n3td3v,
Dino's beyond well respected in the security community. Also, you
won't know if it is an overhyped bug until Black Hat, and you might
have to reverse your opinion and statements after the details are
released. Although I will say this, it could still qualify as the
most overhyped bug, ev
Alex,
The credibility comes from the painted gold "My Little Pwnie". I
think that each time a
data breach occurs at a major company, someone should send them a box of
"My Little Pwnies".
-Nate
On Mon, Jul 14, 2008 at 10:23 PM, Alexander Sotirov <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 14, 2008
See, this is why Dino is a genius. Forget all the vulns and Pwn2Own
contests, this was brilliantly funny, which was great for a Tuesday
which feels more like Monday.
Nate
On Tue, Jul 15, 2008 at 1:42 PM, Peter Besenbruch <[EMAIL PROTECTED]> wrote:
> On Tuesday 15 July 2008 08:17:30 Alexander Sot
http://blogs.zdnet.com/security/?p=1467
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Yeah, this has been all over the news today. In fact, I've
interviewed Dan Kaminsky on the issue, and also covered thoughts by
Tom Ptacek on whether the issue is as big a deal as everyone is making
it out to be.
See http://blogs.zdnet.com/security/?p=1466
Thanks,
Nate
On 7/8/08, Ivan . <[EMAIL
Is this in response to a vulnerability to report, or in response to some
other form of abuse, like spam?
-Nate
On 5/27/08, Gary Wilson <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, May 27, 2008 16:46, Simon Smith wrote:
> > Does anyone here have a contact for Ford Motors IT Department,
> > Specifical
So far from what I've read I've only heard talk of this as SQL
injection to update tables and put in these malicious links, but I've
heard no talk of data exfiltration... Has anyone heard about data
being stolen as a result of this widespread attack?
Nate
On 5/17/08, Stuart Dunkeld <[EMAIL PROTEC
please
> go back to your livejournal and get off of our mailing list Mr. Web
> 2.0. You probably don't even have a CISSP.
>
> Signed,
> Professor Micheal Chatner, MD, CISSP
>
>
> On Wed, May 7, 2008 at 3:28 PM, Nate McFeters <[EMAIL PROTECTED]>
> wrote:
> &g
thing against you, and up
until this point have only read one of your entries to FD.
In any case, you won't have to deal with me much longer, I can see that FD
is a complete waste of time.
Nate
On Wed, May 7, 2008 at 5:18 PM, Professor Micheal Chatner <
[EMAIL PROTECTED]> wrote:
>
Wow.
What was that for?
On 5/7/08, Professor Micheal Chatner <[EMAIL PROTECTED]> wrote:
>
> Your mom moderates my nuts, you ugly Indian turban wearin bitch.
>
> Professor Micheal Chatner, MD, CISSP
>
> On Wed, May 7, 2008 at 1:04 PM, Anshuman G <[EMAIL PROTECTED]> wrote:
> > yup. lets cut this s
make yourself out to be a moron every
single day on FD, so whatever you say about me, I'm sure will not be held in
high regard.
Nate
On 5/5/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Mon, May 5, 2008 at 6:21 PM, Nate McFeters <[EMAIL PROTECTED]>
> wrote:
> > Sure
It can be a script kiddie tool, if you'd ever done some real research and
found a few bugs on your own, you might know how wonderful a tool it can be
in that process. Drastically cutting down time.
Nate
On 5/5/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Mon, May 5, 2008
#x27;re so predictably boring... is there not something you have
expertise on that you can talk about?
Obviously you're not in the right place on this list.
Nate
On 5/5/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> On Sun, 04 May 2008 16:27:49 BST, n3td3v said:
> > On
Sure it has something to do with what you said... it speaks to the core of
your being that no one respects what you say on this board, so why would
people listen to what you have to say about HD, who is someone that people
on this board do respect.
Nate
On 5/4/08, n3td3v <[EMAIL PROTECTED]> wrot
No one cares about anything you are saying on this list. Period.
Maybe now that everyone knows your name you'll make some posts that are
worth reading.
-Nate
On 5/4/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> I gave out my name out to a public chat room and the URL of my web
> page of the school
Ahahahahha, that made my day!
On 5/2/08, Rob Thompson <[EMAIL PROTECTED]> wrote:
>
> n3td3v - is like the William Hung of the computer world...
>
> Priceless...
>
> On Fri, May 2, 2008 at 1:32 AM, Nate McFeters <[EMAIL PROTECTED]>
> wrote:
> > Oh that...
wrote:
> On Fri, May 2, 2008 at 12:15 AM, Nate McFeters <[EMAIL PROTECTED]>
> wrote:
> > What the hell is this for?
