Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
stfu idiot.. now go look at your boxes :) and netstatsand enjoy being part of, a much nicer, smaller organisation wich is only here, to destroy you all. :) bye! oh btw, secunia,.com is also, owned. have phun! GLOW On 26 January 2012 09:19, Dave wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 25/01/2012 20:16, adam wrote: >> If we cared, we'd visit that site of our own volition. Secondly, even if we >> were interested: most of the people on these lists are intelligent enough >> not to click on links from spammers. Third, even if the content were >> interesting, even if this were the place for it and even if you hadn't >> spammed: "pay and register" is incentive enough for me *not* to join and * >> not* to ever visit that site again. >> >> Short version: this purpose of this list isn't for you to spam your new >> state-of-the-art website. Instead, it's typically to discuss/disclose >> issues/concepts related to computer/network security. Once in a while, >> there are discussions about the overflowing stupidity that some site >> owners/coders have. For example, people that stupidly (and blindly) inject >> code (e.g. for tracking purposes) into every single file on their site, >> regardless of extension: >> >> http://www.karmacyberintel.net/robots.txt >> >> Another one is blatantly disclosing paths in robots.txt that aren't even >> linked to and would never be found anyway (at least by bots that honor >> robots.txt, which ends up being the exact opposite of the desired effect). >> An example of how/why this can be a problem: >> >> md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, >> if we perform a simple Google search - we can determine that you're likely >> running version 3.3.1 of Wordpress. From there, we have enough information >> to perform a targeted attack on your server. Except, we don't need to >> because you've already made it more than easy enough for us. >> >> Pretty much every single field on http://www.karmacyberintel.net/pay/ is >> vulnerable to SQL injection, which could easily allow anyone to completely >> compromise the database and possibly the entire site. On top of that, >> register.php also allows for session fixation attacks, as a result of >> header/cookie manipulation. If that weren't bad enough, the admin section >> for your karma theme is also vulnerable to cross-site scripting. >> >> Not to mention, all the problems with with how you've configured SSL and >> everything else. If you're going to spam, at least make sure the website >> you're spamming has been tested and determined to be *somewhat* secure. >> > > > > Thanks for the smile. > > If one is not certain that ones own house is not made of glass, it's best to > not throw stones. > > D >> >> On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel < >> karmacyberint...@gmail.com> wrote: >> >>> *UPDATE* After attacking several government sites to protest >>> controversial US legislation in past weeks, hacktivist group Anonymous is >>> setting its sights on one of the Internet's biggest targets: Facebook. Or >>> maybe not. >>> >>> Sources Form karmacyberintel.net >>> >>> for more details >>> >>> >>> http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ > xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh > rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ > EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU > B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y > kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ== > =U0gT > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/01/2012 20:16, adam wrote: > If we cared, we'd visit that site of our own volition. Secondly, even if we > were interested: most of the people on these lists are intelligent enough > not to click on links from spammers. Third, even if the content were > interesting, even if this were the place for it and even if you hadn't > spammed: "pay and register" is incentive enough for me *not* to join and * > not* to ever visit that site again. > > Short version: this purpose of this list isn't for you to spam your new > state-of-the-art website. Instead, it's typically to discuss/disclose > issues/concepts related to computer/network security. Once in a while, > there are discussions about the overflowing stupidity that some site > owners/coders have. For example, people that stupidly (and blindly) inject > code (e.g. for tracking purposes) into every single file on their site, > regardless of extension: > > http://www.karmacyberintel.net/robots.txt > > Another one is blatantly disclosing paths in robots.txt that aren't even > linked to and would never be found anyway (at least by bots that honor > robots.txt, which ends up being the exact opposite of the desired effect). > An example of how/why this can be a problem: > > md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, > if we perform a simple Google search - we can determine that you're likely > running version 3.3.1 of Wordpress. From there, we have enough information > to perform a targeted attack on your server. Except, we