocked.com/ http://www.cnet.com/8301-13739_1-9770502-46.html?part=rsssubj=newstag=2547 -1_3-0-5 -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.485 / Virus Database: 269.13.5/989 - Release Date: 9/4/2007 5:54 PM smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Internet Explorer 0day
I offer you a flaming bag of poo. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of just 0daysSent: Tuesday, March 14, 2006 6:53 AMTo: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] Internet Explorer 0day I sell an Internet Explorer 0day. Command execution - Internet zone. Are you interested? Make an offer.Bye ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Personal firewalls.
Time to thrown my .02 cents in. Zone - Good product, though it requires much thought and proper configuration for successful installs. does not, always save your configurations settings when you shutdown. This I find occurs most often when you upgrade Zone from one version to another and not use the "clean install option." If this occurs you have 2 options. 1. re-install zone, utilizing the clean install option and then re-enter your rules. 2. do not re-install zone but when you have made firewall rules changes, exit out of the program after making the aforementioned changes, when Zone exits, not as part of a shutdown it seems to correctly flush the configuration to disk. Another issue with zone, is that they have not yet fixed the bug in the true vector engine. I can can cause true vector, to regularly crash out and leave the system unprotected from a remote client. I have notified Zone's engineers, specifically how this was done and to date no response from their side. To their credit, when this occurs now the system loses all network connectivity (with recent update.) and the VSMON service now restarts. So even though the bug in True Vector still exists they have worked around it so as to not leave your system completely vulnerable as in the 5.x versions. But other than this it is a good package, very flexible, and powerful though requiring a certain level of sophistication to configure it properly. However I do wish it had the feature that Sygate PRO has, which will blackhole a IP if it detects a ports scan coming to it. it then blocks all activity from the offending IP for approximately 10 minutes. It however had a similar problem to zone in that we could easily get the FW to crash out, however when it did crash out all connectivity was lost. To date this also has not been fixed. the other firewalls I've played with, all had their own set of feature issues, With Black Ice being the worst piece of Garbage, I have had my displeasure of ever installing. Just too damn easy to defeat. in all cases, I would recommend a firewall software, especially if you are on a laptop, and might ever be out on he wild wild internet without being behind a hardware firewall. Preferably something that will also check on programs attempting to make outbound connections. But I would not rely on just a software one either. And with hardware many users/companies make the same mistake, layering firewalls all of the same vendor/brand. So that in the event of an exploit weakens they're all penetrated. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Administrivia: Requests for Moderation
After keeping out of all the noise, unless I have some signal to add I figured I've got a little unused bandwidth to make one observation. 1. Arguing on the Internet, full-disclosure, or any mailing list is just like competing in the special Olympics, no matter who wins the argument you're all still retarded. 2. You may wish to continue with your arguments, flames etc... thereby proving point 1. Anyone taking exception, see point 1, then route all flames to /dev/null From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of N3T of Th4 d3vzSent: Thursday, December 15, 2005 12:50 PMTo: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] Administrivia: Requests for Moderation On Thu, 15 Dec 2005 17:25:28 +Joe Average [EMAIL PROTECTED] wrote: On 12/15/05, GroundZero Security [EMAIL PROTECTED] wrote: i spoke with netdev and i asked him not to respond to bait mail from known nicknamesMr. Average Joe (or should I call you n3td4v?), what's the amount of active voices inside your head atm? please also ask him not to post any phishing or xss related information. we do not care. tell him to go learn about IT security first and then come back in a few years when he has grown up. all xss be banned or just netdev xss? not good ideaMoron, stop it, save lists.grok.org.uk bandwidth, shut the ... up, cut the crap, no more bullshit, the end, finale. You're wasting lots of resources, go away, get a life, a girlfriend, whatever, just stop it!!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FW: Dumador-Varianten gesucht / looking for variants of Dumador
