On Mon, Jan 5, 2009 at 8:49 PM, Larry Seltzer wrote:
> Also stolen from the Palestinian people: their domain name.
> Larry Seltzer
> eWEEK.com Security Center Editor
When someone in the press starts regurgitating lies, I've got to step
in and say something.
Lie #1: There was such a country nam
[SVRT-01-09] Redirection Vulnerability in Yahoo! Advertising Service
1. General Information
On December 22, 2008, SVRT-BKIS found a vulnerability in Yahoo! Wap Service.
This is the second vulnerability discovered by BKIS in cell phone Web
platform, the first one was found in Google Wap Proxy.
T
Also stolen from the Palestinian people: their domain name.
The web site of the Permanent Observer Mission of Palestine to the
United Nations: http://www.palestine-un.org/
Click some of the links on the left and check the whois.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.ewee
I wrote:
>> address. I get the idea that the list has no COPPA filtering (no one 13 or
>> younger allowed), nor does it have any sort of maturity level filtering.
On Mon, Jan 5, 2009 at 3:51 PM, Biz Marqee wrote:
> Stop being a cry baby and go choke yourself to death on your fathers cock
> yo
is this really what ur wasting ur life, and ours with? 1 fucking
word? get a fucking job.
On Mon, Jan 5, 2009 at 4:57 PM, n3td3v wrote:
> On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp wrote:
>> On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier wrote:
>>
>>> They shouldn't let you post at all.
>>
>> LOL!
drivel
On Fri, Jan 2, 2009 at 5:46 PM, n3td3v wrote:
> http://garwarner.blogspot.com/2008/12/muslim-hackers-declare-cyberwar-on.html
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted
really is that ur boilerplate response of the week? gadi gadi gadi?
u fukin idiot.
On Fri, Jan 2, 2009 at 5:07 PM, n3td3v wrote:
> On Fri, Jan 2, 2009 at 9:28 PM, KT wrote:
>> On 1/2/09, n3td3v wrote:
>>> NEVER
>>>
>>> On Fri, Jan 2, 2009 at 7:51 PM, j-f sentier wrote:
Shut the fuckup du
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Folks,
In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document "Security Assessment of the
Internet Protocol". The motivation of the aforementioned document is
explained in the Prefac
On Mon, 05 Jan 2009 23:55:59 GMT, Christopher Pritchard said:
> previous certificate became invalid (for example due to a date issue). It
> should also be possible to have semi-centralised CRLs that browsers would
> check for occasions when the server admin wants to change certificates, they
> coul
===
Ubuntu Security Notice USN-703-1 January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06
On Mon, Jan 5, 2009 at 2:53 PM, Adrenalin wrote:
> Hello everyone,
> A bit off topic..
>
> Can somebody explain why signing a cert for a domain is still so expensive ?
> Or do CA pays a lot of money to browsers so they do not a allow CA with a
> better price.. ? Why can't a CA sign a certificate f
> It's off topic for this thread.
I think discussing the advantages and disadvantages of using a self
signed cert is pretty darned close to the OP's topic, but whatever.
> Moderation, is, of course, relevant.
It comes up about every month. Get over it. Look through the list
archives for ever
Hello everyone,
A bit off topic..
Can somebody explain why signing a cert for a domain is still so expensive ?
Or do CA pays a lot of money to browsers so they do not a allow CA with a
better price.. ? Why can't a CA sign a certificate free of charge so
everyone who own a domain can have a https f
When will this thread die?
Bitching at each other will prove nothing: beliefs in topics such as
national identity cannot be swayed by mere words, especially in the
form of argument.
Now, everyone stfu.
kthnxbai
___
Full-Disclosure - We believe in it.
I think you're the one who misunderstands. Nobody gives a shit what
you have to say, as it's completely OT.
Take your rant elsewhere.
On Tue, Jan 6, 2009 at 11:07 AM, Mainbox Notif wrote:
> Coolz,
>
> I think you misunderstood everything:
> First : you are from Israel, so probably you read only
Coolz,
I think you misunderstood everything:
First : you are from Israel, so probably you read only Israeli newspapers.
In modern world we see news from reliable (independent) sources.
That makes your story not very believable.
