Re: [Full-disclosure] Encrypted files and the 5th amendment

What if I give them my password to decrypt the fully encrypted hard drive. This would allow them to boot but not login. It would be smart to deny giving up the password first then after awhile give in and comply. Would one have to keep giving passwords until they are satisfied. How deep does th

Re: [Full-disclosure] Encrypted files and the 5th amendment

On Wed, 2011-07-13 at 00:45 +0200, Ferenc Kovacs wrote: > On Wed, Jul 13, 2011 at 12:39 AM, Tim > wrote: > >> Actually, there is no way to tell if the there is another encrypted > >> volume in existence or not. One might stipulate that there "could" be > >> if the filesize is obvious, but when y

[Full-disclosure] New link, No Login required: Analyzing the Biggest Bank Robbery in History

Hi, "I was at a cafe in Bern, Switzerland last year to meet with two other ISECOMers: Nick Mayencourt, a Board Director and Philipp Egli an ISECOM trainer and the talk turned to robbing banks. That's not uncommon because Switzerland is very big on banking and also very big on security, especia

[Full-disclosure] [Annoucement] ClubHack Magazine - Call for Articles

Hello All, As you know, we recently released the July issue with Metasploit as the theme (http://chmag.in/issue/jul2011). And ClubHack Mag is seeking submissions for next issue, Issue19-August 2011. Topics of interest include, but not limited to:- Mobile (Cellular), VOIP Exploitation and Security

Re: [Full-disclosure] Encrypted files and the 5th amendment

Besides various forms of convincing you it's in your best interest to divulge a passcode, the only other solution is to make sure your government has a backdoor into any particular encryption mechanism. Kinda like Skype... ___ Full-Disclosure - We believe

[Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011

OK, you know the drill... We have monthly meetings. This is one of them. Be there! What: Shaun Colley - Jumping the guard page for fun and profit "Stack overflows, generally due to recursion, have long been brushed aside as 'not exploitable..DoS only'. This isn't true - stack overflows AR

Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011

On 13/07/11 18:47, Major Malfunction wrote: > > When: > > Tuesday 25th January 2011 OMG I'm a f*kwit (again). I meant Tuesday 19th July 2011, obviously!!! cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones... __

[Full-disclosure] Spooks really call em "Whizz" and "do cyber"

"I need some real internet whizzes in order to do cyber ..." "I probably have to do better than I am doing at the moment, or else my internet whizzes are not going to stay… and we do have a steady drip, I am afraid. " http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-

[Full-disclosure] Vodafone Phone Hacking Scandal - Femto hacked

Vodafone Hacked - Root Password published The Hacker's Choice (http://www.thc.org) announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to _any_ UK Vodafone customer's phone call. An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest a

Re: [Full-disclosure] Analyzing the Biggest Bank Robbery in History

No need to register for yet another free account from a magazine you don't care about ... Direct download here: http://www.isecom.org/Bank_Robbery_Analysis_OSSTMM3.pdf Sheesh. On Jul 12, 2011, at 7:30 AM, Pete Herzog wrote: > Hi, > > "I was at a cafe in Bern, Switzerland last year to meet with

[Full-disclosure] Skype <= 5.3.0.120 persistent Cross-Site Scripting Issue

Within I will disclose a platform-neutral Cross-site scripting vulnerability in Skype which can be exploited to hijack user's session IDs or compromise user's browser/system. The vulnerability is caused by poor validation and sanitization of input/output. Links: PoC and advisory can be found here:

[Full-disclosure] Torque Server Buffer Overflow Vulnerability

Name: Torque Server Buffer Overflow Vulnerability Author:Adam Zabrocki () Bartlomiej Balcerek () Maciej Kotowicz () Date: March 27, 2011 Risk: Moderate CVE:

Re: [Full-disclosure] (Something or other)

Hi all, I think the book "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy is good for beginners. Just my 2 cents. :) Best Regards From: boris.sverd...@jadedsecurity.com Date: Tue, 12 Jul 2011 16:54:25 -0400 To: w0lfd...@gmail.com CC: full-disclosure@lists.grok.org.uk; bl4k

Re: [Full-disclosure] Vodafone Phone Hacking Scandal - Femto hacked

On 13/07/2011 19:47, r...@segfault.net wrote: > The technical details are available at http://wiki.thc.org/vodafone. Much more importantly it allows you to avoid the insane VF roaming charges... Hacking one of these to use via openvpn when abroad means you could take your UK mobile whereever you

Re: [Full-disclosure] Vodafone Phone Hacking Scandal - Femto hacked

> Much more importantly it allows you to avoid the insane VF roaming charges... > Um .. if you have access to a fast enough Ethernet network (wherever outside the UK you are) to pull this off, you could just use a vanilla SIP phone and be done with it. Cool hack though .. sure is nice of the

Re: [Full-disclosure] (Something or other)

Chris is a fat twat who couldn't social engineer his way out of a bag of double cheeseburgers. On Wed, Jul 13, 2011 at 8:28 AM, Jin Fu Tan wrote: > Hi all, > > I think the book "Social Engineering: The Art of Human Hacking" by > Christopher Hadnagy is good for beginners. Just my 2 cents. :) > >