Re: [Full-disclosure] Anyone have a reason for 2x the email flow today?
Not much other than the weather outside is frightful, but inside it's so delightful. :D Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Dude VanWinkle [EMAIL PROTECTED] Date: Mon, 3 Dec 2007 15:49:17 To:[EMAIL PROTECTED], funsec [EMAIL PROTECTED],Full-Disclosure full-disclosure@lists.grok.org.uk,[EMAIL PROTECTED] Subject: Anyone have a reason for 2x the email flow today? My servers are slammed... Anyone else notice anything? -JP - This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=7016000Cn8E -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [full-disclosure] wiretapping -- antair restored
The problem here is they're probably speaking about domestically. Now if you're doing business internationally with employees who travel abroad then you're talking about something else. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Mon, 12 Nov 2007 16:10:17 Subject: re: [full-disclosure] wiretapping -- antair restored He states that the CSI/FBI surveys suggest that wiretapping is rare. Should companies still be concerned with Wiretapping? I'd argue that the vast majority of wiretapping isn't done officially by the Government. There's more money to be made in stealing your company secrets or mis-using your resources than trying to put you in jail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sent from my BlackBerry wireless handheld. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [full-disclosure] on xss and its technical merit
My thoughts are that if I take my car to Ford for maintenance then I don't want them to not put down that a bulb burnt out because it's lame. It's often the little problems that lead to far bigger problems later. Evaluating if something should be reported or not based on lameness is unprofessional and has no real world value. Geoff Sent from my BlackBerry wireless handheld. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] lol @ you
Hmm... Smarter yet unable to spell dick. Ok... Plz consult a dictionary (and maybe try some Prozac) k? Thnx. L8r l33t d00d3. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Sat, 27 Oct 2007 16:21:54 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] lol @ you hahahahaha you can't stop us, silly whitehats there are more of us, and we are smarter -EAT A DIK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Someone is impersonating Gadi Evron andspamming this list
I'm wondering if the dalnet and EFnet servers committed suicide already and now everyone from there has decided to flock to here. I mean everyone knows there's nothing more l33t than acting like an ADHD toddler who got kicked out of romper room on a mailing list. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Peter Besenbruch [EMAIL PROTECTED] Date: Sat, 20 Oct 2007 19:59:45 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Someone is impersonating Gadi Evron and spamming this list Anthony V. Vitale wrote: From past postings on this list, I know that there are people that do not like Mr. Evron. Now, it seems that someone has resorted to impersonating him and is spamming this list! That goes on all the time. The real Gadi generally has good stuff to say, so I just delete, or filter the Gadi impersonation crap. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fw: Someone is impersonating Gadi Evron andspamming this list
Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Sun, 21 Oct 2007 07:22:33 To:Matthew Murphy [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Someone is impersonating Gadi Evron andspamming this list Pot. Kettle. Black. Sent from my BlackBerry wireless handheld. -Original Message- From: Matthew Murphy [EMAIL PROTECTED] Date: Sun, 21 Oct 2007 00:17:47 To:[EMAIL PROTECTED] Subject: Re: [Full-disclosure] Someone is impersonating Gadi Evron andspamming this list On Oct 20, 2007, at 11:36 PM, [EMAIL PROTECTED] wrote: I'm wondering if the dalnet and EFnet servers committed suicide already and now everyone from there has decided to flock to here. I mean everyone knows there's nothing more l33t than acting like an ADHD toddler who got kicked out of romper room on a mailing list. Geoff Geoff, There's no need to add to the noise with your personal opinions of everyone on the list. Congrats on making it to my auto-delete filter. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Marc Vilanova Vilasero está ausente de la oficina.
Game. Set. Match? Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Fri, 19 Oct 2007 12:25:56 To:[EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Marc Vilanova Vilasero está ause nte de la oficina. On Fri, 19 Oct 2007 12:18:06 EDT, [EMAIL PROTECTED] said: Please use age appropriate language on this list. Pot. Kettle. Black. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
If you want my take on how to secure a wireless network I'd approach it like this: 1) wpa2 (of course) 2) mac restrictions (yes, keeping a list of legitimate mac's will be required, but if you don't have an automated inventory system in this day and age then how are you ensuring nothing goes missing to begin with?). 3) ipsec VPN connections from all systems that connect via the wireless (this is in addition to the wpa2) using a unique cert per system (not the typical shared password setup that I am still amazed passes for secure in some peoples minds). 4) all traffic must go through a proxy server that sits right behind the VPN concentrator) If you're running an MS based setup: 5) necessary GP modifications to enforce all this and more (if you study all the options available to be forced, xp, w2k, and w2k3 really can get quite secure at the protocol level). 6) force kerberos authentication everywhere possible with absolutely no client side caching of the credentials allowed. Reason: even if someone gets all the way through to the proxy server level ISA can still stop someone cold if their machine doesn't have a machine account on the domain (good luck spoofing that). Basically you're looking at layers of authentication and encryption with no way around any of them (even if you do plug in a NIC on one of the systems that's on the wireless) and this really doesn't take a lot of hardware or software to pull off. Example setup: in front would be your WAP behind that would be a Cisco pix fw with a Cisco VPN concentrator behind it and a MS w2k3 box running ISA behind that. 4 devices basically providing a very solid wireless infrastructure. If you're looking to step it up further you can go with MS SMS server and shavlik netchk to manage and audit the laptops. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: pdp (architect) [EMAIL PROTECTED] Date: Sun, 14 Oct 2007 21:59:19 To:C Q [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks CQ, maybe I am making a huge mistake for responding to your message, but let see. this is what I think about security in depth in a bit more detail. let say that we have a wireless network which is guarded by security in depth network administrators. the first thing they will do is to secure the actual network by some massive segmentation exercises... then the connection with enhanced privacy/encryption schemes (WPA2). They will put more layers on the top of that. For example, the users need to authenticate with client-side certificates. Now the network and the connection is secure (sort of), they enforce group policy for all laptops so that these laptops cannot connect to any other network (sending probe requests, rogue access points). Right! But now they also kill the ethernet since a laptop cannot be connected to the wireless and the wired network since it is also a risk (stepping stone attacks). Each client has a firewall on the top of that. The firewall blocks everything that comes in and lets only the browser to go out through a proxy which requires authentication (NTLM, Basic Auth, etc). The user of the laptop runs with the least possible privileges and they cannot install software. They cannot use the CD (Sonny Rootkits), they cannot use the USB (endpoint security). The laptop has a boot password as well so in case it is stolen the attackers cannot crack open the disk. My question is the following: does this sound sane to you? Do you really believe that someone will let you do all that, without causing chaos? Laptops are good because they are mobile. You are allowed to take them out and work from home. At home you have your own network which you would like to connect to. Even if you use a different account on that same laptop to connect to that network, the risk is still there. A system is as secure as the weakest link. Companies don't like to hear how you are going to solve all problems once and for all with some killer security in depth solution because it is not possible. in order to make things work you have to leave various doors open. At GNUCITIZEN we have one maxima.. Be legitimate! If the attacker try to be a legitimate user as much as possible they will stay unnoticed and they will get in. Now how do we handle security in 21st century the way I see it (btw, I am not interest in selling any services, in fact, GNUCITIZEN is not that type of organization)? First of all, careful planning - the system has to be as secure as flexible and usable even if this means that you need to have a shared key for all of your wireless networks. Second, you need a crisis management plan. Natwest got hacked by a MP3 player.. how many of you have heard of it and for how long this story was on the news? Third, you need to calculate the risk. Example? Credit card fraud! We know that cards are getting stolen but the calculated
