Re: [Full-disclosure] Palimm Palimmm

2007-05-31 Thread mailing-lists 

I think I read this before... :)

RMS

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 5DFFC7C3DCFBCED5CEDD48F216936CF9
> 9B704583D6E5056E67C959B5CCEE2F548D3C70F3
> 
> 3ABC8C9964BDBB6E8521E58C641B4812
> AD1C3B3CC1E821CA8D91E7A01ADC0C96B7854235
> 
> 9D74F62FBD9A44311D42BF0C5B051A9C
> 0DBB6B045ED8F83C34E08832E57DB143B5ECB82C
> 
> 632D332771B1314604762E855B58987C
> 349E7A0AEC82090A7206F603A5EB474E9762611C
> 
> 5D717685786D54BBFC9E1200BEEA3C2E
> 9BC107502C21AF59903AC9FE388E8C98907F466F
> 
> A2761D0E2AF8DFA6F6BE26A48565B863
> 4E5C27420A66418CA7F9EB0635436A5B5B5BE2D8
> 
> F866801EF3BE6D6749B745176363C58B
> 5804EB264F318ED1ADBC8195A84527D8CDF72AA9
> 
> F095752B5CB8C7FD52B52A13987143D9
> 6C81F23E6AF0375020E4B5AC644F0CADA67F2A77
> 
> 64D950594527059E23836858806D177E
> 3A5DEF28C4624C2A29A0188959F65693598B7C93
> 
> B4F093AEBA68D786B646E27B392C55FC
> 5820788972BF117B796391C8F6B0D46DD4B0A00C
> 
> B9BED56CC3CF2A5F2D8C9E83DDAE172F
> E22C25C6E10493BA7AA1DAAFA88125F11BA6501B
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGXvKysUkP5Dr8mwkRAt11AJ9+LGB7nFHDpTzy7PORTcxnRgBlAwCePzIc
> gZxohWL4ZNDYN8O7WZKlAs8=
> =sdno
> -END PGP SIGNATURE-
> 
> -- 
> http://secdev.zoller.lu
> Thierry Zoller
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] unsubscribe

2006-08-14 Thread mailing lists 
unsubscribe



 On Sun, 13 Aug 2006 12:00:10 +0100 (BST)
[EMAIL PROTECTED] wrote
> Send Full-Disclosure mailing list submissions to
>   full-disclosure@lists.grok.org.uk
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>   [EMAIL PROTECTED]
> 
> You can reach the person managing the list at
>   [EMAIL PROTECTED]
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
> 
> 
> Note to digest recipients - when replying to digest posts, please trim your 
> post
> appropriately. Thank you.
> 
> 
> Today's Topics:
> 
>1. Re: Getting rid of Gadi Evron and Dude VanWinkle (Aaron Gray)
>2. Re: Server Redundancy (wac)
>3. what can be done with botnet C&C's? (fwd) (Gadi Evron)
> 
> 
> --
> 
> Message: 1
> Date: Sun, 13 Aug 2006 01:25:18 +0100
> From: Aaron Gray <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Getting rid of Gadi Evron and Dude
>   VanWinkle
> To: full-disclosure@lists.grok.org.uk
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> l4m3r
> 
> vodka hooch wrote:
> > hi
> >  
> > for months now we've had to put up
> >  
> > now its time to shut up
> >  
> > how do i setup my gmail?
> >  
> > i know this is unmoderated list but im pulling my hair out to sift 
> > through the real email
> >  
> > please dont turn full dis into symantec trolltraq, hlp me! :)
> >  
> > -gs
> >  
> >
> > 
> > Yahoo! Messenger with Voice. Make PC-to-Phone Calls 
> >
>

