Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

On Thu, Dec 1, 2011 at 10:37 PM, TAS wrote: > Wonder guy, the basis of your conclusion are as ridiculous as your question. > > Microsoft and Google are products companies. Atleast TCS and Wipro are not. > They are into offshore and managed business domains. Infosys is also into >

[Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

Hi Security Experts, I have a question about the security track record of Indian IT vendors like Infosys, TCS, Wipro etc. An article about Indian IT vendors by an ex-employee of one of these companies is circulating in the different NITs (National Institute of Technology) of India today. My doubt

[Full-disclosure] Hacked data on open sale ?

in a day or so. However, today after nearly 7 months saw the same news in imperva blog, checked the site and found that it's not only still up and running but even updating frequently ! Apart from selling the services above, this guy also discloses SQL injection vulnerabilities in major webs

[Full-disclosure] Practical RTLO Unicode Spoofing

Hello List, Did a quick PoC on Right To Left Override (RTLO) spoofing under windows 7 few months back, thought of sharing. Any thoughts are appreciated. http://esploit.blogspot.com/2011/05/practical-rtlo-unicode-spoofing.html Thanks, Satyamhax http://esploit.blogspot.com ___

Re: [Full-disclosure] Computer name should match with your real identity?

x27;t make that up... And just to be clear, the proposed naming convention above isn't something to distribute to end users or folks using the services on a host. Have had developers ask me to audit their web applications and provide a url like, "http://PDC01SVWB996.int.the-domain.o

Re: [Full-disclosure] Pen-Testing Companies in Quebec

>just make sure you dont hire my good friends @sekcore :PpPp >our local media whore pierre-guy lavoie ... > <http://www.cbc.ca/news/story/2000/03/01/hacker000301.html> http://www.cbc.ca/news/story/2000/03/01/hacker000301.html >"A 22-year-old Quebec City man has been

Re: [Full-disclosure] Google Maps XSS (currently unpatched)

et because I owe something to the "casual" user[s]? Casual users are typically the ones ruining the experience for the rest of us, and I don't owe anyone of them sh-t. You really believe everyone using the Internet should forfeit their privacy and security bec

Re: [Full-disclosure] stupid question again

ut. Real confidence builder there... Think the idea is to avoid getting infected to begin with. Would you really do business with a "legitimate" organization that implements the very tactics they're trying to combat? Guy www.nullamatix.com _

Re: [Full-disclosure] why not a sandbox

On Fri, Sep 4, 2009 at 2:05 PM, RandallM wrote: > how come we just can't sandbox the browser in away from the system. Who or what says you can't? Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/fu

Re: [Full-disclosure] about PC AntiSpyware 2010

heme for demonstrating the authenticity of a digital message or document." There's also the ill-suited and over used md5 hash method... -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-chart

Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification

On Fri, Aug 14, 2009 at 4:17 PM, anto...@santo.fr wrote: > Gone beach for the Week End, more info on monday. > > Antoine. Lies. -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html H

Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification

, circumventing the auth or accessing "blacklisted" sites isn't happening. This is good of course; the device is working as it's supposed to, but I would like to confirm whether or not we're susceptible to this alleged bypass. So far, looks like a dud... Not even sure why this w

Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification

ult   : W00t !! > ** Antoine, Would you mind sharing the policy (on the bluecoat) you're referring to for www.mappy.fr? What is the "Action" for that host or IP set to? You mentioned "whitelisted" but that could mean anything from the list of opti

Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification

o Not Authenticate", "ForceAuthenticate1" and "Deny." In the Web Access Layer list of available actions there are a couple dozen options, none of which are labeled "whitelist" or "whitelisted." Also, I'm not sure what you mean by "localdat

Re: [Full-disclosure] Slashdot hacked?

