Re: [Full-disclosure] Getting rid of n3td3v

> On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > > netdev isn't an idiot, > > > > we've had many attacks avoided by him contacting our security address N3td3v has saved himself? from attacks by contacting himself? It seems like the same as using your left hand as its just like someone else

[Full-disclosure] [ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200512-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Symlink attack techniques

On Thu, 15 Dec 2005 18:14:51 CST, James Longstreet said: > Since it doesn't seem like you can control what gets written to the > file, you probably can't directly get root access from there. The > output could have some ill effect if written to the correct file... > hard to know without kno

RE: [Full-disclosure] Administrivia: Requests for Moderation

> > Hows about instead of moderation, we try vote-kicking? I support this one, but who decides how many votes are sufficent to get someone kicked ? And what about the Votes that can be automated ? I bet someone will create a huge farm for voting Whenever there is any voting all the results wi

RE: [Full-disclosure] Moderated lists

> Why not do a self-regulating list? Something along the lines > of keeping > track of signup dates and IP addresses, then when a yahoo starts > spouting crap, put it to a vote on list. (only members older then xyz > date have a vote) If the list's wish is to have the user > banned, then so >

Re: [Full-disclosure] infosecbofh

ahahaha... sure troll. On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > > your remarks on the list have been less than helpful, > > > i have spoke with netdev to resolve the issue and hopefully with your help > the list can get back to normal > > dont add to the noise > > we're all professi

[Full-disclosure] infosecbofh

  your remarks on the list have been less than helpful,     i have spoke with netdev to resolve the issue and hopefully with your help the list can get back to normal   dont add to the noise   we're all professionals looking for a clear resolve (work with us) ___

[Full-disclosure] [JRSA_0x2fbcd0251e8d606ebbb595dccb685f9446f441a7320f912666fd8b3362f3bffe_15-Dec-2005] Software Based Cipher Implementation Vulnerabilities Security Advisory 15-Dec-2005

Software Based Cipher Implementation Vulnerabilities Random (tm) Security Advisory 15-Dec-2005 by J. Random Expert, CPA, CISSP, CISM, CISA, CCNA, CCSE, CCSA, GCIA, GCIH, GCFW, GIAC, GSNA, GCFA, GCUX, GSEC, GSUX, QUE, GQUE, WTFBBQ. contact: [EMAIL PROTECTED] I. BACKGROUND We are experts on info

Re: [Full-disclosure] Getting rid of n3td3v

ahahaha... and the hits keep coming. On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > > > > On 12/15/05, Stejerean, Cosmin <[EMAIL PROTECTED]> wrote: > > I have a simple suggestion to get rid of the n3td3v problem. Aside from > > creating a spam filter for every message that contains n3td3v

[Full-disclosure] the noise over crosstalk ratio

i have spoke with netdev and he agrees not to respond to nicknames   if you people encourage the situation then we cant find a reasonable exit plan   please dont add to the noise ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/fu

[Full-disclosure] RE: Request for moderation

There is also VulnWatch (www.vulnwatch.org) as an alternative moderated list. Zero noise, just advisories. Or, for a little more noise VulnDiscuss, also moderated but more discussion based. Cheers; Steve Manzuik Moderator - VulnWatch ___ Full-Disclo

Re: [Full-disclosure] Symlink attack techniques

> Ok I should have been more precise in my previous mail. In this scenario I > don't have control over the output generated by the find command. So > basically the cronjob is something like: > > 15 4 ?* * 6 ?root ?/usr/bin/find /home/userA -type f -print > /tmp/report.txt > > Consequently as us

Re: [Full-disclosure] Getting rid of n3td3v

On 12/15/05, Stejerean, Cosmin <[EMAIL PROTECTED]> wrote: I have a simple suggestion to get rid of the n3td3v problem. Aside fromcreating a spam filter for every message that contains n3td3v or his email address the next best thing to do is simply ignore all his posts. If youfeel the need to let h

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

On 12/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Websense, the largest of corporates? Perhaps you're used to working at startup ISPs, oh wait, you probably dont even have time for a job considering you haven't left pre-school yet. You didn't influence the company iteself and I'm suprised

Re: [Full-disclosure] n3tdev shit

it reminds you of #teen or something from irc, ure a dick , no your a dick just ignore him ffs! unless your wanting your own pok`e mon to battle him with your enormous e-penis!! - Original Message - From: "adnan habib" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; Sent: Frida

Re: [Full-disclosure] Symlink attack techniques

On Dec 15, 2005, at 7:09 AM, Werner Schalk wrote: Ok I should have been more precise in my previous mail. In this scenario I don't have control over the output generated by the find command. So basically the cronjob is something like: 15 4 * * 6 root /usr/bin/find /home/userA -type f -pri

Re: [Full-disclosure] TPM - will it work as pushed to the public?

