Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000

@Valdis, your correct. "He was expelled for other reasons. Despite receiving clear directives not to, he attempted repeatedly to intrude into areas of College information systems that had no relation with student information systems. These actions and behaviours breach the *code of professional c

Re: [Full-disclosure] Full-Disclosure Digest, Vol 92, Issue 34 - 1. Microsoft Windows Help program (WinHlp32.exe) memory

Dont feed the trolls ! On Tue, Oct 30, 2012 at 11:21 AM, Mikhail A. Utin < mu...@commonwealthcare.org> wrote: > Normal way of doing security research business (for normal people of > course) is to inform the vendor and discuss the issue. I would not describe > further steps as they are well-known

Re: [Full-disclosure] Your account could be at risk of state-sponsored attacks

this become news this am. but its been noted quite some time back ...its like #whattookthemsolong to make it pub http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/ On Fri, Oct 5, 2012 at 1:51 PM, Nick Boyce wrote: > On Fri, Oct 5, 2012 at 8:04 AM, Af

Re: [Full-disclosure] Nishang: PowerShell for Penetration Testing

and this is coming from person who is "has many years experience in Penetration Testing of many Government Organizations of India and other global corporate giants. Who the friggin hell hires such peeps who give away key /userid/pwd eh ? /pd On Wed, Aug 15, 2012 at 2:52 PM, Harry Hoffman wr

Re: [Full-disclosure] Hacker Highschool v2

not sure. I think its lesson on how2 pwn the troll n bully l! On Thu, Aug 9, 2012 at 4:16 PM, Benji wrote: > ah fantastic, a lesson on trolling and bullying. what a valuable > service you are providing. > > On Thu, Aug 9, 2012 at 8:19 PM, Pete Herzog wrote: > > Hi, > > > > Version 2 of Hacker H

[Full-disclosure] Gauss is out !

Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran's nuclear program, Kaspersky Lab said on Thursday. http://www.reuter

[Full-disclosure] Comments group

nice infografixs http://go.bloomberg.com/multimedia/china-hackers-activity-logged-reveals-multiple-victims-worldwide/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

Re: [Full-disclosure] How much time is appropriate for fixing a bug?

Thor (Hammer of God) : so if vendor don't fix it /ack the bug.. then what ?? Responsibility works both ways.. Advise the vendor.. if they say fuck it.. I say fuck u.. and will advise the community ! There is a responsibility to disclose a venerability to the community so that they can take down/

Re: [Full-disclosure] "Please remove my e-mail and IP from internet"

Well that guys an idiot.. Orange has data network coverage, spanning 220 countries and territories, 967 cities 1,468 PoPs worldwide.. nice way to draw attention to themselves.. Best comment "you should consider a job outside of the IT" /pd On Tue, Jul 3, 2012 at 11:28 AM, Gage Bystrom wrote: >

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

quick quick nuke the co-ord [ 49°28'14" North | 16°56'48" East ] On Mon, Jun 25, 2012 at 2:49 PM, Jardel Weyrich wrote: > And you're trying to impersonate someone by using my email address as > sender? I don't get it. > > Received: from emkei.cz (emkei.cz [46.167.245.118]) >by lists

Re: [Full-disclosure] Publication References on Criminalisation of Hacking Tools Needed

http://www.europarl.europa.eu/news/en/pressroom/content/20120326IPR41843/html/Hacking-IT-systems-to-become-a-criminal-offence On Sun, Jun 10, 2012 at 10:33 PM, Pablo Ximenes wrote: > Hi Folks, > > > I was wondering if any of you could point out any good references > (academic preferebly) on the c

Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

++Thor !! On Fri, Jun 8, 2012 at 1:03 PM, Thor (Hammer of God) wrote: > >> finding solutions to countries using cyberwar and using innocent > peoples machines to carry it out, > > >> invading peoples privacy and generally doing terrible stuff in the > name of god and country. > > > >

Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

haha..da retrun of da "farewell dossier" !! On Wed, Jun 6, 2012 at 2:21 PM, coderman wrote: > On Wed, Jun 6, 2012 at 11:16 AM, coderman wrote: > > ... uncle sam has been up in yer SCADA for > > two decades. > > three decades; too early for maths! > >

Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

..and what good will that do ?? US have not signed the Rome Statute of the ICC .. so The Hague has no jurisdciation of US citizens ! /pd On Tue, Jun 5, 2012 at 1:57 PM, andrew.wallace < andrew.wall...@rocketmail.com> wrote: > Why isn't anyone launching a criminal investigation into US Govt > in

Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

lets not 4get => Waychopee and Electric Skillet http://www.theage.com.au/news/breaking/weathering-the-cyber-storm/2006/02/11/1139542441421.html http://www.wired.com/politics/law/news/2005/05/67644 On Tue, Jun 5, 2012 at 11:53 AM, wrote: > On Tue, 05 Jun 2012 17:01:49 +0300, Georgi Guninski said:

Re: [Full-disclosure] Flame= cyberwar

ion at the CeBIT /AU zone., that was a week ago.. waht a co-incidence !! /pd On Mon, May 28, 2012 at 11:46 AM, yersinia wrote: > On Mon, May 28, 2012 at 5:34 PM, Peter Dawson wrote: > >> is FLAME is actually a cyberweapon ? >> >> Apparently YES > > > http://sec

[Full-disclosure] Flame= cyberwar

is FLAME is actually a cyberweapon ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Info about attack trees

==> "there are no such thing as an attack tree." Eh ?? Seems that Schneier was blowing smoke up in the air with his thoughts on attack trees !! Anyhoot, here's another good old linky Military Operations Research V10, N2, 2005,

Re: [Full-disclosure] Certificacion - Profesional Pentester

yes thats true ..but lets not 4get one needs to forkup $150/- before you can finger their servers 2012/5/23 Thor (Hammer of God) > Hell Juan. As per the conditions of the contract I forwarded, I am > pleased to see that you have given me full permission to assess any systems > of yours I feel

[Full-disclosure] Vi.sualize. us hacked ?

does any1 know about abnormal user patterns emerging fom http://vi.sualize.us ?? Seems that other sites are being flooded with user streams form this property. has http://vi.sualize.us has been compromised ? ___ Full-Disclosure - We believe in it. Cha

Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos

It made "news" all over the interwebs too- Zack jerkin da chicken !! So much for privacy.. On Wed, Dec 7, 2011 at 9:59 AM, Peter Dawson wrote: > Yes this was closed pretty fast. FB is already facing numerous Privacy > breach issues.. in US/Canada > > http

Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos

astern this morning. > > > Sent from my iPhone 4 > > On Dec 6, 2011, at 10:36 AM, darway yohansen > wrote: > > I just tested this and i don't get the same options as in step 5 " *Help > us take action by selecting additional photos to include with your report*

[Full-disclosure] FB privacy breach - view PRIVATE Facebook photos

Has this been ACK'ed by anyone else ?? Seems that FB's "Report in/Block" process breaks their own privacy stds ! http://forum.bodybuilding.com/showthread.php?t=140261733 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-di

Re: [Full-disclosure] Client aproach

Send site owner/admin anon email and leave it at that.. as Thor mentioned give em the info for free! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.co

[Full-disclosure] Fujacks Variant Using ACH Lure

any know the C&C vectors for this ?? http://isc.sans.edu/diary.html?storyid=12061&rss ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Facebook Attach EXE Vulnerability

Yes to a certain degree its all about " Saving FACE". .. however FB's 30member integrity team is only bothered about how to manage the vectors that have been primed to protect. FB is the largest network "protected" .. (YES big word Protected !! / they have over 25B checks per day and reaching upt

Re: [Full-disclosure] Facebook Attach EXE Vulnerability

ame. > > > Pablo Ximenes > http://ximen.es/ > http://twitter.com/pabloximenes > > Em 28/10/2011, às 13:01, Peter Dawson escreveu: > >I dont think that he waited for vendor to confirm fix in production > and I dont see a reason that he needs to wait . If FB did not ask

Re: [Full-disclosure] Facebook Attach EXE Vulnerability

I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disc

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

if I get it right this dude is supposed to be " - Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd. Whatever happened on protocol's for responsible disclosure ? On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41

Re: [Full-disclosure] Questions regarding cryptography laws

Canada Law and policy http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/h_gv00084.html /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hacked servers mining for bitcoins?

