Re: [Full-disclosure] e-Holocaust
Okay e.hitler you mention you're attacking Israeli servers*, lets ignore the impact of that for a second. e.Hitler I want you to tell me, in more than a sentence, why you did that. Yeh, you failed to mention it in your original post. Tell me exactly how your cause makes you feel, and why. Now tell me how what you're doing makes a difference, that is: 'In what way does what you did help solve the problem that was bothering you?' (read it!: HOW does it make a difference, don't just tell me THAT it makes a difference, I want you to describe out a sequence of events. One more question. Do you think you're a good hacker (in terms of skill). I'm not saying you're good or bad, I've no idea. Further more I couldn't tell you what makes a good hacker, I don't know enough (any) of them. Do you think that this event here proves that, or at least aids proving it? *Btw defacements happen all the time - wanna do some research on pathetic skiddies? search the 'google dorks' included in web app exploits when they're published on milw0rm. They're actually competing for the servers (re-owning them, etc). Those 21 sites are a drop in the ocean compared to how many (even ant-Israeli, and the other side) defacements have happened. As for the paypal accounts and (so called) 'ownage' of individuals and their personal data, really this is another drop in the ocean for Israel (what its economy). Compare the well-being of these individuals with the number of people being killed in a WAR! Hell! Compare it to the holocaust, now argue with a WWII vet or holocaust survivor (are there any still living?) that you are e.Hitler, righteous internet warrior. Not only that, most CC companies give you the money you lost scams or stolen paypals. You can even cancel it before transactions are payed. Then there's insurance companies. Cheers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCIE makes u go nuts?? or is that only nuts get CCIE????
I don't get why this is news. Murder happens all the time. Has he even been found guilty yet? True it looks like it is, but just look at that news article! You can perve on some poor guys destruction because it makes great news. I remember this happened a few years back to someone else and the guy was found innocent, despite the way the news channels made it look. On 1/3/09, Joel Jose joeljose...@gmail.com wrote: http://www.networkworld.com/community/node/35713 It scares the hell out of me. when i read the topics...and try to learn i cant help my mind and heart doubting...when will my name come in a news like that.. maaa... 8 years in cisco... a voice architect. hm... i was wanting to become like that without the twists that is... ;(... its scary lemme see ur responses Joel. -- it's not the years in your life that count. It's the life in your years. Abraham Lincoln ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now
Oh my, you both seem to have emailed your conversation to the full disclosure mailing list by accident. How embarrassing. Every body who is subscribed has received emails of you two talking about something that ONLY CONCERNS YOU TWO. Maybe next time when you send emails to each other you should double check that you're not sending them to a mailing list about vulnerability disclosure. On 12/22/08, n3td3v xploita...@gmail.com wrote: On Mon, Dec 22, 2008 at 1:26 PM, Ureleet urel...@gmail.com wrote: u say u r a badass hacker When? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft issues out-of-band patch
Here's an article explaining why Microsoft delays their patching: http://en.wikipedia.org/wiki/Patch_Tuesday Specifically this bit: In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on an anticipated date which system administrators can prepare for. On 12/19/08, Bipin Gautam bipin.gau...@gmail.com wrote: stop putting so much of attention to 0-day and possible use of it by government to get into a terrorist pc. if breaking into someones pc was a matter of national security importance 0-day may provide a easy leverage but you really dont need a 0-day to get into someones pc, neither you'd need a already existing/known backdoor, neither you'd need to bruteforce into the advisory or a physical access to it. all they need to do is poison a unsigned executable/plugin/update with a backdoor instead, that is being downloaded to the advisory computer over an unencrypted connection if you can control the network gateway or have isp level access. such attacks could work regardless of the OS or patch level. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 21 Million German bank accounts stolen
To you or someone who knows anything about banks, fraud, and how they work and things. I have a German bank account. Should I do something!? On 12/9/08, James Matthews [EMAIL PROTECTED] wrote: German banks are some of the oldest in the world. This is pretty scary however it is also the reality of germanys new laws... I hope they find it soon and protect the people that need to be protected http://it.slashdot.org/it/08/12/09/0125201.shtml -- http://www.astorandblack.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're letting the bad guys win