[EMAIL PROTECTED] wrote: > On Thu, 15 Dec 2005 12:47:10 CST, Todd Towles said: > >> http://www.msnbc.msn.com/ID/10441443 >> >> Is it me or is this totally not going to work for normal people? > > You totally missed the point (which the TPM proponents *are* trying hard to > gloss over, so it's not

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

Websense, the largest of corporates? Perhaps you're used to working at startup ISPs, oh wait, you probably dont even have time for a job considering you haven't left pre-school yet. You didn't influence the company iteself and I'm suprised that gmail hasn't been RBL'ed with the amount of crap you'v

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

Seriously folks, just set some spam filters. Out of the 1640 FD messages I had, I set a filter on 'n3t' and it snagged 225 messages, or in other words, 13.7% of messages got junked. Total time: 1 minute ___ Full-Disclosure - We believe in it. Charte

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

Enrico Kern <[EMAIL PROTECTED]> wrote on 12/15/2005 10:28:43 AM: > forget it, > > we discussed this a few weeks ago, most of the guys on this list just love > to get spam and bullshit. The one side says "well yeah omg its no > full-disclosure anymore with moderation" (penguin fucker style) an

Re: [Full-disclosure] a call for full-disclosure to become a moderated list

On 12/14/05, [EMAIL PROTECTED] wrote: how many people who actually find value in this list (which i have,since len rose set it up quite a long time ago) agree with this position?   I have found quite a bit of value in this list. Yes, there are a lot of crap posts on this list, but it has always b

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED

[EMAIL PROTECTED] wrote: > Everybody knows this list is > 98% a joke And if you truly need an hourly fix of the latest codez and sploitz then you're a misguided black hat. There are plenty of alternatives out there for you to use for swapping illegal materials and sharing evil secrets. Full-Dis

Re: [Full-disclosure] n3tdev shit

come on let him live for some time :) From: cdowns >my favorite thing about this list is watching people slap each other around hahahah.. only in the security industry... 5+ years in and I can always count on it ;) ~!>D Scott Schappert wrote: What a mangled version of J. Robert Opp

[Full-disclosure] Re: RLA ("Remote LanD Attack")

Not a problem at all Roger. I agree, its a bit shocking, by I am far less concerned about the Cisco devices and/or business networks. What I am concerned over is consumer grade products, that do not enforce all the RFC's. That lack security against spoofed packets, and spoofed internal addr

Re: [Full-disclosure] OT: Amazing, the Diebold insider said.

--On Thursday, December 15, 2005 13:41:04 -0700 Dude VanWinkle <[EMAIL PROTECTED]> wrote: p.s.: http://www.house.gov/mckinney/voterrights.htm I wouldn't believe Cynthia McKinney if all she did was say, "Hi, my name's Cynthia McKinney." She's an idiot. Paul Schmehl ([EMAIL PROTECTED]) Adju

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED

If you don't like it unsubscribe. Everybody knows this list is 98% a joke, but that every once in awhile something interesting comes through. If you really *need* to be on this list read the thread title, and decide if it's worth your time. I advise checking out the following alternatives * Dai

[Full-disclosure] Re: RLA ("Remote LanD Attack")

Below is the dialog between Roger and myself, at first the dialog was privet due to me not replying to all. Sorry about that, if anyone has any input, please chime in... Thanks... -- Forwarded message -- From: Synister Syntax <[EMAIL PROTECTED]> Date: Dec 15, 2005 5:10 PM Su

Re: [Full-disclosure] n3tdev shit

my favorite thing about this list is watching people slap each other around hahahah.. only in the security industry... 5+ years in and I can always count on it ;) ~!>D Scott Schappert wrote: What a mangled version of J. Robert Oppenheimer’s statement. How pathetic.