But it can be worse: some people here do never read newspapers or see
On Tue, Jan 6, 2009 at 2:45 AM, Tim wrote:
>> Alright, enough of the off-topic crap. Back to the topic, being that
>> lists.grok.co.uk should get a non-self-signed cert. The cancer
>> infesting fd and the merits of CAs are irrelevant to the thread.
>
>
> Oh, ok, so maybe you'd prefer we talk about
Good. I think almost everyone would agree that YOU need to be moderated.
Stop being a cry baby and go choke yourself to death on your fathers cock
you drug fucked faggot.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disc
>I believe I stated *up front* that it doesn't secure against an active MITM
attack. Once ettercap presents a *different* >certificate than the one you
were expecting, the victim can at least potentially notice (the same way
that OpenSSH complains >if it discovers that a host key is different).
On Mon, Jan 5, 2009 at 10:07 PM, Ed Carp wrote:
> On Mon, 5 Jan 2009, n3td3v wrote:
>
>> On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp wrote:
>>>
>>> On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier wrote:
>>>
They shouldn't let you post at all.
>>>
>>> LOL! Thanks for the chuckle!
>>
>> Can we have
> Alright, enough of the off-topic crap. Back to the topic, being that
> lists.grok.co.uk should get a non-self-signed cert. The cancer
> infesting fd and the merits of CAs are irrelevant to the thread.
Oh, ok, so maybe you'd prefer we talk about Palestine, moderation, or
netdev's latest drivel?
On Mon, Jan 5, 2009 at 3:35 PM, Gary Wilson wrote:
>
> Having had enough of the non-topic junk this list has become recently, I
> went to unsub, but it seems the SSL cert is not valid/trusted.
>
> For the mods, I guess:
>
> Secure Connection Failed
>
> lists.grok.org.uk uses an invalid security ce
> And as browsers usually do not check CRLs, there is no way preventing
> the use of wrongfully signed certificates short of distributing a
> "software update" (as was with the MS case). If browsers had a cert
> cache and checked it similar to SSH, MitM-attacks would be much harder.
Well, now you
> No, I don't claim that Joe Sixpack will notice if they're ettercap'ed.
> However,
> fine distinctions like the difference between "just throw ettercap at it" and
> "this protects against passive sniffing but not active MITM" are
> often important in this business.
That's the thing. I don't th
It was Mozilla.com:
http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
Juha-Matti
Volker Tanger [vtli...@wyae.de] wrote:
> Hi!
>
> > The prevailing use of self-signed certs on the Internet basically
> > destroys the usefulness of HTTPS, since it tra
On Tue, 2009-01-06 at 00:25, Rob Thompson wrote:
>
> That lame thread about palestine/Israel is just BS. Flat out. It has
> _NO_ place here!
>
spamassassin's great -
header FD_BS Subject =~ /The war/i
des
Hi!
> The prevailing use of self-signed certs on the Internet basically
> destroys the usefulness of HTTPS, since it trains users to simply
> click "add exception" and ignore the scary warnings "because then I
> get the lock icon, which means I'm safe!"
[...]
> stop being so effing
> stingy and co
On Mon, 5 Jan 2009, n3td3v wrote:
> On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp wrote:
>> On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier wrote:
>>
>>> They shouldn't let you post at all.
>>
>> LOL! Thanks for the chuckle!
>
> Can we have conversation about my opinion on using 'cyber protest'
> instead
On Mon, 05 Jan 2009 22:08:10 GMT, you said:
> I think SANS is confused too;
But you've complained in the past that SANS is a bunch of posers, thus
proving my point. ;)
pgpAHe6OvUSph.pgp
Description: PGP signature
___
Full-Disclosure - We believe in i
On Mon, Jan 5, 2009 at 10:03 PM, n3td3v wrote:
> On Mon, Jan 5, 2009 at 10:03 PM, wrote:
>> On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
>>> Can we have conversation about my opinion on using 'cyber protest'
>>> instead of 'cyber war'?
>>
>> No.
>>
>>> I think the community has been getting co
On Mon, Jan 5, 2009 at 10:03 PM, wrote:
> On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
>> Can we have conversation about my opinion on using 'cyber protest'
>> instead of 'cyber war'?
>
> No.
>
>> I think the community has been getting confused on such matters.
