I'm disturbed in the first place that you want to distribute password
lists to multiple users.
I'm disturbed more so that there is no apparent cognitive dissonance
preventing you from functioning enough to have sent that email.
Someone please tell me that I'm not the only one disturbed here? And
i
Well in that case it becomes fairly sane, assuming you've safeguarded
against the one of the worst case scenario like Valdis previously
mentioned. There are a handful of things I can think of however that
could still work, at which point depends on the attackers goals.
But at that point it'd be a
> Sounds pretty neat to be honest. But one thing I'm wondering is that if
> they have root, what's stopping them from turning that off? After all
> they need root to load the modules in the first place, so if they are
> in a position to want to do that, then they are in a position to turn
+1. Except instead of MD5 you want to use something that isn't garbage.
On Tue, Dec 6, 2011 at 1:18 PM, Paul Schmehl wrote:
> A "poor man's" root kit detector is to take md5sums of critical system
> binaries (you'd have to redo these after patching), and keep the list on an
> inaccessible media (
On Tue, Dec 6, 2011 at 7:52 AM, Christian Sciberras wrote:
> Or not...
>
> http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/
Just to play devil's advocate: this application has the potential to
do a lot of harm. Should we treat it like 'location data' from the
recent past? Recall t
On Tue, 06 Dec 2011 15:14:29 PST, Gage Bystrom said:
> Maybe I'm misreading what you said, and if so please correct me, but
> whether or not the changes described were applied in the first place or not
> wouldn't change the issue that if you needed root unneutered again you
> would need to bring d
Maybe I'm misreading what you said, and if so please correct me, but
whether or not the changes described were applied in the first place or not
wouldn't change the issue that if you needed root unneutered again you
would need to bring down the system. Especially if the change doesn't
really solve
On Tue, 06 Dec 2011 13:20:51 PST, Gage Bystrom said:
> serious pain if suddenly you needed unneutered root again. Would likely
> have to take the system down to fix it. Who wants to be the guy to explain
> that situation to their boss?
If the server is critical enough that you can't take it down
Uhm, pretty much any software entering your system has some potential to
(being) wreck(ing) havoc, be whether it is an innocent gif file or a
potentially backdoored exe.
Still, that doesn't give me the right to shout at any software vendor
baseless assumptions that simply damages its reputation.
T
Sounds pretty neat to be honest. But one thing I'm wondering is that if
they have root, what's stopping them from turning that off? After all they
need root to load the modules in the first place, so if they are in a
position to want to do that, then they are in a position to turn that off.
Granted
Sorry paul, Gage is right here!
Instead of "silly" maybe more like "correct" :(
On Tue, Dec 6, 2011 at 2:42 PM, Paul Schmehl wrote:
> Don't be silly. You can run static binaries off a thumb drive without
> taking the system down. And that includes md5sum. You can put everything,
> including t
Those considering Tripwire I would ask they take a look at OSSEC-HIDS; the
filesystem change notification is outstanding and with inotify() support you
get immediate notification of changes. The monitoring and alerting of log
files is also exceptional. I am not affiliated with OSSEC in any wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2360-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 6, 2011
hehe ye better watch out guyzzz... sheeet im patching my boxes now...
the day i see this done to AB is the day id probably giveup on any hax
tc
ps: ph33r the whitehats
On 7 December 2011 07:14, Ac1d B1tch3z wrote:
>
>
> On Tue, Dec 6, 2011 at 9:54 PM, Ac1d B1tch3z wrote:
>>
>> LMFAO
>>
>> On T
On Tue, Dec 6, 2011 at 9:54 PM, Ac1d B1tch3z wrote:
> LMFAO
>
> On Tue, Dec 6, 2011 at 1:10 PM, white powder wrote:
>
>>
>> http://130.89.241.130/~tjibbe/pics/karma-sometimes-assholes-get-what-they-deserve.jpg
>>
>> u had it comin, kcope
>> AB u will be next
>>
>> welcome to the age of the whiteh
LMFAO
On Tue, Dec 6, 2011 at 1:10 PM, white powder wrote:
>
> http://130.89.241.130/~tjibbe/pics/karma-sometimes-assholes-get-what-they-deserve.jpg
>
> u had it comin, kcope
> AB u will be next
>
> welcome to the age of the whitehat
>
>
>
> ___
> Full-D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2359-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
December 06, 2011
Don't be silly. You can run static binaries off a thumb drive without
taking the system down. And that includes md5sum. You can put everything,
including the script, on a thumb drive and be perfectly comfortable that
the results are reliable, because statically compiled binaries don't use
sy
My bad, should have said that you can't trust the md5sum tampering(since
you stated to have a static copy on the flash drive) but you couldn't trust
it since you couldn't trust the system calls.
The immediate moment you have to worry about a legit userland rootkit you
have to worry about a kernel
yeah, I can confirm that this image was served on the original url.
On Tue, Dec 6, 2011 at 5:38 PM, adam wrote:
> Pretty sure it's supposed to be:
>
> http://de-motivational-posters.com/images/karma-sometimes-assholes-get-what-they-deserve.jpg
>
> On Tue, Dec 6, 2011 at 10:34 AM, Thor (Hammer of
But the problem with that is it is a mentality roughly a little more then a
decade old. What you described is a userland rootkit detector. Problem is
no one uses userland rootkits anymore! Sure there was some recent
development in managed code rootkits but it really hasn't home anywhere and
is Wind
A "poor man's" root kit detector is to take md5sums of critical system
binaries (you'd have to redo these after patching), and keep the list on an
inaccessible media (such as a thumb drive). If you think the system is
compromised, run md5sum against those files, and you will quickly know.