I think that Bitcoin to (linden$ ) L$ | USD is another method of morphing the economics to support real vector values. Bitcoin's design allows for pseudonymous ownership and transfers and thereby making it attractive space to begin with. Plus with an overall growth anticpated to be approx $21M, it

Re: [Full-disclosure] Facebook name extraction based on email/wrong password + POC

I did not report this, as I am unsure on what to call it, a "bug", "vuln" or a "feature". How very convenient !! )- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

Re: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites

http://www.afcyber.af.mil/news/story.asp?id=123110806 seems the cybercommand is not ramping up.. On Mon, Aug 18, 2008 at 5:02 AM, <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > There's no need as n3td3v got see-throught powa + thight pants > > On Mon, 18 Aug 200

Re: [Full-disclosure] The cat is indeed out of the bag

On Wed, Jul 23, 2008 at 10:57 AM, mokum von Amsterdam <[EMAIL PROTECTED]> wrote: > > Are you not supposed to keep DNS issues under your hat and disclose at BH > only? I think that rule /Nda exists only for Dan Kaminsky .. Rest of world is still in FD mode !! /pd ___

Re: [Full-disclosure] so this is FD...

I agree with G. Blogs are the best. I use google alerts for terms and items of interest. Set an auto filter and fwd to a pvt group setup on google. So now I have an list of Security/ hacks and stuff like that for personal mining and monitoring.. takes a little time to setup and maintain is easy

Re: [Full-disclosure] How to encrypt voice skype calls?

yeah it already it exists and it's called a scrambler (e.g SIGSALY) **On Fri, Jun 20, 2008 at 6:21 AM, Fabio Pietrosanti (naif) <[EMAIL PROTECTED]> wrote: > That' s a very interesting point... > > Would be possible, somehow, to make a software that encrypt skype calls > "independently" from sky

[Full-disclosure] Write Software, Change Washington

http://my.barackobama.com/page/s/sectechinterest ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Free Iraq

so much for being the friggin US of A !! http://tpmmuckraker.talkingpointsmemo.com/2008/03/todays_must_read_304.php ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - h

Re: [Full-disclosure] Free Tibet..

yeah, Fux..how about th US getting into FD mode on the minuteman missile heads sent into Taiwan.. yeah and the chinese had their hands on them for 2yrs .. On Tue, Mar 25, 2008 at 6:47 PM, Gautam <[EMAIL PROTECTED]> wrote: > Well, I was in Dharamshala a week back, my mother is Tibetan & I know f

Re: [Full-disclosure] Chinese backdoors "hidden in router firmware"

Operation infrastrcuture http://www.cbp.gov/xp/cgov/newsroom/news_releases/0008.xml On Wed, Mar 5, 2008 at 8:47 PM, Times Enemy <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > It is not too far fetched of an idea. Google yielded the following > fairly quic

[Full-disclosure] new crimeware package

Researchers at Finjan say they recently stumbled upon a Website selling and trading these stolen FTP server administrator credentials in a software-as-a-service model. http://www.darkreading.com/document.asp?doc_id=147123&WT.svl=news2_1 ___ Full-Disclosu

Re: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum

Bloody hell. that site took away nearly 30 minutes of my time.. thanks for sharing /pd On Fri, Feb 22, 2008 at 1:38 PM, Peter Besenbruch <[EMAIL PROTECTED]> wrote: > On Thursday 21 February 2008 22:18:05 Gadi Evron wrote: > > http://www.videojug.com/film/how-to-behave-on-an-internet-forum > >

Re: [Full-disclosure] SCADA Security Corruption

huh ?? could you pls share the search term / final URL of archived page !! On Feb 17, 2008 12:28 PM, Ghost Rider <[EMAIL PROTECTED]> wrote: > Well through my > Google searching I also came across an interesting archived Google > Talk chat with his name in it. > _

Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo

You insensitive bastard . TASK will get you !! :)- .pd On Thu, Feb 14, 2008 at 7:00 PM, Byron Sonne <[EMAIL PROTECTED]> wrote: > > > People die all the time, I don't care, and I don't need to hear about it. > > ___ > Full-Disclosure - We believe in it

Re: [Full-disclosure] Brute force attack - need your advice

Ok yeah I hear u on the jump points vectors. Makes sense ! On Feb 11, 2008 5:10 PM, <[EMAIL PROTECTED]> wrote: > On Mon, 11 Feb 2008 16:57:40 EST, Peter Dawson said: > > > WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? > > If you're a black hat

Re: [Full-disclosure] Brute force attack - need your advice

"I can ...but I won't "! WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? On Feb 11, 2008 3:46 PM, Abilash Praveen <[EMAIL PROTECTED]> wrote: > Hello experts, > > I had been talking to our web hosts the other day and they seem to have a > lot of unusual brute force attack on t

Re: [Full-disclosure] Save XP

On Jan 28, 2008 3:43 PM, scott <[EMAIL PROTECTED]> wrote: > For all those who believe Vista is still not up to par,you can help stop > MS from forcing us to go to Vista. > > buy a copy of XP after that date. who cares really ?? the user will just go to some joker who will install a version for

[Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)

Adam I don't recall Rsnake or id posting a review on secreview. Is there a link you could share ? tia /pd On Jan 2, 2008 9:45 AM, Adam Muntner < [EMAIL PROTECTED]> wrote: > > > Dre thx for pointing out the ha.ckers.org posts. More evidence of > secreview selective quotation and/or ability to 'r

Re: [Full-disclosure] [Professional IT Security Providers -Exposed] Cybertrust ( C + )

Agreed. !! I think theres a lot of 'fair play' with the secreview folks. -- "We're going to give Cybertrust a "C" but if you can convince us that they deserve a different grade then we'll revise our opinion." So they are open for rebuttals and to changing their opinions ! On Dec 20, 2007 9:55

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )

woots with da pimping post ? On Dec 14, 2007 3:49 PM, secreview <[EMAIL PROTECTED]> wrote: > The Denim Group located at > http://www.denimgroup.com is Security > ServicesProvider that focuses > strictly on Web > A

Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability

Yeah .. a) "Social engineer victim to open it." b) "Persuade victim to run the command " is kind funky.. On Nov 28, 2007 5:21 PM, Stan Bubrouski <[EMAIL PROTECTED]> wrote: > Not to mention the obvious fact that if you have to trick someone into > running a batch file then you could probably jus

Re: [Full-disclosure] Police swoop on 'hacker of the year'

yeah , but he's still on "no charge" status.. so all is good .. but he's still out of pocket for the h/w.. On Nov 14, 2007 8:02 PM, worried security <[EMAIL PROTECTED]> wrote: > The Swedish hacker who perpetrated the so-called hack of the year has > been arrested in a dramatic raid on his apar

Re: [Full-disclosure] Oracle 11g/10g Installation Vulnerability

FYI only.. Onn the same /similar note, David just got cited here wrt to SQL http://blogs.zdnet.com/security/?p=663 On Nov 13, 2007 2:27 PM, David Litchfield <[EMAIL PROTECTED]> wrote: > Hey all, > After investigating 11g the other day I came across an interesting issue. > During the installati

Re: [Full-disclosure] Hushmail == Narqz

"We both agree Hushmail deserves credit for its frank and open replies(.pdf). Such candor is hard to come by these days, especially since most ISPs won't even tell you how long they hold onto your IP address or if they sell your web-surfing habit

Re: [Full-disclosure] "Hackers can divert Vonage calls: security firm" =>?

y would they be looking for VC ? Sequoia is already on thier board !! On 10/25/07, Muskegon Whitehall <[EMAIL PROTECTED]> wrote: > > >I have not heard of any chatter on this one.. > > >http://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNews&storyID=2007-10-24T183023Z_01_N24160249_RTR

[Full-disclosure] "Hackers can divert Vonage calls: security firm" =>?