Re: [Full-disclosure] [EMAIL PROTECTED]
I wonder if I can start billing for the waste of storage space and time that these stupid emails are causing me. I know it has been proposed to bill spammers before. If you all want to see who has the longest then please spare the rest of us. As to everyone else: show some restraint already and stop feeding the trolls. Now pardon me while I go see if some filtering software exists for my blackberry so I can have it automatically can emails from some of the waste of oxygen that's lurking around here. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Dude VanWinkle [EMAIL PROTECTED] Date: Sun, 14 Oct 2007 20:31:16 To:[EMAIL PROTECTED] [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [EMAIL PROTECTED] On 10/14/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://gcc.gnu.org/ml/gcc-help/2006-05/msg00267.html Oh yeah? two can play that game: http://www.forbiddenweb.org/topic/10084/index.html -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [EMAIL PROTECTED]
Some people don't know when to quit when they're behind. Thank you for volunteering to be the first on my ban list. Your stupidity has been duly rewarded. *plonk* Next volunteer... Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: phioust [EMAIL PROTECTED] Date: Sun, 14 Oct 2007 23:28:31 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [EMAIL PROTECTED] Please do not bring up non-technical things that even the random user can comment on. These actions have been known to make people like gadi evron and valdis post random non-sense and fill my inbox.[1][2][3][4][5][6] [1] http://www.merit.edu/mail.archives/nanog-futures/msg01386.html http://www.merit.edu/mail.archives/nanog-futures/msg01386.html [2] http://www.merit.edu/mail.archives/nanog-futures/msg01385.html http://www.merit.edu/mail.archives/nanog-futures/msg01385.html [3] http://www.merit.edu/mail.archives/nanog-futures/msg01402.html http://www.merit.edu/mail.archives/nanog-futures/msg01402.html [4] http://marc.info/?l=bugtraqamp;m=119030476022347amp;w=2 http://marc.info/?l=bugtraqamp;m=119030476022347amp;w=2 [5] http://marc.info/?l=bugtraqamp;m=119075756905837amp;w=2 http://marc.info/?l=bugtraqamp;m=119075756905837amp;w=2 -- key example [6] http://marc.info/?l=pen-testamp;m=118902465322862amp;w=2 http://marc.info/?l=pen-testamp;m=118902465322862amp;w=2 -- another key example On 10/14/07, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I wonder if I can start billing for the waste of storage space and time that these stupid emails are causing me. I know it has been proposed to bill spammers before. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
I'm wondering if this is like some of the home based router problems of the past. I seem to recall that it was maybe netgear that once had a problem where it didn't get rid of the factory password even after the end user set a new one, another brand had a problem where the cgi-bin dir was not properly protected, and another brand used to have a problem where the accessibility of the web based config interface was unaffected by any settings that the user might make. Another words, this might be some previously discovered vulnerability for another product that someone realized affects this product too. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: worried security [EMAIL PROTECTED] Date: Fri, 12 Oct 2007 23:05:22 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported On 10/12/07, Valery Marchuk [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gnucitizen may be responible for bt being under a massive attack right now. Oh my God, people stop talking nonsense! Have you seen the video provided by gnusitizen.org http://gnusitizen.org/ with demonstration of this attack or read the vulnerability description? The guy sends a link to victim, victim visits this link and bam. we see the IP address of the router (there are many ways to get his information. I`m not familiar with BT products, so I won`t try to guess which way was used). Then, we see, how attacker is trying to get access to the device via web interface, then we see an authentication dialog, which is bypassed via default password or through a bug in authentication mechanism. That's it. I said maybe responisble. and you think it hasn't tipped off hackers such as the folks as StrikeCenter https://strikecenter.bpointsys.com/ https://strikecenter.bpointsys.com/ who love to reverse engineer patches, videos and other stuff. plus, we don't all know whats available underground, so perhaps a 0-day exploit is in the wild? Because perhaps a hacker has worked out the how to exploit the hole from the reported vulnerability seen on gnucitizen. just because the full exploit isn't on gnucitizen website doesn't mean their tip off hasn't led to hackers and script kids focusing on the router to work out whats going on. and if someone does work out the exploit for the vulnerability, its very serious. i don't think gnucitizen are totally in the clear of responsibility if this does get out of hand. no one has come out to confirm or deny that there is a wide spread attack on these bt home hub routers yet, a very slow response from this list on the matter, i'm not impressed. i didn't say there was an attack, i just heard a news report very quickly and i wanted the bbc or someone on the list to confirm the story, but no one can be bothered at this stage to listen to anything i've got to say on the matter. leave me alone and stop attacking me all the time, when all i'm doing is trying to help. should i of just ignored what i heard on the radio then? i think this kind of report i heard is a serious one that needs to be clarified, and if no one takes me seriously then so be it, but at least i tried to alert the security community about what i heard on bbc radio 1. hopefully though the big corporations on this list have connected up a bt home hub router to the internet and are monitoring it for cyber attacks, which maybe attacking the routers firmware. and i wasn't intentionally trying to confuse, disinformation or just generally waste everyones time if it does turn out there are no attacks taking place. even if there are none cyber attacks taking place, it doesn't say there won't be any in the future, so get on top of this now. hopefully bt will roll out firmware updates very shortly. and for years now i've questioned how much researchers should take part of the blame when hackers or script kids attack the internet after a researcher discloses information, not just today. if cyber attacks with the bt home hub router do happen or have happened, in my own mind i will think gnucitizen triggered off the whole event sequence, even if they didn't directly provide the exploit, they certainly tipped hackers and script kids off. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] extension for Firefox to force HTTPS always?
I don't know about a browser extension, but you might be able to install apache with mod_ssl, mod_proxy, and mod_rewrite locally then basically have it take care of everything. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Fri, 12 Oct 2007 21:55:37 To:Kristian Erik Hermansen [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] extension for Firefox to force HTTPS always? On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said: I just wanted to clarify that I am looking for an extension that will rewrite all encountered HTTP references in Firefox to HTTPS. I would already have a firewall or some other layer7 filtering device blocking unencrypted traffic. The addon Better Gmail does something similar to this, with the force HTTPS option, but not exactly... What should this hypothetical extension do if it automagically redirects http: to https:, but the target server is something that is only listening on port 80 because it doesn't have https: enabled? https://www.cnn.com just sorta sits there for me. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] extension for Firefox to force HTTPS always?
