Re: [Full-disclosure] WTF
Hi, On Sat, May 7, 2011 at 12:19 AM, Gustavo wrote: > > WTF ? > > notebook:~$ ping www.compusa.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 > ms > > notebook:~$ ping www.tigerdirect.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 > ms > Hehe...This is funny. Well, to me, *bh.georedirector.akadns.net* seems to be the culprit. Here is what I got on my box... $ host compusa.com compusa.com has address 206.191.131.89 compusa.com mail is handled by 10 mail.highspeedbackbone.net. $ host www.compusa.com www.compusa.com is an alias for compusa.syx.com.akadns.net. compusa.syx.com.akadns.net is an alias for bh.georedirector.akadns.net. bh.georedirector.akadns.net has address 127.0.0.1 $ host tigerdirect.com tigerdirect.com has address 206.191.131.89 tigerdirect.com mail is handled by 10 mail.highspeedbackbone.net. $ host www.tigerdirect.com www.tigerdirect.com is an alias for wwwtigerdirect.syx.com.akadns.net. wwwtigerdirect.syx.com.akadns.net is an alias for bh.georedirector.akadns.net. bh.georedirector.akadns.net has address 127.0.0.1 Even if you ask same questions to OpenDNS(208.67.222.222) or Google DNS servers(8.8.8.8) They say... $ host bh.georedirector.akadns.net 208.67.222.222 Using domain server: Name: 208.67.222.222 Address: 208.67.222.222#53 Aliases: bh.georedirector.akadns.net has address 127.0.0.1 $ host bh.georedirector.akadns.net 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: bh.georedirector.akadns.net has address 127.0.0.1 OR asking same thing to some of Nameservers of akadns.net, I got... $ host -t ns akadns.net akadns.net name server eur1.akadns.net. akadns.net name server zc.akadns.org. akadns.net name server zd.akadns.org. akadns.net name server use3.akadns.net. akadns.net name server asia9.akadns.net. akadns.net name server zb.akadns.org. akadns.net name server usw2.akadns.net. akadns.net name server za.akadns.org. akadns.net name server use4.akadns.net. $ host bh.georedirector.akadns.net eur1.akadns.net Using domain server: Name: eur1.akadns.net Address: 195.59.44.134#53 Aliases: bh.georedirector.akadns.net has address 127.0.0.1 $ host bh.georedirector.akadns.net asia9.akadns.net Using domain server: Name: asia9.akadns.net Address: 222.122.64.133#53 Aliases: bh.georedirector.akadns.net has address 127.0.0.1 $ host bh.georedirector.akadns.net za.akadns.org Using domain server: Name: za.akadns.org Address: 96.6.112.198#53 Aliases: bh.georedirector.akadns.net has address 127.0.0.1 Just my two cents. BTW, if anyone has any idea, is this intentional or something? Thanks, Sagar Belure Security Analyst Secfence Technologies www.secfence.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
Works fine for me on Windows. C:\>ping www.compusa.com Pinging e3531.b.akamaiedge.net [96.17.206.102] with 32 bytes of data: Reply from 96.17.206.102: bytes=32 time=15ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Ping statistics for 96.17.206.102: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 16ms, Average = 15ms On Sat, May 7, 2011 at 12:27 AM, ksha wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On 05/06/2011 11:15 PM, Nick Boyce wrote: > > On Fri, May 6, 2011 at 6:49 PM, Gustavo > > > > wrote: > > > >> WTF ? > >> > >> notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net > >> (127.0.0.1) 56(84) bytes of data. 64 bytes from > >> localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 > >> ms > > > > Same here ... this time on Windows : > > > > F:\>ping www.compusa.com > > > > Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of > > data: > > > > Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from > > 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 > > time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 > > > > Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, > > Lost = 0 (0% loss), Approximate round trip times in milli-seconds: > > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > > > F:\>nslookup www.compusa.com Server: Address: 9 > > > > Non-authoritative answer: Name: bh.georedirector.akadns.net > > Address: 127.0.0.1 Aliases: www.compusa.com, > > compusa.syx.com.akadns.net > > > > > > Normally I'd say that's a DNS config screwup, which would make > > them unreachable (since their website is not on my system). > > However, Google seems to be able to reach them if you use the "site > > preview" option in the search results : > > http://www.google.com/search?q=www.compusa.com > > > > Curious. > > > > Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 > > > > Nick -- Leave the Olympics in Greece, where they belong. > > > > ___ Full-Disclosure - > > We believe in it. Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > > sponsored by Secunia - http://secunia.com/ > > About dns > > ;; ADDITIONAL SECTION: > ns01.highspeedbackbone.net. 240003 INA199.181.77.21 > ns02.highspeedbackbone.net. 240003 INA199.181.78.22 > ns03.highspeedbackbone.net. 240003 INA199.181.77.23 > ns04.highspeedbackbone.net. 240003 INA199.181.78.24 > > testing one by one ... > > [ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR > > ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.21 AXFR > ;; global options: +cmd > ; Transfer failed. > [ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR > > ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.78.22 AXFR > ;; global options: +cmd > ; Transfer failed. > [ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR > > ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.23 AXFR > ;; global options: +cmd > ; Transfer failed. > > > and the last allow zone transfer. > > compusa.com.86400INSOAns03.highspeedbackbone.net. > hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600 > compusa.com.86400INTXT"v=spf1 ip4:206.191.131.0/24 > mx -all" > compusa.com.86400INMX10 mail.highspeedbackbone.net. > compusa.com.86400INNSns01.highspeedbackbone.net. > compusa.com.86400INNSns02.highspeedbackbone.net. > compusa.com.86400INNSns03.highspeedbackbone.net. > compusa.com.86400INNSns04.highspeedbackbone.net. > compusa.com.900INA206.181.131.221 > compusa.com.900INA206.181.131.220 > nap.miadk._domainkey.compusa.com. 5 INTXT"t=y\; > > p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;" > nap.miadkim._domainkey.compusa.com. 5 IN TXT"v=DKIM1\; t=y:s\; > > p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;" > _sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com. > answers.compusa.com.86400INCNAME > web220.highspeedbackbone.net. > autodiscover.compusa.com. 300INA10.100.100.108 > community.compusa.com.86400INCNAME > web220.highspeedbackbone.net. > comp.compusa.com.900INA206.181.131.89 > comp.compusa.com.900INA206.181.131.49 > dubdubdub.compusa.com.60INCNAME > www.compusa.com.edgekey.net. > forums.compusa.com.86400INCNAME > web220.highspeedbackbone.net. >