> >
>
> He didn't support Web Application Security Awareness Day.
>
> All the best,
>
> n3td3v
>
>
What the hell is this for?
On 5/1/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> Suck a cock big boy, you're going down. down, down.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and s
Honestly,
I can't really blame him for stealing the idea... if he in fact did. Free
0dayz man... that's awesome!
Nate
On 4/24/08, I)ruid . <[EMAIL PROTECTED]> wrote:
>
> Wow, that didn't take long...
>
> I released a draft of the Cirque du 0day CFP to a few closed channels a
> week or so ago,
Very nice, looks a lot like some of my work in URI handler abuse.
-Nate
On 4/24/08, Thomas Pollet <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I have found that the lotus expeditor rcplauncher as installed by lotus
> symphony and possibly other products, registers a cai: uri handler.
> This handler
Watch out n3td3v, the government is out to get you again!
-Nate
On 4/21/08, Lindley James R <[EMAIL PROTECTED]> wrote:
>
> Employment Opportunities for Java/.NET Programmers and pen-testers
>
> The Internal Revenue Service IT Security Architecture and Engineering's
> Advanced Technical Analysis
n3td3v,
Are you Bin Laden? You're doing his job for him! If we can't even park
without being afraid someone is going to blow up our building, wtf?
Pictures of the parking lot? Big fucking deal!
Nate
On 4/14/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Mon, Apr 14, 2008 at 6:54 PM, G. D. Fueg
why don't you do a vote to see how many peoplecare about conference postings?
4/13/08, n3td3v <[EMAIL PROTECTED]> wrote:
> On Sun, Apr 13, 2008 at 6:09 AM, Dragos Ruiu <[EMAIL PROTECTED]> wrote:
> > Calling, me, (heh) a big company, and starting quixotic "revolutions"
>
> Well I cast a vote and
setup your own list. Run it yourself. Spam your agenda out there.
Nate
On 4/11/08, n3td3v <[EMAIL PROTECTED]> wrote:
> > On 4/11/08, n3td3v <[EMAIL PROTECTED]> wrote:
> >
> > > On Fri, Apr 11, 2008 at 10:51 PM, <[EMAIL PROTECTED]> wrote:
> > > > vulnerability disclosures
> > >
> > > That's what
Sweet so quit crying about conferences and release some bulbs then.
Nate
On 4/11/08, n3td3v <[EMAIL PROTECTED]> wrote:
> On Fri, Apr 11, 2008 at 10:51 PM, <[EMAIL PROTECTED]> wrote:
> > vulnerability disclosures
>
> That's what the list is supposed to be for before e-commerce moved in.
>
> __
The industry and the community say fuck off n3td3v.
Nate
On 4/11/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Fri, Apr 11, 2008 at 9:41 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> > On Fri, Apr 11, 2008 at 7:32 PM, Ureleet <[EMAIL PROTECTED]> wrote:
> > > i still dont know why he doesnt volunteer to
Hahahhaa, nice, very nice.
On 4/11/08, offbitz <[EMAIL PROTECTED]> wrote:
>
> Har Har Har. This is great. I liken it to a public pissing contest,
> except that you're all pissing into the wind with every email you send.
> Good luck with that.
>
> BTW Nate, Gmail won't let me send my E-dick. It'
Sorry, couldn't help myself.
Nate
On 4/11/08, Nate McFeters <[EMAIL PROTECTED]> wrote:
>
> My e-Dick is huge.
>
> Thanks,
>
> Nate
>
>
> On 4/11/08, josh <[EMAIL PROTECTED]> wrote:
> >
> > How about everyone just STFU. You are killing m
My e-Dick is huge.
Thanks,
Nate
On 4/11/08, josh <[EMAIL PROTECTED]> wrote:
>
> How about everyone just STFU. You are killing me with these damn emails.
> I've not been reading them but I do glance over the subject, sender, and
> sometime a bit of the body, so I don't really know what's going o
n3td3v, all of your emails get like this cause you make stupid points like:
I think all conference emails should be moved to a separate list cause
they're evil
Nate
On 4/11/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Fri, Apr 11, 2008 at 6:32 PM, Razi Shaban <[EMAIL PROTECTED]> wrote:
> >
Hey Perl Underground,
Maybe I missed something, could you provide some context around your gripe
against RSnake? I'm struggling a bit with it, and your email is quite long
and heavily line broken, making it hard to read.
