Horse riding around schools won't be allowed, if they wouldn't let me bring
a paintball gun in, they won't allow this.
On 25 Feb 2014 18:19, "Pete Herzog" wrote:
> How to teach hacking in school and open up education:
>
> https://opensource.com/education/14/2/teach-hacking-schools-open-education
s/with their Facebook or Twitter credentials//g
On Tue, Feb 4, 2014 at 10:51 PM, security curmudgeon
wrote:
>
> : From: Mark Litchfield
>
> : As previously stated, I would post an update for Ektron CMS bypassing :
> the security fix.
>
>
> : A full step by step with the usual screen shots can b
Semi related, I'd like to know at what $ amount you guys value your ability
to type variations of ' ">alert(1) ' . I value mine at
around $1000 a time because the characters are made of gold dust and I
spent most of my life learning to type.
:)
On Thu, Oct 3, 2013 a
(infosec) care about is money and not helping
the world.
On 3 Oct 2013 08:41, "Benji" wrote:
> No-one is making you do anything.
>
> If you don't feel like helping for free, like in the old days (2 years
> ago..) then don't
>
> Jeeze, I remember when you guys used to
No-one is making you do anything.
If you don't feel like helping for free, like in the old days (2 years
ago..) then don't
Jeeze, I remember when you guys used to moan that a company had no security
policy, now it's that "the amount offered is too low for me from a company
that has no formal boun
I look forward to see who wins in this argument over personal opinion.
On Tue, Apr 23, 2013 at 4:12 PM, Gregory Boddin wrote:
> You have to think about end-users as well ... Those are impacted first,
> not the vendors.
>
>
>
>
>
> On 23 April 2013 16:51, Georgi Guninski wrote:
>
>> Completely
that a 'QA'
process of any type will not make up for developer mistakes.
Sent from my iPhone.
On 22 Apr 2013, at 07:39, Jeffrey Walton wrote:
> On Sat, Apr 20, 2013 at 7:37 PM, Benji wrote:
>> Because security engineers are different to a QA department you originally
>> s
Sorry, by flaws, I should have said, *"has not prevent bad code/ineffective
patches from being pushed out"
On Sun, Apr 21, 2013 at 12:41 AM, Benji wrote:
> (For example,
> http://webcache.googleusercontent.com/search?q=cache:2cXGaaHnqyMJ:www.computerworld.com/s
(For example,
http://webcache.googleusercontent.com/search?q=cache:2cXGaaHnqyMJ:www.computerworld.com/s/article/9235954/Researchers_find_critical_vulnerabilities_in_Java_7_Update_11+&cd=8&hl=en&ct=clnk&gl=uk)
On Sun, Apr 21, 2013 at 12:37 AM, Benji wrote:
> Because sec
consider/expect any developer to think through each implication of
> each feature they implement"
> Solution: Hire security engineers to think through each implication.
>
> Why are we disagreeing?
>
> On Sun, Apr 21, 2013 at 12:11:51AM +0100, Benji wrote:
> >Your pro
a direct impact on the safety of your customers, that involves
> hiring specialized staff.
>
> On Sat, Apr 20, 2013 at 11:49:22PM +0100, Benji wrote:
> > (in my opinion)
> >
> >On Sat, Apr 20, 2013 at 11:42 PM, Benji wrote:
> >
> > Yes, a better idea woul
(in my opinion)
On Sat, Apr 20, 2013 at 11:42 PM, Benji wrote:
> Yes, a better idea would be to educate and inform developers. At a
> business level atleast this will a) save extra expenditure on needless
> staff and extra departments b) result in faster turn arounds as there'
osing their
> vulnerabilities, more responsible QA testing within the company will
> prevent many of these vulnerabilities from occurring in the first
> place. Or do you have a better idea?
>
> On Sat, Apr 20, 2013 at 11:06:33PM +0100, Benji wrote:
> >Let me expand on tha
Let me expand on that, otherwise I'm sure it's unclear.
Is your suggestion, to remove the worry of developers making mistakes, to
add another human process after it and rely on this to remove all mistakes?
On Sat, Apr 20, 2013 at 10:54 PM, Benji wrote:
> Yes, after the people
Yes, after the people that can make mistakes, we should have people that
are incapable of making mistakes. I totally agree, what a good idea.