ok this is what this whole thing looks like to me: To n3td3v: You often post ideas and express your opinion to this list. The some (often the more liberal) of us often disagree with you and others mock you for your adventurousness. Actually sometimes it looks childish, almost as if you're desperately trying to propose the big new thing that changes the world. The thing is your posting to a list where really, all that happens is people (mostly sec companies) post information on vulnerabilities in software and news in the sec field. You say you came here for information, then LEACH like the rest of us - just shut up. If you want a mailing list for proposed security project ideas then make one. You're enthusiastic and a dreamer who's obviously very forward and ambitious with that excellence. Just think before you talk, and maybe do something, like sit down and think: I want to be $A(as in what you're going to do with your LIFE!). To be that I need to get $B done. To do that I have to do $C[]/*-that's a list(:s)*/. To all that oppose n3td3v: Some of you (UreLeet + others) get a little too excited and flame. If you don't like how someone acts, what they have to say, who they are: then shut up! You don't need to bully something into submission just because you don't like it. If you get some angry rush feeling when you see a some stupid fat kid majorly embarrass himself by attempting to be funny with his freinds and just looking like that annoying retard kid the don't bully him! Be gentle and point out the problem (privately) (of course first think are you really of a knowledge and responsibility to instruct this child how to change his life) OR, much better: shut up, and go take your (own) anger out somewhere else, PC games do it for me, www.thepcmanwebsite.com/media/pacman_flash/ - even that's good enough. btw n3td3v - I don't think you're a retarded fat child (ur not right?). Come to think about it: We're being listened to by a bunch of other people, mostly geeks who think FD is the shitz where all the l33t sec companies go for their patches and sec news (it isn't!). But are we all just doing this crap for the benefit of out audience. I mean I could have written these things to the individuals they where intended for. Hell I could have taken my own advice and shut up, blocked the troublesome email addresses, and carried on with my life (I'm a hobbiest). Are You All Just Doing This For The Benefit Of The Sec Gods We Wish We Where? THINK ABOUT IT Oh also I don't care about me - I'm a leach, I'll should probably not post on this list unless I have something decent to say too. On 12/9/08, Ureleet [EMAIL PROTECTED] wrote: thats all he does is deflect, weve established that he never gives a real answer. On Tue, Dec 9, 2008 at 12:25 PM, Elazar Broad [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brilliant use of deflection, keep it up, you might end up as some loser serial rapist on Law and Order, oh wait, they want actor's, not the real thing... On Tue, 09 Dec 2008 11:55:08 -0500 n3td3v [EMAIL PROTECTED] wrote: On Tue, Dec 9, 2008 at 3:08 PM, Paul Schmehl [EMAIL PROTECTED] wrote: --On Tuesday, December 09, 2008 00:25:18 -0600 [EMAIL PROTECTED] wrote: On Tue, 09 Dec 2008 04:03:57 GMT, n3td3v said: We need to stop this back and forth fighting its making infosec look bad, this isn't what infosec should be about. It's making one very small insignificant corner of infosec look bad. Let's keep a sense of perspective, guys. Or, to look at it another way, it's tying up all the idiots in one place and keeping the rest of infosec unsullied. :-) I agree, But full-disclosure shouldn't be full of idiots so why do we let it be that way. It's because we reply to them that it happens. I was gullible and naive to reply to them, i'm not replying to them anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkk+qhEACgkQi04xwClgpZg3kQP9GEBAH9byz3/fJKvWHN9IFX0ycf17 0LS0fUg/5BRHXck+a2uEZsNujlKoMYyl1XshW+HWH0rwmDTw/1S88vCqULiqiMI7yXD0 G01L1MDkA+dM9ntF0IHSPUz3r2a4qVfP4D8o6KB45oDizZOLiCB5zGQdV5g1hwlHEBsL KMecN/o= =dDzW -END PGP SIGNATURE- -- Click for free info on getting an MBA, $200K/ year potential. http://tagline.hushmail.com/fc/PnY6qxsZwUO4JCrKLyAXmX1gJtIyy84Kr2W2NrYeIgv5LuxCIhDBW/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
Re: [Full-disclosure] FD culture!?
'British intelligence service'!? According to this: http://lists.grok.org.uk/full-disclosure-charter.html ...Full Disclosure is run by secunia. And administered by one man. Does the 'British Intelligence Service' doesn't even exist? There's: The Security Service AKA MI5. and SIS AKA the Secret Intelligence Service. Also any one who thinks FD is/should be something read the info in the link above. On 12/6/08, n3td3v [EMAIL PROTECTED] wrote: What part of there are no moderators don't you get. This list is run by the British intelligence service and you are a guest here. On Sat, Dec 6, 2008 at 6:00 AM, Bipin Gautam [EMAIL PROTECTED] wrote: Shame on FD moderators ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state of cyber security
I'd just like to point out that Symantec has something similar. See here: http://www.symantec.com/security_response/threatconlearn.jsp It's not applied in such a useful way as you suggest - but in case you wanted to know. On 11/29/08, Mike C [EMAIL PROTECTED] wrote: Hi, It is time to take an example from Homeland Security and define codes of color for cyber-warfare threat levels. I propose the following: Green level: There is negligible threat to online security. Yellow level : There is a minimal level of threat, and this must be monitored and contained. Orange level: This level of threat indicates there are parties who are actively engaging in cyber-warfare. Caution is required when online. Red level: This level indicates a full blown cyber-war. It indicates very high probability of all communications being intercepted. While homeland security's implementation does not seem to have a real world merit, such a threat level would certainly be very useful in the online security realm. Please disseminate this announcement of the project Chroma levels for online security. The immediate mission of the project is to be picked up by the antivirus and security tools vendors, so as to add the color codes to their products and provide users with a tangible measure of their online security. Current status: Threat level Yellow. -- MC Security Researcher Lead, Project Chroma. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Indian allegations alarm Pakistan