: Re: [Full-disclosure] Slashdot hacked? > From: 0xjbrow...@gmail.com > To: compsec...@hotmail.com; full-disclosure@lists.grok.org.uk > > Whoever ./'d it should slashdot it! > > On Thu, Jul 23, 2009 at 5:47 PM, Compsec Guy wrote: > > What's wrong with Slashd

[Full-disclosure] Slashdot hacked?

What's wrong with Slashdot today? Best regards,Danila Wartho _ Med Windows Live kan du ordna, redigera och dela med dig av dina foton. http://www.microsoft.com/sverige/windows/windowslive/products/photo-gallery-edit.aspx__

Re: [Full-disclosure] FFSpy, a firefox malware PoC

On Mon, May 25, 2009 at 8:26 PM, saphex wrote: > This isn't about making the user install a malware add-on. It's about > gaining access to the system trough an exploit, or physical access, > modify an existing add-on with your code. And Firefox wont even > notice. Instead of installing a fancy roo

Re: [Full-disclosure] FFSpy, a firefox malware PoC

> From: saphex > Date: Wed, 20 May 2009 01:42:16 +0100 > > I think this is interesting, http://myf00.net/?p=18 > So, how does someone manage to edit the overlay file? Are they going to use some javascript from a malicious website to edit the overlay file of an addon? Or are they supplying a malw

Re: [Full-disclosure] e-Holocaust

Okay e.hitler you mention you're attacking Israeli servers*, lets ignore the impact of that for a second. e.Hitler I want you to tell me, in more than a sentence, why you did that. Yeh, you failed to mention it in your original post. Tell me exactly how your cause makes you feel, and why. Now tell

Re: [Full-disclosure] CCIE makes u go nuts?? or is that only nuts get CCIE????

d the guy was found innocent, despite the way the news channels made it look. On 1/3/09, Joel Jose wrote: > http://www.networkworld.com/community/node/35713 > > It scares the hell out of me. when i read the topics...and try to > learn i cant help my mind and heart doubting...

Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now

Oh my, you both seem to have emailed your conversation to the full disclosure mailing list by accident. How embarrassing. Every body who is subscribed has received emails of you two talking about something that ONLY CONCERNS YOU TWO. Maybe next time when you send emails to each other you should d

[Full-disclosure] Hotmail easter-egg found using Tamper Data....

Hello fellow F.D. Check out this funny hotmail post request I found whilst playing around with Tamper Data: http://img234.imageshack.us/my.php?image=hotmaileasteregg2tg1.png Look at the highlighted text. Sums me up completely. Also, security officers at hotmail are 'slack'? Lol. Have fun guys

Re: [Full-disclosure] Microsoft issues out-of-band patch

Here's an article explaining why Microsoft delays their patching: Specifically this bit: "In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumul

Re: [Full-disclosure] "Index Of" redirection malware attack?

Oops, sorry for the horrible English. I just re-read it. -Malformation From: malformat...@hotmail.com To: full-disclosure@lists.grok.org.uk Date: Tue, 16 Dec 2008 16:41:23 +1030 Subject: [Full-disclosure] "Index Of" redirection malware attack? Hello fellow FD, I recently came across an

Re: [Full-disclosure] Top 10 Coolest Hacking Moments in 2008

- Drive-by attacks with Java. JavaScript has been used to infect thousands of legitimate web pages to insert a trojan to visitors! Sound like a National Enquirer headline? No way! This attack method has been very successful and nearly transparent to users. This launches a new age in hacking. P

[Full-disclosure] "Index Of" redirection malware attack?