On Sat, Apr 20, 2013 at 10:28 PM, Bryan wrote:
> The code monkeys can make mistakes as long as there is a process to
> detect and remedy their mistakes b
STOP STRESSING YOUR HEART JERRY, OR THAT OPERATION YOU HAD ON IT WONT SAVE
YOU
On Fri, Mar 29, 2013 at 4:00 PM, Gage Bystrom wrote:
> Personal habit when it comes to posting on lists that has nothing to do
> with integrity.
> On Mar 29, 2013 8:55 AM, "Jerry dePriest" wrote:
>
>> **
>> for 1 he
>> of hacker script punks thinking
>> FOAD
hurhurhur
On Fri, Mar 29, 2013 at 1:10 PM, Jerry dePriest wrote:
> I'll could spend the whole day pointing out stuff that "isn't pertinent"
> to this list.
>
> at least I have a moral motive, not just a bunch of hacker script punks
> thinking it's co
LIke the one you just sent?
On Fri, Mar 29, 2013 at 1:07 PM, Jerry dePriest wrote:
> **
> wow, another important fucking post that has NOTHING to do WHAT SO EVER
> with FD. farging hypocrites...
>
> I could spend HOURS pointing out the bullshit posts, at least mine has
> merit.
>
> FOAD
>
> ---
>>I think its getting ridiculous, if you don't have a name in the industry
you're getting sued for the vast majority of bugs you solve...
>>And on the other hand, those same companies give away 3-15.000 for a
single bug if the researcher happens to be known :|
Examples please
On Wed, Mar 20, 201
Replace you with they if you want.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Actually, adding input sanitisation really wouldnt increase the code size
that much. Are you just incompetent?
On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz wrote:
> Dear list,
>
> Well, I suppose this had to be a proof-of-concept piece of code to
> demonstrate how port scanning can be
Arbitrary moral compass? Amazing.
Please, explain the morals behind finding a bug, reporting it, getting a slap
on the a wrist, and then running a vuln scanner against the site? If his true
intent was to see if it was fixed, I would suggest that he checked it with the
finesse, logic and precisi
Someone please explain to me why he had to run a vulnerability scanner to
check one vulnerability, and again, how are we still arguing about this?
Whether you think he had a 'right' to test this or not, he was either too
dumb or too naive to know it was against the law.
If anyone would like to sta
He found the vulnerability by running Acunetix against the system. He is
what most be would describe as, a class A moron.
On Mon, Jan 21, 2013 at 8:43 PM, Frank Bures wrote:
> A student has been expelled from Montreal’s Dawson College after he
> discovered a flaw in the computer system used by m
On Thu, Jan 17, 2013 at 9:20 AM, COPiOUS wrote:
> In my opinion they are, since a software crack allows unauthorized use of
> software and the exposure of (possible) trade secrets
How is this possible with a cracked app but not one that isnt cracked?
t; Regards
> On Jan 1, 2013 3:04 PM, "Benji" wrote:
>
>> So you would say, that you find the things he posts "of interest"?
>>
>> Please expand on how and why anti automation bugs in unknown cms's are
>> "of interest"?
>>
>&g
So you would say, that you find the things he posts "of interest"?
Please expand on how and why anti automation bugs in unknown cms's are "of
interest"?
On Mon, Dec 31, 2012 at 11:58 PM, some one wrote:
> If you do not like or find of interest what the guy posts is it not easier
> to just press
ain page runs SMF not WeBid so I'm not really
> too sure where you pulled that from. Good job though, maybe santa will give
> you some of his cookies for your effort.
>
>
> On Dec 21, 2012, at 5:26 AM, Benji wrote:
>
> Also genius, I know you're quick to kick things dow
;
> On Dec 21, 2012, at 3:22 AM, Benji wrote:
>
> in other news, have you heard of the super cool site hacktalk.net where
> they almost have 1000 members?
>
>
> On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana wrote:
>
>> Not a single fucking exploit on the entire site
ray("color" => "test");
$result = array_merge($array1, $array2);
print_r($result);
?>
Array
(
[color] => test
)
So as we can overwrite any array value, we have SQLi across the
application. Maybe a first 0day for hacktalk.net?
I will take your 'hella l33t'
in other news, have you heard of the super cool site hacktalk.net where
they almost have 1000 members?