My solution wasn't to cure that problem. Only the one the original author was looking for. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Fri, 12 Oct 2007 22:45:12 To:[EMAIL PROTECTED] Cc:[EMAIL PROTECTED], Kristian Erik Hermansen [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] extension for Firefox to force HTTPS always? On Sat, 13 Oct 2007 02:15:39 -, [EMAIL PROTECTED] said: I don't know about a browser extension, but you might be able to install apache with mod_ssl, mod_proxy, and mod_rewrite locally then basically have it take care of everything. Same problem still - you proxy, you rewrite it to port 443 - and the destination doesn't *have* anything at port 443. What should your Apache do? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Not to step in to the middle of this, but I once worked for an employer with what I considered the best way of stopping attacks cold: a proxy server that prompted you for your credentials when you went to an external web site and gp settings that disabled the ability to save your username/password locally as well as tight settings on the systems to prevent pretty much anything from being installed or modified. So everytime you opened up a brand new session of ie and tried to access an external site you were prompted for your username/password. Somehow I doubt there's any malware around that is designed to survive in that type of an environment. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: pdp (architect) [EMAIL PROTECTED] Date: Thu, 11 Oct 2007 01:17:16 To:Thor (Hammer of God) [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks Thor, with no disrespect but you are wrong. Security in depth does not work and I am not planning to support my argument in any way. This is just my personal humble opinion. I've seen only failure of the principles you mentioned. Security in depth works only in a perfect world. The truth is that you cannot implement true security mainly because you will hit on the accessibility side. It is all about achieving the balance between security and accessibility. Moreover, you cannot implement security in depth mainly because you cannot predict the future. Therefore, you don't know what kinds of attack will surface next. Security is not a destination, it is a process. Security in depth sounds like a destination to me. However, for the record, this is not an attack. You might as well just email the target and ask for their password. Or if you can get them to open files, just send off a rootkit. But let's ignore that for now- let's pretend that somehow this is a magic attack-- This is where security-in-depth comes in, and where the overall context of your post is incorrect: It is not the same. We educate users not to open .exe files but RDP and ICA are just pure business tools. Users are familiar with them and their purpose. Therefore, they are more trusted. And what happens when the tools that you trust turn against you? And how come it is OK for a simple text file be able to ride your session and execute commands on behalf of you? I think that this is a problem. CSRF is a well known, widely acknowledged problem. The client should at least warn you that you are about to start an alternative shell. That's not the case though. BTW, I am not sure if you stumbled across the other post I released on FD and BUGTRAQ which is closely related to this one. Well, here is the situation: if you visit a remote page that happens to be malicious, attackers can inject any commands they wish into your remote desktop without any visible notice. No interaction is required. And the attack is super generic btw, and probably 100% wormable. So, I believe it is an attack. Yes, it is not stack, heap overflow, or some null pointer dereference issue, but it is an attack that we cannot simply ignore it, mainly because it is a problem with a feature rather then a bug. Features cannot be easily eliminated. Bugs will be fixed! One thing that I am always trying to do with the GNUCITIZEN sessions is to educate developers as well system administrators that attacks succeed when they are unexpected. At the end of the day, the trick is simple. On 10/10/07, Thor (Hammer of God) [EMAIL PROTECTED] wrote: Security in depth is alive and well, thank you. In fact, it is security in depth that allows administrators to prevent this type of attack (if we can actually make the stretch to call it that). However, for the record, this is not an attack. You might as well just email the target and ask for their password. Or if you can get them to open files, just send off a rootkit. But let's ignore that for now- let's pretend that somehow this is a magic attack-- This is where security-in-depth comes in, and where the overall context of your post is incorrect: First off, you block .rdp files at the SMTP gateway (that by itself is security in depth). Secondly, normal domain users don't RDP to external hosts, so there would never be an allow rule for outbound RDP. Even if there was some need for off-lan RDP traffic from users, it would be on a host-by-host basis and managed by the firewalls. That, again, is security in depth. If your users are running XP, then the admin would prevent them from updating to the 6.0 client anyway. All you have to do in this case is configure your RDP hosts to require TLS encryption based on a certificate, and the client will not be able to connect at all if the certificate is not in the trusted root certificates store. Done. If you've got advanced users or have allowed 6.0 clients, then you ensure that the client is
Re: [Full-disclosure] iDefense Security Advisory 10.09.07:Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
If you want to do one better make sure to run ccleaner after deleting any registry key to nuke any registry keys that may have been relying on it. Run ccleaner 2-3 times and you'll save yourself from a world of hurt. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Nick FitzGerald [EMAIL PROTECTED] Date: Wed, 10 Oct 2007 21:15:57 To:[EMAIL PROTECTED], full-disclosure@lists.grok.org.uk,[EMAIL PROTECTED] Subject: Re: [Full-disclosure] iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow iDefense Labs wrote: ... V. WORKAROUND Deleting the all sub-keys of the following registry keys will remove the 'news' and 'snews' protocol handlers: HKEY_CLASSES_ROOT\news\shell HKEY_CLASSES_ROOT\snews\shell If you want to do a thorough job of such mitigation as a QD fix, you may also need to nuke the HKEY_CLASSES_ROOT\nntp\shell entry. I can't easily test the viability of exploiting this via an nntp:// URI just now, but nntp is normally registered (at least with OE -- can someone check for Windows Mail?) with exactly the same sub-keys and values as the news and snews URI handlers... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Email Disclaimers...Legally Liable if breached?
They don't carry any legal weight at all because they're after the content of the message and forcibly trying to order a 3rd party into some sort of legally binding agreement after the fact (reading the contents of the message) would never hold up in a court. An EULA would have a far better chance of holding up that the waste of badwidth that these words pose. They're just someones feel good precaution. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Kelly Robinson [EMAIL PROTECTED] Date: Thu, 11 Oct 2007 08:52:38 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Email Disclaimers...Legally Liable if breached? It is common these days for email messages to contain a disclosure notice, which may include statements such as: * You must read the notice * The views expressed in the accompanying email are not necessarily those of the company * The email and any attachments should be checked for viruses. Do these notices carry any legal force? Why or Why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Email Disclaimers...Legally Liable ifbreached?
