Re: [Full-disclosure] Am I missing anything ?
Simon and Joey, Your comments are not contributing anything of value to the list and is causing SNR of the list to go down. I strongly suggest for you to both take your personal banter off-list. I suspect that the rest of the list does not want to hear your personal banter toward each other. This is a security list, not a space for your personal bickering. Grow up. On Monday 23 July 2007 18:48, Simon Smith wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45qCTvrr jXRx1 SwjDJMB/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Might I propose a new tag line for this list? Full disclosure: more entertainment than wrestlemania. Full disclosure: I never want to grow up I want to be a full disclosure kid. /me now waits to hear from toys r us over that last one ;) Cheers! Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Simon Smith [EMAIL PROTECTED] Date: Mon, 23 Jul 2007 20:43:37 To:[EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Am I missing anything ? Oh so now you're calling me old? On 7/23/07 7:37 PM, Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrrjXRx1 SwjDJMB/ -- Inventors: Does your idea have potential for millions? Click for info http://tagline.hushmail.com/fc/Ioyw6h4dkcnaUMsOe5nQ4NrMFQ3SiRlt5nAvPQ2aVmvq0VR WpncutX/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
On Tue, 24 Jul 2007, Deeþàn Chakravarthÿ wrote: Hi, Yes. Do not forget to mention that Security 2.0 is only half of the truth. Folks tends to buy protections against any kind of Cross Brain Smashing (CBS) or Anti-Anti-Anti Think Pinning (AAATP) and used to let their X and telnet servers open. l8er, Sebastian Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ~ ~ perl self.pl ~ $_='print\$_=\47$_\47;eval';eval ~ [EMAIL PROTECTED] - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
No Kradorex Xerox, you grow up. J On Mon, 23 Jul 2007 20:08:02 -0400 Kradorex Xeron [EMAIL PROTECTED] wrote: Simon and Joey, Your comments are not contributing anything of value to the list and is causing SNR of the list to go down. I strongly suggest for you to both take your personal banter off- list. I suspect that the rest of the list does not want to hear your personal banter toward each other. This is a security list, not a space for your personal bickering. Grow up. On Monday 23 July 2007 18:48, Simon Smith wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security- express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrr jXRx1 SwjDJMB/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HASH(0x8c014fc) HASH(0x8c0c440) http://tagline.hushmail.com/fc/Ioyw6h4d93RpjGGTKUACHThNBSqdoSIfyqoz90nxOK30Jd8o3VLAPe/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Suggestion respectfully rejected. Please grow up n3td3v. J On Mon, 23 Jul 2007 19:55:21 -0400 php0t [EMAIL PROTECTED] wrote: No offense towards either of you, this is just a suggestion... how'bout taking this off-list? Thanks for even reading. php0t - Original Message - From: Joey Mengele [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Sent: Tuesday, July 24, 2007 1:37 AM Subject: Re: [Full-disclosure] Am I missing anything ? LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security- express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoy po FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5 J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV 45 qCTvrrjXRx1 SwjDJMB/ -- HASH(0x87b34d0) HASH(0x8c3355c) http://tagline.hushmail.com/fc/Ioyw6h4dDc5GMrmAMngcNO77nqJJ9MzP8So8 ldYx8GCBp6z1ACFkbG/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HASH(0x8be85b0) HASH(0x8bd8194) http://tagline.hushmail.com/fc/Ioyw6h4dDc5GlTgQ36BWF3tWlqKRqh6WUXQHOogxHT7dNtHXSkfaZa/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
On Mon, 23 Jul 2007 18:47:33 EDT, Kevin Finisterre (lists) said: Yeah... Adriel loves the cock. What's he call his *other* hand? :) (Well dammit, I got this big bag of Purina Troll Chow, and I need to get rid of it *somehow* :) pgpe3MZCdRgKn.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
My other hand is called Valdis :] On 7/24/07 12:06 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Mon, 23 Jul 2007 18:47:33 EDT, Kevin Finisterre (lists) said: Yeah... Adriel loves the cock. What's he call his *other* hand? :) (Well dammit, I got this big bag of Purina Troll Chow, and I need to get rid of it *somehow* :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
http://uncyclopedia.org/wiki/Pot_v._Kettle Kradorex Xeron wrote: Simon and Joey, Your comments are not contributing anything of value to the list and is causing SNR of the list to go down. I strongly suggest for you to both take your personal banter off-list. I suspect that the rest of the list does not want to hear your personal banter toward each other. This is a security list, not a space for your personal bickering. Grow up. On Monday 23 July 2007 18:48, Simon Smith wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Am I missing anything ?
Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Don't forget all the nasty Java slut action.. On 7/23/07, Deeþàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- If you see me laughing, you better have backups ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Anti-DNS pinning. Deeþàn Chakravarthÿ wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Moshe :: Trancer 0nly Human... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
On Tue, 24 Jul 2007 01:20:14 +0800, =?ISO-8859-1?Q?Dee=FE=E0n_Chakravarth=FF?= said: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. If you get through the people's heads the concept of Filter in good, rather than filter out bad, you'll have done the world a great service. Note that following that principle closes out multiple flavors of attack that you list. pgpT4SfpTGVTu.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Canonicalization Input Validation Buffer Overflows (Stack Buffer Overflows - Heap/BSS/Data Overflows) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deeþàn Chakravarthÿ Sent: Monday, July 23, 2007 1:20 PM To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Am I missing anything ? Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
I suggest taking a look at OWASP's top ten list: http://www.owasp.org/index.php/Top_10_2007 - Original Message From: Deeþàn Chakravarthÿ [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Monday, July 23, 2007 11:20:14 AM Subject: [Full-disclosure] Am I missing anything ? Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Off the top of my head: cookie manipulation, weak session number predictability, second-order command injection, parameter manipulation such as shell redirects/pipe issues, web services (SOAP, WSDL access etc) and dangerous HTTP methods such as PUT. There'll be more, but I'm still on my first coffee... Good luck! Carl Deeþàn Chakravarthÿ wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Just a few additions/ideas: You have RFI but not LFI.. so add that. I'd also say general input validations as some other mentioned. This ties into your XSS (persistent or otherwise) and some of your other issues like injecting code/iframes/xss etc into forums and so on. Also as mentioned a big on is sessions and user privilege management. If sessions are predictable or don't expire (think the Orkut posts recently) this can be problems. Also, there are additional things you can look for like tieing a session to IP address or checking things that are passed by the browser. This would include HTTP REFER/REFERRER which can also be a security issue if relied on too heavily. On the user management side, checking things like elevating privileges and what not are big issues. Or verifying a user can make a certain action like changing passwords for their account only etc. Look for weak methods of password reseting. This can be a DoS to users or it can be predictable resulting in account compromise. Also, username enumeration due to poorly implemented features like this as well at login/password reset prompts. A few other things come to mind but I think what you've got plus all these responses should be more than enough to bore/excite an audience with. :) Steven securityzone.org Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
I would advise checking out the Threat Classification by The Web Application Security Consortium at http://www.webappsec.org/projects/threat/. Version 2 is in the works and should be out in a month or so with MANY updates. - Robert Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HASH(0x8bd7ac0) HASH(0x87fb934) http://tagline.hushmail.com/fc/Ioyw6h4eS1tp3YunZl1omqrchCZ0l0MG8W8sIWJczYixuCY1QgD9oM/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007-07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypoFUtlgi140Vz qsFboKh/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- HASH(0x885f2d4) HASH(0x8bd1dbc) http://tagline.hushmail.com/fc/Ioyw6h4d9GwCC5pK2w85gVklTRYLnDdKfCDen5VtoaI8OM1T97D7C4/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5BBwM8QupVOr uN77l3H/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- HASH(0x8a54f3c) HASH(0x8bccc7c) http://tagline.hushmail.com/fc/Ioyw6h4dDc5NrpRl1n0XP0nSlgETn0pSwV9WTSJW0Y9g72Ddk5ldwc/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45qCTvrrjXRx1 SwjDJMB/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Wow Glad I joined this list today. Sent from my BlackBerry® wireless device -Original Message- From: Simon Smith [EMAIL PROTECTED] Date: Mon, 23 Jul 2007 18:48:14 To:[EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Am I missing anything ? Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45qCTvrrjXRx1 SwjDJMB/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Yeah... Adriel loves the cock. -KF On Jul 23, 2007, at 6:40 PM, Joey Mengele wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- HASH(0x8a54f3c) HASH(0x8bccc7c) http://tagline.hushmail.com/fc/ Ioyw6h4dDc5NrpRl1n0XP0nSlgETn0pSwV9WTSJW0Y9g72Ddk5ldwc/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrrjXRx1 SwjDJMB/ -- HASH(0x87b34d0) HASH(0x8c3355c) http://tagline.hushmail.com/fc/Ioyw6h4dDc5GMrmAMngcNO77nqJJ9MzP8So8ldYx8GCBp6z1ACFkbG/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
Oh so now you're calling me old? On 7/23/07 7:37 PM, Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOLOLOL. I submit, you have proven your maturity. J On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith [EMAIL PROTECTED] wrote: Right kid... Can we also agree that you are immature? I mean, we can't lay this to rest unless we come to a compromise. Frankly, I don't feel that it would be a compromise if you didn't come half way in this relationship. While we're at it... Lets also agree that you're a coward, probably fat and lethargic... With no real friends... Who never really gets laid? Yeah I think that about sums it up... ;] On 7/23/07 6:40 PM, Joey Mengele [EMAIL PROTECTED] wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need for this thread to continue. J On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith [EMAIL PROTECTED] wrote: You are right with respect to your RFI comment... But as far as me learning anything, don't count on it. I am after all an ignorant jackass remember? On 7/23/07 6:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: But I am right, am I not? Just pointing out what everyone else was thinking already :) Anyway, if you are implying I am immature because of my ad homonym, please refer to the following: http://archives.neohapsis.com/archives/fulldisclosure/2007- 01/0380.html You should have learned from KF by now the infosec mantra 'live by the niggerdong, die by the niggerdong' J On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith [EMAIL PROTECTED] wrote: Kid, your posts continue to clearly demonstrate your immaturity. http://www.security-express.com/archives/fulldisclosure/2007- 07/0404.html http://archives.neohapsis.com/archives/fulldisclosure/2007- 07/0372.html http://seclists.org/fulldisclosure/2007/Jul/0369.html http://seclists.org/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, Joey Mengele [EMAIL PROTECTED] wrote: Doesn't RFI stand for remote file inclusion you ignorant jackass? J On Mon, 23 Jul 2007 17:20:56 -0400 Simon Smith [EMAIL PROTECTED] wrote: Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, Deeflàn Chakravarthÿ [EMAIL PROTECTED] wrote: Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure- charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Not making enough money? Click here to get free info on medical jobs http://tagline.hushmail.com/fc/Ioyw6h4d93UCWauNfldnj1w6hNlG5GkZoypo FUtlgi140Vz qsFboKh/ -- Click to get a free credit repair consultation, raise your FICO score http://tagline.hushmail.com/fc/Ioyw6h4d7lz4ao5ZGQpPej5hG4nLRpsNA5J5 BBwM8QupVOr uN77l3H/ -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/Ioyw6h4dDtIwWKRMvTcjIZIDbGjdtasetV45 qCTvrrjXRx1 SwjDJMB/ -- Inventors: Does your idea have potential for millions? Click for info http://tagline.hushmail.com/fc/Ioyw6h4dkcnaUMsOe5nQ4NrMFQ3SiRlt5nAvPQ2aVmvq0VR WpncutX/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Am I missing anything ?
On 7/23/07, Simon Smith [EMAIL PROTECTED] wrote: Oh so now you're calling me old? pop, sip, burp, a! drink anyone ? ;-P - nocon ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/