Re: [Full-disclosure] WTF
Guess you got nulled On 05/06/2011 11:49 AM, Gustavo wrote: > WTF ? > > notebook:~$ ping www.compusa.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 > ms > > notebook:~$ ping www.tigerdirect.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 > ms > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ 0x34C1CCB7.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
On Fri, 06 May 2011 15:49:31 -0300, Gustavo said: > WTF ? > > notebook:~$ ping www.compusa.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. www.compusa.com and www.tigerdirect.com are Akamai'zed. They play DNS games to point you at the "nearest" Akamai cache server (technically speaking, they use the one nearest your DNS resolver). So for www.compusa.com, it goes something like this: www.compusa.com.60 IN CNAME compusa.syx.com.akadns.net. compusa.syx.com.akadns.net. 300 IN CNAME www.compusa.com.edgekey.net. www.compusa.com.edgekey.net. 300 IN CNAME e3531.b.akamaiedge.net. e3531.b.akamaiedge.net. 20 IN A 173.223.190.102 (The final akamaiedge.net address will depend on where in the Internet you are) The fact that bh.georedirector.akadns.net got referenced in the ping most likely means "Akamai got confused where you are and has no *clue* which cache is closest to you". pgpZF8R6baZzf.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/2011 11:15 PM, Nick Boyce wrote: > On Fri, May 6, 2011 at 6:49 PM, Gustavo > wrote: > >> WTF ? >> >> notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net >> (127.0.0.1) 56(84) bytes of data. 64 bytes from >> localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 >> ms > > Same here ... this time on Windows : > > F:\>ping www.compusa.com > > Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of > data: > > Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from > 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 > time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 > > Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, > Lost = 0 (0% loss), Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > F:\>nslookup www.compusa.com Server: Address: 9 > > Non-authoritative answer: Name: bh.georedirector.akadns.net > Address: 127.0.0.1 Aliases: www.compusa.com, > compusa.syx.com.akadns.net > > > Normally I'd say that's a DNS config screwup, which would make > them unreachable (since their website is not on my system). > However, Google seems to be able to reach them if you use the "site > preview" option in the search results : > http://www.google.com/search?q=www.compusa.com > > Curious. > > Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 > > Nick -- Leave the Olympics in Greece, where they belong. > > ___ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ About dns ;; ADDITIONAL SECTION: ns01.highspeedbackbone.net. 240003 INA199.181.77.21 ns02.highspeedbackbone.net. 240003 INA199.181.78.22 ns03.highspeedbackbone.net. 240003 INA199.181.77.23 ns04.highspeedbackbone.net. 240003 INA199.181.78.24 testing one by one ... [ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.21 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.78.22 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR ; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.23 AXFR ;; global options: +cmd ; Transfer failed. and the last allow zone transfer. compusa.com.86400INSOAns03.highspeedbackbone.net. hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600 compusa.com.86400INTXT"v=spf1 ip4:206.191.131.0/24 mx -all" compusa.com.86400INMX10 mail.highspeedbackbone.net. compusa.com.86400INNSns01.highspeedbackbone.net. compusa.com.86400INNSns02.highspeedbackbone.net. compusa.com.86400INNSns03.highspeedbackbone.net. compusa.com.86400INNSns04.highspeedbackbone.net. compusa.com.900INA206.181.131.221 compusa.com.900INA206.181.131.220 nap.miadk._domainkey.compusa.com. 5 INTXT"t=y\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;" nap.miadkim._domainkey.compusa.com. 5 IN TXT"v=DKIM1\; t=y:s\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;" _sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com. answers.compusa.com.86400INCNAME web220.highspeedbackbone.net. autodiscover.compusa.com. 300INA10.100.100.108 community.compusa.com.86400INCNAME web220.highspeedbackbone.net. comp.compusa.com.900INA206.181.131.89 comp.compusa.com.900INA206.181.131.49 dubdubdub.compusa.com.60INCNAME www.compusa.com.edgekey.net. forums.compusa.com.86400INCNAME web220.highspeedbackbone.net. help.compusa.com.86400INNSns02.highspeedbackbone.net. help.compusa.com.86400INNSns01.highspeedbackbone.net. images.compusa.com.86400INCNAME images.compusa.com.edgesuite.net. m.compusa.com.300INCNAMEcompusa.com.velocitude.mobi. media.compusa.com.900INA206.181.131.89 media.compusa.com.900INA206.181.131.49 news.compusa.com.86400INA74.81.68.187 origin-images.compusa.com. 900INA206.181.131.89 origin-images.compusa.com. 900INA206.181.131.49 origin-www.compusa.com.60INA206.191.131.54 origin-www.compusa.com.60INA206.191.131.14 retail.compusa.com.600INA10.101.132.194 reviews.compusa.com.86400INCNAME w
Re: [Full-disclosure] WTF