Someone's getting smarter now. Still doesn't hold weight though. If you're not able to make some sort of system that prevents accidental disclosure of the information then you're still relying on coercion to force a legal state to exist. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Nick FitzGerald [EMAIL PROTECTED] Date: Thu, 11 Oct 2007 12:54:22 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Email Disclaimers...Legally Liable if breached? [EMAIL PROTECTED] to Kelly Robinson: They don't carry any legal weight at all because they're after the content of the message and forcibly trying to order a 3rd party into some sort of legally binding agreement after the fact (reading the contents of the message) would never hold up in a court. An EULA would have a far better chance of holding up that the waste of badwidth that these words pose. They're just someones feel good precaution. In general I agree, but the reason I didn't mention that in my own recent response to Kelly's question is that, this morning, among the usual bounces/OOO/etc junk I got from last night's mailing list posts was the following... This email is to be read subject to the disclaimer below. I will be out of the office starting 05/10/2007 and will not return until 06/11/2007. I will respond to your message when I return from annual leave. NOTICE - This communication contains information which is confidential and the copyright of Ernst Young or a third party. If you are not the intended recipient of this communication please delete and destroy all copies and telephone Ernst Young on 1800 655 717 immediately. If you are the intended recipient of this communication you should not copy, disclose or distribute this communication without the authority of Ernst Young. Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst Young. Except as required at law, Ernst Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. Liability limited by a scheme approved under Professional Standards Legislation. If this communication is a commercial electronic message (as defined in the Spam Act 2003) and you do not wish to receive communications such as this, please forward this communication to [EMAIL PROTECTED] Most of the stuff after NOTICE is the kind of stuff I've previously suggested seems likely to be deemed legalistic nonsense if ever tested in court, but the interesting and new (to me) twist here is that they clearly state _up front_ that they consider that there are, possibly special, conditions on your reading/acting on the message. IA(still)NAL but I think that in general this twist does not greatly help. If they only put such disclaimers on especially sensitive messages to help protect themselves in the case of truly accidental disclosure (an employee accidentally mis-addressing the Email maybe???) they could claim to be practising a duty-of-care, but slapping such a notice on an auto-generated out-of-office message (and one that should not have been sent in response to a bulk mailing-list message anyway!) shows the limits of that duty-of-care, even suggesting that they are really applying a blanket cover your arse procedure rather than practising a real duty-of-care... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fw: Google Groups: No such group
I really would like to know who keeps trying to relay this group all over the map and doesn't bother to check on their handy work. Geoff --Original Message-- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Oct 9, 2007 1:20 AM Subject: Google Groups: No such group Hello [EMAIL PROTECTED], We're writing to let you know that the group that you tried to contact (Secure-Computing) doesn't exist. There are a few possible reasons why this happened: * You might have spelled or formatted the group name incorrectly. * The owner of the group removed this group, so there's nobody there to contact. If you have questions about this or any other group, please visit the Google Groups Help Center at http://groups.google.com/support. Thanks, and we hope you'll continue to enjoy Google Groups. The Google Groups Team Sent from my BlackBerry wireless handheld. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fw: News Delivery Report (Failure)
Now whoever is responsible for this needs to be severely beaten because I've been getting these for a very long time to the point of it now well past getting old. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: mail [EMAIL PROTECTED] Date: Tue, 09 Oct 2007 01:24:29 To:[EMAIL PROTECTED] Subject: News Delivery Report (Failure) Your Article Re: [Full-disclosure] UNSUBSCRIBE (Tue, 9 Oct 2007 05:09:05 +) could not be successfully delivered to the following news groups :- homeless.security News Server: news.barkto.com Response: 441 Faulty message ID format Your message is quoted below :- X-Original-To: full-disclosure@lists.grok.org.uk Delivered-To: full-disclosure@lists.grok.org.uk Received-SPF: pass (lists.grok.org.uk: domain of [EMAIL PROTECTED] designates 216.9.248.51 as permitted sender) X-rim-org-msg-ref-id: 1778254344 Message-ID: [EMAIL PROTECTED] X-Priority: Normal References: [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Sensitivity: Normal Importance: Normal To: sushil Agarwal [EMAIL PROTECTED], James Matthews [EMAIL PROTECTED] From: [EMAIL PROTECTED] Newsgroups: homeless.security Path: mail.theyscrewedusagain.com Date: Tue, 9 Oct 2007 05:09:05 + Lines: 75 MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] UNSUBSCRIBE X-BeenThere: full-disclosure@lists.grok.org.uk Precedence: list Reply-To: [EMAIL PROTECTED] List-Id: An unmoderated mailing list for the discussion of security issues Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UNSUBSCRIBE
I think he's thinking that we're following google's example and using pigeons not monkeys. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Harry Muchow [EMAIL PROTECTED] Date: Tue, 9 Oct 2007 11:38:36 To:sushil Agarwal [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] UNSUBSCRIBE Do you know how to use a list? Do you think there are a bunch of monkeys sitting at the other end of the list who are constantly monitoring who sends what and would unsubscribe someone as soon as they see a post with UNSUBSCRIBE message? No! You need to unsubscribe using a well defined procedure. Do you know how to use Google or are you a clown who escaped from the village circus? On 10/9/07, sushil Agarwal [EMAIL PROTECTED] wrote: UNSUBSCRIBE please dont send me any mail now onwards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UNSUBSCRIBE
For cases like that I usually recommend that the person sells all their worldly posessions and takes up life as a Tibetan monk. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: S/U/N [EMAIL PROTECTED] Date: Tue, 09 Oct 2007 09:23:41 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] UNSUBSCRIBE [EMAIL PROTECTED] a écrit : You want to 'unsubscribe'. You now have two choices: No, actually radical one: throw your computer through da window ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Report to Recipient(s)
Sometimes I really do have to wonder about people. Obviously it wasn't a message that came from me since the blackberry.net in my email might be a good clue that I'm using a blackberry to do my emails (in case the T-Mobile tagline/nagline was an obvious enough hint as is). Now I wonder which bag of garbage spammer to thank for this since someone is obviously running around with my email addr and spaming. This brings up the need for a product that I have been looking for, but can't find anywhere: s/mime or PGP signing for blackberry's NOT attached to a bes server. Rim and PGP Corp don't have anything and I've tried digging deep without any luck. Anyone have any ideas? Geoff --Original Message-- From: SNELC001 To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Cc: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Oct 9, 2007 9:19 PM Subject: Report to Recipient(s) Incident Information:- Originator: [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype The file / html you received was infected with the Exploit-CVE2007-3845 virus and was deleted. Sent from my BlackBerry wireless handheld. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UNSUBSCRIBE
Somehow this reminds me of a text-adventure game. Command? unsubscribe You want to 'unsubscribe'. You now have two choices: 1) learn how to use the filter options for your mail client. 2) learn how to use google to return to the web page that you used to subscribe for further instructions. Choice? Sent from my BlackBerry wireless handheld. -Original Message- From: sushil Agarwal [EMAIL PROTECTED] Date: Tue, 9 Oct 2007 10:26:17 To:James Matthews [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] UNSUBSCRIBE UNSUBSCRIBE please dont send me any mail now onwards On 10/9/07, James Matthews [EMAIL PROTECTED] wrote: lamo! Great email On 10/8/07, Jay Sulzberger [EMAIL PROTECTED] wrote: On Mon, 8 Oct 2007, Jones, Jeff (Enterprise Security) [EMAIL PROTECTED] wrote: UNSUBSCRIBE Jeffrey A. Jones http://crackmonkey.org/faq.html#QUESTION3 oo--JS. Constellation Energy Group, Engineering Forensics- Information Security Management (443) 394-2959 mailto: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/search.aspx?Search=Cufflinks http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question re: Macro Virus behaviour