I've found RSnake to be pretty knowledgeable when it comes to web
applicati
You know n3td3v, conferences are a lot of fun to go to. I've sat by on FD
and watched you hijack numerous threads, blast out emails that lead to
ridiculous amounts of wated time and resources, and I've never once said
anything against you. Why? FD is and always has been an unmoderated list.
That
So what's your agenda for spamming everyone n3td3v? Why even waste your
time on this? It's like what, 2 emails a month on security conferences?
Big fucking deal.
Nate
On 4/10/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Thu, Apr 10, 2008 at 11:05 PM, DUDE DUDERINO <[EMAIL PROTECTED]>
> wrote:
n3td3v... The list is unmoderated. That's why we have to get 63
emails for your last pointless rant. Some of us find these conference
emails quite useful.
Nate
On 4/10/08, n3td3v <[EMAIL PROTECTED]> wrote:
> I'm calling for a security conference mailing list to be setup, this
> is getting beyond
Hahaha, nice find.
On 4/1/08, I)ruid <[EMAIL PROTECTED]> wrote:
>
> ____
> /\/\ | | | |
>/ /\__\##/ /\ \##| |##| |
> | | | |__| | | | | |
>
ots of collaboration going on there.
Nate
On 3/18/08, reepex <[EMAIL PROTECTED]> wrote:
>
> On Tue, Mar 18, 2008 at 10:36 PM, Nate McFeters <[EMAIL PROTECTED]>
> wrote:
>
> > I don't consider myself a 'kiddie' and I've considered contributing
I don't consider myself a 'kiddie' and I've considered contributing to it.
I feel like the old adage of blowing out someone elses flame to make yours
burn brighter applies here. Reepex, I didn't get a chance to see your
presentation at kiwicon, bit to expensive for an American on a tight budget
to
Bad ass!
Sent via BlackBerry from T-Mobile
-Original Message-
From: Adam Chesnutt <[EMAIL PROTECTED]>
Date: Thu, 31 Jan 2008 18:38:11
To:full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Southwest Airlines Ticket Silliness
Not sure if anyone posted this before; But I figured
This is the best thread on FD ever, starts with secreview making a
completely unprofessional/mostly uninformed assessment of a consulting
group, moved into some question of secreview and why they think they can do
this, and here we are, talking about bagels and salmon :).
Nate
On 1/25/08, Dude V
Haaha, wtf?
Dude lives down the street from me.
Nate
On 1/24/08, Bart Cilfone <[EMAIL PROTECTED]> wrote:
>
>
> ***
> _ ___ _
> / ___| | | | / \ | \ | |
> | | | |_| | / _ \ | \| | ENTERPRISES L
Sorry man, I'm missing the riddle... I guess I need a reepex64 decoder to
read and understand this one :)
On 1/21/08, reepex <[EMAIL PROTECTED]> wrote:
>
> a ... you are first of probably many to miss the intention of why i
> called out that line and that particular 'U'
>
> one day it will com
Since I saw no response from XSS fans...
PHNjcmlwdD5hbGVydCgncHduMzMgcjFkMycpOzwvc2NyaXB0Pg==
On 1/21/08, reepex <[EMAIL PROTECTED]> wrote:
>
> On Jan 21, 2008 10:50 PM, Nick FitzGerald <[EMAIL PROTECTED]>
> wrote:
>
> > Think pre-MIME/Base64 and U should be able to suss it out...
> >
>
> nice a
Guys please! The overwhelming majority of the list was clearly already baffled
by the uber leet base64... Let's not give them a brain freeze by continuing.
Pretty soon someone will start writing in binary or rot13 at this rate.
Nate
Sent via BlackBerry from T-Mobile
-Original Message-
Agreed.
Sent via BlackBerry from T-Mobile
-Original Message-
From: reepex <[EMAIL PROTECTED]>
Date: Mon, 21 Jan 2008 21:25:48
To:Maxim <[EMAIL PROTECTED]>, full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] [Professional IT Security Providers -
Exposed] PlanNetGroup
I mean, it is used all over the place... it'd seem like half of the list
could know.
On 1/21/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> On Mon, 21 Jan 2008 23:32:00 -0300, damncon said:
> > Come on ... that == pretty much says what it is
>
> OK, I'll bite - where would the average nmap/n
eW91IGNhbiBwYXkgdXMgdG8gd2hvcmUgeW91ciBjb21wYW55Cg==
The interesting thing is that they don't seem to be reviewing large
companies... perhaps they are interested in extorting the smaller ones???
Just a thought, not an accusation.