[Full-disclosure] oppenheimer quotes (was: n3tdev shit)

What a mangled version of J. Robert Oppenheimer’s statement. How pathetic. Bearing relevance to the current discussion, how about one of his other ones : The open society, the unrestricted access to knowledge, the unplanned and uninhibited association of men for its furtherance - these are

RE: [Full-disclosure] n3tdev shit

What a mangled version of J. Robert Oppenheimer’s statement.  How pathetic.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of (M.o.H.a.J.a.L.i) Sent: Thursday, December 15, 2005 1:23 PM To: Full Disclosue List Subject: [Full-disclosure] n3tdev shit   if u ha

Re: [Full-disclosure] a call for full-disclosure to become a moderatedlist

it seems to me that without a moderator (since there is the apparent absence of people who are moderate, or even civilized), this list will continue its degeneration into a never-ending pissing contest. Ever seen a 1 man pissing contest? .. if you don't fall for "flame bait" then that's exactly

[Full-disclosure] n3tdev shit

if u have a gmail email or anyemail system that supports filters...then just filter anyemail containing the word n3td3v... -- ®.Now I Am Become DeathThe Destroyer Of Worlds© ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.o

[Full-disclosure] Getting rid of n3td3v

I have a simple suggestion to get rid of the n3td3v problem. Aside from creating a spam filter for every message that contains n3td3v or his email address the next best thing to do is simply ignore all his posts. If you feel the need to let him know what a big moron he is then please do so directly

[Full-disclosure] RE: Moderated lists

Yes, but with the ease of access to disposable e-mail accounts, would that really work? It might make it more difficult to be a troll, but not much. Or perhaps I don't grok what you mean. Yes, it would make it only marginally more difficult, but instead of getting 50 emails calling a troll

Re: [Full-disclosure] a call for full-disclosure to become a moderated list

Joe Average = n3td3v So yeah. Your opinion is greatly valued here. On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > > > On 12/15/05, Bart Lansing <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Mark, et al > > > > remotely possible that n3td3v or inf

RE: [Full-disclosure] a call for full-disclosure to become a moderatedlist

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 15, 2005 12:20 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] a call for full-disclosure to become a moderatedlist it seems to me that without

Re: [Full-disclosure] Administrivia: Requests for Moderation

On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > i spoke with netdev and i asked him not to respond to bait mail from known > nicknames How about from this account too. Do you really believe that we don't know who "yahooinsider" is. ROFL. ___ Ful

Re: [Full-disclosure] OT: Amazing, the Diebold insider said.

p.s.: http://www.house.gov/mckinney/voterrights.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Administrivia: Requests for Moderation

I have an idea, how about every time there is a little noise on the list, we generate 100X that amount of noise talking about ways to deal with the noise and in the process drive the noise makers away because of too much noise? Geo. ___ Full-Disclosur

Re: [Full-disclosure] OT: Amazing, the Diebold insider said.

On 12/13/05, Jei <[EMAIL PROTECTED]> wrote: > Shortly before the election, ten days to two weeks, we were told that the date > in the machine was malfunctioning, the source recalled. So we were told 'Apply > this patch in a big rush. Later, the Diebold insider learned that the patches > were never

RE: [Full-disclosure] Administrivia: Requests for Moderation

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Micheal Espinola Jr Sent: Thursday, December 15, 2005 10:16 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Administrivia: Requests for Moderation Hows about instead of moderation, w

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

You'd think guys could learn to ignore the trolls, but such is life. Reply not to find out for whom the belle trolls, she trolls for thee. - Email solutions, MS Exchange alternatives and extrication, security services, systems integration. C

[Full-disclosure] Re: OT: Amazing, the Diebold insider said.