> 
> > to the US (and 30+ countries) for 2¢/min or less.
> > 
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> > 
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
> >   
> 
> 
> 
> --
> 
> Message: 2
> Date: Sat, 12 Aug 2006 22:39:16 -0400
> From: wac <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Server Redundancy
> To: "Tim Hecktor" <[EMAIL PROTECTED]>
> Cc: full-disclosure@lists.grok.org.uk
> Message-ID:
>   <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi:
> 
> Thanks I'll check ipvs.
> 
> Regards
> Waldo
> 
> On 8/10/06, Tim Hecktor <[EMAIL PROTECTED]> wrote:
> >
> >  Hello,
> >
> >  >  >
> > Maybe this is what you are looking for:
> >
> > pandora:~# dig ftp.freenet.de
> >
> > ; <<>> DiG 9.2.1 <<>> ftp.freenet.de
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59136
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 3
> >
> > ;; QUESTION SECTION:
> > ;ftp.freenet.de.IN  A
> >
> > ;; ANSWER SECTION:
> > ftp.freenet.de. 1457IN  CNAME   ftp-0.freenet.de.
> > ftp-0.freenet.de.   600 IN  A   194.97.2.69
> > ftp-0.freenet.de.   600 IN  A   194.97.2.70
> > ftp-0.freenet.de.   600 IN  A   194.97.2.67
> > ftp-0.freenet.de.   600 IN  A   194.97.2.68
> >
> > This will map a name to more than one ip and will give you load-balancing
> > this way, but not real redundancy.
> > To map a service to different hosts redundant you can use a box running
> > ipvs. This box can be made redundant with a identical box using mon and
> > heartbeat to do ip failover.
> >
> > Best regards,
> >
> > Tim Hecktor
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL:
>
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060812/3579b5dd/attachment-0001.html
> 
> --
> 
> Message: 3
> Date: Sun, 13 Aug 2006 01:43:35 -0500 (CDT)
> From: Gadi Evron <[EMAIL PROTECTED]>
> Subject: [Full-disclosure] what can be done with botnet C&C's? (fwd)
> To: full-disclosure@lists.grok.org.uk
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> Hi guys, here is a forward of my follow-up to the previous message.
> 
>   Gadi.
> 
> -- Forwarded message --
> Date: Sat, 12 Aug 2006 13:12:30 -0500 (CDT)
> From: Gadi Evron <[EMAIL PROTECTED]>
> To: botnets@whitestar.linuxbox.org
> Subject: what can be done with botnet C&C's?
> 
> In my last email message I addressed some of the issues relate

Re: [Full-disclosure] Fwd: Its time to take rick rolling seriously

2008-04-28 Thread MiW Mailing Lists 
I don't agree at all -- being rickrolled is one thing (passive),
typing authentication credentials (active) is something very
different.

I mean
Somebody could want to to learn more about that blessed pokemon mudkip

they might visit:
http://so.i.herd.u.liek.mudki.ps/


> i actually agree with this thread.  but its not just rick rolling.
> its any link that anayone sends.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?

2010-07-02 Thread Mailing lists at Core Security Technologies 
Hello Mr. Dobbins.

Normally, I'd not reply to this post but something about it prompted me
to do it.

Dobbins, Roland wrote:
> On Jul 2, 2010, at 7:01 AM, Dan Kaminsky wrote:
> 
>> Permanent DoS's are unacceptable even from intentionally malicious
>> traffic, let alone a few nmap flags. They're unacceptable to us,
>> they're unacceptable to Microsoft (see: MSRC bug bar), and even
>> Cisco PSIRT has shown up on thread desiring to clean things up.
> 
> Again, causing the RP CPU to go to 100% due to punted
> management-plane traffic isn't a new phenomenon - it's
> well-understood amongst network operators, as are BCPs which mitigate
> the risk of such an occurrence.

This is an obvious fallacy. Here's why:

You've unilaterally decided that your interpretation of the original
message from Shang Tsung is the correct one. Namely that what caused the
devices to *crash and reboot* was the amount of traffic they were
receiving on the SNMP ports. His email did not state such thing.

Then on the basis of taking your own assumption as truth and not based
on factual data you then proceed to dismiss the problem as nothing new
or worthy of discussion but simply a matter of improper configuration or
network architecture.

You may or may not be wrong but at this point in the thread and without
actual evidence (packet dumps, repro steps, someth...@!#) it's simply
anybody's guess what actually happened to Mr. Shang's networking devices
of unknown brands and models, running unknown firmware.

You and others then proceeded to implicitly assume that Mr. Shang's
devices are in fact Cisco gear by speculating about what PSIRT should or
should not do (Juniper's team is called SIRT, 3Com's is SRT and HUawei's
is NSIRT...)

Now, further down the email thread somebody from Cisco's PSIRT actually
chimed in (hola Dario!) asking for technical details.

