Re: [Full-disclosure] Working exploit for Debian generated SSH Keys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, agreed. - - G Salut, Garrett, On Mon, 19 May 2008 13:51:29 -0400, Garrett M. Groff wrote: > Generating pseudo-random numbers isn't hard given a good API, but > writing that API is non-trivial (assuming you want high entropy/low > predictabili

Re: [Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead

Please seek help for yourself. n3td3v wrote: > If you don't listen to n3td3v and Gadi Evron, at least we know we > tried to avert what we see is going to happen. > > It won't be our necks on the line, it will be heads within government > which will be rolling who decided to ignore us and that thi

Re: [Full-disclosure] Pointless Post

Another any soul you totally missed the point of this post. Sent from my Verizon Wireless BlackBerry -Original Message- From: "M. Shirk" <[EMAIL PROTECTED]> Date: Tue, 20 May 2008 22:21:00 To: Subject: Re: [Full-disclosure] Pointless Post Here is something with substance.

Re: [Full-disclosure] An account of the Estonian Internet War

On Tue, May 20, 2008 at 9:27 AM, Gadi Evron <[EMAIL PROTECTED]> wrote: > It is not > technical, I hope you find it useful. > > Gadi Evron. > Have you ever posted anything technical? Are you capable of doing anything useful? Hope you the best

[Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead ...

Although I am loathe to have my name associated with this thread, does anyone else find the irony amusing - regardless of your opinion(s) on this topic - someone railing against a disclosure at a conference in a forum that includes the following at the end of every message: "Full-Disclosure - W

Re: [Full-disclosure] Pointless Post

Here is something with substance. ,'``.._ ,'``. :,--._:)\,:,._,.: All Glory to :`--,'' :`...';\ the HYPNO TOAD! `,' `---' `. / : / \ ,'

[Full-disclosure] Pointless Post

I have nothing to say but since I can just make a post and say nothing of substance like the ones I have been receiving I decided to say thank you with this pointless post. Maybe I should add the name netdev and then everyone will reply with hate post and cause it to run on for weeks. Thanks f

[Full-disclosure] Dear full disclosure

Dear full-disclosure, please forever archive and cherish these beautiful RIPEMD160 & SHA1 sums. a26a3bc9210ea737111477df501d9f9235d94d46 3c5b90c8b6fcc65122da864931f76e0e39f0c384 Sincerely, -- Charles Morris [EMAIL PROTECTED], [EMAIL PROTECTED] Network Security Administrator, Software Develop

Re: [Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead

On Wed, May 21, 2008 at 2:16 AM, <[EMAIL PROTECTED]> wrote: > If the talk doesn't happen, the C-levels don't see it in the trade rags, they > don't lean on the CIO, who doesn't lean on the networking guys, who go off and > deal with whatever *other* problem they have to deal with (like why their B

Re: [Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead

wait. maybe valdis is n3td3v. On Wed, May 21, 2008 at 11:16 AM, <[EMAIL PROTECTED]> wrote: > On Wed, 21 May 2008 01:48:21 BST, n3td3v said: > >> This is a last minute plea to MI5, the UK Security Service to stop >> this presentation going ahead. >> >> I will hold you responsible in later thread

Re: [Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead

On Wed, 21 May 2008 01:48:21 BST, n3td3v said: > This is a last minute plea to MI5, the UK Security Service to stop > this presentation going ahead. > > I will hold you responsible in later threads if n3td3v and Gadi > Evron's fears become reality. > > The Security Service (MI5) is responsible f

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, 20 May 2008 23:49:33 BST, n3td3v said: > How can you say the cyber world is unlikely to end when Cisco is the > most widely used router on the internet today? Everyone uses Cisco, > all the ISP's and everyone. Except for the people who use Juniper, or Anyhow - if you can explain how

[Full-disclosure] n3td3v says don't let EUSecWest Cisco IOS presentation go ahead

