Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
Rot 13 may not be strong but rot12 is. I once posted a string that I only rotated 12 chars to my blog and it took a month before anyone figured it out that probably says more about the iq of the people reading my blog than the security of rot13. Adam Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster On Nov 19, 2004, at 3:30 PM, [EMAIL PROTECTED] wrote: On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said: Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) No, ROT13 is way leet strong crypto as long as nobody knows it, as Skylarov found out... ;) On Nov 19, 2004, at 3:30 PM, [EMAIL PROTECTED] wrote: On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said: Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) No, ROT13 is way leet strong crypto as long as nobody knows it, as Skylarov found out... ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked
we are not allowed to see log files, packet captures and pinpointing exactly who the conspirators are would be tenable at best. The fact is, the election was hacked. Look at the difference between exit polling and actual results. Discrepancies of only a few points exist in counties that use paper ballots, while in places that use black boxes the discrepancies are much more pronounced. In Pennsylvania exit polls called the state for kerry with more than a 12 point margin, in the end he won the state by less than 2%. I would also like to say that I know this not because I listened to some liberal talk show (even though I do), but because I was THERE! On election day (and the day before) I worked as a commander with the election protection coalition. We are a non-partisan group set up to do election day incident reporting. as a whole our group took calls from all fifty states, the call center I was running took calls from 4 states. I know firsthand that the election was stolen. The strangest thing is that my call center did not cover any battleground states (or swing states)... in fact, in all four states we covered the outcome was virtually assured, but still, the evidence of disenfranchisement was palpable. So, if they cheated in the states where the outcome was assured, what did they do in the battleground states? Some of the things that I saw: poll workers in minority districts in South Carolina telling people that casting a party line ballot casts a vote for president. poll workers, again in minority districts in SC, harassing voters about their choices, including candidates INSIDE polling places. in texas, (they use e-slate), many people reported that casting a democratic party-line ballot cast a vote for George Bush as president. These are just 3 issues that occurred, we took over 2000 calls in just my call center, there were 20+ call centers across the country and as a whole we took in over 30k calls. I don't need to listen to a talk show to know there was widespread fraud, intentional disenfranchisement I saw it firsthand. They cheated. Adam Jacob Muller Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster On Nov 10, 2004, at 6:29 PM, Gary Halleen ((ghalleen)) wrote: Political commentary by a left-leaning talk show host is not worthy of posting to this list. It's unfortunate the moderator allowed the posting at all. This article contained only opinions regarding the discrepancies between the exit polls and final election results. I'm not interested in entertaining thoughts of a group of hackers changing the results of an election, or of a massive conspiracy between elections managers manually changing Access databases, unless you can back it up with actual factual data. Show us log files, packet captures, or e-mail messages from the conspirators or leave this commentary to gossip columns where it belongs. Gary -Original Message- From: Jei [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 10:41 PM To: Jay D. Dyson Cc: Bugtraq; [EMAIL PROTECTED] Subject: Re: Evidence Mounts that the Vote Was Hacked On Tue, 9 Nov 2004, Jay D. Dyson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 8 Nov 2004, Atom 'Smasher' wrote: Evidence Mounts that the Vote Was Hacked Read the whole thing and didn't see any evidence. Just wild speculation and baseless conjecture. Hell, there were countless counties across the nation in which more people were registered to vote than were eligible residents, but -- for some reason -- that ain't news. It would be _major_ news, were it not America where it happened. Even India managed to hold a secure digital election recently, without any such major exit poll or other discrepancies happening. Also note that Americans aren't the only people in the world with capable intelligence agencies. Teenage kid hackers aren't the only people who might influence US elections' outcomes, given a viable chance. You need to consider all the factors. Digital voting needs to be as secure and
Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked
we are not allowed to see log files, packet captures and pinpointing exactly who the conspirators are would be tenable at best. The fact is, the election was hacked. Look at the difference between exit polling and actual results. Discrepancies of only a few points exist in counties that use paper ballots, while in places that use black boxes the discrepancies are much more pronounced. In Pennsylvania exit polls called the state for kerry with more than a 12 point margin, in the end he won the state by less than 2%. I would also like to say that I know this not because I listened to some liberal talk show (even though I do), but because I was THERE! On election day (and the day before) I worked as a commander with the election protection coalition. We are a non-partisan group set up to do election day incident reporting. as a whole our group took calls from all fifty states, the call center I was running took calls from 4 states. I know firsthand that the election was stolen. The strangest thing is that my call center did not cover any battleground states (or swing states)... in fact, in all four states we covered the outcome was virtually assured, but still, the evidence of disenfranchisement was palpable. So, if they cheated in the states where the outcome was assured, what did they do in the battleground states? Some of the things that I saw: poll workers in minority districts in South Carolina telling people that casting a party line ballot casts a vote for president. poll