I have not heard of any chatter on this one.. http://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNews&storyID=2007-10-24T183023Z_01_N24160249_RTRIDST_0_TECH-VONAGE-HACKERS-COL.XML&archived=False does anyone know different or is this just some company pimping ?? /pd

Re: [Full-disclosure] Zone-H.org: 10 reasons websites get hacked

Why shot the messenger..kill zat darn army (OWASP ) that create the mess in the first place !! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] are the NetBIOS-like hacking days over? - wide open citrix services on critical domains

" all of them wide open and susceptible to attacks" Unless you probes those vectors, will you be able to tell if they are "suceptible to attacks". !! be rest assued nobody wants to dick around wiht us-cert. noneless, pdp -thats a good write writeup !! /pd On 10/4/07, pdp (architect) <[EMAIL P

Re: [Full-disclosure] Life cycle of a hacker by n3td3v

what about an SOB ?? /pd On 10/3/07, worried security <[EMAIL PROTECTED]> wrote: > > new-bie - hangs around web based chat: yahoo chat, msn chat. watches what > hackers are doing, hangs about with them to befriend them and gain > intelligence on how they hack, and ask for the tools from the peo

Re: [Full-disclosure] Wachovia Bank website sends confidential information

Reconfirming time stamp(s) their policy pages was updated On 7/11/07, Bob Toxen <[EMAIL PROTECTED]> wrote: On Wed, Jul 11, 2007 at 12:38:54PM -0400, Steve Ragan wrote: It has comments with time-stamps of late yesterday, after I disclosed on the list: __

Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)

On 7/8/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: [..]pretty much stands against *all* the core values of the hacker culture - a culture to which this field of research owes quite a bit. Agreed, but values have changed.. thats why there are terms as white/black and shades of gray all over

Re: [Full-disclosure] Polycom hacking

interesting concept.. harvesting a polycom device for Botnet's. hm.. the key would be how the heck to get the stealthware on such a device ?? On 6/27/07, Paul Schmehl <[EMAIL PROTECTED]> wrote: --On June 27, 2007 3:27:28 PM -0400 "Adriel T. Desautels" <[EMAIL PROTECTED]> wrote: > Pa

Re: [Full-disclosure] Invitation to connect on LinkedIn

> "Increasingly, if you're not LinkedIn, you're left out." --Business 2.0 It's interesting to see what they'll say in Business 2.1 Service Pack 3, once they've gotten the bugs out. yeah, Business2.1 SP3 Pack will have a msg which will sez : "thank you for responding to an email harvester-

Re: [Full-disclosure] Windows Oday release

On 6/13/07, Joanna Rutkowska <[EMAIL PROTECTED]> wrote: One (I guess some "responsible disclosure" purist) could ask why they waited 6 months before reporting this vulnerability to the vendor? What were they doing with this exploit for the whole 6 months? maybe they were waiting for VistaX64

Re: [Full-disclosure] You shady bastards.

On 6/6/07, Joey Mengele <[EMAIL PROTECTED]> wrote: In any event, I have alerted the FBI to your hacking attempt. I do not wish to become your latest victim of police kidnapping, choking, and beating. Woot Woot ..what Hacking attempt ?? Send Bait. Check Log. Pub finding - the recon worked

Re: [Full-disclosure] Local police hacking,now?

some law officer ..know quite a bit about google hacks and use that for simple research on the their suspects /perps.. http://plentyoffish.wordpress.com/2006/11/19/how-i-helped-capture-one-of-americas-most-wanted-fugitives/ On 5/9/07, Col <[EMAIL PROTECTED]> wrote: On 5/9/07, Dave No, not that

Re: [Full-disclosure] Vista typographical vulnerability

" I'm surprised. Normally, it's the Americans who fail to realize that there is more than one way to speak English." Oh don't be !! The Americans fail to realize that there is more than one one way of living. (sic the american dream !!) ___ Full-Disclos

Re: [Full-disclosure] Hackers uniting against Iran?