On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana wrote:
> Not a single fucking exploit on the entire site. gg sir, gg
>
>
> On Dec 10, 2012, at 2:17 PM, tig3rh...@tormail.org wrote:
>
> > In Deep
What we need is a robots2.txt that defines what users are allowed to access
the robots.txt file.
Problem solved.
On Mon, Dec 10, 2012 at 11:33 PM, Gynvael Coldwind wrote:
> Hey,
>
> > > Here is an example:
> > >
> > > An admin has a public webservice running with folders containing
> > > sensit
Yup, this is most likely.
Sent from my iPhone
On 27 Nov 2012, at 15:41, "Gregor S." wrote:
> More interesting than the rootkit itself is how it found it's way into the
> box.
>
> Chances are that Squeeze has a non-disclosed 0day, and that's worring me a
> bit...
>
>
> On Mon, Nov 26, 2012
Command execution through Dynamic DNS setup is quite clearly not expected
functionality.
On Mon, Nov 26, 2012 at 11:28 AM, Gary Driggs wrote:
> On Nov 26, 2012, at 1:47 AM, "Julius Kivimäki"
> wrote:
>
> > Is a privilege escalation vulnerability in Linux not a vulnerability if
> it requires au
.. could you have provided any less information? why dont you look through
your code instead of emailing a screenshot to a mailing list? really?
On Mon, Nov 19, 2012 at 4:47 PM, Benji wrote:
> .. coul
>
>
> On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca wrote:
>
>> Hello *
.. coul
On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca wrote:
> Hello *,
>
> I've setup my browser to remember login & password at my server phpmyadmin
> login page. It usually fills the two fields correctly, but today it showed
> this crap instead:
>
>
> http://img208.imagevenue.com/img.php?ima
2012, at 18:59, klondike wrote:
> El 15/11/12 09:47, Benji escribió:
>> Sometimes when people argue over the definition of '0day', it is important
>> to be clear.
> I never called my attack a 0-day, did I?
>> Although the bash script made it clear, I have never ever se
ders such as pentest companies.
Sent from my iPhone
On 15 Nov 2012, at 18:59, klondike wrote:
> El 15/11/12 09:47, Benji escribió:
>> Sometimes when people argue over the definition of '0day', it is important
>> to be clear.
> I never called my attack a 0-day, did I?
&
Also thank you for posting a link to a well known reference, that was super
appreciated.
Next time link something like OWASP, at least most whitehats don't laugh at
them so you gain more credibility.
Sent from my iPhone
On 15 Nov 2012, at 03:45, "Nick FitzGerald" wrote:
he Matrix hasn't just come out.
Sorry for not knowing non-industry terms used by 1% of the populous you hipster.
Sent from my iPhone
On 15 Nov 2012, at 03:45, "Nick FitzGerald" wrote:
> Benji wrote:
>
>> Oracle attacks?
>>
>> See into the future
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
On Wed, Nov 14, 2012 at 3:44 PM, klondike wrote:
> El 14/11/12 11:20, Kirils Solovjovs escribió:
> > The team has worked around this and are now trying to fix the
> > bug/feature. :)
> >
> >
> http://www.reddit
>> 0-day means it is being actively used in the wild.
No it does not.
On Wed, Nov 14, 2012 at 2:52 PM, Christian Sciberras wrote:
> 0-day means it is being actively used in the wild.
> Is this the case?
>
>
> Chris.
>
>
> On Wed, Nov 14, 2012 at 10:52 AM, ReVuln wrote:
>
>>
>> Following our pr
This has nothing to do with the client. The service is at fault.
Also for the record, r/netsec is a huge circlejerk.
On Wed, Nov 14, 2012 at 10:20 AM, Kirils Solovjovs <
kirils.solovj...@kirils.com> wrote:
>
> The team has worked around this and are now trying to fix the
> bug/feature. :)
>
>
>
to
protect from the lowest denominator up, not top down.
On Sat, Nov 10, 2012 at 6:49 PM, Benji wrote:
> The advice weakens your system from a local perspective granted, but if an
> attacker has a local user on your box already, it's already game over.
>
> Yes, if you were
The advice weakens your system from a local perspective granted, but if an
attacker has a local user on your box already, it's already game over.