workers, again in minority districts in SC, harassing voters about their choices. in texas, (e-slate), many people reported that casting a democratic party-line ballot cast a vote for George Bush as president. These are just 3 issues that occurred, we took over 2000 calls in just my call center, there were 20+ call centers across the country and as a whole we took in over 30k calls. I don't need to listen to a talk show to know there was widespread fraud, intentional disenfranchisement. They cheated. Adam Jacob Muller Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster On Nov 10, 2004, at 6:29 PM, Gary Halleen ((ghalleen)) wrote: Political commentary by a left-leaning talk show host is not worthy of posting to this list. It's unfortunate the moderator allowed the posting at all. This article contained only opinions regarding the discrepancies between the exit polls and final election results. I'm not interested in entertaining thoughts of a group of hackers changing the results of an election, or of a massive conspiracy between elections managers manually changing Access databases, unless you can back it up with actual factual data. Show us log files, packet captures, or e-mail messages from the conspirators or leave this commentary to gossip columns where it belongs. Gary -Original Message- From: Jei [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 10:41 PM To: Jay D. Dyson Cc: Bugtraq; [EMAIL PROTECTED] Subject: Re: Evidence Mounts that the Vote Was Hacked On Tue, 9 Nov 2004, Jay D. Dyson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 8 Nov 2004, Atom 'Smasher' wrote: Evidence Mounts that the Vote Was Hacked Read the whole thing and didn't see any evidence. Just wild speculation and baseless conjecture. Hell, there were countless counties across the nation in which more people were registered to vote than were eligible residents, but -- for some reason -- that ain't news. It would be _major_ news, were it not America where it happened. Even India managed to hold a secure digital election recently, without any such major exit poll or other discrepancies happening. Also note that Americans aren't the only people in the world with capable intelligence agencies. Teenage kid hackers aren't the only people who might influence US elections' outcomes, given a viable chance. You need to consider all the factors. Digital voting needs to be as secure and reliable as bank accounts are from an independent (democratic) nation
Re: [Full-Disclosure] How secure is PHP ?
What you should do, is write a PHP program without looking at the security doc. Then make the final exam to harden that program, they are students, make them do the work for you. Adam Civil disobedience is not our problem. Our problem is civil obedience. Our problem is that numbers of people all over the world have obeyed the dictates of the leaders of their government and have gone to war, and millions have been killed because of this obedience. . . Our problem is that people are obedient all over the world in the face of poverty and starvation and stupidity, and war, and cruelty. Our problem is that people are obedient while the jails are full of petty thieves, and all the while the grand thieves are running the country. That's our problem. -Howard Zinn On Nov 1, 2004, at 2:05 PM, Gary E. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nayana! On Mon, 1 Nov 2004, Nayana Somaratna wrote: However, when browsing the web, I found an article which said that "it requires an expert to lockdown php" (Sorry, but I can't quite recall the URL). Saying PHP in insecure is like saying C is insecure. Until their is a programmer involved, writing bad code, there is no problem. Just like C if the programmer carefully validates and contrains ALL input then the program is not only secure but robust. So, I'd like to ask the members of this list - how difficult is it to secure php ? Do you really need a security "expert" to do this ? PHP has very good write ups on security in the online doc. Here is the chapter: http://www.php.net/manual/en/security.php If you can read, understand and FOLLOW those recomendatins then you are OK. If not, then get the assistance of an "expert" that does. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW eANLHG73S0GOZcgi5zyIVW0= =VsB9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html !DSPAM:4186a5b6167422090414872! On Nov 1, 2004, at 2:05 PM, Gary E. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nayana! On Mon, 1 Nov 2004, Nayana Somaratna wrote: However, when browsing the web, I found an article which said that "it requires an expert to lockdown php" (Sorry, but I can't quite recall the URL). Saying PHP in insecure is like saying C is insecure. Until their is a programmer involved, writing bad code, there is no problem. Just like C if the programmer carefully validates and contrains ALL input then the program is not only secure but robust. So, I'd like to ask the members of this list - how difficult is it to secure php ? Do you really need a security "expert" to do this ? PHP has very good write ups on security in the online doc. Here is the chapter: http://www.php.net/manual/en/security.php If you can read, understand and FOLLOW those recomendatins then you are OK. If not, then get the assistance of an "expert" that does. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW eANLHG73S0GOZcgi5zyIVW0= =VsB9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html !DSPAM:4186a5b6167422090414872! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] New virus?
What's the contents of the files... requests for those files result in 404's like http://www.fotosgratis.pop.com.br/botao.txt So what urls are they fetching, or is the 404 the result the clients receive? Adam Jacob Muller Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster On Sep 27, 2004, at 1:44 PM, Bernardo Santos Wernesback wrote: Hi everyone, Has anyone seen a lot of HTTP activity to a certain site: http://www.fotosgratis.pop.com.br ? One of our clients has several machines making tons of requests for TXT files on that server: botao.txt mswinsck.txt ita01.txt caixa01.txt teclado07.txt caixa01.txt caixa02.txt caixa03.txt caixa04.txt caixa05.txt Thanks for any info., _ Bernardo Santos Wernesback ESSE,ESS,SCSE,CCNA/DA, CCSA,CQS,MCP Consultant / ISH Tecnologia Phone: +55-27-3334-8900 Mobile: +55-27-8111-0884 Email: [EMAIL PROTECTED] PGP Fingerprint: 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5