On Fri, May 6, 2011 at 6:49 PM, Gustavo wrote: > WTF ? > > notebook:~$ ping www.compusa.com > PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 > ttl=64 time=0.019 ms Same here ... this time on Windows : F:\>ping www.compusa.com Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms F:\>nslookup www.compusa.com Server: Address: 9 Non-authoritative answer: Name:bh.georedirector.akadns.net Address: 127.0.0.1 Aliases: www.compusa.com, compusa.syx.com.akadns.net Normally I'd say that's a DNS config screwup, which would make them unreachable (since their website is not on my system). However, Google seems to be able to reach them if you use the "site preview" option in the search results : http://www.google.com/search?q=www.compusa.com Curious. Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 Nick -- Leave the Olympics in Greece, where they belong. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WTF
WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms notebook:~$ ping www.tigerdirect.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 ms ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
> > And if the author is sincere and it was really his original intent, he > should refrain from blogging from now on... > I have a feeling his employer will see to that for the foreseeable future. At least in a professional context representing them as a company. If he really meant it as everyone that read the original post seemed to take it, then he should have the balls to stand by what he said or admit he meant it at the time but was wrong and has since learned different. Either one of those options would be a mature way of handling the situation. Trying to spin it as "what I said isn't what I really meant. What I really meant is something so benign that no one could have a strong opinion about it and it was really pointless to even blog about." comes across as insincere. What do I know though, Mr. Haber is the one with the lifetime in the vulnerability assessment field. JRoger 2010/5/5 Sébastien Duquette > Looks to me more like the "unqualified person doing testing" argument > is used as an escape from their faux-pas. When you read the initial > article, the author is clearly interested in the issue of crime being > perpetrated by using these tools : > > "Penetration tools clearly allow the breaking and entering of systems > to prove that vulnerabilities are real, but clearly could be used > maliciously to break the law." > > "There was tons of security around these systems and even possession > of tools to penetrate a system was a crime too." > > In the new text, the author tells us that "what I hoped to convey was > the importance of well-managed testing under the watch of a user who > knows what they’re doing". > > This looks like a lame PR attempt at stopping the shitstorm they > started by using the good old excuse this-is-not-what-I-meant. > > And if the author is sincere and it was really his original intent, he > should refrain from blogging from now on... > > S. > > > On Tue, May 4, 2010 at 11:48 AM, Mike Hale > wrote: > > Looks like he rewrote it and clarified what he meant to say. > > > > I think this is a lesson on why you really should proofread stuff and > > ask someone else to go over your writings before you publish > > something. > > > > On Mon, May 3, 2010 at 5:44 PM, Sec News wrote: > >> Did anyone else see this? > >> > >> > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > >> """ > >> Penetration Tools Can Be Weapons in the Wrong Hands > >> Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, > >> Vulnerability Management > >> > >> After a lifetime in the vulnerability assessment field, I’ve come to > look at > >> penetration testing almost as a kind of crime, or at least a > misdemeanor. > >> > >> We enjoy freedom of speech, even if it breaks the law or license > agreements. > >> Websites cover techniques for jailbreaking iPhones even though it > clearly > >> violates the EULA for Apples devices. Penetration tools clearly allow > the > >> breaking and entering of systems to prove that vulnerabilities are real, > but > >> clearly could be used maliciously to break the law. > >> > >> Making these tools readily available is like encouraging people to play > with > >> fireworks. Too bold of a statement? I think not. Fireworks can make a > >> spectacular show, but they can also be abused and cause serious damage. > In > >> most states, only people licensed and trained are permitted to set off > >> fireworks. > >> > >> Now consider a pen test tool. In its open form, on the Internet, > everyone > >> and anyone can use it to test their systems, but in the wrong hands, for > >> free, it can be used to break into systems and cause disruption, steal > >> information, or cause even more permanent types of harm. > >> > >> How many people remember the 80’s TV show Max Headroom? Next to murder, > the > >> most severe crime was if users illegally used information technology > systems > >> to steal information or make money. There was tons of security around > these > >> systems and even possession of tools to penetrate a system was a crime > too. > >> So what’s the difference? > >> > >> Yes, it is just a TV show but in reality today we are in effect putting > >> weapons in people’s hands, not tracking them, and allowing them to use > them > >> near anonymously to perform crimes or learn how to perform more > >> sophisticated attacks. It all comes back to the first amendment and > Freedom > >> of Speech. I can write a blog of this nature, state my opinion about how > I > >> feel about free penetration testing tools, and assure everyone that they > >> need defenses to protect their systems, since free weapons are available > >> that can break into your systems – easily. > >> """ > >> WOW - am i the only one to go WTF to this? Talk about alienating your > >> customers and shitting where you eat. > >> And to think i used to be a fan... > >> - Some anonymous ex-eEye fan > >> ___ >
Re: [Full-disclosure] WTF eEye Really?
