Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

2010-01-25 Thread omg wtf 
-100

We need more responsible IT departments.

On Sun, Jan 24, 2010 at 1:29 PM, Bipin Gautam wrote:

> +1
>
> WE NEED MORE DISCUSSION ON THIS!!!
>
>
> -bipin
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE 8 remote code execution exploit to sell

2010-01-25 Thread omg wtf 
Admiral Ackbar just called me a few minutes ago about this one too!

On Sun, Jan 24, 2010 at 4:52 PM, Orn Roswell  wrote:

> Hello,
>
> I am selling IE 8 remote code execution exploit (not patched by the last
> Microsoft fix). Working under Windows Vista & Windows 7.
>
> Regards,
>
>[ORN ROSWELL]
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs

2010-01-20 Thread omg wtf 
Lol.

Everyone keeps forgetting the social engineering aspects of utilizing
exploits. Especially if someone is using AntiVirus 2011 and has a google
wave account.

On Tue, Jan 19, 2010 at 8:10 PM,  wrote:

> On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said:
> > Yeah, no kidding.  Surprise! Untrusted files can be malicious.  If you
> > accept files from those whom you do not trust, whether its via e-mail,
> > instant message, Google Wave, or physical media, you well and truly
> deserve
> > the virus that'll eventually infect your machine.
>
> Let's see.. *HOW* many years ago did we first see e-mail based viruses that
> depended on people opening them because they came from people they already
> knew?  'CHRISTMA EXEC' in 1984 comes to mind.
>
> The problem here is that Google Wave is for *collaboration* - which means
> that you're communicating with people you already know, and presumably
> trust to some degree or other. "Hey Joe, look at this PDF and tell me
> what you think" is something reasonable when the request comes from
> somebody
> who Joe knows and who has sent Joe PDF's in the past.
>
> I guarantee that if every time you receive a document that appears to be
> from
> your boss, you call back and ask if they really intended to send a document
> or
> if it's a virus, your boss will get very cranky with you very fast.
>
> Let's look at that original advisory again:
>
> >> An attacker could upload his malware to a wave and share it to his
> >> Google Wave contacts.
>
> Now change that to "An attacker could trick/pwn some poor victim into
> uploading
> the malware to a wave"  Hilarity ensues.
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes

2010-01-20 Thread omg wtf 
Sharepoint

On Wed, Jan 20, 2010 at 9:38 AM, James Matthews  wrote:

> Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
> forever. It doesn't suit their image.
>
> On Wed, Jan 20, 2010 at 6:30 AM, Christian Sciberras wrote:
>
>> On my IE6 this doesn't work (crash), but it does on IE7. I'm on WinXP Pro
>> SP3 DEP+.
>>
>>
>>
>>
>>
>> On Wed, Jan 20, 2010 at 11:57 AM, Berend-Jan Wever <
>> berendjanwe...@gmail.com> wrote:
>>
>>> Two NULL pointer crashes, they do not affect MSIE 8.0. Repros can be
>>> found here:
>>>
>>> http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/
>>>
>>> Cheers,
>>> SkyLined
>>>
>>> 
>>> Berend-Jan Wever 
>>> http://skypher.com/SkyLined
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> http://www.astorandblack.com
>
> --
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs

2010-01-19 Thread omg wtf 
Apparently not. Read Google's Response:

2010.01.14: Google Security Team informs me, that uploaded files will be
   now scanned for malware. Google Gadgets will be not updated.

On Tue, Jan 19, 2010 at 7:11 AM, dramacrat  wrote:

