andrew.wallace wrote:
We're a mailing list of government, business and academia folks pretty
much the same as here. We monitor threat reports and give analysis
from time to time on what's going on and offer advice to folks. Why
would you be against us?
Because you are a complete moron who
n3td3v wrote:
My intentions are usually good when I start a thread about something,
but they are quickly taken down the anti-n3td3v gateway, into all out
flameness about how n3td3v's opinion sucks
Who gives a fuck about your intentions or opinions?
If you have some relevant information to
Because if he doesn't know the industry he shouldn't seek, nor get, that kind
of job.
n3td3v wrote:
You sound like you know the industry, so why don't you give him some tips?
On Tue, Nov 11, 2008 at 8:28 AM, James Matthews [EMAIL PROTECTED] wrote:
If you know the industry then you will be
n3td3v wrote:
blackhats like you will always hate on me, so i just ignore the
negative responses i get.
Whitehats hate you equally because you just create spam and don't post anything
of actual value.
You have your mailing list.
Why can't you just stay there until you have anything of value
Who cares?
A petty thief spending time getting sodomized in prison?
Well, if you you don't wanna play the game, then don't play the game.
Obviously he wanted to played the game, and now he'll the second round of the
game.
// hdw
not dev wrote:
Death of a Gay H4x0r
By: n0td3v
n3td3v wrote:
On Sun, Sep 21, 2008 at 7:20 PM, anonymous pimp [EMAIL PROTECTED] wrote:
Don't you already have your own mailing list? Go there.
Being bored I browsed my Junk folder before I trashed it and I found this gem
of coherent thinking.
It has to be a mailing list run by someone who is
Od Orf wrote:
On a personal level, I have tried in the past to filter out posts
which fail to meet certain criteria using both blacklists and
whitelists of content keywords. I've found these to be ineffective in
Just filter out all messages with the phrase n3td3v in adress, subject or
body and
Paul Schmehl wrote:
Insane == responding to n3td3v.
So how many on this list meet the definition of insane?
Everyone.
--
// hdw
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
[EMAIL PROTECTED] wrote:
On Fri, 6 Jun 2008 at 11:48 PM, n3td3v wrote:
I dropped out of university because of what was written, I still
suffer mental scares and I still haven't recovered.
you had mental scars (scares?) long before that paper. youre just a
retard looking for attention.
Simon Smith wrote:
In response to them still being infected with sql slammer and it probing
my networks regularly.
Ah, them and a gazillion of others.
I ran a little experiment some time ago.
I had an unused ipadress (bog standard dynamic home issue cable feed) and just
for fun I installed
n3td3v wrote:
I'm interested in you saying things will be more secure because of the
presentation, but how long will it
take for things to be more secure and how big an attack window will
the bad guys have after the presentation (A day, a week, a month, a
year?) for putting rootkits into
Byron Sonne wrote:
This list is about whatever I want it to be. You see any moderation
around here?
Everything is political, my friend.
Get your head out of the sand, and let's do something about those
murderous thugs called the Chinese government.
Did you forget Tiananmen square?
[EMAIL PROTECTED] wrote:
Hi,
Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher
from 77.46.152.2 port 55120 ssh2
user/password authentication for SSH? one way of cleaning up your
logs and killing this type of attack is to reconfigure your OpenSSH
to only allow key
phioust wrote:
Who does a tool like this help?
I would hope that the professionals on this list would not rely on weak
password combinations for access into systems.
Several of those professionals have to administer or otherwise deal with
systems, admins and users who are not as enlighted.
Any company email adress is primarily intended for company related issues.
Even the company in question allows you to use it for personal issues,
it's still mainly intented for company use.
An email adressed to, up until recently employed, security researcher,
HR drone or sales assistant, Elmer
Giorgio Fedon wrote:
Worse is to sustain the fact that the world need a better bluetooth
sniffer, using the information that can be found inside the warezed
version of the tool. The opensource community I think that is able to do
it's own research without software piracy.
If the information
Giorgio Fedon wrote:
The thinly veiled advert was to mention that either:
1. He is using a pireted version of the bluetooth sniffer;
2. He has downloaded a pirated version of the bluetooth sniffer and
printed a pdf of the readme inside;
3. He is the author of the pirated version of the
Before I begin to trash.