Looks to me more like the "unqualified person doing testing" argument is used as an escape from their faux-pas. When you read the initial article, the author is clearly interested in the issue of crime being perpetrated by using these tools : "Penetration tools clearly allow the breaking and entering of systems to prove that vulnerabilities are real, but clearly could be used maliciously to break the law." "There was tons of security around these systems and even possession of tools to penetrate a system was a crime too." In the new text, the author tells us that "what I hoped to convey was the importance of well-managed testing under the watch of a user who knows what they’re doing". This looks like a lame PR attempt at stopping the shitstorm they started by using the good old excuse this-is-not-what-I-meant. And if the author is sincere and it was really his original intent, he should refrain from blogging from now on... S. On Tue, May 4, 2010 at 11:48 AM, Mike Hale wrote: > Looks like he rewrote it and clarified what he meant to say. > > I think this is a lesson on why you really should proofread stuff and > ask someone else to go over your writings before you publish > something. > > On Mon, May 3, 2010 at 5:44 PM, Sec News wrote: >> Did anyone else see this? >> >> http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands >> """ >> Penetration Tools Can Be Weapons in the Wrong Hands >> Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, >> Vulnerability Management >> >> After a lifetime in the vulnerability assessment field, I’ve come to look at >> penetration testing almost as a kind of crime, or at least a misdemeanor. >> >> We enjoy freedom of speech, even if it breaks the law or license agreements. >> Websites cover techniques for jailbreaking iPhones even though it clearly >> violates the EULA for Apples devices. Penetration tools clearly allow the >> breaking and entering of systems to prove that vulnerabilities are real, but >> clearly could be used maliciously to break the law. >> >> Making these tools readily available is like encouraging people to play with >> fireworks. Too bold of a statement? I think not. Fireworks can make a >> spectacular show, but they can also be abused and cause serious damage. In >> most states, only people licensed and trained are permitted to set off >> fireworks. >> >> Now consider a pen test tool. In its open form, on the Internet, everyone >> and anyone can use it to test their systems, but in the wrong hands, for >> free, it can be used to break into systems and cause disruption, steal >> information, or cause even more permanent types of harm. >> >> How many people remember the 80’s TV show Max Headroom? Next to murder, the >> most severe crime was if users illegally used information technology systems >> to steal information or make money. There was tons of security around these >> systems and even possession of tools to penetrate a system was a crime too. >> So what’s the difference? >> >> Yes, it is just a TV show but in reality today we are in effect putting >> weapons in people’s hands, not tracking them, and allowing them to use them >> near anonymously to perform crimes or learn how to perform more >> sophisticated attacks. It all comes back to the first amendment and Freedom >> of Speech. I can write a blog of this nature, state my opinion about how I >> feel about free penetration testing tools, and assure everyone that they >> need defenses to protect their systems, since free weapons are available >> that can break into your systems – easily. >> """ >> WOW - am i the only one to go WTF to this? Talk about alienating your >> customers and shitting where you eat. >> And to think i used to be a fan... >> - Some anonymous ex-eEye fan >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
Looks like he rewrote it and clarified what he meant to say. I think this is a lesson on why you really should proofread stuff and ask someone else to go over your writings before you publish something. On Mon, May 3, 2010 at 5:44 PM, Sec News wrote: > Did anyone else see this? > > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > """ > Penetration Tools Can Be Weapons in the Wrong Hands > Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, > Vulnerability Management > > After a lifetime in the vulnerability assessment field, I’ve come to look at > penetration testing almost as a kind of crime, or at least a misdemeanor. > > We enjoy freedom of speech, even if it breaks the law or license agreements. > Websites cover techniques for jailbreaking iPhones even though it clearly > violates the EULA for Apples devices. Penetration tools clearly allow the > breaking and entering of systems to prove that vulnerabilities are real, but > clearly could be used maliciously to break the law. > > Making these tools readily available is like encouraging people to play with > fireworks. Too bold of a statement? I think not. Fireworks can make a > spectacular show, but they can also be abused and cause serious damage. In > most states, only people licensed and trained are permitted to set off > fireworks. > > Now consider a pen test tool. In its open form, on the Internet, everyone > and anyone can use it to test their systems, but in the wrong hands, for > free, it can be used to break into systems and cause disruption, steal > information, or cause even more permanent types of harm. > > How many people remember the 80’s TV show Max Headroom? Next to murder, the > most severe crime was if users illegally used information technology systems > to steal information or make money. There was tons of security around these > systems and even possession of tools to penetrate a system was a crime too. > So what’s the difference? > > Yes, it is just a TV show but in reality today we are in effect putting > weapons in people’s hands, not tracking them, and allowing them to use them > near anonymously to perform crimes or learn how to perform more > sophisticated attacks. It all comes back to the first amendment and Freedom > of Speech. I can write a blog of this nature, state my opinion about how I > feel about free penetration testing tools, and assure everyone that they > need defenses to protect their systems, since free weapons are available > that can break into your systems – easily. > """ > WOW - am i the only one to go WTF to this? Talk about alienating your > customers and shitting where you eat. > And to think i used to be a fan... > - Some anonymous ex-eEye fan > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