Yes, if you were a user with intelligence. I must've forgot that everyone
that uses a computer does so with sense.
On Sat, Nov 10, 2012 at 6:30 PM, Mi
"This is why I find the standard security mantra of "disable root
logins and use su / sudo" to be extremely silly."
I think you've taken that far too literaly. My understanding of it is to
protect against a) brute force retardation b) dumb attackers. Noone said
it's supposed to completely protect
"if at first you dont suceed, next time might be a fluke"
On Mon, Oct 29, 2012 at 2:49 AM, kaveh ghaemmaghami
wrote:
> It reminds me my question from VUPEN Security Team when i got seek
> from their exploitions
>
> How can i make sure a crash is not exploitable? (( The short answer is
> simple as
Hi dear sir madam friend
Responsibly taking on authority, go play with fireworks in traffic
On 27 Oct 2012, at 17:58, adam wrote:
> Hi
> Dear Sir,
> I have drank 5 cans of Pepsi today.
> I can discuss with authority responsible.
> Best Regards
>
> On Sat, Oct 27, 2012 at 11:55 AM, kaveh ghaemm
also while we're at it can you please remove all references to common
sense and logic in any emails that are in the full disclosure archive.
wait...
On Sun, Oct 21, 2012 at 2:09 PM, ZeroDay.JP wrote:
> Full Disclosure Maillist Admin, please kindly delete the posted email of
> "vOlk Botnet Framewo
Why did you report this to UKCERT?
On Tue, Oct 2, 2012 at 7:16 AM, Scott Herbert
wrote:
>
> -
> Affected products:
> -
>
> Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
> Affected function: printPublishIconLink
>
>
..
On Tue, Oct 2, 2012 at 6:40 AM, Vulnerability Lab
wrote:
> Title:
> ==
> Paypal BugBounty #9 - Persistent Web Vulnerabilities
>
>
> Date:
> =
> 2012-10-02
>
>
> References:
> ===
> http://www.vulnerability-lab.com/get_content.php?id=646
>
>
> VL-ID:
> ==
Dear genius
I believe the point was to not give credit
lot of love,
captain obvious
On Mon, Sep 24, 2012 at 4:04 PM, Julius Kivimäki
wrote:
> {*} samba 3.x remote root by {*}
> Give some credit to the guy who actually made this.
> 2012/9/24
>>
>>
>> Massive 0day hide all your printers.
>>
>>
you seem surprised by the level of idiocy, are you new to this list?
On Mon, Sep 17, 2012 at 2:42 PM, Julius Kivimäki
wrote:
> Did you guys seriously just send five different advisories on five different
> vulnerable parameters on one vulnerable script?
>
> 2012/9/17 HTTPCS
>>
>> HTTPCS Advisory
15 years of history.
>
> On Sat, Sep 8, 2012 at 5:18 PM, Benji wrote:
>>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>>> any more data through their back channels by using their browser.
>>
>> is that why you use gmail?
>&g
> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
> any more data through their back channels by using their browser.
is that why you use gmail?
On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton wrote:
> Hi Chrisitan,
>
> [Corrected Title]
>
> I'll feed you one last time. Here
Christian, are you suggesting the people from "itsecuritypros.org" are
infact, idiots?!
On Sat, Sep 8, 2012 at 12:02 PM, Christian Sciberras wrote:
> His initial email doesn't make him look like a newb? Really?
>
> Quoting: "It appears Adobe has become a whore to Google like Mozilla."
>
> Typical
well Im glad we got multiple emails saying you all agree,.
On Thu, Sep 6, 2012 at 8:50 AM, Michael D. Wood wrote:
> I agree. Splunk *IS* doing what it was designed to do.
>
>
>
> --
>
> Michael D. Wood
>
> ITSecurityPros.org
>
> www.itsecuritypros.org
>
>
>
> From: JxT [mailto:jxt.li...@gmail.co
bsurd this list is and it's many
failings, then I think I have succeeded. Stay classy, keep fighting
whatever fight you're fighting.
On Mon, Aug 27, 2012 at 5:45 PM, Igor Igor wrote:
> Robots.txt not supported in any printer.. too bad, all listed in all major
> search engine
&g
" User interaction is required to exploit this vulnerability in that
the target must visit a malicious page or open a malicious file."
sorry, what?