If you don't listen to n3td3v and Gadi Evron, at least we know we tried to avert what we see is going to happen. It won't be our necks on the line, it will be heads within government which will be rolling who decided to ignore us and that this presentation was a good idea. This is a last minute p

Re: [Full-disclosure] [NANOG] IOS rootkits

On Wed, May 21, 2008 at 12:08 AM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2008 at 6:49 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> How can you say the cyber world is unlikely to end when Cisco is the >> most widely used router on the internet today? Everyone uses Cisco, >> all the ISP

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, May 20, 2008 at 6:49 PM, n3td3v <[EMAIL PROTECTED]> wrote: > How can you say the cyber world is unlikely to end when Cisco is the > most widely used router on the internet today? Everyone uses Cisco, > all the ISP's and everyone. > > Even if the in the know guys secure their routers, there

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, May 20, 2008 at 11:53 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > Mr. Wallace, > > In your rush to reply, you failed to actually respond to my post. > > Again, you use the technique of "Supressed Evidence" to forcefully > reply while not actually responding to the point that was made. > >

Re: [Full-disclosure] [NANOG] IOS rootkits

Mr. Wallace, In your rush to reply, you failed to actually respond to my post. Again, you use the technique of "Supressed Evidence" to forcefully reply while not actually responding to the point that was made. On Tue, May 20, 2008 at 6:31 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, May 20, 2008 at 11:44 PM, <[EMAIL PROTECTED]> wrote: > On Tue, 20 May 2008 23:31:46 BST, n3td3v said: > >> You are delusional if you think this presentation won't lead to >> someone releasing a tool to the script kids, the presentation can't go >> ahead. > > Oddly enough, the world didn't

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, 20 May 2008 23:31:46 BST, n3td3v said: > You are delusional if you think this presentation won't lead to > someone releasing a tool to the script kids, the presentation can't go > ahead. Oddly enough, the world didn't fall apart when Michael Lynn did *his* presentation on IOS 3 years ago.

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, May 20, 2008 at 11:25 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > Mr. Wallace, > > 1. HD Moore long ago released a kit that could be used to rootkit > Cisco boxes. This is an obvious statement of fact. > 2. In-the-wild Cisco rootkits have been known to non-eponymous > security researche

Re: [Full-disclosure] [NANOG] IOS rootkits

Mr. Wallace, 1. HD Moore long ago released a kit that could be used to rootkit Cisco boxes. This is an obvious statement of fact. 2. In-the-wild Cisco rootkits have been known to non-eponymous security researchers for a considerable time. 3. You have said that HD More is a global threat. 4. Y

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, May 20, 2008 at 11:03 PM, <[EMAIL PROTECTED]> wrote: > On Tue, 20 May 2008 22:45:23 BST, n3td3v said: >> HD Moore is the biggest threat in the security world today and I stand >> by those words, we can't allow the presentation to go ahead. > > It certainly would be nice to work in a world

Re: [Full-disclosure] [NANOG] IOS rootkits

On Tue, 20 May 2008 22:45:23 BST, n3td3v said: > HD Moore is the biggest threat in the security world today and I stand > by those words, we can't allow the presentation to go ahead. It certainly would be nice to work in a world where HD Moore was the biggest threat. Unfortunately, those of us wh

Re: [Full-disclosure] [NANOG] IOS rootkits

On Mon, May 19, 2008 at 7:39 AM, I M <[EMAIL PROTECTED]> wrote: > Your name doesn't even deserve to sit on the same email as HD Moore.As you > said it yourself: > "I'm not technically gifted so I can't join in the technical discussion > but I see a threat when I see one." > You really aren't so st

[Full-disclosure] [ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] CORE-2008-0415: Borland Interbase 2007 Integer Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ~ Core Security Technologies - CoreLabs Advisory ~ http://www.coresecurity.com/corelabs/ ~ Borland Interbase 2007 Integer Overflow *Advisory Information* Title: Borland Interbase 2007 Integer Overflow Advisory ID: CORE-2008-0415