Hello List, Let me come out of lurking for a bit in hopes that some one here can perhaps help me out. One of my colleagues, is looking for (and bear with me my German is a bit rusty) An example of a variant of the Dumador worm, on behalf of one of the people from the German Cert Team. I suspect we are trying to obtain examples to send off to MacAfee. Why the come to me I don't know, Just because I'm on one of the internal security teams I suppose. Anyway I'm not really looking for anyone to send me this thing, but perhaps point me in the right direction where I could point my colleague towards and he could ultimately pass on to the Guy who was originally Asking. And before you flame me (which I suspect you'll all do anyway.) I've included the mails sent to me asking about this. Names removed to protect the innocent. Ok Begin flame fest. :) Oh and to anyone who tries to help, Thank you very much. -Original Message- From: xx, xx Sent: Tuesday, August 23, 2005 7:48 AM To: Subject: FW: Dumador-Varianten gesucht / looking for variants of Dumador Good day, this is a request from one of the members of the German CERT association if anybody could provide variants of Dumador differing from the ones in the list below... Do we have ways to support this kind of thing? And here's an intersting article on the workings of other Trojans (Dumaru, Nibu): http://news.bbc.co.uk/2/hi/technology/4173218.stm Cheers, -Original Message- From: xx [mailto:[EMAIL PROTECTED] On Behalf Of xx Sent: 19 August 2005 14:14 To: [EMAIL PROTECTED] Subject: Dumador-Varianten gesucht Hallo, falls jemand Dumador-Varianten zur Verfuegung stellen kann, die sich von den nachfolgenden (in der Md5summe) unterscheiden, wuerde ich mich ueber eine Kopie freuen ;) malware (md5sum) | kaspersky --+ 15ad2f3a70e52c35aa4f899831405ed5 | found [Backdoor.Win32.Dumador.da] 27d902c5d81bc610290d29523ea2f847 | found [Backdoor.Win32.Dumador.cx] 2ac153e76d0bea993a19ac1644ee0b9e | found [Backdoor.Win32.Dumador.dj] 3c1b37fdd2faab2b003ba37352a89420 | found [Backdoor.Win32.Dumador.de] 469f06b6de1994341604008f9e7a81d8 | found [Backdoor.Win32.Dumador.dg] 6fdbbefce68a039a9ab56925d76d9265 | found [Backdoor.Win32.Dumador.cx] 71c22653b198c5b74b518ce1260cd9a3 | found [Backdoor.Win32.Dumador.dh] a0fe4b4f3e430c476528dee6afb367bb | found [Backdoor.Win32.Dumador.cx] a68f0789cfeadcb3510278b4933b2a9e | found [Backdoor.Win32.Dumador.cx] e5bf5e14b28a771f6c985ebd343c0b51 | found [Backdoor.Win32.Dumador.do] f53308cb5512a1e22c5cb9ed7386f4ae | found [Backdoor.Win32.Dumador.dk] McAfee nennt dies manchmal auch BackDoor-CCT, Symantec Nibu und eTrust-Vet kommt manchmal auf Namen wie Win32.DlWreck.K oder Win32.Bambo. Allgemein beliebt ist jedoch found nothing ... MfG, x,xx -- Dipl. Phys. xxx xxx [EMAIL PROTECTED] RUS-CERT Universitaet StuttgartTel:+49 711 121- / - (fax) Breitscheidstr. 2, D-70174 Stuttgart http://cert.uni-stuttgart.de/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Wi-fi. Approaching customers
Now here's the .90 cent question: If ISP's are not liable for the content across them, and cannot be held liable. And you run an Open WIFI network... Aren't you in effect an ISP Albeit a free one? And if you are an ISP, then wouldn't you, not be liable for content sent across your network. -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 15, 2005 4:28 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Wi-fi. Approaching customers Matthew Sabin wrote: My company has made a conscious decision to leave our WiFi open to visitors, while our internal machines connect via IPSec on the open airwaves. A drive-by would show the open nature of our WiFi, but wouldn't immediately tell you that we've secured our business fairly well. but what if someone uses your unsecured network to download copyrighted material (just mp3s are enough :-) or to send porn? An unsecured WiFi may have serious legal consequences. And to come back on the original topic: These legal consequences may be good arguments to convince customers that they need to get their network secured. Ciao Marcus -- Hail Eris! Hail Discordia! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/