Paul Schmehl wrote in news:[EMAIL PROTECTED] > --On December 14, 2005 3:59:23 AM +0200 Jei <[EMAIL PROTECTED]> wrote: >> >> Harris revealed that a program patch titled rob-georgia.zip was left on > > > My bs detector just went off. Your bs detector is generating false positives, yo

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

On 12/15/05, GroundZero Security <[EMAIL PROTECTED]> wrote: how offten do i need to tell you ? you are pathetic!this just prooves that you are an idiot.- Original Message - From: "n3td3v" <[EMAIL PROTECTED]>To: Sent: Thursday, December 15, 2005 7:46 PM Su

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

how offten do i need to tell you ? you are pathetic! this just prooves that you are an idiot. - Original Message - From: "n3td3v" <[EMAIL PROTECTED]> To: Sent: Thursday, December 15, 2005 7:46 PM Subject: [Full-disclosure] Fwd: WSLabs,Phishing Alert: Internal Revenue (FAO Todd Towles)

Re: [Full-disclosure] Moderated lists

Todd Towles wrote: Why not do a self-regulating list? Something along the lines of keeping track of signup dates and IP addresses, then when a yahoo starts spouting crap, put it to a vote on list. (only members older then xyz date have a vote) If the list's wish is to have the user banned, t

[Full-disclosure] RE: RLA ("Remote LanD Attack")

Just to clarify, so that people don't think this affects Windows XP SP2. I've tested SP2 again, and the LAND attack no longer works. This announcement concerns gateway network devices that computers may attach to (the announcement is a little confusing at first). Also, to pull off the hping2 examp

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

--On Thursday, December 15, 2005 19:28:43 +0100 Enrico Kern <[EMAIL PROTECTED]> wrote: forget it, we discussed this a few weeks ago, most of the guys on this list just love to get spam and bullshit. The one side says "well yeah omg its no full-disclosure anymore with moderation" (penguin fucke

RE: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

Must..stop...this..thread -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Thursday, December 15, 2005 1:13 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Fwd: WSLabs,Phishing Alert: Internal Revenue

RE: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

I already give Uncle Sam enough money. I wouldn't give him my credit card number to go shopping at Macy's. Anyone that would do this would truly be an ID10T. If you have such a big influence over big corporations, then why do you need so badly to prove to the people on FD to believe you? That wou

RE: [Full-disclosure] TPM - will it work as pushed to the public?

Valdis wrote : > You totally missed the point (which the TPM proponents *are* > trying hard to gloss over, so it's not surprising)... > > TPM isn't about protecting you. It's about protecting the > owner of the DRM and related crap that will be forced down > your throat. Well if that is the

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

On 12/15/05, Todd Towles <[EMAIL PROTECTED]> wrote: > You are dreaming, you have what 5 e-mail address? Websense has hundreds > all over the world, just like internet protection company. I myself > never stated it is "over all the news". Are you saying if I and my advisors hadn't decided to go liv

[Full-disclosure] Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]

[EMAIL PROTECTED] wrote in news:[EMAIL PROTECTED] On Wed, 14 Dec 2005 16:27:57 PST, Geoff Shively said: >> In the attacks, Paller said, the perpetrators "were in and out with no >> keystroke errors and left no fingerprints, and created a backdoor in less >> than 30 minutes. How can this be done b

Re: [Full-disclosure] TPM - will it work as pushed to the public?

On Thu, 15 Dec 2005 12:47:10 CST, Todd Towles said: > http://www.msnbc.msn.com/ID/10441443 > > Is it me or is this totally not going to work for normal people? You totally missed the point (which the TPM proponents *are* trying hard to gloss over, so it's not surprising)... TPM isn't about prot

RE: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

> Accordng to your friends, this was disclosed on the 30th of > November to the Online Media Community? If you look back at > my original phishing advisory, you'll see people were saying > "old news, go away". > If its such old news, why did WSLabs in less than 24 hours > issue an advisory? Get

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

On 12/15/05, n3td3v <[EMAIL PROTECTED]> wrote: > Heres proof I have infulence over the biggest of corporations! > Sorry, but I fail to see the logic in your "proof". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosur

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

Accordng to your friends, this was disclosed on the 30th of November to the Online Media Community? If you look back at my original phishing advisory, you'll see people were saying "old news, go away". If its such old news, why did WSLabs in less than 24 hours issue an advisory? Get real, its total

Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

On Thu, 15 Dec 2005 18:46:47 GMT, n3td3v said: > Heres proof I have infulence over the biggest of corporations! > > -- Forwarded message -- > From: Websense Security Labs <[EMAIL PROTECTED]> > Date: Dec 15, 2005 6:40 PM > Subject: WSLabs, Phishing Alert: Internal Revenue Service >

RE: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

FAO me? Please...you didn't report anything. You think a company that scan 70 million sites a night didn't have the information before you? You really are dreaming... > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: Thursday, December

