Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

Hello Michele, I will take a look, because honestly, I dont see anything good about NON persistent xss, so i will have a look and see, thanks :) cheers xd On 10 October 2011 17:24, Michele Orru wrote: > If you all think XSS, even reflected or DOM-based sucks..probably you don't > know the BeEF p

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

If you all think XSS, even reflected or DOM-based sucks..probably you don't know the BeEF project. I would suggest you to take a look at http://beefproject.com , try it, and see yourself what you can do :-) Cheers antisnatchor On 10 Oct 2011 02:56, "xD 0x41" wrote: > YEP! > When ya do it right, d

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

It has some valid uses for sure. Well the Skype id harvesting and sound recording can be used for Counter Intelligence- terrorism operations. But that's just theory. On Mon, 10 Oct 2011 09:51:24 +1100, xD 0x41 wrote: > Interesting... although that archive seems corrupt... id like to see >

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

YEP! When ya do it right, dang right it is! I did never reproduce the EXACT ethod wich made the x41's happen... but, i dun really care for that bug, or you call it a feature..well, i dont know feratures wich have x41's al;l over the emails when made in a special way... so, it was low-level to :) a

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right secn3t? http://seclists.org/fulldisclosure/2011/Jun/215 On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 wrote: > No, i have been through these, and only an idiot would fall for any of > these attacks... Persistent XSS maybe hard

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

No, i have been through these, and only an idiot would fall for any of these attacks... Persistent XSS maybe harder, but, forget the rest :) Im to old for that. Never been a victim yet, in *any* way, and, certainly, those bugs wont be starting a trend.. cheer. xd On 10 October 2011 10:27, wrote:

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

Ta , ill take a look.. very interesting, id love to see src code ;p That would be in whose hands,... i wonder..hehe.. maybe gov orjustr very very smart hax0r... On 10 October 2011 10:21, You Got Pwned wrote: > gunzip the archive then use tar. I also made a zip file which contains the > extracte

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said: > No,... and am happy not to know :-) , like XSS , i do not waste time with > ninoritiy bugs such as 'clickjacking' and these new such terms wich are > total BS. It's all total BS till you discover you're a victim of the attack. pgpCPOQkny2eq.pg

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

On Mon, 10 Oct 2011 09:51:24 +1100, xD 0x41 said: > Interesting... although that archive seems corrupt... id like to see abit > more about this but, very interesting indeed.. specially skype id > harvesting, what could this be for. I hope that was a sarcastic "Now what could this *possibly* be fo

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

> Hi List, > > i thougt this could be interesting. My english is not very good so i > copied > the following information from FSecure ( > http://www.f-secure.com/weblog/archives/2249.html) > > "Chaos Computer Club from Germany has tonight announced that they have > located a backdoor trojan use

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

Shit man, that's serious business (S-K trying to take over FD) Of course it's not your code dickwad. All ya know is talking & posting shit on an IT Sec mailing list. On Sat, Oct 8, 2011 at 7:53 PM, Laurelai wrote: > Blackhatacademy has asked me to post this to the mail

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

Interesting... although that archive seems corrupt... id like to see abit more about this but, very interesting indeed.. specially skype id harvesting, what could this be for. hrms xd On 10 October 2011 07:13, wrote: > On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned > wrote: > > Hi List, >

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

seems that you aren't familiar what Clickjacking means then... No,... and am happy not to know :-) , like XSS , i do not waste time with ninoritiy bugs such as 'clickjacking' and these new such terms wich are total BS. anyhow... call it what you like, it is bs (just like the win32 dll crap and si

Re: [Full-disclosure] Some hash values

On Sun, Oct 9, 2011 at 2:44 PM, Michal Zalewski wrote: >> I believe that this is the best place to post the following hash values: >> MD5Sum:a762a3b9cbfb3d63034646087680b254 >> SHA1sum:6f25d72bd693b52de25c36d04f9e17f945420580 >> SHA256sum:d5886dd14f3eac029d771da6bcc6d49bc2e50c79159e5390c9c0776c725

Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned wrote: > Hi List, > > i thougt this could be interesting. My english is not very good so i > copied the following information from FSecure > (http://www.f-secure.com/weblog/archives/2249.html [1]) > > "Chaos Computer Club from Germany has ton

[Full-disclosure] [ MDVSA-2011:145 ] libxml2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:145 http://www.mandriva.com/security/ _

[Full-disclosure] Possible German Governmental Backdoor found ("R2D2")

Hi List, i thougt this could be interesting. My english is not very good so i copied the following information from FSecure ( http://www.f-secure.com/weblog/archives/2249.html) "Chaos Computer Club from Germany has tonight announced that they have located a backdoor trojan used by the German

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/2011 2:18 PM, valdis.kletni...@vt.edu wrote: > On Sun, 09 Oct 2011 13:38:41 CDT, Laurelai said: >> On 10/9/2011 12:04 PM, valdis.kletni...@vt.edu wrote: >>> On Sun, 09 Oct 2011 08:52:46 PDT, Laurelai said: You sir, are an idiot. >>> >>>

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

On Sun, 09 Oct 2011 13:38:41 CDT, Laurelai said: > On 10/9/2011 12:04 PM, valdis.kletni...@vt.edu wrote: > > On Sun, 09 Oct 2011 08:52:46 PDT, Laurelai said: > >> You sir, are an idiot. > > > > s/an/a/ - FTFY. > > > "A" goes before words that begin with consonants. > > "An" goes before words that

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/2011 12:04 PM, valdis.kletni...@vt.edu wrote: > On Sun, 09 Oct 2011 08:52:46 PDT, Laurelai said: >> You sir, are an idiot. > > s/an/a/ - FTFY. > "A" goes before words that begin with consonants. "An" goes before words that begin with vowels

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

it seems that you aren't familiar what Clickjacking means then... On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 wrote: > Thats just lame dude if you could remove OTHER poples accounts, then id > say 8clap clap*... but own account... whjat about just clicking "close > account" , and lets skip creat

Re: [Full-disclosure] Some hash values

> I believe that this is the best place to post the following hash values: > MD5Sum:a762a3b9cbfb3d63034646087680b254 > SHA1sum:6f25d72bd693b52de25c36d04f9e17f945420580 > SHA256sum:d5886dd14f3eac029d771da6bcc6d49bc2e50c79159e5390c9c0776c725243a5 No, for these specific hash values, I believe the app

[Full-disclosure] [ MDVSA-2011:131-1 ] libxml

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:131-1 http://www.mandriva.com/security/ _

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

On Sun, 09 Oct 2011 08:52:46 PDT, Laurelai said: > You sir, are an idiot. s/an/a/ - FTFY. pgp2xbRwXzvQi.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sp

[Full-disclosure] [ GLSA 201110-02 ] Wireshark: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

On 10/8/2011 8:45 PM, Antony widmal wrote: Shit man, that's serious business (S-K trying to take over FD) Of course it's not your code dickwad. All ya know is talking & posting shit on an IT Sec mailing list. On Sat, Oct 8, 2011 at 7:53 PM, Laurelai

[Full-disclosure] [ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] Some hash values

Hey all, I believe that this is the best place to post the following hash values: MD5Sum:a762a3b9cbfb3d63034646087680b254 SHA1sum:6f25d72bd693b52de25c36d04f9e17f945420580 SHA256sum:d5886dd14f3eac029d771da6bcc6d49bc2e50c79159e5390c9c0776c725243a5 Cheers, cues0r

[Full-disclosure] List Charter

[Full-Disclosure] Mailing List Charter John Cartwright - Introduction & Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and the

[Full-disclosure] [SECURITY] [DSA 2320-1] dokuwiki regression fix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2320-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 8, 2011

[Full-disclosure] [SECURITY] [DSA 2319-1] policykit-1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2319-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 8, 2011