>
> The community isn't confused.
Congratulation's handrix, and few other people here.
for proving you amazing history and middle east knowledge.
few facts (I'm from Israel, and also in the idf, for everyone who want
few more reasons to hate me):
In the beginning of the 20th century there were almost no Arabs in the
land of Israe
On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
> Can we have conversation about my opinion on using 'cyber protest'
> instead of 'cyber war'?
No.
> I think the community has been getting confused on such matters.
The community isn't confused. Only the posers who are pretending to
be part of the
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp wrote:
> On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier wrote:
>
>> They shouldn't let you post at all.
>
> LOL! Thanks for the chuckle!
>
Can we have conversation about my opinion on using 'cyber protest'
instead of 'cyber war'?
I think the community has b
On Mon, 05 Jan 2009 13:29:52 PST, Tim said:
> > > How is that better, really? Run tcpdump or ettercap... Either of the
> > > tools are off the shelf.
> >
> > And if the site is using a self-signed cert, how does a 3rd party tcpdump
> > manage to get a *decrypted* datastream? Yes, you can still
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier wrote:
> They shouldn't let you post at all.
LOL! Thanks for the chuckle!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secun
They shouldn't let you post at all.
2009/1/5 n3td3v
> -- Forwarded message --
> From:
> Date: Sat, Jan 3, 2009 at 6:59 PM
> Subject: Your message to Full-Disclosure awaits moderator approval
> To: xploita...@gmail.com
>
>
> Your mail to 'Full-Disclosure' with the subject
>
>
> > How is that better, really? Run tcpdump or ettercap... Either of the
> > tools are off the shelf.
>
> And if the site is using a self-signed cert, how does a 3rd party tcpdump
> manage to get a *decrypted* datastream? Yes, you can still do traffic
> analysis
> on the "X talked to Y with pa
On Mon, 05 Jan 2009 12:47:20 PST, Tim said:
> How is that better, really? Run tcpdump or ettercap... Either of the
> tools are off the shelf.
And if the site is using a self-signed cert, how does a 3rd party tcpdump
manage to get a *decrypted* datastream? Yes, you can still do traffic analysis
On Mon, Jan 5, 2009 at 11:46 AM, wrote:
> On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
>> Uh, no, actually CAs provide some weak assurance that the certificate is
>> the real one and associated with that server. A self-signed one
>> provides none. If you can't, in some way, authenticate the cert
-- Forwarded message --
From:
Date: Sat, Jan 3, 2009 at 6:59 PM
Subject: Your message to Full-Disclosure awaits moderator approval
To: xploita...@gmail.com
Your mail to 'Full-Disclosure' with the subject
Israel-Gaza conflict: Cyber War or just Cyber Protest?
Is being held u
Another thought... If the FD maintainers wanted to include the
fingerprint of their self-signed cert or CA in the monthly list charter
email, it might be archived in dozens of places around the internet and
allow those who actually care about SSL security to validate the
certificate without having
> It's *slightly* better, in that it guards against passive sniffing attacks
> on the data in transit. You're right that it doesn't guard against an
> active MITM attack.
How is that better, really? Run tcpdump or ettercap... Either of the
tools are off the shelf. It doesn't take a great deal
===
Ubuntu Security Notice USN-702-1 January 05, 2009
samba vulnerability
CVE-2009-0022
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory
eschew moderation!
just delete crap you don't want :)
WMM
On Mon, Jan 5, 2009 at 2:26 PM, Michael Krymson wrote:
>
> For those that want moderation on this mailing list, please let us all know
> how you would like to achieve said moderation on a mailing list populated by
> security-conscious
On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
> Uh, no, actually CAs provide some weak assurance that the certificate is
> the real one and associated with that server. A self-signed one
> provides none. If you can't, in some way, authenticate the certificate
> then SSL is not any better than sendi
> SSL certs cost money. This one works the same. etc..
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way, authenticate the certificate
then SSL is not any better than
For those that want moderation on this mailing list, please let us all know
how you would like to achieve said moderation on a mailing list populated by
security-conscious persons who may also share a tendency to aschew rules
and/or authority.
Before vomiting out an answer, think a little bit more
SSL certs cost money. This one works the same. etc..