Perhaps we should too ask and wait for actual data from Mr. Shang and
defer for later the construction of hypothetical explanations that are
as robust as a brazilian soccer team with a 1 goal lead.

-ivan

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Hiding Backdoors in plain sight

2010-07-03 Thread Mailing lists at Core Security Technologies 
The CoreTex Team from Core Security is happy to announce the *1st Open
Backdoor Hiding & Finding Contest* to be held at DEFCON 0x12 this year!

Hiding a backdoor in open source code that will be subjected to the
scrutiny of security auditors by the hundredths may not be an easy task.
Positively and unequivocally identifying a cleverly hidden backdoor may
be extremely difficult as well.

But doing both things at DEFCON 0x12 could be a lot of fun!


If you liked to read about the exploits of C. Auguste Dupin, the devious
Minister D. or even the n00b Prefect Monsieur G. [*] here's a chance to
role-play all of them at DEFCON using your favorite coding and code
auditing techniques.

Registration is now open at http://www.backdoorhiding.com

Questions, feedback, comments and general discussion at
https://forum.defcon.org/forumdisplay.php?f=520

Here are the details:

Quick intro

Two in one Backdoor Hiding/Finding Contest (participate in either or
both): In the first stage, hiding participants provide a source code
hiding a backdoor, in the second stage organizers mix the source codes
with non-backdoored (placebos), and then ask finding participants to
spot the placebos. Hiding participants get hiding points for being voted
as a placebo and finding participants get points for spotting the
placebos and negative points for false positives.

Contest Description

The contest includes two games: a backdoor hiding and a backdoor finding
contest which are played simultaneously. The contest will be played in
two rounds: a qualification round that starts before the conference and
ends during the conference, and a second (smaller and shorter) round
during the conference. Each round is a multi-player game, which is
played in two stages. The timeline is included below.

Prizes will be announced shortly. We will give prizes for all those that
get to the qualification round and special prizes for the winners of
each contest.

Qualification round

Stage 1 (hiding): All participants registered for the backdoor hiding
game are given a set of requirements for a software program. Before the
deadline, they must submit the source code for a program that fulfills
these requirements plus includes a backdoor. They must also send a
description explaining how to exploit the backdoor.

Stage 2 (finding): There is new time to register for the backdoor
finding game. All players registered are given a bundle with the
different pieces of source code. To each bundle the organizers will add
a few placebos (source codes that fulfill the requirements but should
not include a backdoor). Before a deadline, the players must answer for
each source code if they believe it includes a backdoor or not.

The winners of each game are the ones that accumulate the most points.
There is a table for computing points (which can be positive or
negative) for the finding contest (X points if it was voted as backdoor
and had a backdoor, Y points if it was voted as backdoor and hadn’t a
backdoor, etc.).

For the hiding contest, it’s simpler: each time one player’s source code
was voted as non-backdoored, the player is given 1 point. The first
participants of the backdoor hiding contest with the most points qualify
for the second round.

Same with the finding contest.

Final Round

Stage 1: We provide a source code in C/C++ and describe the requirements
it fulfills to all the players. We then describe an additional
requirement, and players must write a patch to this source code such
that all of the requirements are fulfilled and a backdoor is hidden in
the code. They must also provide an explanation on how to use the backdoor.

Stage 2: Again, the organizers will add a few patches/source codes that
fulfill the requirements but do not have backdoors. A jury composed of
the winners of the hiding contest (1st stage), a small set of well-known
security experts and the players of stage 1 (round 2) have 3 hours to
cast their votes for each source code if it hides or does not hide a
backdoor. Points are computed according to the same strategy as in the
first round.

The contest is not restricted to any particular programming language.
However, it is part of the instructions that the “work” was commissioned
by a government that needs this software and will audit it. Hence, most
players will stay away from non-mainstream programming languages –since
the non-backdoored programs will most probably be developed in C, C++, etc.

Timeline

-July 1, we open registration.
-July 19th, we open the 1st stage of the qualification round.
Participants are allowed to register until before the July 29 deadline.

-Thursday July 29, 0hs, we stop receiving source codes. Registration for
2nd stage of the first round continues.

-Friday July 30th, 0hs, we open the 2nd stage of the qualification
round: users are allowed to download the source code bundles; the site
accepts votes (YES/NO)

-Saturday July 31st, 12hs, Registration and voting are closed. Shortly,
we announce first round winners of th