> are there any reliable caches for this url? Attrition has an annotated, but otherwise verbatim copy: http://attrition.org/errata/sec-co/eeye-01.html /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
On Mon, May 03, 2010 at 05:44:55PM -0700, Sec News wrote: > Did anyone else see this? > > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > are there any reliable caches for this url? search for the shit you quoted returns basically this thread and ATM the url says "we fucked up". -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
On 5/4/2010 12:37 PM, Justin C. Klein Keane wrote: > For an interesting take on this see page xxxix in Ross Anderson's > "Security Engineering" (the Legal Notice). Apparently the debate over > whether or not to publish tools/techniques that could be used for evil > (specifically with respects to crypto) dates back to 1641. Yep, perhaps another example of why you should never assume that your issue is new? - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For an interesting take on this see page xxxix in Ross Anderson's "Security Engineering" (the Legal Notice). Apparently the debate over whether or not to publish tools/techniques that could be used for evil (specifically with respects to crypto) dates back to 1641. Justin C. Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey On 05/04/2010 01:32 PM, Marsh Ray wrote: > > On 5/3/2010 7:44 PM, Sec News wrote: >> Did anyone else see this? >> >> http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands >> >> """ >> Penetration Tools Can Be Weapons in the Wrong Hands >> Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, >> Vulnerability Management >> >> After a lifetime in the vulnerability assessment field, I’ve come to look at >> penetration testing almost as a kind of crime, or at least a misdemeanor. > > Is this for real? > >> We enjoy freedom of speech, even if it breaks the law or license agreements. > > No, there are laws and contracts that can restrict speech. > >> Websites cover techniques for jailbreaking iPhones even though it clearly >> violates the EULA for Apples devices. > > Since when did devices have an EULA? I haven't bought an Apple in modern > times, do they make you sign something before buying it? > >> Penetration tools clearly allow the >> breaking and entering of systems to prove that vulnerabilities are real, but >> clearly could be used maliciously to break the law. > > It took you a lifetime in the vulnerability assessment field to figure > this out? > >> Making these tools readily available is like encouraging people to play with >> fireworks. Too bold of a statement? I think not. Fireworks can make a >> spectacular show, but they can also be abused and cause serious damage. In >> most states, only people licensed and trained are permitted to set off >> fireworks. > > Fireworks are macroscopic physical objects the transportation which can > reasonably be regulated. > >> Now consider a pen test tool. In its open form, on the Internet, everyone >> and anyone can use it to test their systems, but in the wrong hands, for >> free, it can be used to break into systems and cause disruption, steal >> information, or cause even more permanent types of harm. > > Yep. > > Your mistake is assuming that there is some jurisdiction of law that > encompasses the Internet. Indeed, it appears that often the adversary is > a state entity itself. > > Those who accept this argument that testing tools should be somehow > restricted are only tying their own hands. You can bet that your > adversary will not feel so restricted (if you have anything actually > worth protecting that is.) > > It is even more foolish to assume that your adversary doesn't already > have it. > >> How many people remember the 80’s TV show Max Headroom? > > I stop reading now. > > - Marsh > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAkvgW0EACgkQkSlsbLsN1gBw8QcAra1aONNBorzhlwi4kNoRlw9G rm5FlvMw3Sv7m9tzqrqGIn9lIho/somrbl4jQ8T/woJK+gS4gccS4UqV1XkvW9aR W7ROz2eTezsUgTwyHU3tW9VuwsinFvO5n6XowCFG1pAO/O/7y+eN1usYYdz3W9Wm ORtmxcRNyb/cYmSMuTq+3dktOG7s+XWA47FaGkfdjzTefA7dGYyUx/zysCnFKLbX eLVA7GL79KSr6SB37uOi4vgyN0hze/p1vMw9POTo0Bhq4nT1Y1/5oyYhd29+aH9M h3fQ/V96SFCAy1Cqq9U= =oDqa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
On 5/3/2010 7:44 PM, Sec News wrote: > Did anyone else see this? > > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > > """ > Penetration Tools Can Be Weapons in the Wrong Hands > Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, > Vulnerability Management > > After a lifetime in the vulnerability assessment field, I’ve come to look at > penetration testing almost as a kind of crime, or at least a misdemeanor. Is this for real? > We enjoy freedom of speech, even if it breaks the law or license agreements. No, there are laws and contracts that can restrict speech. > Websites cover techniques for jailbreaking iPhones even though it clearly > violates the EULA for Apples devices. Since when did devices have an EULA? I haven't bought an Apple in modern times, do they make you sign something before buying it? > Penetration tools clearly allow the > breaking and entering of systems to prove that vulnerabilities are real, but > clearly could be used maliciously to break the law. It took you a lifetime in the vulnerability assessment field to figure this out? > Making these tools readily available is like encouraging people to play with > fireworks. Too bold of a statement? I think not. Fireworks can make a > spectacular show, but they can also be abused and cause serious damage. In > most states, only people licensed and trained are permitted to set off > fireworks. Fireworks are macroscopic physical objects the transportation which can reasonably be regulated. > Now consider a pen test tool. In its open form, on the Internet, everyone > and anyone can use it to test their systems, but in the wrong hands, for > free, it can be used to break into systems and cause disruption, steal > information, or cause even more permanent types of harm. Yep. Your mistake is assuming that there is some jurisdiction of law that encompasses the Internet. Indeed, it appears that often the adversary is a state entity itself. Those who accept this argument that testing tools should be somehow restricted are only tying their own hands. You can bet that your adversary will not feel so restricted (if you have anything actually worth protecting that is.) It is even more foolish to assume that your adversary doesn't already have it. > How many people remember the 80’s TV show Max Headroom? I stop reading now. - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF eEye Really?