On Wed, Aug 22, 2012 at 4:48 PM, ZDI Disclosures
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> ZDI-12-149 : Cisco AnyConnect VPN Clie
Ok.
On Mon, Aug 13, 2012 at 2:28 PM, Jann Horn wrote:
> On Sun, Aug 12, 2012 at 09:47:57PM +0200, Jann Horn wrote:
>> And finally, I've found another vuln that essentially lets apps gain root
>> rights without asking the user, and I will release all details about it in
>> two weeks.
>
> Found ano
but with bowling 4 crypto as email, natural and logical 2 assume u
plan big crypto massacre, how many innocent bits will we lose this
time?
On Sat, Aug 11, 2012 at 8:07 PM, Hambone Turkey
wrote:
> So I know FD isn't Craigslist but I figured its my best bet. I am looking
> for a KSD-64 Crypto Ig
ah fantastic, a lesson on trolling and bullying. what a valuable
service you are providing.
On Thu, Aug 9, 2012 at 8:19 PM, Pete Herzog wrote:
> Hi,
>
> Version 2 of Hacker Highschool (www.hackerhighschool.org) is wrapping
> up. We will begin publishing/replacing each lesson as we finish it. Of
>
wait, this was a serious email? not like this bro, not like this.
On Sun, Jul 29, 2012 at 11:08 PM, kaveh ghaemmaghami
wrote:
> I think ur on vacation now aren't u Plus nobody ask u to read my
> post and i am not interested about ur opinion keep it for yourself
>
> On Sat, Jul 28, 2012 at 5:
LOL @ script kiddie == "terrorist"
By that logic, public urination is an act of arson.
Both acts are petty and at best deserve to face a firing squad at dawn.
On Thu, Jul 19, 2012 at 2:53 PM, wrote:
> On Wed, 18 Jul 2012 09:16:29 -0400, Abdikarim Roble said:
>
>> As some of us already explaine
SO you're talking about making a baseline?
On Mon, Jul 16, 2012 at 7:52 PM, Ali Varshovi wrote:
> Hello everybody and thank you for your useful comments.
>
> Now I'm thinking that we need a comparison base or normal behavior profile to
> be able to detect any deviations or abnormal/suspicious ac
" All compromised systems talk to the Internet to dump data or route spam."
yup, this is 1000% true and utterly foolproof.
On Mon, Jul 16, 2012 at 2:48 PM, Gary Baribault wrote:
> I suggest one of the first answers was the good one, intercept the traffic
> routed to the internet with TCPDump. F
Yes but you live in cave x
On Fri, Jul 13, 2012 at 3:56 PM, Григорий Братислава
wrote:
> On Fri, Jul 13, 2012 at 10:44 AM, Benji wrote:
>
>> Come to Europe, we show you how to party@#!
>
> Is that is what Greeks and Spaniards call this behaviour? Is funny, to
>
not thrown around.
Come to Europe, we show you how to party@#!
On Fri, Jul 13, 2012 at 3:10 PM, Григорий Братислава
wrote:
> On Thu, Jul 12, 2012 at 9:15 AM, wrote:
>> Benji,
>>
>> Do you write anything but scathing criticism? I've never seen you
>> contribute any
x
On Thu, Jul 12, 2012 at 2:15 PM, wrote:
> Benji,
>
> Do you write anything but scathing criticism? I've never seen you
> contribute anything of use to this list. You must be a real pleasure in
> person.
>
Yes, god Jann, you're such a moron.
On Fri, Jul 13, 2012 at 9:46 AM, Gokhan Muharremoglu
wrote:
> You can find an example page and combined vulnerabilities below URL.
> This example login page is affected by Predefined Post Authentication
> Session ID Vulnerability.
> This vulnerability can lead
Ah, please send more emails explaining the faults of retarded
programmers and serious vulnerabilities, and then link to an owasp
page.
Can you explain HTTPOnly cookies to me? I will only accept your
explanation if you can justify an impact of Critical, a likelihood of
High and a severity of High?
Just read this crap due to your amazing emails. Crap code, easily bypassable.
On Wed, Jul 11, 2012 at 9:37 AM, Gokhan Muharremoglu
wrote:
> http://sourceforge.net/projects/iosec/
>
> This module provides security enhancements against (HTTP) Flood & Brute
> Force Attacks for native PHP or .NET scr
I have no words, just shock.