don't need to > because you've already made it more than easy enough for us. > > Pretty much every single field on http://www.karmacyberintel.net/pay/ is > vulnerable to SQL injection, which could easily allow anyone to completely > compromise the database and possibly the entire site. On top of that, > register.php also allows for session fixation attacks, as a result of > header/cookie manipulation. If that weren't bad enough, the admin section > for your karma theme is also vulnerable to cross-site scripting. > > Not to mention, all the problems with with how you've configured SSL and > everything else. If you're going to spam, at least make sure the website > you're spamming has been tested and determined to be *somewhat* secure. > Thanks for the smile. If one is not certain that ones own house is not made of glass, it's best to not throw stones. D > > On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel < > karmacyberint...@gmail.com> wrote: > >> *UPDATE* After attacking several government sites to protest >> controversial US legislation in past weeks, hacktivist group Anonymous is >> setting its sights on one of the Internet's biggest targets: Facebook. Or >> maybe not. >> >> Sources Form karmacyberintel.net >> >> for more details >> >> >> http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ== =U0gT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
+1 On 2012-01-25 12:17 PM, "adam" wrote: > If we cared, we'd visit that site of our own volition. Secondly, even if > we were interested: most of the people on these lists are intelligent > enough not to click on links from spammers. Third, even if the content were > interesting, even if this were the place for it and even if you hadn't > spammed: "pay and register" is incentive enough for me *not* to join and * > not* to ever visit that site again. > > Short version: this purpose of this list isn't for you to spam your new > state-of-the-art website. Instead, it's typically to discuss/disclose > issues/concepts related to computer/network security. Once in a while, > there are discussions about the overflowing stupidity that some site > owners/coders have. For example, people that stupidly (and blindly) inject > code (e.g. for tracking purposes) into every single file on their site, > regardless of extension: > > http://www.karmacyberintel.net/robots.txt > > Another one is blatantly disclosing paths in robots.txt that aren't even > linked to and would never be found anyway (at least by bots that honor > robots.txt, which ends up being the exact opposite of the desired effect). > An example of how/why this can be a problem: > > md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, > if we perform a simple Google search - we can determine that you're likely > running version 3.3.1 of Wordpress. From there, we have enough information > to perform a targeted attack on your server. Except, we don't need to > because you've already made it more than easy enough for us. > > Pretty much every single field on http://www.karmacyberintel.net/pay/ is > vulnerable to SQL injection, which could easily allow anyone to completely > compromise the database and possibly the entire site. On top of that, > register.php also allows for session fixation attacks, as a result of > header/cookie manipulation. If that weren't bad enough, the admin section > for your karma theme is also vulnerable to cross-site scripting. > > Not to mention, all the problems with with how you've configured SSL and > everything else. If you're going to spam, at least make sure the website > you're spamming has been tested and determined to be *somewhat* secure. > > > On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel < > karmacyberint...@gmail.com> wrote: > >> *UPDATE* After attacking several government sites to protest >> controversial US legislation in past weeks, hacktivist group Anonymous is >> setting its sights on one of the Internet's biggest targets: Facebook. Or >> maybe not. >> >> Sources Form karmacyberintel.net >> >> for more details >> >> >> http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
Anonymous is definitely not a group (as in a group that has actual members), you should know better. 2012/1/25 karma cyberintel > *UPDATE* After attacking several government sites to protest > controversial US legislation in past weeks, hacktivist group Anonymous is > setting its sights on one of the Internet's biggest targets: Facebook. Or > maybe not. > > Sources Form karmacyberintel.net > > for more details > > > http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: "pay and register" is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel < karmacyberint...@gmail.com> wrote: > *UPDATE* After attacking several government sites to protest > controversial US legislation in past weeks, hacktivist group Anonymous is > setting its sights on one of the Internet's biggest targets: Facebook. Or > maybe not. > > Sources Form karmacyberintel.net > > for more details > > > http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
*UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