On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson wrote:
>
> Having had enough of the non-topic junk this list has become recently, I
> went to unsub, but it seems the SSL cert is not valid/trusted.
>
> For the mods, I guess:
>
> Secure Connection F
CVE-2008-2303 covers an integer overflow in the handling of indices in
the "arguments" array in Apple Safari that affects iPhone, iPod and PC
(Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in
July and for PC in November. More details here:
http://support.apple.com/kb/HT3298
Sim
y.
it's pretty funny to see in many places in U-K some huge flag :
"We support Israel."
that remind me why they support so proudly israel :
http://en.wikipedia.org/wiki/British_Mandate_of_Palestine
Btw i'm not antisemite i like jews, i'm just anti-sionist :)
Cheers
Happy New Year!
Since I haven't done so *all year*, I thought it's about time I release
something! :P
Actually, for my sins, since my idiocy seems to have now encompassed
JAVA, I wanted to get this out there... Most of the effort has been in
figuring out how to get a build environment working
Anders B Jansson wrote:
> And just what kind of crappy mail client do you have to can't filter messages
> on subject and/or sender?
Why should we have to filter messages that are propaganda? This list is
ridiculous, a flat out joke. Filters are for n3td3v and ureleet. Not
this bullshit.
That l
What does this have to do with computers/computer security?
Nothing.
Take your propoganda and go home!
Handrix wrote:
> Hi all,
>
> The terrorist Israeli forces bombed Gaza city and destroyed many
> buildings and killed several hundred people.
> Israel likes to invoke as a justification for it
Gary Wilson wrote:
> Having had enough of the non-topic junk this list has become recently, I
> went to unsub, but it seems the SSL cert is not valid/trusted.
And just what kind of crappy mail client do you have to can't filter messages
on subject and/or sender?
Isn't the point of an un-moderated
just add an exception...
On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson wrote:
>
> Having had enough of the non-topic junk this list has become recently, I
> went to unsub, but it seems the SSL cert is not valid/trusted.
>
> For the mods, I guess:
>
> Secure Connection Failed
>
> lists.grok.org.uk u
Having had enough of the non-topic junk this list has become recently, I
went to unsub, but it seems the SSL cert is not valid/trusted.
For the mods, I guess:
Secure Connection Failed
lists.grok.org.uk uses an invalid security certificate.
The certificate is not trusted because the issuer cert
Allaa,
Frankly I think that the entire thing is silly. We're human beings
made up of the same flesh, blood and bone. We all come from the exact
same source regardless of what name we give it. The same bullet that
can kill me can kill you and the resulting family pains would also be
--On January 2, 2009 4:27:10 PM -0600 Handrix wrote:
>
> Hi all,
>
> The terrorist Israeli forces bombed Gaza city and destroyed many
> buildings and killed several hundred people.
> Israel likes to invoke as a justification for its attacks on its
> neighbors the "war against Terror" - the curren
Dont really know who's making propaganda around here
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
True, I could...yet this one is just a nonsensical flame-fight and really
out of place.
There's a difference between police shooting at demonstrations, and soldiers
rolling in with tanks. Police shootings are not military operations, they
happen just about everywhere on earth and are no indication
Me and others disproved every single one of the claims you and the other
Muslim (assuming you are not the same) person posted here.
The fact that nobody forced him to answer or even read the topic might be
true but his frustration is understandable for this mailing list is aimed
for IT-Security re
Nobody force you to answer or even read this topic. You can still
answer and read other topic.
And what a liar you are.Yesterday a 20 year old boy got shoot dead by
israel in Westbank in a demonstration. So dont speak like the soldiers
are little angels. In fact Satan himself , take special course
It's interesting to note how the PA Palestinians in the West Bank are living
peacefully - they're not launching attacks on Israeli citizens, and therefor
aren't being attacked back by Israel. In fact, many of them have jobs within
Israeli areas and receive benefits from the Israeli government (my s
On Mon, Jan 5, 2009 at 9:25 AM, - o z - wrote:
> On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote:
>
> When there is no choice, there is no choice - Israel has to defend it's
>> own
>> civilian population as a first priority.
>>
>> Let me tell you a little of the latest events -
>>
>> 1) IDF
65 matches
Mail list logo