On Wed, Jul 11, 2012 at 9:34 AM, Gokhan Muharremoglu
wrote:
> Vulnerability Name: Predefined Post Authentication Session ID Vulnerability
> Type: Improper Session Handling
> Impact: Session Hijacking
> Level: Medium
> Date: 10.07.2012
> Vendor: Vendor-neutral
> Issuer
Thank you for confirming that, and providing an even sup3r c00ler POC.
I have always wondered how nc works, and combined with system, it
seems it makes a super exciting vulnerability.
On Fri, Jul 6, 2012 at 5:32 PM, larry Cashdollar wrote:
> verified, http://artis.imag.fr/Software/Basilic/
>
> ht
hey! let them having something to add to CV! Stop be fun police!
Everyone know security isnt actually about security, just make CV look
super cool.
On Fri, Jun 29, 2012 at 10:45 PM, Morris, Patrick wrote:
>
>> -Original Message-
>> From: Joseph Sheridan [mailto:j...@reactionis.com]
>> Sen
I hear Trustwave are reporting similar issues, like the fact you can
specify remote mysql servers in new installations, amazing right? Do
you work for them?
Btw, with phpmyadmin you can injection sql commands !!!
On Fri, Jun 22, 2012 at 12:00 AM, Denis Andzakovic
wrote:
>
> -BEGIN PGP SI
You're the one that suggested a real suggestion would be to use an
'alternate os'.
Live in a cave please?
On Sun, Jun 10, 2012 at 10:56 PM, Laurelai wrote:
> On 6/10/12 5:54 PM, Benji wrote:
>
> Which antisec kids? Unfortunately due to some poeple being utterly de
Which antisec kids? Unfortunately due to some poeple being utterly delued,
such as yourself, throwing that word around it's rather ambiguous now.
On Sun, Jun 10, 2012 at 10:49 PM, Laurelai wrote:
> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>
> OK, I’ll bite this one time. I assert you a
People using this service definitely wont be up to anything clever or
interesting, so it's barely a concern.
I mean really, this is useful?
On Mon, May 7, 2012 at 4:17 PM, Gage Bystrom wrote:
> Anyone visiting a compromised site can get the hash, meaning anyone
> who is looking for it can find i
Wow, yiou're like the jehovahs witnessess of the internet.
Stop with the childish bitching and grow up. Last time I checked
intern0t was also a script kid breeding ground.
On Sat, May 5, 2012 at 2:54 PM, InterN0T Advisories
wrote:
> Hi List,
>
> To stop MustLive's desperate act of trying to get
except it was rather obvious why.
On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote:
> On 4/25/12 3:56 AM, Georgi Guninski wrote:
>> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote:
>>> On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said:
if you read his "advisories"
You should be paranoid if someone could construe what you're doing as illegal.
On Wed, Apr 25, 2012 at 11:07 AM, Laurelai wrote:
> On 4/25/12 4:59 AM, Benji wrote:
>>
>> And choosing to believe any of the other reasons when you think you're
>> an '1337 hacker
And choosing to believe any of the other reasons when you think you're
an '1337 hacker' and are involved in that world, is a personality
problem, end of.
On Wed, Apr 25, 2012 at 10:58 AM, Laurelai wrote:
> On 4/25/12 4:54 AM, Benji wrote:
>>
>> No, with open e
AM, Benji wrote:
>>
>> except it was rather obvious why.
>>
>> On Wed, Apr 25, 2012 at 10:27 AM, Laurelai wrote:
>>>
>>> On 4/25/12 3:56 AM, Georgi Guninski wrote:
>>>>
>>>> On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni..
in soviet russia, lesson teaches you. in west, no lesson learnt by anyone.
On Thu, Apr 12, 2012 at 9:51 PM, Adam Behnke wrote:
> Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
> http://seclists.org/fulldisclosure/2012/Apr/123
>
> The posting was incorrect, the vulnerability
> How came im not surprised that public proxies are being abused for brute
> force attacks?
You're just that far ahead of the curve?
On Tue, Apr 10, 2012 at 5:17 AM, wrote:
>> Hi
>>
>> To any security-aware VPN providers out there reading this:
>>
>> More than 800 hosts (mostly from Asia) start
Yes, because this is incredibly new.