> This is the stupidest advisory I have read on this list in at least two
> months.
>
> 2010/1/19 NSO Research 
>
> _
>> Security Advisory NSOADV-2010-002
>> _
>> _
>>
>>
>>  Title:  Google Wave Design Bugs
>>  Severity:   Low
>>  Advisory ID:NSOADV-2010-002
>>  Found Date: 16.11.2009
>>  Date Reported:  18.11.2009
>>  Release Date:   19.01.2010
>>  Author: Nikolas Sotiriu (lofi)
>>  Mail:   nso-research at sotiriu.de
>>  URL:http://sotiriu.de/adv/NSOADV-2010-002.txt
>>  Vendor: Google (http://www.google.com/)
>>  Affected Products:  Google Wave Preview (Date: =< 14.01.2010)
>>  Not Affected Component: Google Wave Preview (Date: >= 14.01.2010)
>>  Remote Exploitable: Yes
>>  Local Exploitable:  No
>>  Patch Status:   partially patched
>>  Discovered by:  Nikolas Sotiriu
>>  Disclosure Policy:  http://sotiriu.de/policy.html
>>  Thanks to:  Thierry Zoller: For the permission to use his
>>  Policy
>>
>>
>>
>> Background:
>> ===
>>
>> Google Wave is an online tool for real-time communication and
>> collaboration. A wave can be both a conversation and a document where
>> people can discuss and work together using richly formatted text,
>> photos, videos, maps, and more.
>>
>> (Product description from Google Website)
>>
>>
>>
>> Description:
>> 
>>
>> All this possible attacks are the result of playing 4 hours with Google
>> Wave. I didn't check all the funny stuff, which is possible with the Wave.
>>
>>
>>
>> 1. Gadget phishing attack:
>> --
>>
>> The Google Wave Gadget API can be used for phishing attacks.
>>
>> An attacker can build his own phishing Gadget, share it with his Google
>> Wave contacts an hopefully get the login credentials from a user.
>>
>> This behavior is normal. The Problem is, that this "bug" makes it easier
>> to steal logins.
>>
>>
>> 2. Virus spreading attack:
>> --
>>
>> Uploads Files are not scanned for malicious code.
>>
>> An attacker could upload his malware to a wave and share it to his
>> Google Wave contacts.
>>
>>
>>
>> Proof of Concept :
>> ==
>>
>> A proof of concept gadget can be found here:
>> http://sotiriu.de/demos/phgadget.xml
>>
>>
>>
>> Solution:
>> =
>>
>> 1. No changes made here.
>>   Workaround: Don't trust Waves.
>>
>> 2. Google builds in AV scanning.
>>
>>
>>
>> Disclosure Timeline (/MM/DD):
>> =
>>
>> 2009.11.16: Vulnerability found
>> 2009.11.17: Sent PoC, Advisory, Disclosure policy and planned disclosure
>>date (2009.12.03) to Vendor
>> 2009.11.23: Vendor response
>> 2009.12.01: Ask for a status update, because the planned release date is
>>2009.12.03.
>> 2009.12.03: Google Security Team asks for 2 more week to patch.
>> 2009.12.03: Changed release date to 2009.12.17.
>> 2009.12.15: Ask for a status update, because the planned release date is
>>2009.12.17. => No Response
>> 2009.12.21: Ask for a status update.
>> 2009.12.29: Google Security Team informs me, that there are no changes
>>made before 2010.01.03.
>> 2010.01.14: Google Security Team informs me, that uploaded files will be
>>now scanned for malware. Google Gadgets will be not updated.
>> 2010.01.19: Release of this Advisory
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] All China, All The Time

2010-01-19 Thread omg wtf 
Jokes aside has anyone seen this?

http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js

On Mon, Jan 18, 2010 at 1:44 PM, Christian Sciberras wrote:

> Bipin,
>
> I'm not "wise" either, at least not when it comes to security, I'm just
> still discovering this world.
> Other then that, I didn't understand a thing of what you said.
>
> Regards,
> Christian Sciberras.
>
>
>
>
> On Mon, Jan 18, 2010 at 8:42 PM, Bipin Gautam wrote:
>
>> Christian!
>>
>> I may not be "wise" as you all but i left FD long back --- still i
>> happen to stumble into security bugs every now and then. No i dodnt
>> sat on a chair to look for it! It JUST followed me like a shadows.
>>
>> I hate it...
>>
>> At one point in time i got so sick of it all, i stopped my counting of
>> my number of advisory.. but that doesnt help either.
>>
>> BOTTOM LINE: ITS A PROBLEM BY ARCHITECTURE! A direction where infinite
>> things can go wrong because "your teeth are stronger if your roots are
>> stronger"?
>>
>> With due respect, I dont want to waste a life working on something
>> like that for my whole life. nothing
>> meaningful @end!
>>
>> Just business and politics that is fueling this ecosystem and we are
>> like the soldiers fighting for "virtue"?
>>
>> f*** it  
>>
>> THINK ABOUT IT.
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE8 Crash

2010-01-18 Thread omg wtf 
I improved the counter:

var y = 2;

function changeBody(){
y=y*y

frame.contentWindow.document.body.innerHTML = y + div_html;

setTimeout(changeBody,1);

}

On Mon, Jan 18, 2010 at 4:20 AM, Christian Sciberras wrote:

> Nice...err...counter thingy? I don't see any crashes. Besides, there's a
> lot of redundant (and possibly useless) code?
>
>
> On Mon, Jan 18, 2010 at 10:57 AM, Tim Kunschke 
> wrote:
>
>> Stack Smasher schrieb:
>> >
>> > 
>> >
>> > 
>> >
>> > 
>> >
>> > var div_html = '
foo
foo
> > id="1foo">foo
foo | > > href="#">foo
foo
> > />foo
foo
';
>> >
>> > var frame;
>> >
>> > function newIFrame(){
>> >
>> > document.body.appendChild(frame = document.createElement("iframe"));
>> >
>> > setTimeout(changeBody,100);
>> >
>> > }
>> >
>> > var y = 0;
>> >
>> > function changeBody(){
>> >
>> > frame.contentWindow.document.body.innerHTML = y++ + div_html;
>> >
>> > setTimeout(changeBody,1);
>> >
>> > }
>> >
>> > setTimeout(newIFrame,1);
>> >
>> > 
>> >
>> > 
>> >
>> > 
>> >
>> >
>> >
>> > --
>> > "If you see me laughing, you better have backups"
>> >
>> >
>> > 
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> It does not work,
>>
>> it's just a counter : - )
>>
>> System: German XP Pro Sp3, IE8
>>
>>
>> with kind regards,
>> Tim Kunschke
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/