[Full-disclosure] TPM - will it work as pushed to the public?

http://www.msnbc.msn.com/ID/10441443 Is it me or is this totally not going to work for normal people? "Of course you could always "fool" the system by starting your computer with your unique PIN or fingerprint and then letting another person use it, but that's a choice similar to giving som

[Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)

Heres proof I have infulence over the biggest of corporations! -- Forwarded message -- From: Websense Security Labs <[EMAIL PROTECTED]> Date: Dec 15, 2005 6:40 PM Subject: WSLabs, Phishing Alert: Internal Revenue Service To: [EMAIL PROTECTED] Websense(r) Security Labs(TM) has rec

RE: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATEDLIST

Enrico worte : > What about making a second full-disclosure list with > moderated content (sorting out the kids) of the original list? Here you go..get on it - http://www.securityfocus.com/archive/1 Is it like everyone is speaking french? If you want moderation, go somewhere else. John said it

Re: [Full-disclosure] Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers]

On Wed, 14 Dec 2005 16:27:57 PST, Geoff Shively said: > In the attacks, Paller said, the perpetrators "were in and out with no > keystroke errors and left no fingerprints, and created a backdoor in less > than 30 minutes. How can this be done by anyone other than a military > organization?" > [/sn

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

This list is supposed to be unmoderated if u don't like this list then unsubscribe from it...and go to some moderated list...like...bugtraq just my oponion  On 12/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA.  MAKINGTHE LIST

RE: [Full-disclosure] Administrivia: Requests for Moderation

After keeping out of all the noise, unless I have some signal to add I figured I've got a little unused bandwidth to make one observation.   1. Arguing on the Internet, full-disclosure, or any mailing list is just like competing in the special Olympics, no matter who wins the argument you'r

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

forget it, we discussed this a few weeks ago, most of the guys on this list just love to get spam and bullshit. The one side says "well yeah omg its no full-disclosure anymore with moderation" (penguin fucker style) and the others want the trash sorted out. Well from my point of view a moder

[Full-disclosure] Re: RLA ("Remote LanD Attack")

To All: As requested: MSWord (.doc): http://www.teamtrinix.com/exploits/rla/RLA.doc Plain Text (.txt): http://www.teamtrinix.com/exploits/rla/RLA.txt HTML: http://www.teamtrinix.com/exploits/rla/RLA.htm PDF; (Coming Soon) I will go ahead and create the PDF later this evening. The HT

Re: [Full-disclosure] Moderated lists

On 12/15/05,12/15/05, Andy Lindeman < [EMAIL PROTECTED]> wrote: If the ultimate goal is to keep the "crap" factor down, moderationwill only add to the time it takes to read this list and increase the noise ratio.--A a) moderate one user (turns list into bugtraq) b) real disclosure is full-di

[Full-disclosure] N3tdev has hacked my box!

Actually, it's just a solaris install progress report - but with all the pointless bickering going on on here at the moment, I misread SUNWj3dev as SUNWn3tdev when I saw it out of the corner of my eye Anyway - my contribution to the noise: 1. An un-moderating list is no excuse for rubbish bei

Re: [Full-disclosure] Moderated lists

If the ultimate goal is to keep the "crap" factor down, moderation will only add to the time it takes to read this list and increase the noise ratio. --A On 12/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Why not do a self-regulating list? Something along the lines of keeping > track of

[Full-disclosure] AIX Heap Overflow paper

I've just published a paper on AIX heap overflows. I wrote it back in August but wanted to wait until a couple of flaws I discovered whilst researching the topic were fixed by IBM. IBM released the patches today. You can get the paper at http://www.databasesecurity.com/dbsec/aix-heap.pdf Cheers

RE: [Full-disclosure] Moderated lists

> Why not do a self-regulating list? Something along the lines > of keeping track of signup dates and IP addresses, then when > a yahoo starts spouting crap, put it to a vote on list. (only > members older then xyz date have a vote) If the list's wish > is to have the user banned, then so be i

Re: [Full-disclosure] Administrivia: Requests for Moderation

On Thu, 15 Dec 2005 17:25:28 +Joe Average <[EMAIL PROTECTED]> wrote:> On 12/15/05, GroundZero Security < [EMAIL PROTECTED] > wrote:> >> > >i spoke with netdev and i asked him not to respond to bait mail> > >from known nicknamesMr. Average Joe (or should I call you n3td4v?), what's the amount of

[Full-disclosure] Moderated lists

Why not do a self-regulating list? Something along the lines of keeping track of signup dates and IP addresses, then when a yahoo starts spouting crap, put it to a vote on list. (only members older then xyz date have a vote) If the list's wish is to have the user banned, then so be it...