When in doubt use notepad to open the file. Macro's are still going to show up as plaintext should be fairly easy to then figure out if the file is kosher or not. If they're not showing up as ascii then I'd worry a bit. Of course you could also just install AVG and sandboxie to open the file and find out without worrying about if you're going to destroy your machine in the process (I love that about sandboxie). Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Kelly Robinson [EMAIL PROTECTED] Date: Sun, 7 Oct 2007 16:05:33 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Question re: Macro Virus behaviour An MS Word file on your computer has a size of 356 KB and a modified date of 19 June 2007 3:37:51 PM. Moreover, the file has been certified clean (i.e., uninfected) at this point by an infallible AV scanner. After a highly-publicised virus outbreak, you examine this file's properties again and notice it is still 356 KB with the same modified date and time. Can you safely conclude it has not been infected without checking it with your AV scanner? Why or why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
I keep thinking of that wonderful saying that to assume is to make an ass out of you and me. Certainly is true when programming. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: terry white [EMAIL PROTECTED] Date: Sun, 7 Oct 2007 00:57:02 To:[EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype ... ciao: : on 10-6-2007 Kurt Dillard writ: : In my opinion, every application should handle incoming data as bad data. finally. : Its poor programming to assume that incoming data is properly formatted and : safe to process as is, even if the data is supposed to come from a process : you own. actually, i think it's shoddy programming. : Why so extreme? or perhaps more properly, why would considerate programming be considered extreme ... -- ... i'm a man, but i can change, if i have to , i guess ... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] are the NetBIOS-like hacking days over? - wideopen citrix services on critical domains
Actually I'd recommend using terminal services over citrix any day of the week for hosting mature apps on a big box, but that's just my bias. Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain. At least with TS anyone accessing the TS server needs to have a domain account so that's one nice part of security that's very hard to disable or bypass. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: pdp (architect) [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 20:55:06 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] are the NetBIOS-like hacking days over? - wide open citrix services on critical domains The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains. This is madness! No, this is the Web. Through, I wasn't expecting what I have found. Hacking like in the movies? I did not poke any of the services I found, although it is obvious what is insecure and what is not when it comes to citrix. It is enough to look into the ICA files. With a few lines in bash combined with my Google python script, I was able to dump all the ICA files that Google knows about and do some interesting grepping on them. What I discovered was unbelievable. Shall we start with the Global Logistics systems or the US Government Federal Funding Citrix portals - all of them wide open and susceptible to attacks. Again, no poking on my side, just simple observation exercises on the information provided by Google. Just by looking into Google, I was able to find 114 wide open CITRIX instances: 10 .gov, 4 .mil, 20 .edu, 27 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn't even dare look at theirs ICA files. I am trying to raise the consumer awareness with this article. I mean, it is 2007 people, it shouldn't be that simple. I did write and article about my findings which you can read from here: http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ I've also created a video that show the lamest way someone can use to break into unprotected citrix just to show the concepts. CITRIX hacking is just like back in the old days with NetBIOS. It simple. It is malicious. It is highly effective. And the problem is that CITRIX is pretty useful. Here is a dilemma for you: Let's say that you have a pretty stable desktop app which you would like to be available on the Web. What you gonna do? Port it to XHTML, JavaScript and CSS? No way! You are most likely going to put it over CITRIX. I've also wrote a script which makes use of ICAClient ActiveX controller to enumerate remote Application, Servers and Farms: http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/enum.js Let me know if you find this useful. cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
I think that you're both right, but the only solution is the same old, same old: speed, code size, and maintainability/complexity versus the padding and added IO checking of a very secure app. Nothing new, nothing different. It's the same problem that has existed since the dawn of programming. Invariably the answer to the question will be a proposal for yet another secure programming language or framework. So far all attempts at either have seemed to have failed miserably or never really gained traction (anyone else here remember plan 9 and its more secure brother inferno?). Now the industry trend du jour is moving more towards protecting the rest of the system from unforeseeable vulnerabilities and their exploitation (selinux, dep, etc) when things blow up rather than demand that code is 100% bulletproof. Bad idea? I'm not so sure. The bigger the system, invariably, the harder to debug to absolute stability in a timely fashion, but source code analysis tools can help lighten the load a bit. However, no amount of auditing of your own product can prevent the problem of a buggy third party that, even if you pass it input in the exact fashion as specified by the manufacture, is still vulnerable. The point of this rambling? No amount of hyperventalating over the security of your own code will ever make it absolutely secure as long as you're placing a reliance on the security of a 3rd party library (in which case I hope you're planning to write everything from the bios of the computer up to the app). Point? Mitigating the threat posed by unknown attack vectors is something that may start at the program level, but I'm highly doubtful that it can completely be accomplished at just the program level alone. A secure operating system or security framework will pretty much always be a necessity for guaranteeing a completely secure platform. If there's a silver lining here it's that even the most novice computer user knows that security is a problem with computers as opposed to security? What's that? (followed by a deer in the headlights look). That widespread knowledge is what drives budgets to spend on security oriented products rather than the old philosophy that those are optional products. Hopefully, that will eventually materialize in the form of better, cheaper source code auditing products that can help fix the problem at where it all starts: insecure code created by innocent oversight of the programmer who creates it through either it being abolutely complex, a rushed development cycle, or maybe just the infamous (that looks right). Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Geo. [EMAIL PROTECTED] Date: Sun, 7 Oct 2007 22:26:21 To:[EMAIL PROTECTED],full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype - Original Message - From: [EMAIL PROTECTED] 2) That said program can protect itself against overtly malicious input. Ok then, I can mark you down as one who believes that all the php exploits blamed on bad code writing are actually the fault of php and not the application coded using it's powerful functionality? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Testing DidTheyReadIt.com
Not to mention that this service simply will not work with some destination addresses that check if the sending MTA is authorized to send on behalf of the sending addresses domain. This list is a perfect example. I found out somewhat accidentally that this list uses spa when some asshat spammer tried bombing it with my email address. One little problem for the asshat: this list uses spa and so does blackberry.net therefore the way I found out was when the list sent me (correctly) rejected email messages saying that blackberry.net does not authorize some server to send using addresses bearing its domain name. Oh well, sucks to be an asshat spammer. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Nick FitzGerald [EMAIL PROTECTED] Date: Sun, 30 Sep 2007 23:19:20 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com Juha-Matti Laurio to Thierry Zoller: [un-top-posted] Just a sample test of how many of you read this email. Let's see how good it performs for mailinglists and what comes out. Your headers etc. doesn't state that this service is in use. Maybe not _directly_, but comparing Received: headers in other Email Thierry has sent to Full-Disclosure from his @Zoller.lu address, you quickly see that hyperion.vo.lu is usually (??) the machine that injects such messages into the mail chain, whereas his test message was injected by colibri.e-mail-servers.com Aside from being totally useless against those who use text-only MUAs, this kind of service is generally useless because increasingly, even vendors like MS realize that user privacy is actually somewhat important and increasingly make NOT retrieving remote images (and other content) in rich text Emails the default, rather than just providing an option to turn off such attrocities should the user be aware enough to go looking for such an option... This is an example of a service that, in general, should not work, and in future will be increasingly more useless, I think. In the meantime, all (???) those using it should be asking what kind of data leakage they are exposing themselves to, through possible message content scanning and sender/receiver address usage patterns, among others. Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] gadi evron
