Re: [Full-disclosure] sans handler gives out n3td3v e-mail to public
On Friday 21 March 2008, [EMAIL PROTECTED] wrote: > Date: Fri, 21 Mar 2008 11:18:13 -0400 > From: Kern <[EMAIL PROTECTED]> > Subject: Re: [Full-disclosure] sans handler gives out n3td3v e-mail to > public > To: "Kurt Dillard" <[EMAIL PROTECTED]> > Cc: full-disclosure@lists.grok.org.uk > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="utf-8" > > Well . . . worried DOES have a good point . . . I think SANS dropped the > ball on that, BUT I don't know if this is going to be a "media event". > I have had a little dealing with various handlers (the few I have talked > to seemed nice enough). But this is common; an employee using a written > policy to basically do something unethical. > The "spirit" of the notice is to protect the identity of the submitter, the > "letter" is regarding the use of the submission form. > > SANS has based its value on intelligence gathering. They unify > an unwieldy field of study (Internet, and computer security). By trying to > undermine SANS on IRC, worried created a hostile environment to resolve a > perfectly legitimate problem. > > You have to use logic, not flame bait. Hey Kern, I like your level-headed approach, since my initial reaction is (and has been for some time) to string worried up with dental-floss until he reaches puberty. Even though I disagree with you, I completely respect your approach and intelligent forethought. Perhaps disagree is even a bit too strong... I agree with you in theory, but would submit that the lack of shroud between his "worried" and "n3td3v" identities would basically mitigate any cause for concern. It's kind of like saying "Simple Nomad, even though you have been on CNN with you're real name I can't call you Mike." (or Mark? CNN got it wrong ;) sfirefinch was simply calling him by his other name as publicly listed here: http://n3td3v.googlepages.com/home2 If you didn't know about that posting, reading a few of his FD shows me the link between identities. I am concerned that n3td3v, or worried, or xploitable, or whatever will get the impression that his self-gratifying tantrum makes an impact, furthering his abuse of people and lack of respect for others. There is a problem to be addressed in this matter, but the majority of it must be placed on the adolescent with a chip on his shoulder. So I ask the question... did sfirefinch actually breach privacy? or did worried? Best Regards to you Kern, @ -- INXW2ZJANZXSAZTVOJ2GQZLSFQQGM33SEBSGKYLUNAQGC53BNF2HGIDZN52SAYLMNQQHO2LUNAQG4YLTOR4SYIDCNFTSYIDQN5UW45DZEB2GKZLUNAFA signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Offensive Security Backtrack Training
> Date: Thu, 13 Mar 2008 02:44:15 + > From: "worried security" <[EMAIL PROTECTED]> > > > > http://www.offensive-security.com/ilt.php > > > > Fuck mutts / backtrack / offensive-security and the remote-exploit IRC > channel, they turned their back on the underground to make money. > > What a dick he is for blantantly making money out of these courses to > line his own pocket, what happened to good old teaching people things > for the pure enthusiasm of computer security? > > No, this guy even put banners for this on Securityfocus frontpage, he > is truely in it for the money and is up there with the all time great > profiteers of Symantec now and doesn't actually care about the > underground. > > I'm as underground a guy and supporter as you get 9 years in the > security underground and would never turn my back on it just to line > my pocket, so i can buy extra sweeties next time i'm down the candy > shop. Did you just say "security underground"? What does that even *mean*!? Hacking underground... yes, I get that... and it actually means something (although likely less and commonly thought). And so what if the guy makes some cash from training? Getting paid to support the habit is generally accepted as a good thing. I'm glad you feel strongly about making help and discussion available for free. Many good things have come from such ideals... but you sound like RMS of the "underground security" scene. -- LFXXKIDDMFXCO5BAO5QWS5BAMZXXEIDJNZZXA2LSMF2GS33OFYQFS33VEBUGC5TFEB2G6IDHN4QGCZTUMVZCA2LUEB3WS5DIEBQSAY3MOVRC4CQ= signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
On Monday 28 January 2008, [EMAIL PROTECTED] wrote: > /* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE > * > * afunixroot.c Linux kernel 2.6.x i386 local root exploit that's kinda cute. a hack on 'leet hax0rs' (lol). An inverse rootkit, if you will. Not really hiding the fact that you have pwned a box, but hiding the fact that you haven't... lame? way. but humorous. @ -- VmkgVmVyaSBWZW5pdmVyc3VtIFZpdnVzIFZpY2kgLSBpbWRiCg== signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 29, Issue 14
On Monday 09 July 2007, [EMAIL PROTECTED] wrote: > Message: 1 > Date: Sun, 8 Jul 2007 07:25:34 -0400 > From: "Paul Melson" <[EMAIL PROTECTED]> > Subject: Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE) > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Cc: full-disclosure@lists.grok.org.uk > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 7/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Note that the Internet as we know it really took off when the pr0n > > industry started using it in a big way. They've always been early > > adopters of new technology... > > Wait, so are we waiting for the Internet porn industry to get on board > with the auctioning of exploits? I'm so confused. Hey Paul, More likely the purchase of... although all this talk about being noble makes me think about Hamlet. To Hack or NOT To Hack. That is the question. Whether tis nobler to exploit and disclose... or to skip litigious misery and sell the damn thing on zeBay... anonymously of course. Although how to anonymize monetary transaction... that is truly and art. @ -- YXJ0aXN0cyB1c2UgbGllcyB0byB0ZWxsIHRoZSB0cnV0aCB3aGlsZSBwb2xpdGljaWFucyB1c2UgdGhlbSB0byBjb3ZlciBpdCB1cAo= pgp8XkjF6EJZH.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