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

On Thursday 15 December 2005 17:16 [EMAIL PROTECTED] wrote: > I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. MAKING > THE LIST MODERATED WOULD REALLY HELP MY JOB AS A SECURITY > RESEARCHER. I COULD MAKE QUICKER, MORE WELL INFORMED CHOICES IN MY > DAY TO DAY TASKS OF PEN TESTING LEGIT

Re: [Full-disclosure] Symlink attack techniques

On Thu, Dec 15, 2005 at 01:09:49PM +, Werner Schalk wrote: > Hi, > > thanks for all the replies, I really appreciate this. > basically the cronjob is something like: > > 15 4  * * 6  root  /usr/bin/find /home/userA -type f -print > /tmp/report.txt > > Consequently as userB I have no way of

Re: [Full-disclosure] Administrivia: Requests for Moderation

On 12/15/05, GroundZero Security <[EMAIL PROTECTED]> wrote: >i spoke with netdev and i asked him not to respond to bait mail from known nicknames   please also ask him not to post any phishing or xss related information. we do not care. tell him to go learn about IT security first and then come b

RE: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST

If it takes caps, or foul language to get you point across then it must not be of importance and that's your only way to get attention. If attention you want do something to make the national news. I guess some of us have way to much time on our hands and not enough real work to do. FD doesn't ne

Re: [Full-disclosure] Administrivia: Requests for Moderation

Hows about instead of moderation, we try vote-kicking? On 12/15/05, Joe Average <[EMAIL PROTECTED]> wrote: > > > On 12/15/05, John Cartwright <[EMAIL PROTECTED]> wrote: > > Hi > > > > Please do not request that global moderation of FD occur. It won't. As > > others pointed out, that would defeat t

Re: [Full-disclosure] Administrivia: Requests for Moderation

>i spoke with netdev and i asked him not to respond to bait mail from known nicknames   please also ask him not to post any phishing or xss related information. we do not care. tell him to go learn about IT security first and then come back in a few years when he has grown up.   __

RE: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATED LIST

Please reject email from the rude people who insist on typing in all caps. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 15 Dec 2005 08:16:46 -0800 <[EMAIL PROTECTED]> wrote: > I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. MAKING > THE LIST MODERATED WOULD REALLY HELP MY J

Recall: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATED LIST

The sender would like to recall the message, "[Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATED LIST". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

RE: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

Joe Average wrote:  >no need,   >a) ban all gmail addresses   >b) ban nicknames (real name only)   >c) start inforcing list policy for trouble makers who attack legitimate researchers like netdev      Wow   1) n3td3v & you meet both your A and B requirement. 2) So..when are you leaving?

Re: [Full-disclosure] Administrivia: Requests for Moderation

On 12/15/05, John Cartwright <[EMAIL PROTECTED]> wrote: HiPlease do not request that global moderation of FD occur. It won't. Asothers pointed out, that would defeat the entire purpose of the list. I have no intention of changing anything so fundamental. To be frank,those who feel that moderation

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 15 Dec 2005 16:39:41 + Joe Average <[EMAIL PROTECTED]> wrote: > On 12/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. MAKING > > THE LIST MODERATED WOULD REALLY HELP

Re: [Full-disclosure] a call for full-disclosure to become a moderated list

On Thursday 15 December 2005 07:20 [EMAIL PROTECTED] wrote: > how many people who actually find value in this list (which i have, > since len rose set it up quite a long time ago) agree with this > position? I cannot answer a number, but I can speak for myself: I don't want a moderated list, b'ca

[Full-disclosure] Administrivia: Requests for Moderation

Hi Please do not request that global moderation of FD occur. It won't. As others pointed out, that would defeat the entire purpose of the list. I have no intention of changing anything so fundamental. To be frank, those who feel that moderation is needed should be looking elsewhere for their infor