They really need to restrict kindergardeners from purchasing domain names and webservers. Putting out a contract on someone, essentially, is a good way to start life with a felony conviction. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Richard Golodner [EMAIL PROTECTED] Date: Sat, 29 Sep 2007 12:15:24 To:[EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] gadi evron You may think this whole Gadi thing funny, but remember that some of the readers who are on these lists really do professional security work and that includes more than just data networks. Be careful what you wish for. Richard Golodner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, September 29, 2007 9:40 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] gadi evron -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 New research results out: http://lul-disclosure.net -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3 ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI u6dx4/s= =4Dx3 -END PGP SIGNATURE- -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3G w0Eyvevu4/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.7 has a very seriouscalculation bug
Great. The 2007 version of the fdiv bug. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Steven Adair [EMAIL PROTECTED] Date: Fri, 28 Sep 2007 13:20:51 To:Larry Seltzer [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk, carl hardwick [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was this just a mistake? Steven Actually, I see 5.1005 in both browsers. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online
Right now I'm having flash backs of Joclyn elders (former American surgeon general under the Clinton administration) saying how we need to make safer guns and safer bullets. Gotta love how logic gets overrided by emotions when it comes to laws. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: worried security [EMAIL PROTECTED] Date: Wed, 26 Sep 2007 17:37:38 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] n.runs AG puts §202 law to t he test - Tools back online On 9/26/07, Thierry Zoller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear List, You may or may not have noticed but a lot of German companies and researches have pulled their tools from their website in fear of litigation. I don't think it was necessary for folks scramble to remove existing tools. if you got arrested, you could show the police that your tool was uploaded to the server before the law was introduced. in short, folks should of been mass uploading as much code as they could before the law came into force on August 10th, not removing it. If servers are still letting people download but the upload was done before August 10th, then it shouldn't count as a criminal act, even if the download is available after August 10th. Only uploads to servers should be illegal after August 10th, and why just go after folks hosting the tools, why not go after the folks downloading the tools too. In the bigger picture of things, its the folks downloading the tools who are the criminals, but how do you distribute those tools to legitimate researchers, who only want to progress the journey of explotiation development to safer the systems people want to compromise? not all downloaders are the criminal, so why target the host of the tools, when you can use your intelligence agency to monitor folks downloading tools from servers and watching what they do with them. it looks like the german intelligence services are trying to do a short cut by outlawing all cyber security research activity, than having control mechanisms in place to kick out the rogue researchers from the true researchers. i know a lot of people who are german, and i know the german mentallity, they have said *oh cyber security, this seems like non sense, we only want to concentrate on real life bomb intelligence services activity, to cut costs on monitoring cyber security legitimate research, lets outlaw it, so its far easier on our resources and is less costly for us*. germany, you need dedicated cyber security teams, germany you need to invest millions of money into cyber security. i'm sorry this whole internet thing and security is hard to come to terms with, but yeah, deal with it. undo your law, spend the millions of money you wish you could spend on other things. the internet is here to stay and without cyber security research, there won't be any cyber security in your country. and you wonder why china was able to break into your government systems, you'll never know if your dumb law has prevented a security researcher from speaking out against a vulnerability on your government networks. so the vulnerability was left unpatched and the chinese government used it to compromise your systems. have a nice day germany, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online
I can picture piles of cd's and hard drives being burned now. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Wed, 26 Sep 2007 12:29:52 To:full-disclosure@lists.grok.org.uk,[EMAIL PROTECTED] Subject: Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online Finally the Whitehat Holocaust begins! Germany is great. On Wed, 26 Sep 2007 07:52:21 -0400 Thierry Zoller [EMAIL PROTECTED] wrote: Dear List, You may or may not have noticed but a lot of German companies and researches have pulled their tools from their website in fear of litigation. We are fed up with the ambiguity and confusion surrounding Germany controversial new anti-hacker law and n.runs AG decided to put the law to the test, we reuploaded the BTCrack (Bluetooth Cracking tool) and futhermore added a new Item, the source code to the Linux port for immediate download. [1] The law, which took effect Aug. 10, mandates fines or prison sentences for any person who violates 202a or 202b by providing access to, selling, acquiring, leaving at the disposition of someone, distributing or otherwise making accessible passwords or access control information. It also outlaws computer programs whose purpose is solely criminal. N.runs hopes its actions will encourage other German security firms and researchers to put their security tools and research back online as well. The current confusion and uncertainty is affecting everyone around here, Jan Münther (CTO) says. Germany is most certainly not becoming a safer place because of these laws. More Information about the motivation behind this move and more insight is available through Dark Reading : http://www.darkreading.com/document.asp?doc_id=134646WT.svl=news1_ 2 [1] http://www.nruns.com/_en/security_tools.php PS. The link know really points to a file... Regards, Thierry Zoller - Security Engineer Fingerprint 9180 F9C9 A0EF BDA3 C46A BFEB B149 0FE4 3AFC 9B09 -- n.runs AG Registergericht Bad Homburg v.d. Höhe, HRB 10399 Nassauer Straße 60 61440 Oberursel mobil +49 151 5500 2771 phone +49 6171 699-0 fax +49 6171 699-199 web http://www.nruns.com Aufsichtsrat: Vorstand: Horst Marscholek (Vorsitzender) Andreas Bruns (Vorsitzender) Ulrich Caspar Alexander Kersting Donald Lee -- Track employee hours, payroll, schedules and more! Click here for more information. http://tagline.hushmail.com/fc/Ioyw6h4dKTalY2KByYKBEtPhPCynUWZI9RmR8FhJ6XhzmWB4ilgIEw/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] defining 0day
The game king of the hill comes to mind watching this. Who will stand alone on top with all others bowing down before him? Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Tue, 25 Sep 2007 21:04:24 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] defining 0day How many days has this RIDICULOUS argument been raging, apparently without ANYBODY here mentioning the Medical background of Zero Day? Patient Zero? Any of this ringing a bell? Not that it matters. The other thing I have yet to see is an explanation of why this particular bout of mental masturbation matters. Not that I'm expecting to... mail2web - Check your email from the web at http://link.mail2web.com/mail2web ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- trymedical research...