Load o' bull. On Tue, May 4, 2010 at 2:44 AM, Sec News wrote: > Did anyone else see this? > > > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > > """ > Penetration Tools Can Be Weapons in the Wrong Hands > Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, > Vulnerability Management > > After a lifetime in the vulnerability assessment field, I’ve come to look > at penetration testing almost as a kind of crime, or at least a misdemeanor. > > We enjoy freedom of speech, even if it breaks the law or license > agreements. Websites cover techniques for jailbreaking iPhones even though > it clearly violates the EULA for Apples devices. Penetration tools clearly > allow the breaking and entering of systems to prove that vulnerabilities are > real, but clearly could be used maliciously to break the law. > > Making these tools readily available is like encouraging people to play > with fireworks. Too bold of a statement? I think not. Fireworks can make a > spectacular show, but they can also be abused and cause serious damage. In > most states, only people licensed and trained are permitted to set off > fireworks. > > Now consider a pen test tool. In its open form, on the Internet, everyone > and anyone can use it to test their systems, but in the wrong hands, for > free, it can be used to break into systems and cause disruption, steal > information, or cause even more permanent types of harm. > > How many people remember the 80’s TV show Max Headroom? Next to murder, the > most severe crime was if users illegally used information technology systems > to steal information or make money. There was tons of security around these > systems and even possession of tools to penetrate a system was a crime too. > So what’s the difference? > > Yes, it is just a TV show but in reality today we are in effect putting > weapons in people’s hands, not tracking them, and allowing them to use them > near anonymously to perform crimes or learn how to perform more > sophisticated attacks. It all comes back to the first amendment and Freedom > of Speech. I can write a blog of this nature, state my opinion about how I > feel about free penetration testing tools, and assure everyone that they > need defenses to protect their systems, since free weapons are available > that can break into your systems – easily. > """ > > WOW - am i the only one to go WTF to this? Talk about alienating your > customers and shitting where you eat. > > And to think i used to be a fan... > > - Some anonymous ex-eEye fan > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WTF eEye Really?
Did anyone else see this? http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands """ Penetration Tools Can Be Weapons in the Wrong Hands Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, Vulnerability Management After a lifetime in the vulnerability assessment field, I’ve come to look at penetration testing almost as a kind of crime, or at least a misdemeanor. We enjoy freedom of speech, even if it breaks the law or license agreements. Websites cover techniques for jailbreaking iPhones even though it clearly violates the EULA for Apples devices. Penetration tools clearly allow the breaking and entering of systems to prove that vulnerabilities are real, but clearly could be used maliciously to break the law. Making these tools readily available is like encouraging people to play with fireworks. Too bold of a statement? I think not. Fireworks can make a spectacular show, but they can also be abused and cause serious damage. In most states, only people licensed and trained are permitted to set off fireworks. Now consider a pen test tool. In its open form, on the Internet, everyone and anyone can use it to test their systems, but in the wrong hands, for free, it can be used to break into systems and cause disruption, steal information, or cause even more permanent types of harm. How many people remember the 80’s TV show Max Headroom? Next to murder, the most severe crime was if users illegally used information technology systems to steal information or make money. There was tons of security around these systems and even possession of tools to penetrate a system was a crime too. So what’s the difference? Yes, it is just a TV show but in reality today we are in effect putting weapons in people’s hands, not tracking them, and allowing them to use them near anonymously to perform crimes or learn how to perform more sophisticated attacks. It all comes back to the first amendment and Freedom of Speech. I can write a blog of this nature, state my opinion about how I feel about free penetration testing tools, and assure everyone that they need defenses to protect their systems, since free weapons are available that can break into your systems – easily. """ WOW - am i the only one to go WTF to this? Talk about alienating your customers and shitting where you eat. And to think i used to be a fan... - Some anonymous ex-eEye fan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