Re: [Full-disclosure] An account of the Estonian Internet War

Mr. Wallace, On 11/16/05, n3td3v wrote: What did you mean when you wrote these words in 2005? > ## Outside Infulences > > To finish up, outside contributory factors were involved with > behaviours set by myself on said date for outrage. Not everything you > see on list is the full picture of of

Re: [Full-disclosure] An account of the Estonian Internet War

On Tue, May 20, 2008 at 3:27 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: > About a year ago after coming back from Estonia I promised I'd send in an > account of the Estonian "war". The postmortem analysis and recommendations I > later wrote for the Estonian CERT are not yet public. > > A few months

[Full-disclosure] [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1583-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2008

[Full-disclosure] [SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1582-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2008

[Full-disclosure] An account of the Estonian Internet War

About a year ago after coming back from Estonia I promised I'd send in an account of the Estonian "war". The postmortem analysis and recommendations I later wrote for the Estonian CERT are not yet public. A few months ago I wrote an article for the Georgetown Journal of International Affairs, c

[Full-disclosure] [ GLSA 200805-17 ] Perl: Execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Working exploit for Debian generated SSH Keys

> Generating real pseudo-random streams is a hard problem which is way > more than what people can handle. Usually, PRNGs are composed of > various periodic elements which, in the end, all combined produce a > repeating stream of pseudo-random numbers. OpenSSL uses a modified MAC > for this as a s

Re: [Full-disclosure] Tool for SSL Proxy mitm

>I could try to do some API hooking Good, get on it... Shirkdog ' or 1=1-- http://www.shirkdog.us > Date: Tue, 20 May 2008 12:06:07 -0400 > From: [EMAIL PROTECTED] > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] Tool for SSL Proxy mitm > > Hello, > > I'm looking for a

[Full-disclosure] [SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1581-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer May 20, 2008

[Full-disclosure] Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities

://www.mantisbt.org/ Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Date 20080520 I. BACKGROUND From the Mantis web sit

[Full-disclosure] Tool for SSL Proxy mitm

Hello, I'm looking for a SSL proxy to do a mitm against a specific software. Since there is certificate verification, what I'm thinking is to modify the program certificates so it can communicate with the proxy and then have the proxy communicate with the final server with legit identification gra

Re: [Full-disclosure] Working exploit for Debian generated SSH Keys

On Mon, 19 May 2008 13:51:29 EDT, "Garrett M. Groff" said: > Generating pseudo-random numbers isn't hard given a good API, but writing > that API is non-trivial (assuming you want high entropy/low > predictability). And, apparently, screwing up that API is also very easy. Of course, if you're try

[Full-disclosure] [USN-612-7] OpenSSH update

=== Ubuntu Security Notice USN-612-7 May 20, 2008 openssh update CVE-2008-0166 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory

[Full-disclosure] [SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1580-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2008

[Full-disclosure] Secunia Research: Foxit Reader "util.printf()" Buffer Overflow

== Secunia Research 20/05/2008 - Foxit Reader "util.printf()" Buffer Overflow - == Table of Contents Affected Software.

[Full-disclosure] Mtr - remote and local stack overflow - uncomment situation in libresolv.

Name: Mtr - network diagnostic tool. Author:Adam Zabrocki <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]> Date: February 28, 2008 Issue: Mtr allows local and remote attackers to overflow buffer on stack. Description: Mtr combine

[Full-disclosure] CfP hack.lu 2008

Call for Papers Hack.lu 2008 The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely

Re: [Full-disclosure] Working exploit for Debian generated SSH Keys

Salut, Garrett, On Mon, 19 May 2008 13:51:29 -0400, Garrett M. Groff wrote: > Generating pseudo-random numbers isn't hard given a good API, but > writing that API is non-trivial (assuming you want high entropy/low > predictability). And, apparently, screwing up that API is also very > easy. Gener