Try cyanide. Faster, better, cheaper, and long lasting. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Joel R. Helgeson [EMAIL PROTECTED] Date: Fri, 21 Sep 2007 14:29:51 To:'M. Shirk' [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research... Actually; If you find the cure, you can make a buck -- ONLY IF YOU CAN PATENT IT! People are not interested in researching diseases that are not profitable... for those patients, treating the symptoms is more profitable. You, the patient, or the family member must become the doctor. Fortunately, I have possibly your answer, and if not, at least a direction to take. Go to www.vitaganza.com and purchase WOBENZYM It is THE BEST NUTRITIONAL SUPPLEMENT in existence, don't even bother with substitutes. This is an enzyme supplement that has 5 top-tier enzymes that when ingested, they proceed to break down longer protein chains and turn them into enzymes. This ultimately creates a cascading effect of creating over 2000 separate enzymes that then go through your body and fix damage, so back pain, muscle pain, knots in your back, surgery... this helps fix ALL DAMAGE in your body (Damage that is possible to repair). Every cell in your body, every nerve fiber, everything requires enzymes to function. The Cartilage in your body is the largest avascular, aneural and alymphatic tissue in your body. It is kept alive by being bathed in enzymes (anyhow, I digress). Kristian, I have hacked problems like this before, Wobenzym will help both your brother and your friend. It may not be the silver bullet but it will definitely help, no question about that. Gaucher's Disease: Enzyme Replacement Therapy (WOBENZYM) Enzyme replacement therapy for lysosomal storage diseases did not become a reality until the early 1990s when its safety and effectiveness were demonstrated in type 1 Gaucher disease. Today, ERT is a reality for Gaucher disease, Fabry disease and mucopolysaccharidosis type I (MPS I), and clinical trials with recombinant human enzymes are ongoing in Pompe disease. LCH: Wobenzym will help, but what may help even more is Guaifenesin tablets. THIS IS NOT A REPLACEMENT FOR TRADITIONAL THERAPY, keep going to the doc, and take this stuff. http://www.guaifenesin.com/guaishop.htm If you want to hack the problem, you need to be willing to be the guinea pig, the lab rat. Seek the care of licensed, trained doctors as you normally would, but don't listen to the pooh-poohing they give on natural, nutritional, or over-the-counter remedies. I personally take both Wobenzym and Guaifenesin to overcome some serious ailments that were uncurable by modern medicine, and was forced to medicate the symptoms. I hope this information helps you, and helps other people on the list who see this. -joel -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Smith Sent: Friday, September 21, 2007 1:18 PM To: M. Shirk Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research... Just like technology research (hacking)... but... if you are the one that finds a cure, you'll make your buck too. M. Shirk wrote: There is more money to be made in the treatment of a disease, then actually finding a cure. Remind you of anything? Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Fri, 21 Sep 2007 10:37:20 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Dailydave] Hacking software is lame -- try medical research... Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you. General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This
Re: [Full-disclosure] Gadi Evron strikes again
I think the real problem is that worried security suffers from undescended testicles. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Richard Golodner [EMAIL PROTECTED] Date: Sat, 22 Sep 2007 11:33:10 To:'worried security' [EMAIL PROTECTED],full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Gadi Evron strikes again WoriedSecurity said”blah, blah, nothing”. Do you know Gadi? Have you ever corresponded with him? He adds some valuable knowledge to a legitimate issue that most Service Providers down to the home user should be aware of. I read the “serious 0-day” thread and I think you are just pissed off. If you had some balls you would use your real name like most legitimate networkers do instead of hiding behind a pseudonym. Check Gadi’s work and see for yourself instead of letting your hurt feelings get in the way. Talk about script kiddies. Jesus man, are you sure you real name is not n3td3v? I do not see anyone soliciting your opinion about anything. What have you contributed to the body of knowledge? All I read is juvenile BS. Mail from WorriedSecurity now gets dumped before it even sees my mail client. Thanks for making it clear that you’re an ass. Richard Golodner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of worried security Sent: Saturday, September 22, 2007 9:11 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Gadi Evron strikes again Who seen Gadi Evron on the mailing lists trolling about what a 0day is and what a 0day isn't, in the middle of a serious disclosure about a PDF flaw? Hilarious. Well, just incase you missed it, here it is again... http://seclists.org/bugtraq/2007/Sep/0229.html http://seclists.org/bugtraq/2007/Sep/0229.html And this guy wants to be a high profile guy at the forefront of information security discussion? lolzers. Script kiddos unite behind the big man Evron. He leads, where the rest of us follow. And he comes on the lists complaining people are mimicing his e-mail addresses and calling him a dick. *I wonder why?* Its funny, he strongly keeps an eye on Funsec mailing list and keeps everyone in check,Yet, he has a total disregard for quality control else where, especially on Bugtraq My question is Who is Gadi Evron?. This guy you would think would add something special to a discussion, but he doesn't, and you know what I know his excuse is? He is keeping his knowledge secret so bad guys can't learn from his knowledge. lolzers Gadi Evron. The truth is, Gadi just wants to make sure his name and e-mail address is in every major flaw disclosure, no matter how lame the comment is, just as long as his name and e-mail is in high profile disclosures, then Gadi Evron can sleep at night. Thanks Gadi!!! My hero. Bugtraq is moderated for a reason, so Bugtraq moderators, start moderating it!!! Symantec arsewipes. Securityfocus, no really, why are you allowing Gadi Evron troll on such a high profile respected moderated list? Gadi's comment mentioned above was a true breach of the rules, so start moderating his comments more in future. Leave the trolling for F-D Gadi, Bugtraq readers don't want to see your shit in future, and Bugtraq moderators, actually read what Gadi Evron is posting in future, instead of just reading the name and sender and approving the message without actually reading the body. *Oh its Gadi, its automatically approved* Lets look at Bugtraq's description: BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. http://www.securityfocus.com/archive/1/description#0.1.1 lolzers, Bugtraq moderators don't read thier own shit or inforce it! Someone snip a bit of that description that gives Gadi right of way to troll on Bugtraq in the middle of serious flaw disclosures! Gadi, seriously f**king learn about the stuff you read , so you can actually input into the threads and help with the topic infront of you, instead of random off-topic messages about what defines a 0-day and what doesn't. Why didn't you start your own thread on Bugtraq about what is a 0-day?, because they wouldn't let you Instead you sneak your shit into high profile threads, to get a name for yourself. Your conversation, as always Gadi, is best suited for Full-Disclosure or security-basics, so get the f*** off Bugtraq you idiot. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___
Re: [Full-disclosure] A Request To Everyone
Can't we all just get along? Now let's all have a nice giant group hug ;) Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Jimby Sharp [EMAIL PROTECTED] Date: Fri, 21 Sep 2007 15:24:36 To:Nikolay Kichukov [EMAIL PROTECTED] Cc:[EMAIL PROTECTED], Aditya K Sood [EMAIL PROTECTED],full-disclosure@lists.grok.org.uk,[EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Full-disclosure] A Request To Everyone Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another 0day to sell.
Full disclosure: all the fun of irc with the lag of smtp. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Richard Golodner [EMAIL PROTECTED] Date: Thu, 13 Sep 2007 12:55:22 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Another 0day to sell. Full Disclosure ha! This is better than the crap my wife watches on T.V. Fully Entertaining is more like it. This list was once useful many years ago. Now it is just a comical post for egotistic geeks with no social life and a P.C. which probably runs Windows. Post some vulnerabilities or STFU. Richard Golodner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] World's most powerful supercomputer goesonline (fwd)
Uh... I think you're missing some key points about the gov't and the internet. First off, all methods of connecting to the internet (cable, DSL, etc) invariably fall under the control of the FCC. Secondly, the FCC can impose rules without a requirement for congress to evaluate them. Therefore there's no need for the gov't to get the home user involved. The FCC can simply put in a mandate that any business that wants to serve as an uplink to the internet must have device x (insert imaginary device or control method here). Problem solved. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: hack the gov [EMAIL PROTECTED] Date: Sun, 2 Sep 2007 18:35:53 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] World's most powerful supercomputer goes online (fwd) On 9/2/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sat, 01 Sep 2007 18:37:11 BST, hack the gov said: On 8/31/07, Jay Sulzberger [EMAIL PROTECTED] wrote: now that they have the world's most powerful supercomputer system at thei r disposal, what are they going to do with it? absolutely nothing.they're a bunch of pussys sitting infront of their computers with weak bone structures and a bend in their neck from sitting there so long. No, between Storm and the Rock Phish stuff, I hardly think they qualify as pussies. Taking in $150M with *one* of their projects makes them seriously big time. http://www.economist.com/displaystory.cfm?subjectid=7933606story_id=9723768 if they try anything stupid, the secret service will be around to straighten their bendy geekofied necks and crush their bodies into a fluid. No, more likely, the Russians will demonstrate their techniques on the Secret Service guys. They didn't get to control most of the Russian economy by being nice guys. Messing with them gets you seriously *dead*. i think most americans would hand over their computer to the american government for a cyber nuke program to counter the cyber threat by russia. if i thought russia was cyber nuking the west or was about to, i'd sure let my computer be signed upto the cyber nuke program, to make sure my bandwidth killed the russians cyber nuke. this talk is very futuristic, but i think in the future we will need to get a u.s president to convince the american people that there is a cyber threat, and we need your computers to counter incoming cyber attacks by foreign governments and terrorist groups. u.s intelligence services might need to allow a foreign government or a terrorist group to carry out an attack on cyber infrastructure, as a proof of concept to show to the american people that a cyber nuke program using u.s citizen computers is necessary. just like the u.s intelligence services allowed a foreign government or terrorist group such as al queda to do 9/11 as a proof of concept to show the american people that a war on terror was necessary. before 9/11 there was no war on terror, just like now there is no cyber nuke program, cyber war on terror or in general cyber terrorism or cyber terrorism threat, but if the u.s intelligence services knew a cyber terror attack was planned, they could allow it to happen, thus creating everything the u.s government need to take the world into a fully fledged cyber world war, where the outcome of that war would very much favor america in its long term interests. if this thing is owned by a foreign government or terrorist group, then i think it would benefit the united states in the long term if the u.s intelligence services allow a foreign government or a terrorist group to cyber attack western interests as a proof of concept for political ends to show the american people why a cyber nuke program involving u.s citizen computers is necessary. yes, admittedly at the moment it all sounds futuristic and far reaching, but please link back to this e-mail in the future and you can say hey that guy was right!. there is no shortage of u.s citizens signing up to fight the war on terror in iraq, afghanistan and elsewhere, so i think the same would apply to u.s citizens signing up to fight a cyber war on terror, where the only difference is the soldiers are computers, fighting in the name of its country, cyber soldiers or cyber troops if you will. we need to focus on what a cyber war would be in real terms and how u.s citizens would be asked by the u.s government to be involved in countering that. i think a u.s citizen taking it upon himself to defend its country in a cyber war would be deemed illegal, only u.s citizens who had signed upto the official u.s cyber nuke program and had installed the official u.s cyber nuke program software from CD would be allowed to have its computer used to counter foreign threats to cyber national security interests. of course, u.s citizens wouldn't be given the software on the fly, the government would need to verify who you are first, that you are a
Re: [Full-disclosure] pftp-shit v1.11 directory listing ghetto patch
/dev/null ? Sent from my BlackBerry wireless handheld. -Original Message- From: T Biehn [EMAIL PROTECTED] Date: Wed, 22 Aug 2007 01:55:35 To:Full-Disclosure@lists.grok.org.uk Subject: [Full-disclosure] pftp-shit v1.11 directory listing ghetto patch HI FD, UNRELATED TO SECURITY, I NEEDED SOMEWHERE TO DUMP THIS PATCH THIS PATCH IS PROBABLY IMPROPERLY DONE, BUT IT WORKS. IT FIXES THE CASE WHERE IF YOU HAVE A USERNAME / GROUP THAT IS A MONTH PFTP WON'T RECOGNIZE THE DIRECTORY LISTING CORRECTLY. HUGS AND KISSES, TRAVIS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day for sell
You're assuming he has another 7/8th's to post. Hasn't anyone learned anything from the 419'ers yet? Fork money to anonymous individual promising good things... Personally, a fool and his money are two things that I'd like to meet too. Let's face it: if you're dumb enough to fork over money to an unknown stranger for some promised magic then you deserve to be swindled. Now if anyone here is interested I have a bridge or two for sale and some real estate in a place where it rains chocolate. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: scott [EMAIL PROTECTED] Date: Tue, 21 Aug 2007 01:09:38 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 0day for sell I say the same as others on this list.The name says it all.FULL-DISCLOSURE doesn't mean...Hey man,I've got a one-eighth-disclosure for you. If you will pay for it,I will give the other seven-eighths-disclosure. what do you care if someone posts saying they have 0day for sale, or if they're for real or not and so on. I'd rather have my inbox bombarded with the likes of n3td3v/joey mengele and adverts for real or imagined 0day for sale than listen to another line of useless babble from the likes of Valdis et al. On Mon, 20 Aug 2007, [EMAIL PROTECTED] wrote: Date: Mon, 20 Aug 2007 11:06:35 -0400 From: [EMAIL PROTECTED] To: Juergen Marester [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 0day for sell On Mon, 20 Aug 2007 07:09:07 PDT, Juergen Marester said: Im new in this list and i let a message because i am selling some 0day, vulnerabilities and exploits. Obviously you're new. This is full-disclosure, not 0days-for-sale. However, I'll cut you some slack: Convince us you actually have real 0days against current releases, not retreads of exploits against a 2003 release or just vaporware. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CNN.com XSS hacked
Now we get to hear what OW! sounds like when said by both sides. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: James Matthews [EMAIL PROTECTED] Date: Mon, 13 Aug 2007 09:45:55 To:Tonu Samuel [EMAIL PROTECTED] Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] CNN.com XSS hacked CNN and Fox Nice On 8/13/07, Tonu Samuel [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: http://www.clpwn.com/2007/08/13/breaking-news-team-clpwn-hackers-compromise-cnncom/ http://www.clpwn.com/2007/08/13/breaking-news-team-clpwn-hackers-compromise-cnncom/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ -- http://www.goldwatches.com/ http://www.goldwatches.com/ http://www.jewelerslounge.com http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Because everyone trusts someone who uses a different from name than their signature name... Btw- buffo? Is that a twist on blotto or buffoon? You should add that interested parties make their checks payable to: c a s h Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: h buffo [EMAIL PROTECTED] Date: Thu, 9 Aug 2007 16:41:13 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] (no subject) Hello, this message only concern professional. I selling codes 0days exploits about vulnerability i found and i coded. If you are interested by windows and linux exploit, please mail me. Regards, Joergen B. = -- Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] intrusion kit
Try seeing if dameware will work for you. It has its own lightweight client. It's been a while since I've used it so I'm just tossing out an idea. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Joshua Tagnore [EMAIL PROTECTED] Date: Fri, 3 Aug 2007 16:29:46 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] intrusion kit Hi list, While doing a penetration test for one of our clients, I succeded in exploiting a sql injection to get Administrator access to a windows server. I used netcat to get a reverse shell and everything works just fine. Right now i'm having problems with the next phase, pivoting into the network. For example, If i want to install nmap, i need to install winpcap (which has no command line installer), to install vnc and configure it to create a reverse vnc connection I also need a point and click interface. The server has a firewall configured that doesn't allow incoming connections( other than HTTP), so rdp, pc anywhere and vnc installed by default are out. What I'm looking for is an intrusion kit, a ZIP file that contains common tools like: vnc, nmap, pwdump, ssh client, etc. That have all dependencies in the zip file, so I could do: unzip kit.zip cd nmap nmap -sS localhost cd .. cd vnc run-vnc-server Does this exist? Could anyone please share his experience with this problems ? Cheers, -- Joshua Tagnore ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] selling windows linux exploits
A fool and his money are two things that I would like to meet too. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: [EMAIL PROTECTED] Date: Thu, 26 Jul 2007 21:24:20 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] selling windows linux exploits I'm sending windows exploit for some applications (winrar, winzip, office, iis) and some linux local root also. mail me for me informations. no list given, please just precise which exploit you want. Regards, Gerard H. -- HASH(0x8bd6f1c) HASH(0x8e6ddf8) http://tagline.hushmail.com/fc/Ioyw6h4eS5xRcWV1ZwhoGo8hPKOUTsyEku0QSoGFIafEW2D70lDuNC/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Might I propose a new tag line for this list? Full disclosure: more entertainment than wrestlemania. Full disclosure: I never want to grow up I want to be a full disclosure kid. /me now waits to hear from toys r us over that last one ;) Cheers! Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Simon Smith [EMAIL PROTECTED] Date: Mon, 23 Jul 2007 20:43:37 To:[EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Am I missing anything ? Oh so now you're calling me old? On 7/23/07 7:37 PM, Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrrjXRx1 SwjDJMB/ -- Inventors: Does your idea have potential for millions? Click for info http://tagline.hushmail.com/fc/Ioyw6h4dkcnaUMsOe5nQ4NrMFQ3SiRlt5nAvPQ2aVmvq0VR WpncutX/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