I do not reject any of the findings, most I'll argue that it's a matter of
perspective.
Ben Bucksch wrote:
= Abstract =
The Perforce client has a huge gapping security hole by design. It
totally trusts the Perforce server and does whatever the server tells
it,
Just one possibly silly question.
Why are you working so hard to do this with complex scripts and stuff?
I just wrote a little C snippet that runs on the firewall.
All servers allowing external ssh send a copy of ssh auth to a port
on the firewall.
If it detects a brute force it adds the host
Now take a deep breath and chill out.
Noone has contradicted any of your claims, not here, not on wikipedia.
The only thing that has been said is that one single individual of the
many that reports on those issues has been discovered as a fake.
I for one is sure that a lot of what this and what
Oh, something almost comprehensible from a surprising source.
However, I think you need some ABC in corporate security.
Jeb Bush wrote:
The flaw allows you to read the victim's status message.
This means telephone numbers etc whatever the victim adds to
their status message is
I'm sorry, I should have don e this earlier, and I should reply.
But somehow I can't resist.
Any post containing the infamous 'n3td3v' tag will be deleted on
arrival.
I'm sorry that I might miss vital information but I can't stand
this childish bickering anymore.
--
// hdw
I might be answered a troll, again, but I totally fail to see your point.
I am of course aware of my limited brain capacity.
My first reaction to the post was intresting, let's see the responses.
And I guess that it was the point of the post.
I would have expected ha ha ha, you're smoked-
And
But most of us can create complete sentences, and you can't.
You have appeared like an obnoxious troll, and you continue to appear as one.
As being way too old I can still understand your wish to be regarded serious
but I'm sorry, you are a complete moron, and you you have failed every test.
Aaron Gray wrote:
I am suggesting that we all cooperate and produce a Code of Conduct
for participating on the Full Disclosure mailing list.
Suggested start :-
1) No Swearing
2) No slagging others off
3) No selling of exploits and vulnerabilities
I have a much better list.
1.
n3td3v wrote:
Remove the URL, no one wants it there. Secunia has no respect in the
industry and probably never will. There website is an eye sore, as is
the Secunia URL on the footer message. How dare you allow FD to be
high jacked by such a scene whore website, you never consulted the
list of
Michael Holstein wrote:
Isn't it easier to boot into single user mode and reset the password? It
doesn't require you to load the live CD which is one less step.
depends on if they setup 'console' as insecure or not in /etc/ttys.
Setuid script on /tmp?
Given that /tmp isn't mounted with
coderman wrote:
Creating a secure password:
o Include punctuation marks and numbers.
o Mix capital, lowercase and space characters.
o Create a unique acronym.
o Short passwords should be 8 chars at least.
Weaknesses to avoid:
o Don't use a password that is listed as an
James Longstreet wrote:
On Mar 26, 2006, at 12:12 PM, Anders B Jansson wrote:
And even then they fail the actual user has a gun at his temple.
Frankly, this is true of just about any authentication scheme.
Exactly, so how far should you drive your requirements for an authentication
Gadi Evron wrote:
So you are basically saying open source free software can't be trusted to
hold high standards or be reliable or secure if I don't pay for it?
No, he's saying:
If you know a better way why don't you do it instead of yapping about what's
wrong.
Theo does have the chat skills
Frederic Pasteleurs wrote:
Hello everybody,
I subscribed to this mailing list in 2004 just to keep me informed about
some useful tips and the latest issues/problems in the software packages
i'm using for my everyday computing habits.
I had a hard time to keep up with the flow of mails in the
Gadi Evron wrote:
Hi guys. There are a couple of things I think I should apologize for, as
there have been several complaints to me recently which convinced me I
am wrong.
Received: from [192.115.22.106] (prometheus.solaris.org.il [192.115.22.106])
(authenticated bits=0)
by
Maybe you'd get more informative and less 'get a clue!' answers if you
rephrased and explained your question a little.
For one, what in the world is a firewall script?
I'd guess it's firewall rules you're talking about.
Second, in what scenario?
Corporate firewall, SME, personal, school?
The discussion is only theoretical and of no business importance.
Exploits are disclosed, that's a fact that I as security manager have to
live and work with.
If this disclosure is good or bad is totally irrelevant.
Anyone who discovers an exploitable weakness, informs the supplier and
then
34 matches
Mail list logo