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

On 12/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA.  MAKINGTHE LIST MODERATED WOULD REALLY HELP MY JOB AS A SECURITY RESEARCHER.  I COULD MAKE QUICKER, MORE WELL INFORMED CHOICES IN MYDAY TO DAY TASKS OF PEN TESTING LEGITIMATELY.  I

RE: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATEDLIST

> I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. > MAKING THE LIST MODERATED WOULD REALLY HELP MY JOB AS A > SECURITY RESEARCHER. I COULD MAKE QUICKER, MORE WELL > INFORMED CHOICES IN MY DAY TO DAY TASKS OF PEN TESTING > LEGITIMATELY. I WILL ONLY GET THE GOOD STUFF AND NONE OF

Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 15 Dec 2005 08:16:46 -0800 <[EMAIL PROTECTED]> wrote: > I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. MAKING > THE LIST MODERATED WOULD REALLY HELP MY JOB AS A SECURITY > RESEARCHER. I COULD MAKE QUICKER, MORE WELL INFORMED C

Re: [Full-disclosure] a call for full-disclosure to become a moderated list

On 12/15/05, Bart Lansing <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE-Hash: SHA1Mark, et alremotely possible that n3td3v or infosecBOFH (who seems to be attempting to validate his choice of handles by being anunmitigated ass whenever possible) might actually have somethingconstruc

[Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME A MODERATED LIST

I WOULD JUST LIKE TO EXPRESS MY DEEP SUPPORT FOR THIS IDEA. MAKING THE LIST MODERATED WOULD REALLY HELP MY JOB AS A SECURITY RESEARCHER. I COULD MAKE QUICKER, MORE WELL INFORMED CHOICES IN MY DAY TO DAY TASKS OF PEN TESTING LEGITIMATELY. I WILL ONLY GET THE GOOD STUFF AND NONE OF THIS PISSIN

[Full-disclosure] Re: RLA ("Remote LanD Attack")

Agreed, this and all attacks like this, fall under DoS. The reason I originally classified this attack as a Remote LanD, was I was originally testing a un-patched Windows SP2 machine, locally, and of course watching the box lock up for 30 seconds or so. I then thought, there has to be a way

[Full-disclosure] POC tools?

I'm sorry to post this on FD, but I could do with an answer and other lists I am subbed to seem fairly quiet at the moment (everyone xmas shopping?) Anyway, we juist acquired a smaller company and some of their boxes are a bit out of date, so I was wanting to take the opporuinity to set up a work

[Full-disclosure] Re: RLA ("Remote LanD Attack")

I agree that this is in fact a DoS, however it is using the old LanD attack (from 1997) syntax/style. That fact that it is a packet to itself, from it's self, obviously spoofed. As this was the same way it was done back in the 90's. The difference here, is the fact that the LanD attack can

RE: [Full-disclosure] Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]

Subject: [Full-disclosure] Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers] > and unfortunately when Alan Paller runs his mouth, people listen. DAMNIT. Gracias senore > Paller, lets poke china some more, grea

Re: [Full-disclosure] a call for full-disclosure to become a moderated list

Wow, we have another n3td3v here. Editing your emails? Sorry, not guilty. Replying to you on list so everyone can see you continue to stir the pot, guilty. My momma did not teach my any manners but I taught your momma that thing she does with her tongue. On 12/14/05, [EMAIL PROTECTED] <[EMAIL

Re: [Full-disclosure] InfoSecBOFH and other trouble makers

I havent laughed this hard in a long time. Sure n3tkiddie I'll leave you alone. Just leave the list alone with your stupidity first. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponso

Re: [Full-disclosure] InfoSecBOFH and other trouble makers

so pathetic, n3td0rk already has to invent imaginary people which are on his side. so its not always he against the FD list. oh well boy, you just proove once more how lame you are. look at his 31337 social engineering skills! has so awsome..   but hey just in case you really really arent n3

Re: [Full-disclosure] a call for full-disclosure to become a

On Thu, Dec 15, 2005 at 02:35:00PM +, Xyberpix wrote: > I have to agree on this one that I don't think that moderation is the way to > go. > This is a damn good list, with a load of really intelligent people on it, who > really contribute a lot to the entire community. > Just because a few of

  1   2   >