[Full-disclosure] Vulnerability in Gentoo hardened
El 24/04/12 14:41, Григорий Братислава escribió: > Is good evening. Is good afternoon. > I is would like to warn you about is vulnerability in > Backtrack is all version. I is want to advise you on one failure in Gentoo Hardened at all types > Backtrack Linux is penetration tester is system. Is come complete with > tool for to make hacking for penetration tester. Gentoo Hardened is advanced security is system. Is come complete with hardened nucleum for to make at system is securer > In is booting Backtrack, vulnerability exist in booting for when start > if attacker is edit grub, attacker can bypass restricted user and is > boot into admin account. E.g.: In is making Gentoo Hardened, failure exist in sysadmin at when usage if attacker is rubber hose, attacker can override authentication and is make admin account. Making simple program. E.g.: 1. Apply rubber hose for sysadmin 2. Ask at password and try it. 3. If error make 1. > I is will make this into video for bypassing security in Backtrack for > to post on InfoSecInstitute I is will be this for video by bypassing security at Gentoo Hardened or to post by Youtube. I is named "Reservoir Dogs". PD: Bad English written on purpose, please forgive me for any correct grammar I may have used :P PD2: Григорий seeing your historial I think the mail was a joke but anyway, just in the improbable case it may not be: 1. Bad administration issues are not global to a distro issues. 2. Make sure a vulnerability is not a not so secure by design feature. 3. Really if you ever want to write a paper or something make sure you get it readen by at least two or three english speaking partners for your own sake. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
> PD: Bad English written on purpose, please forgive me for any correct > grammar I may have used :P > PD2: Григорий seeing your historial I think the mail was a joke but if you read his "advisories" and "0-days" you know: It's not a joke... -- Kind Regards Milan Berger Project-Mindstorm Technical Engineer --- project-mindstorm.net Fruehlingstrasse 4 90537 Feucht Germany Mob.: +49 176 22 98 76 02 https://www.ghcif.de http://www.nopaste.info (for sale) https://www.digital-bit.ch http://www.project-mindstorm.net twitter: http://twitter.com/twit4c ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > if you read his "advisories" and "0-days" you know: It's not a joke... I always thought it was misunderstood performance art... pgpBMDMGRP44M.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
Which always turns out to be the best... Sent from my Windows Phone From: valdis.kletni...@vt.edu Sent: 4/24/2012 9:16 AM To: Milan Berger Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Vulnerability in Gentoo hardened On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > if you read his "advisories" and "0-days" you know: It's not a joke... I always thought it was misunderstood performance art... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: > On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > > if you read his "advisories" and "0-days" you know: It's not a joke... > > I always thought it was misunderstood performance art... this one appears to be true: http://seclists.org/fulldisclosure/2011/Jul/312 Full disclosure is arrest of Sabu (check the date) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 3:56 AM, Georgi Guninski wrote: > On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: >> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >>> if you read his "advisories" and "0-days" you know: It's not a joke... >> I always thought it was misunderstood performance art... > > > this one appears to be true: > http://seclists.org/fulldisclosure/2011/Jul/312 > Full disclosure is arrest of Sabu > (check the date) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Nope, im still here :p ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 3:56 AM, Georgi Guninski wrote: > On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: >> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >>> if you read his "advisories" and "0-days" you know: It's not a joke... >> I always thought it was misunderstood performance art... > > > this one appears to be true: > http://seclists.org/fulldisclosure/2011/Jul/312 > Full disclosure is arrest of Sabu > (check the date) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ And thats when sabu was MIA from twitter and everyone knew about that, nobody really knew why though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 4:48 AM, Benji wrote: > except it was rather obvious why. > > On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote: >> On 4/25/12 3:56 AM, Georgi Guninski wrote: >>> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > if you read his "advisories" and "0-days" you know: It's not a joke... I always thought it was misunderstood performance art... >>> >>> this one appears to be true: >>> http://seclists.org/fulldisclosure/2011/Jul/312 >>> Full disclosure is arrest of Sabu >>> (check the date) >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> And thats when sabu was MIA from twitter and everyone knew about that, >> nobody really knew why though. >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ In hindsight yes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