On Tue, Mar 6, 2012 at 8:54 PM, Zach C. wrote:
> Even so, watch all the advisories pour in now for "cookie-based SQL
> injection." :/
> On Mar 6, 2012 12:44 PM, wrote:
>
>> On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:
>> > Unlike other parameters, coo
plz to tell me how long you left cluster fuzzer running to find this hole
size of a pin?
On Fri, Feb 24, 2012 at 3:08 PM, Thomas Richards wrote:
> # Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
> # Date: 02/22/12
> # Author: G13
> # Software Link: https://sourceforge.net/projects/phpgift
A priv8 php shell, funniest thing I've ever heard on this list.
On Mon, Feb 20, 2012 at 1:37 PM, Gage Bystrom wrote:
> Uhh no, you misread what he said. He's saying he's seen that code in a few
> php shells that were supposedly meant to be private but the authors were
> miserable failures and he
2012 at 4:11 PM, Julius Kivimäki
wrote:
> Funny but no, this does not need a non-installed wordpress.
>
>
> 2012/1/25 Benji
>
>> Dear full-disclosure
>>
>> I wrote to you to tell you about serious serious vulnerability in all
>> Windows versions.
>>
>
Dear full-disclosure
I wrote to you to tell you about serious serious vulnerability in all
Windows versions.
If you turn machine on before system is configured, then you be able to set
user password yourself, big gaping hole
I make big large botnet to fully utilise this impressive vulnerabil
"cash for bugs" programs have me a bit annoyed.
>
> Not offering the money for issues that they claim to offer for issues
> is not only dishonest but it is discouraging to beginning researchers.
>
> I've personally seen it happen.
>
> On Thu, Dec 8, 2011 at 9:57 AM,
Sorry, you think people should be making a living off reporting open
redirect disclosure?
On Thu, Dec 8, 2011 at 2:53 PM, Charles Morris wrote:
> Michal/Google,
>
> IMHO, 500$ is an incredibly minute amount to give even for a error
> message information disclosure/an open redirect,
> researchers
Which country is "UNIQPASS" registered as a tm?
On Fri, Dec 2, 2011 at 1:47 AM, adam wrote:
> >>- reduce abuse
>
> The concerning part is that you're serious. Tell me, how does someone
> paying for a list of STOLEN passwords reduce abuse?
>
> This email, your obsession with LulzSec and the disc
Oh thank god, this thread has now become a case of 'look how big my penis
will be in x amount of months'.
On Mon, Nov 21, 2011 at 12:24 PM, Darren Martyn <
d.martyn.fulldisclos...@gmail.com> wrote:
> Jason has a good point. Now to make a simple statement - I am not (nor was
> I) agreeing with the
and where in vTiger is this manipulatable from?
On Wed, Oct 5, 2011 at 11:02 AM, YGN Ethical Hacker Group wrote:
> vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
>
>
> 1. OVERVIEW
>
> The vTiger CRM 5.2.1 and lower versions are vulnerable to Remote Code
> Execution. No fixed version has
pn provider had not shat themself, then it would be a non story.
>
>
>
>
> On 29 September 2011 23:00, Benji wrote:
>
>> 'Abuse' emails and court orders are very different.
>>
>> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 wrote:
>>
>>> err, yo
And in that case, if you're trusting someone else to keep you anonymous,
again, you are stupid and naive.
Honestly, by now you would think people would know: do everything yourself,
trust no-one.
On Thu, Sep 29, 2011 at 2:04 PM, wrote:
> On Thu, 29 Sep 2011 13:53:03 BST, Benji said:
&g
ops to MY HOUSE, then i may have to try and, simply keep my darn
> data secure ey ?
> how about that ?
> simple methods, defeat simple plans benji.
> xd
>
>
>
> On 29 September 2011 22:53, Benji wrote:
>
>> Yes they do. If you buy a server in America for example, eve
s vpn services for everyone and
> anyone. thats obvious crap we know now.
> anyhow, cheers,
> xd
>
>
>
> On 29 September 2011 22:45, Benji wrote:
>
>> Im sorry, why is it 'worrying' that a vpn provider that was a UK business
>> and was located i
1 - 100 of 263 matches
Mail list logo