Hello fellow FD, I recently came across an interesting website redirecting and delivering malware and I'd like to ask a few questions An "Index of" that checks your referrer to see if you've found the site through a Google search. The index.php script is made to look just like a real 'Index o

[Full-disclosure] Bruteforcing HTML and browser-sec to find BoF's

Hello, fellow F.D readers, There have been a lot of recent IE exploits and talk of "browser-sec" floating around recently and I thought "Hey, what if you made a script that actually bruteforced html?" For example a script that spews out possible combinations of HTML/ASP/JAVASCRIPT/JAVA/SQL/PHP

Re: [Full-disclosure] We're letting the bad guys win

ok this is what this whole thing looks like to me: To n3td3v: You often post ideas and express your opinion to this list. The some (often the more liberal) of us often disagree with you and others mock you for your adventurousness. Actually sometimes it looks childish, almost as if you're despera

Re: [Full-disclosure] 21 Million German bank accounts stolen

To you or someone who knows anything about banks, fraud, and how they work and things. I have a German bank account. Should I do something!? On 12/9/08, James Matthews <[EMAIL PROTECTED]> wrote: > German banks are some of the oldest in the world. This is pretty scary > however it is also the rea

Re: [Full-disclosure] FD culture!?

'British intelligence service'!? According to this: ...Full Disclosure is run by secunia. And administered by one man. Does the 'British Intelligence Service' doesn't even exist? There's: "The Security Service" AKA "MI5". and "SIS" AKA the "

Re: [Full-disclosure] Indian allegations alarm Pakistan

Aren't they just a bunch of kids trying to brag on IRC that they hacked their 'enemy' country? Maybe they don't like them because of propaganda is telling them Indians did the bombing. Or maybe they, like most kids, they've no idea about current affairs and just want to prove themselves good in the

Re: [Full-disclosure] Project Chroma: A color code for the state of cyber security

I'd just like to point out that Symantec has something similar. See here: It's not applied in such a useful way as you suggest - but in case you wanted to know. On 11/29/08, Mike C <[EMAIL PROTECTED]> wrote: > Hi, > > It is time to ta

Re: [Full-disclosure] Security industry software license

Just to summarise what's been said and what I think so we can get back on topic, and conclude something: No-one hacks using metasploit! Go back to 2003. Terrorists with metasploit! What to you have a picture in your head of Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? Reasons Why

Re: [Full-disclosure] Lazy bum approach to security

Hi I agree with you. It's just these 'underground communities' tend to be a bunch of kiddies playing with milworm, bots, and asking help with basic programming. Where's the original ideas, the research, and the worth-while discussion? I guess I described an extreme scenario, but you get the pict

Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed?

It's futile trying to use the law to change things. It will simply force people into the shadows. Which today involves using tor and some Russian web money account. I read a slogan from before my time, in a book: "If source is outlawed outlaws will have source" - same applies to zero days. Anyway

[Full-disclosure] Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk

*Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk* Building an e-business inevitably requires a dedicated ecommerce hosting solution that can support the infrastructures. There are plenty of areas to take care of. Depending on your business types, you

[Full-disclosure] No subject

Not just Rouge apps, it's much more widespread: other colors such as magenta, mauve, fuschia, and even the extremes of pink and purple can also be impacted. On Wed, Aug 6, 2008 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP <[EMAIL PROTECTED]> wrote: What's the infection vector? URL Link?

[Full-disclosure] n3td3v.com

I just saw n3td3v.com up for sale on sedo... https://sedo.com/search/details.php4?domain=n3td3v.com&tracked=&partnerid=&language=us -SecGuy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Ho

[Full-disclosure] Jan Kruska

Jan Kruska is a pedophile that had sex with a child when she was 22 years old. Now she campaigns to let others have sex with children. If you disagree with her, feel free to let her know. You can contact Jan at: Jan Kruska 4102 W Woodridge Dr. Glendale, Arizona 85308 (503) 389-7679 (602) 579-8

Re: [Full-disclosure] Wachovia Bank website sends confidential information

Or hey, if you're not getting anywhere with him, talk to this guy! http://www.belkcollege.uncc.edu/jpfoley/ > Let me see: > wachovia security cissp "incident" +network via Google > > This looks interesting: > http://www.bryceporter.com/ > > I would have conta

[Full-Disclosure] blocking SkyPE?

Alain, Check the FAQ at: http://www1.cs.columbia.edu/~salman/skype/ They present two distinct methods for blocking Skype. Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and