No, with open eyes sight. If you chose not to believe the obvious at the time, that is your own mistake and proof that you (general you, not you specifically) were more interested in being part of the crowd than thinking. On Wed, Apr 25, 2012 at 10:52 AM, Laurelai wrote: > On 4/25/12 4:48 AM, Benji wrote: >> >> except it was rather obvious why. >> >> On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote: >>> >>> On 4/25/12 3:56 AM, Georgi Guninski wrote: On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: > > On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >> >> if you read his "advisories" and "0-days" you know: It's not a joke... > > I always thought it was misunderstood performance art... this one appears to be true: http://seclists.org/fulldisclosure/2011/Jul/312 Full disclosure is arrest of Sabu (check the date) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> And thats when sabu was MIA from twitter and everyone knew about that, >>> nobody really knew why though. >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ > > In hindsight yes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 4:54 AM, Benji wrote: > No, with open eyes sight. If you chose not to believe the obvious at > the time, that is your own mistake and proof that you (general you, > not you specifically) were more interested in being part of the crowd > than thinking. > > > On Wed, Apr 25, 2012 at 10:52 AM, Laurelai wrote: >> On 4/25/12 4:48 AM, Benji wrote: >>> except it was rather obvious why. >>> >>> On Wed, Apr 25, 2012 at 10:27 AM, Laurelaiwrote: On 4/25/12 3:56 AM, Georgi Guninski wrote: > On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: >> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >>> if you read his "advisories" and "0-days" you know: It's not a joke... >> I always thought it was misunderstood performance art... > > this one appears to be true: > http://seclists.org/fulldisclosure/2011/Jul/312 > Full disclosure is arrest of Sabu > (check the date) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ And thats when sabu was MIA from twitter and everyone knew about that, nobody really knew why though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >> In hindsight yes. There are any number of reasons why someone, even sabu could have stopped tweeting then started back up again. It just turned out that this was the case this time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
And choosing to believe any of the other reasons when you think you're an '1337 hacker' and are involved in that world, is a personality problem, end of. On Wed, Apr 25, 2012 at 10:58 AM, Laurelai wrote: > On 4/25/12 4:54 AM, Benji wrote: >> >> No, with open eyes sight. If you chose not to believe the obvious at >> the time, that is your own mistake and proof that you (general you, >> not you specifically) were more interested in being part of the crowd >> than thinking. >> >> >> On Wed, Apr 25, 2012 at 10:52 AM, Laurelai wrote: >>> >>> On 4/25/12 4:48 AM, Benji wrote: except it was rather obvious why. On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote: > > On 4/25/12 3:56 AM, Georgi Guninski wrote: >> >> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu >> wrote: >>> >>> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: if you read his "advisories" and "0-days" you know: It's not a joke... >>> >>> I always thought it was misunderstood performance art... >> >> >> this one appears to be true: >> http://seclists.org/fulldisclosure/2011/Jul/312 >> Full disclosure is arrest of Sabu >> (check the date) >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > And thats when sabu was MIA from twitter and everyone knew about that, > nobody really knew why though. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> In hindsight yes. > > There are any number of reasons why someone, even sabu could have stopped > tweeting then started back up again. It just turned out that this was the > case this time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 4:59 AM, Benji wrote: > And choosing to believe any of the other reasons when you think you're > an '1337 hacker' and are involved in that world, is a personality > problem, end of. > > On Wed, Apr 25, 2012 at 10:58 AM, Laurelai wrote: >> On 4/25/12 4:54 AM, Benji wrote: >>> No, with open eyes sight. If you chose not to believe the obvious at >>> the time, that is your own mistake and proof that you (general you, >>> not you specifically) were more interested in being part of the crowd >>> than thinking. >>> >>> >>> On Wed, Apr 25, 2012 at 10:52 AM, Laurelaiwrote: On 4/25/12 4:48 AM, Benji wrote: > except it was rather obvious why. > > On Wed, Apr 25, 2012 at 10:27 AM, Laurelai > wrote: >> On 4/25/12 3:56 AM, Georgi Guninski wrote: >>> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu >>> wrote: On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > if you read his "advisories" and "0-days" you know: It's not a > joke... I always thought it was misunderstood performance art... >>> >>> this one appears to be true: >>> http://seclists.org/fulldisclosure/2011/Jul/312 >>> Full disclosure is arrest of Sabu >>> (check the date) >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> And thats when sabu was MIA from twitter and everyone knew about that, >> nobody really knew why though. >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ In hindsight yes. >> There are any number of reasons why someone, even sabu could have stopped >> tweeting then started back up again. It just turned out that this was the >> case this time. I prefer not making assumptions about things i dont have any information on. Sorry you consider that a personality problem :p ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