You
On Mon, 05 Dec 2011 19:04:02 +0100, Lucio Crusca said:
> Using dd on /dev/mem and piping results through netcat it's not that
> difficult, and a bit of google explains how to do it the right way, but in
> my case there are two other problems:
Note that the effectiveness and safety of doing a dd
On Mon, 05 Dec 2011 13:53:21 GMT, Dan Ballance said:
> Also, am I correct to think that using something like tripwire is the best
> way to detect root kits properly, but that it obviously needs installing
> when the box is fresh and before it has been physically connected to a
> network?
tripwire
On 12/6/2011 12:22 PM, Georgi Guninski wrote:
> looks like if a corporation does it, it is business. if a non-incorporated
> entity does
it, it is a crime. -- j
Yes, sort ofv like bundling add-on crapware with software downloads... to steal
from the
other ongoing thread...
Java updates bundle
On Sat, Dec 03, 2011 at 12:14:06PM +, Alan J. Wylie wrote:
> "Kain, Rebecca (.)" writes:
>
> > http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it
> >
> > and Julian Assange weighs in:
> >
> > http://www.geek.com/articles/mobile/julian-assange
Worked for me a little while ago, but original thread (and most recent
replies) are saying it's been patched.
On Tue, Dec 6, 2011 at 9:36 AM, darway yohansen wrote:
> I just tested this and i don't get the same options as in step 5 " *Help
> us take action by selecting additional photos to includ
I just tested this and i don't get the same options as in step 5 " *Help us
take action by selecting additional photos to include with your report* "
On Tue, Dec 6, 2011 at 2:41 PM, Peter Dawson wrote:
> Has this been ACK'ed by anyone else ?? Seems that FB's "Report in/Block"
> process breaks
I can confirm that this works. Ugh!
Sent from my iPhone 4
On Dec 6, 2011, at 9:41 AM, Peter Dawson wrote:
> Has this been ACK'ed by anyone else ?? Seems that FB's "Report in/Block"
> process breaks their own privacy stds !
>
> http://forum.bodybuilding.com/showthread.php?t=140261733
> _
Pretty sure it's supposed to be:
http://de-motivational-posters.com/images/karma-sometimes-assholes-get-what-they-deserve.jpg
On Tue, Dec 6, 2011 at 10:34 AM, Thor (Hammer of God)
wrote:
> No workie.
>
> ** **
>
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-b
No workie.
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of white powder
Sent: Tuesday, December 06, 2011 3:10 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] prosec
http://130.89.241.130/~tjibbe/pics/karma-someti
I regularly use iftop, netstat and htop to see what is going on on my
servers.
I have found that raw information always helps the best in determining
acitve compromised systems.
Kerem
On Tue, Dec 6, 2011 at 11:55 AM, Lucio Crusca wrote:
> BH wrote:
>
> > I'm not sure if this has been said in th
Or not...
http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/
On the other hand, where that l33t hacker Drew (aka xD 0x41)?
Thought he'd enlighten us with more of his awesome hacking powers on this
issue.
___
Full-Disclosure - We believe in
Has this been ACK'ed by anyone else ?? Seems that FB's "Report in/Block"
process breaks their own privacy stds !
http://forum.bodybuilding.com/showthread.php?t=140261733
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-di
http://130.89.241.130/~tjibbe/pics/karma-sometimes-assholes-get-what-they-deserve.jpg
u had it comin, kcope
AB u will be next
welcome to the age of the whitehat
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-ch
BH wrote:
> I'm not sure if this has been said in this thread yet, but is it
> possible the host O/S was compromised?
Nothing is impossible, security wise. However I'd talk about likelihood
instead. I own two other OpenVZ containers hosted in the same host OS. They
haven't been compromised, th
Ahh I see. Then yeah I would advise using iptables to deny as much outgoing
traffic as possible and set up the chain so that all attempted traffic
statistics get logged. Back that up with denying as much incoming traffic
as possible. Then monitor for any spawning services with netstat.
Assuming no
I'm not sure if this has been said in this thread yet, but is it
possible the host O/S was compromised? I have not used OpenVZ but I
assume it's the same as Virtuozzo in the respect that you can just
'vzctl enter ' to get a root shell inside the container with no
password (assuming you have control
Gage Bystrom wrote:
> I would suggest iptables but the OP stated he doesn't own the
> server and has no root access.
If I ever stated that, it means I misused my poor english for sure... I DO
have root access and I DO own the server, where the server means the *guest*
OpenVZ instance. I DID con
Reply received from vendor.
-- Forwarded message --
From: Ganesan (CEO, EPractize Labs Software)
Date: Tue, Dec 6, 2011 at 10:25 AM
Subject: RE: Backdoor in EPractize Labs Online Subscription Manager
from epractizelabs.com
To: Jan van Niekerk
Hi,
The PHP is used for trackin
On 05/12/2011 18:20, John Jacobs wrote:
> Tim, while I do believe there is some truth in what you are saying here, I
> respectfully disagree in that this tends to be a run-of-the-mill IRC bot as
> evidenced by the Undernet advisory. This looks like a skiddie-de-jour attack
> against PHPMyAdmin
41 matches
Mail list logo