Aren't they just a bunch of kids trying to brag on IRC that they hacked their 'enemy' country? Maybe they don't like them because of propaganda is telling them Indians did the bombing. Or maybe they, like most kids, they've no idea about current affairs and just want to prove themselves good in their own little world. Like what happned with Russia vs. Georgia. On 11/30/08, James Matthews [EMAIL PROTECTED] wrote: India was attacked the attackers came from Pakistan, I understand why Pakistan feels threatened however why would they attack Indian sites? On Sun, Nov 30, 2008 at 9:19 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 11:11 AM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 5:25 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 7:39 AM, Raj Mathur [EMAIL PROTECTED] wrote: On Sunday 30 Nov 2008, n3td3v wrote: Indian-Pakistan war is about to kick off folks... http://news.bbc.co.uk/1/hi/world/south_asia/7757031.stm I know it's not going to happen, but can I request you once again shut the fuck up about events that you have no clue about? At least try to keep your sensationalist retarded drivel to your own backyard. Although a knee-jerk reaction, this post has some value. The tensions between the countries is on the rise, and the recent blasts in Bangalore would increase the chances of war. BTW, does anyone have an idea on what kind of cyber-warfare is currently underway between the two nations? -- MC There was a report earlier in the week via pcworld.com, but I don't think its connected to this conflict, maybe just a coincidence: http://www.pcworld.com/businesscenter/article/154544/feuding_india_pakistani_hackers_deface_web_sites.html Thanks. I'm looking into this and will report on any further info. -- MC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lazy bum approach to security
Hi I agree with you. It's just these 'underground communities' tend to be a bunch of kiddies playing with milworm, bots, and asking help with basic programming. Where's the original ideas, the research, and the worth-while discussion? I guess I described an extreme scenario, but you get the picture. Really, tell me. If there was a friendly, 'academic'(as aposed to 'business-like') online community then show me, I'd join up in a flash. -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Just to summarise what's been said and what I think so we can get back on topic, and conclude something: No-one hacks using metasploit! Go back to 2003. Terrorists with metasploit! What to you have a picture in your head of Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? Reasons Why It's Hard to archive: - It violates freedom. - It's hard to enforce without: invading privacy, expending too much money/resources. - Most writers of these tools won't want to have to do this (most writers of security tools are hackers, you-know: back orifice, pinch, exploit kits, phising kits, malware creation kits, the entire contents of milworm, bots, THCs Hydra... it goes on. - Geographical constraints. All governments doing the exact same thing at the same time? Or one organisation forcing it onto the net (with no power to put people in jail or anything). - You cant/shouldn't moderate the internet. Reasons Why It's Pointlessly ineffective: - Piratebay. - People writing tools intended for hackers. - The massive number of tools that you'd have to moderate to be effective. - If not everything is a dangerous security tool then it's reduced in effectiveness. - Most big hacks you see don't take many tools. Like a big database being dumped with a browser/scripts. - You don't solve the problem, at all. Maybe reduce it a little. Reasons Why It Wouldn't Happen: - Most developed western governments like to keep they're 1984 I'm watching you crap behind the curtains. - Most governments only do these things because something bad happened and they have to make up a law to cover their asses, or something bigger than your rapidshare passes is at stake. - I'd protest - I'd go to my countries(UK) capital and march in protest! Reasons Why It Sucks: - It violates freedom (programs are intellectual property - you can't do that kind of thing to them and call it nice). - It would ruin the internet and break a load of enthusiastic geeks' harts. - It would force the underground hackers deeper underground. - It would discourage security professionals. Pointless things that people mentioned that made them look like a child in front of a shit load of subscribers: - Personal comments. - Attacks at the way someone writes something instead of what they write about. Questions for to think about/answer: - Would you deserve a license. Really? (me: NO!) - Would you wish you had one. (me; yeh!) - How many of the tools that'd be outlawed have you already written an equivalent of? (me: loads). - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!) It's a silly idea. Final Question: - Are we finished? Is it over? Is it established that it's a bad idea now? -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed?
It's futile trying to use the law to change things. It will simply force people into the shadows. Which today involves using tor and some Russian web money account. I read a slogan from before my time, in a book: If source is outlawed outlaws will have source - same applies to zero days. Anyway I don't think it should be Illegal. I own a set of lock picks - I don't intend to break into someone's house. And if I did I'd go to jail (for the burglary and being equipped with picks), untill then I'm innocent. The UKs law has an attitude like that - I like it! Resources should go into actually preventing crimes taking place. Not stumbling around hoping that making it awkward for criminals to get the tools they need will make a difference. Simon. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/