You should be paranoid if someone could construe what you're doing as illegal. On Wed, Apr 25, 2012 at 11:07 AM, Laurelai wrote: > On 4/25/12 4:59 AM, Benji wrote: >> >> And choosing to believe any of the other reasons when you think you're >> an '1337 hacker' and are involved in that world, is a personality >> problem, end of. >> >> On Wed, Apr 25, 2012 at 10:58 AM, Laurelai wrote: >>> >>> On 4/25/12 4:54 AM, Benji wrote: No, with open eyes sight. If you chose not to believe the obvious at the time, that is your own mistake and proof that you (general you, not you specifically) were more interested in being part of the crowd than thinking. On Wed, Apr 25, 2012 at 10:52 AM, Laurelai wrote: > > On 4/25/12 4:48 AM, Benji wrote: >> >> except it was rather obvious why. >> >> On Wed, Apr 25, 2012 at 10:27 AM, Laurelai >> wrote: >>> >>> On 4/25/12 3:56 AM, Georgi Guninski wrote: On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: > > On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >> >> if you read his "advisories" and "0-days" you know: It's not a >> joke... > > I always thought it was misunderstood performance art... this one appears to be true: http://seclists.org/fulldisclosure/2011/Jul/312 Full disclosure is arrest of Sabu (check the date) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> And thats when sabu was MIA from twitter and everyone knew about >>> that, >>> nobody really knew why though. >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ > > In hindsight yes. >>> >>> There are any number of reasons why someone, even sabu could have stopped >>> tweeting then started back up again. It just turned out that this was the >>> case this time. > > I prefer not making assumptions about things i dont have any information on. > Sorry you consider that a personality problem :p ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On 4/25/12 5:08 AM, Benji wrote: > You should be paranoid if someone could construe what you're doing as illegal. > > On Wed, Apr 25, 2012 at 11:07 AM, Laurelai wrote: >> On 4/25/12 4:59 AM, Benji wrote: >>> And choosing to believe any of the other reasons when you think you're >>> an '1337 hacker' and are involved in that world, is a personality >>> problem, end of. >>> >>> On Wed, Apr 25, 2012 at 10:58 AM, Laurelaiwrote: On 4/25/12 4:54 AM, Benji wrote: > No, with open eyes sight. If you chose not to believe the obvious at > the time, that is your own mistake and proof that you (general you, > not you specifically) were more interested in being part of the crowd > than thinking. > > > On Wed, Apr 25, 2012 at 10:52 AM, Laurelai > wrote: >> On 4/25/12 4:48 AM, Benji wrote: >>> except it was rather obvious why. >>> >>> On Wed, Apr 25, 2012 at 10:27 AM, Laurelai >>> wrote: On 4/25/12 3:56 AM, Georgi Guninski wrote: > On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu > wrote: >> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: >>> if you read his "advisories" and "0-days" you know: It's not a >>> joke... >> I always thought it was misunderstood performance art... > > this one appears to be true: > http://seclists.org/fulldisclosure/2011/Jul/312 > Full disclosure is arrest of Sabu > (check the date) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ And thats when sabu was MIA from twitter and everyone knew about that, nobody really knew why though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >> In hindsight yes. There are any number of reasons why someone, even sabu could have stopped tweeting then started back up again. It just turned out that this was the case this time. >> I prefer not making assumptions about things i dont have any information on. >> Sorry you consider that a personality problem :p Well its a good thing I dont do illegal shit, probably why im not paranoid all the time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
except it was rather obvious why. On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote: > On 4/25/12 3:56 AM, Georgi Guninski wrote: >> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: >>> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: if you read his "advisories" and "0-days" you know: It's not a joke... >>> I always thought it was misunderstood performance art... >> >> >> this one appears to be true: >> http://seclists.org/fulldisclosure/2011/Jul/312 >> Full disclosure is arrest of Sabu >> (check the date) >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > And thats when sabu was MIA from twitter and everyone knew about that, > nobody really knew why though. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On Wed, Apr 25, 2012 at 04:26:57AM -0500, Laurelai wrote: > On 4/25/12 3:56 AM, Georgi Guninski wrote: > > On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote: > >> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: > >>> if you read his "advisories" and "0-days" you know: It's not a joke... > >> I always thought it was misunderstood performance art... > > > > > > this one appears to be true: > > http://seclists.org/fulldisclosure/2011/Jul/312 > > Full disclosure is arrest of Sabu > > (check the date) > > > Nope, im still here :p > ok, sorry. i mean the Sabu part of the email. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
