Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)

2011-06-12 Thread Georgi Guninski
On Sun, Jun 12, 2011 at 11:06:33AM -0600, Bruce Ediger wrote: > On Sat, 11 Jun 2011, Nick FitzGerald wrote: > > > Nowadays the big, noisy, obvious, "own the net" type "outbreak" of > > yesteryear is not the model of choice for your typical cyber-thug (you > > know, those running virtually all malw

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
So much for that Ryan guy "editing" secn3t's emails. He *just* sent me this because he's completely upset over his "major exploit" turning out to be a "simple feature" :( On Sat, Jun 11, 2011 at 10:40 PM, -= Glowing Doom =- wrote: > Only took you , what 15 flame emails and, i have UNsubbed fr

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
#1 - No one has replied since I reproduced your "proof of concept." #2 - Even if they had, you're replying directly to me - not the list. #3 - None of that is necessary. Type in text, highlight it and then click the anchor/link icon. From there, you can insert the target URL (and use the text of

Re: [Full-disclosure] (no subject)

2011-06-12 Thread adam
Baseless assumption is baseless. While you're breaking stuff in your mother's basement, I'm making a living. I've *opted* to reply to these emails because it's free amusement. Why are you so upset anyway? The world isn't going to end just because you thought a feature was a bug. On Sun, Jun 12, 2

Re: [Full-disclosure] (no subject)

2011-06-12 Thread adam
You got me, my session ID *is 1234567. *Please don't steal money out of my bank account. The only part that I'll bother replying to is what a *joke this list is*. It's so much of a joke that you not only subscribed once, but TWICE. That speaks volumes about you :D On Sun, Jun 12, 2011 at 12:52 A

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
You do realize you're still going to be CC'd, don't you? And OH MY GOD, my text somehow became a clickable link. Did you guys see that? Did you see my ground breaking exploit? I demand your respect right this second!@ On Sat, Jun 11, 2011 at 10:13 PM, -= Glowing Doom =- wr

Re: [Full-disclosure] (no subject)

2011-06-12 Thread adam
It's really kinda sad that you're *still* going. There are thousands of * features* in all kinds of software that *can* be exploited, but that doesn't mean the feature itself was completely unintentional. You were originally describing anchor text and now you're simply describing multi-line anchor

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
That about sums it up, although he unsubscribed from the list so I've CC'd him. If you're bored, look at the quoted conversation below. He went into a complete nerd rage after unsubscribing, all because we wouldn't take his * exploit* seriously. On Sun, Jun 12, 2011 at 12:01 AM, ghost wrote: >

Re: [Full-disclosure] (no subject)

2011-06-12 Thread adam
LOL, it contains [rendered] HTML code but you're telling us that it's plain-text? In case you missed it, here are *your* email headers: Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Sun, Jun 12, 2011 at 12:32 AM, -= Glowing Doom =- wrote: > yea...

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread Haxxor Security
Haha, holy mother of... -=Glowing Dumb=- made my day... To be honest, he made my whole week. Adam, I can't thank you enough for CCing the list. 2011/6/12 adam > I'm not sure how you can keep insisting that it's not a feature when it's > clearly been shown to be one. You either need to pay mor

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
I'm not sure how you can keep insisting that it's not a feature when it's clearly been shown to be one. You either need to pay more attention, or get a better dictionary. What you're describing is possible directly through the anchor/link feature. Even if it weren't, you could just as easily switc

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread adam
I'm not sure why you insist on continuing this, but you're not really helping your case. The bottom line is that it's an intentional feature. That is why it A) consistently works and B) works across most mail clients. On Sat, Jun 11, 2011 at 10:46 PM, -= Glowing Doom =- wrote: > upset...lma... >

Re: [Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!

2011-06-12 Thread Christian Sciberras
Fractal fractal fractal, even us that coined the concept can't keep it going forever. Seems evident that each subsystem looses key aspects of its parent, this might turn out to be a system flaw, or a constrained space. We might have discovered this flaw already and we might have been using all this

Re: [Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!

2011-06-12 Thread Michal Zalewski
> Paradox are way of life... Hence, the goal here is to question every > knowledge with reasoning and trying-not to build a static opinion on > anything. But have you tried contacting the vendor first? /mz ___ Full-Disclosure - We believe in it. Charte

[Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!

2011-06-12 Thread Bipin Gautam
[Archival purpose] Author: Bipin Gautam (All Rights Reserved, Research Paper, 1'st DRAFT) ___ Background: Any doctrine or philosophy is "complete" on its own rights. But, if we start from this angle, anyone can defend anything out of anything. Paradox are way of life... Hence,

Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)

2011-06-12 Thread Thor (Hammer of God)
> > Nowadays the big, noisy, obvious, "own the net" type "outbreak" of > > yesteryear is not the model of choice for your typical cyber-thug (you > > know, those running virtually all malware these days).. > > > > In fact, _avoiding_ exactly that is pretty much top of their list of > > desiderata.

Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)

2011-06-12 Thread Bruce Ediger
On Sat, 11 Jun 2011, Nick FitzGerald wrote: > Nowadays the big, noisy, obvious, "own the net" type "outbreak" of > yesteryear is not the model of choice for your typical cyber-thug (you > know, those running virtually all malware these days).. > > In fact, _avoiding_ exactly that is pretty much to

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

2011-06-12 Thread phocean
Before asking others to learn reading, learn writing yourself. By the way, just a hint concerning this whole thread: maybe if you first start by understanding very well what you want to explain, it will sure become much easier. So you shouldn't blame others for the consequences of your own lacks.