Nate
On 1/21/08, J. Oquendo <[EMAIL PROTECTED]> wrote:
>
> SecRev
SecReview,
My 2 cents on your review, although I will try to be nicer then you were to
the reviewee. I'm completely skipping your section where you talked to the
non-technical person, that's not even fair... sorta like reviewing a
consulting group based on their website alone... oh shit, I forgot
Not to through fuel on the fire, but wouldn't that XSS actually be in IE,
since IE is what opens the file? Could've been a funny joke though, a real
knee slapper.
Nate
On 1/17/08, Fredrick Diggle <[EMAIL PROTECTED]> wrote:
>
>
Hahaha, nice! I guess it's not that bad then in retrospect.
On 1/15/08, worried security <[EMAIL PROTECTED]> wrote:
>
> On Jan 16, 2008 2:06 AM, Nate McFeters <[EMAIL PROTECTED]> wrote:
> > Stop the madness!
>
> be lucky you're not subscribed to the d
Hahaha, no thanks, I'll pass... seriously though I'd be much happier if some
of this crap mail would slow down a bit.
On 1/15/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> On Tue, 15 Jan 2008 20:06:39 CST, Nate McFeters said:
>
> > Seriously, is there a m
Stop the madness!
I'm going to conduct an expirament... I'm going to send an email to the list
with several stupid comments, three comments that have nothing to do with
what FD was created for, and several points as to why Cross-Site Scripting
is the most dangerous security vulnerability ever and
Is anyone out there using these reviews? It's just amazing that we are
still going through this. SecReview is busting Adam for not credentializing
himself, but I see nothing of how they have credentialized what they are
doing. It's absurd.
On 1/2/08, Tremaine Lea <[EMAIL PROTECTED]> wrote:
>
>
Unless I missed something, these seemed like legitimate responses. They may
not have all been delivered with tact, but I mean, you are on FD, what did
you expect?
I think some valid points are brought up about your credentials and your
process.
Nate
On 12/21/07, SecReview <[EMAIL PROTECTED]> w
More than likely all the gecko based browsers will be vulnerable to this.
So that would include Mozilla, Camino, SeaMonkey... possibly even things
like Thunderbird if you could get it to render.
Nice find guys!
Nate
On 12/1/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote:
>
> Netscape Navigator
Except the loss of your privacy. No big deal or anything.
Sent via BlackBerry from T-Mobile
-Original Message-
From: "Joel R. Helgeson" <[EMAIL PROTECTED]>
Date: Sun, 11 Nov 2007 17:03:03
To:"'Kelly Robinson'" <[EMAIL PROTECTED]>,
Subject: Re: [Full-disclosure] Wiretapping
If your c
Paul,
Sorry about your difficulties. This is complete madness on the part of the
German government and I fear it sets a dangerous precedent for other
governments. There is no more clear definition for the word ironic then when
those we've elected to protect us and our civil liberties pass law
This is ridiculous. Not to mention the implications for users of financial web
apps, you still have to consider that xss is a great delivery mechanism for all
sorts of attacks. When you evaluate a flaw, you must evaluate the risk it
presents to a victim. Xss provides a rich attack surface. I
What about when xss leads to stack overflows and command injections? See
http://xs-sniper.com. It would seem that if you subscribe to the thought that
only attacks that take over a victims computer are valid, then you would have
to now admit xss as valid as well.
Nate
Sent via BlackBerry from
Or run commands or cause stack overflows through the applications
installed on your machine. If you don't think XSS is a big issues,
check out my presentation from Black Hat Japan, which just got over.
Keep up the good work PDP.
Nate
On 10/27/07, scott <[EMAIL PROTECTED]> wrote:
> -BEGIN PG
email was
not very clear in that.
Relax it back man, it's almost time for Vegas... don't take every joking
email you get so seriously, it could be bad for your health in the long run.
Nate
On 7/27/07, wac <[EMAIL PROTECTED]> wrote:
>
> Hi Nate:
>
> On 7/25/07, Nat
Very nice Thor... I totally expected Thunderbird to have these same
problems...
I'm sure we'll see more of these in the future as well.
Nate McFeters
On 7/25/07, Thor Larholm <[EMAIL PROTECTED]> wrote:
The Mozilla application platform currently has an unpatched input
valid
Hey Waldo,
As always with exploits, it's difficult to predict how they will
interact in every environment they may be accessed in. If you have
launch external URI's on by default, the tab issue will come up;
however, the exploit should still occur. I'd recommend turning off
the launch external U
Check out our blog on xs-sniper.com. There's more info there. This
flaw does somewhat depend upon what you have installed, as is
referenced on our blog page. Keep in mind that the URI's are tied to
commands thru the registry, and that those commands are where the
command injections go. If you h
63 matches
Mail list logo