Why dont you post under your real nick aka n3tcr4p ? you think it make n3tcr4p kid more credible in some ways ? 0r m4yb3 5h4|| 1 5p34k |1k3 7h15 7o m4k3 you und3r574nd my p01n7 ? 1 don7 know wh3n 1 |ook 47 your w3b5173 1 wond3r . 2009/1/11 > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > You tell me. > > On Sun, 11 Jan 2009 19:30:17 -0500 Pete Licoln > wrote: > >What's the point with MI5 n3td3v ? > > > >Regards Pete > -BEGIN PGP SIGNATURE- > Charset: UTF8 > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 3.0 > > wpwEAQMCAAYFAklqm4cACgkQynWwk3/AtyOg/gP+KWIstvs71K7K+cvK/9bo/tRsYBC9 > iCu8diF/TpkXYvnEPXoV+IRH06bJxqhGkkuvE4zBhj0HtTlKMO5MmYPuY2j9GiBWIM3M > vfYvbxBaZS8pZGJuoU8nbCYag8pXzf1FaEeNZhTT2J8Lhpy4JD12Duxnq2nnEtJL+Oz/ > UCQxaPk= > =fsii > -END PGP SIGNATURE- > > -- > Click for free info on online masters degrees and make up to $150K/ year > > http://tagline.hushmail.com/fc/PnY6qxtpjZXJLh7RrSDxAfzH8U8VbYeKiNKjN2pvOBEY7XUQCex7a/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You tell me. On Sun, 11 Jan 2009 19:30:17 -0500 Pete Licoln wrote: >What's the point with MI5 n3td3v ? > >Regards Pete -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAklqm4cACgkQynWwk3/AtyOg/gP+KWIstvs71K7K+cvK/9bo/tRsYBC9 iCu8diF/TpkXYvnEPXoV+IRH06bJxqhGkkuvE4zBhj0HtTlKMO5MmYPuY2j9GiBWIM3M vfYvbxBaZS8pZGJuoU8nbCYag8pXzf1FaEeNZhTT2J8Lhpy4JD12Duxnq2nnEtJL+Oz/ UCQxaPk= =fsii -END PGP SIGNATURE- -- Click for free info on online masters degrees and make up to $150K/ year http://tagline.hushmail.com/fc/PnY6qxtpjZXJLh7RrSDxAfzH8U8VbYeKiNKjN2pvOBEY7XUQCex7a/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
What's the point with MI5 n3td3v ? Regards Pete ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 naive to think mi5 is gender biased:))) On Sun, 11 Jan 2009 18:36:56 -0500 Pete Licoln wrote: >sexyazngrl69 is a n3td3v alias, no doubt about it. > >Regards Pete -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklqjccACgkQynWwk3/AtyMqRwQAiOCfp9PC1o0g7CP8X8gr1psnpijR NVIHQqkbjl1L4uAa55qBUElskX7n5DTzLflFIoT1u9zfCV9KTz8kPpdPZjMnXBpXzFmA N7+lDieYQvJn+0PZVhH7zkzJX3aXcgmcNoIRoVSjazJlHKK76lNXrhQ2vqAPeSCA01NR wtKWVj4= =WSQG -END PGP SIGNATURE- -- Stuck in a dead end job?? Click to start living your dreams by earning an online degree. http://tagline.hushmail.com/fc/PnY6qxtpfWguKXIbuKy0wc53HbV7MyFTUOqm2btdhhgyTGOJRdfcM/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
amazing how every message becomes tainted with bullshit. On Sun, Jan 11, 2009 at 6:01 PM, wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > pics? > > On Sun, 11 Jan 2009 17:48:53 -0500 waveroad waveroad > wrote: >>N3td3v other alias spotted. >> >> >> >>2009/1/11 >> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> i find the surname mcafee to be a turn-on here on the security >>> mailing list, mister good hacker:))) >>> >>> a/s/l? >>> >>> >>> On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee >> commun...@thegoodhacker.com> wrote: >>> >I have lurked for some time, and really, this list has become >>> >pathetic >>> >due to it's hiijacking by two or three trolls with nothing >>better >>> >to >>> >do than destroy the relevant signal to noise ratio. This list >>is >>> >not >>> >about MI5, the NSA, or Mossad unless there is something >>practical >>> >to >>> >be learned from them. I do not care about the information war >>> >between >>> >Russia and Georgia unless it is about the systems used. Think >>of >>> >this >>> >list as like a trade correspondence journal, not a public >>> >tackboard. >>> > >>> >Sent from my iPhone >>> > >>> >___ >>> >Full-Disclosure - We believe in it. >>> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >Hosted and sponsored by Secunia - http://secunia.com/ >>> -BEGIN PGP SIGNATURE- >>> Charset: UTF8 >>> Version: Hush 3.0 >>> Note: This signature can be verified at >>https://www.hushtools.com/verify >>> >>> >>wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW >>0 >>> >>QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfk >>o >>> >>rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ >>/ >>> 9Zzisvg= >>> =cJJ3 >>> -END PGP SIGNATURE- >>> >>> -- >>> Click for free info on online doctorate degrees and make up to >>$250k/ year. >>> >>> >>http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88Zzh >>zE4rU3tdHkjzM8yso/ >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> > -BEGIN PGP SIGNATURE- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAklqek0ACgkQynWwk3/AtyPcEgP8ClWXNKSO2PiPEUGhalNNnQD3LORX > LxkxnMgYlCPb06v4unM1RSC4ohJZdX7T+bRrvNQdO9b0RsP34pkdCbCZavLMsxaZChbJ > /ApjICH6vsajaRdu0ZEH5HjnfAwnYcVpAFKamfnP7h8Zyzgp9ZfHZv4ZEOYL9oHxh2NN > CdQCXww= > =Hgbn > -END PGP SIGNATURE- > > -- > Click for free info on business schools, $150K/ year potential. > > http://tagline.hushmail.com/fc/PnY6qxsZgJoEzGwoSheR0lZiwV2oU7O92zSQHsC8LzPC3isaZnbmg/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
sexyazngrl69 is a n3td3v alias, no doubt about it. Regards Pete ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 pics? On Sun, 11 Jan 2009 17:48:53 -0500 waveroad waveroad wrote: >N3td3v other alias spotted. > > > >2009/1/11 > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> i find the surname mcafee to be a turn-on here on the security >> mailing list, mister good hacker:))) >> >> a/s/l? >> >> >> On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee > commun...@thegoodhacker.com> wrote: >> >I have lurked for some time, and really, this list has become >> >pathetic >> >due to it's hiijacking by two or three trolls with nothing >better >> >to >> >do than destroy the relevant signal to noise ratio. This list >is >> >not >> >about MI5, the NSA, or Mossad unless there is something >practical >> >to >> >be learned from them. I do not care about the information war >> >between >> >Russia and Georgia unless it is about the systems used. Think >of >> >this >> >list as like a trade correspondence journal, not a public >> >tackboard. >> > >> >Sent from my iPhone >> > >> >___ >> >Full-Disclosure - We believe in it. >> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >Hosted and sponsored by Secunia - http://secunia.com/ >> -BEGIN PGP SIGNATURE- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW >0 >> >QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfk >o >> >rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ >/ >> 9Zzisvg= >> =cJJ3 >> -END PGP SIGNATURE- >> >> -- >> Click for free info on online doctorate degrees and make up to >$250k/ year. >> >> >http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88Zzh >zE4rU3tdHkjzM8yso/ >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklqek0ACgkQynWwk3/AtyPcEgP8ClWXNKSO2PiPEUGhalNNnQD3LORX LxkxnMgYlCPb06v4unM1RSC4ohJZdX7T+bRrvNQdO9b0RsP34pkdCbCZavLMsxaZChbJ /ApjICH6vsajaRdu0ZEH5HjnfAwnYcVpAFKamfnP7h8Zyzgp9ZfHZv4ZEOYL9oHxh2NN CdQCXww= =Hgbn -END PGP SIGNATURE- -- Click for free info on business schools, $150K/ year potential. http://tagline.hushmail.com/fc/PnY6qxsZgJoEzGwoSheR0lZiwV2oU7O92zSQHsC8LzPC3isaZnbmg/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
N3td3v other alias spotted. 2009/1/11 > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > i find the surname mcafee to be a turn-on here on the security > mailing list, mister good hacker:))) > > a/s/l? > > > On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee commun...@thegoodhacker.com> wrote: > >I have lurked for some time, and really, this list has become > >pathetic > >due to it's hiijacking by two or three trolls with nothing better > >to > >do than destroy the relevant signal to noise ratio. This list is > >not > >about MI5, the NSA, or Mossad unless there is something practical > >to > >be learned from them. I do not care about the information war > >between > >Russia and Georgia unless it is about the systems used. Think of > >this > >list as like a trade correspondence journal, not a public > >tackboard. > > > >Sent from my iPhone > > > >___ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > -BEGIN PGP SIGNATURE- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW0 > QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfko > rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ/ > 9Zzisvg= > =cJJ3 > -END PGP SIGNATURE- > > -- > Click for free info on online doctorate degrees and make up to $250k/ year. > > http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88ZzhzE4rU3tdHkjzM8yso/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
If you want to solve the problem, then you and people like you need to: Step 1: Filter out n3td3v, urleet, etc so you never see their posts or replies to them. ie: filter the noise Step 2: Post something that you think is relevant to the list. ie: add to the signal Step 3: Profit! Notice there is no step which reads: "Whine and complain about the noise on the list like a little girl."- because clearly that's proven not to be effective. -Rants On Sun, Jan 11, 2009 at 1:49 PM, Will McAfee < sec-commun...@thegoodhacker.com> wrote: > I have lurked for some time, and really, this list has become pathetic > due to it's hiijacking by two or three trolls with nothing better to > do than destroy the relevant signal to noise ratio. This list is not > about MI5, the NSA, or Mossad unless there is something practical to > be learned from them. I do not care about the information war between > Russia and Georgia unless it is about the systems used. Think of this > list as like a trade correspondence journal, not a public tackboard. > > Sent from my iPhone > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- - Rants ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i find the surname mcafee to be a turn-on here on the security mailing list, mister good hacker:))) a/s/l? On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee wrote: >I have lurked for some time, and really, this list has become >pathetic >due to it's hiijacking by two or three trolls with nothing better >to >do than destroy the relevant signal to noise ratio. This list is >not >about MI5, the NSA, or Mossad unless there is something practical >to >be learned from them. I do not care about the information war >between >Russia and Georgia unless it is about the systems used. Think of >this >list as like a trade correspondence journal, not a public >tackboard. > >Sent from my iPhone > >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW0 QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfko rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ/ 9Zzisvg= =cJJ3 -END PGP SIGNATURE- -- Click for free info on online doctorate degrees and make up to $250k/ year. http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88ZzhzE4rU3tdHkjzM8yso/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WTF people?
I have lurked for some time, and really, this list has become pathetic due to it's hiijacking by two or three trolls with nothing better to do than destroy the relevant signal to noise ratio. This list is not about MI5, the NSA, or Mossad unless there is something practical to be learned from them. I do not care about the information war between Russia and Georgia unless it is about the systems used. Think of this list as like a trade correspondence journal, not a public tackboard. Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