On 4/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: It can be argued that the German's siege of Leningrad, which lasted almost 900 days but they never managed to take the city, was the first indication that the Germans had run into trouble... Operation Barbarossa triggered the downfall o

Re: [Full-disclosure] Hackers uniting against Iran?

هذا هو موضوع هذه الدراسه ، شد و On 4/5/07, Troy Cregger <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I wondered how long it would take you to chime in on this thread Chris, I hope you are well. - -Troy. rek2 GNU/Linux LO LO LO wrote: > >> err, look up the definiti

Re: [Full-disclosure] Buy 0day vulnerability

maybe it just an invite to the dark side of the force On 3/30/07, Guasconi Vincent <[EMAIL PROTECTED]> wrote: > > Correct me if I'm wrong, but wouldn't that defeat the point of Full > Disclosure? Correct him if I'm right, but wouldn't that defeat the point of Full Disclosure? --

Re: [Full-disclosure] Xbox live accounts are being stolen

why ?? Is there not a secondary layer of economics for points ?? WoW and SL has virtual $$ being bartered into real world value... On 3/17/07, Jason Miller <[EMAIL PROTECTED]> wrote: I'm sorry but I find this funny actually. :-P Seems Microsoft has a weakness. On 3/17/07, Kevin Finisterre (

Re: [Full-disclosure] Bank of America [phising email]

was not this part of the pharming attack that was exucted over the last 2d ? On 2/21/07, James Matthews <[EMAIL PROTECTED]> wrote: Yes yes! They will make sure of course however the dumb person that falls for it thinks "hey look Bank Of America" can't spell heheheh On 2/21/07, James Rankin <[E

Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability

just asking... Is this std practice by vendor to state ??? "[..] we ask you respect responsible disclosure guidelines and not report this publicly" /pd On 2/19/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote: > Microsoft Internet Explore

Re: [Full-disclosure] Grab a myspace credential

"but at some point all this abuse will likely start sending users off to another service. " thats only --if the know if they are being abused.. most of them are not coherent about any such issues.. On 1/15/07, Kevin Pawloski <[EMAIL PROTECTED]> wrote: The level of phishing sites targeting My

Re: [Full-disclosure] Sasser or other nasty worm needed

I doubt schools have CLOSED LAB. I would like to know where the budget comes from, for this type of network. If so , then every school district board needs one.. :)- On 11/27/06, K F (lists) <[EMAIL PROTECTED]> wrote: Dude... settle the hell down. I see little problem with this guy doing

Re: [Full-disclosure] Sasser or other nasty worm needed

On 11/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: And yet he's not clued enough to know how to find a copy of Sasser by himself. There are a lot of people who are of the opinion that "if you have to ask where to find a copy of Sasser, you're not clued enough to be trusted with a copy".

Re: [Full-disclosure] Ask for spam...

I think the point here is that you seed you email addy to these freebie newsletters and then wait for the spammer to harverst the email addy's.  Propagation window shoud be about 10-15 days and then you can counter anlaysis the source data within smtp On 10/16/06, Louis Wang <[EMAIL PROTECTED]> wr

Re: [Full-disclosure] ***SPAM*** Re: UNOFFICIAL ZERT PATCH CAUSES NYC PLANECRASH

On 10/12/06, Nick Oliver <[EMAIL PROTECTED]> wrote:   "This country, with all its faults, is the only country on this sad planet with the guts and determination to TRY to right wrongs."   Oh fuck off  -- What a condecending statement !!   Why dont the americans just try to right the wrongs within t

Re: [Full-disclosure] Blogger bug?

Symantec is report the same flaw   http://www.symantec.com/enterprise/security_response/weblog/2006/10/host_overflow_application_exce.html   On 10/8/06, Peter Dawson <[EMAIL PROTECTED]> wrote:  Host Overflow Application eXception vulnerability is in the wild – any blog that supports R

Re: [Full-disclosure] Blogger bug?

 Host Overflow Application eXception vulnerability is in the wild – any blog that supports RSS and MetaWeblogAPI can be h4x0red.   We don't have confirmed vectors yet for this incident   On 10/8/06, Mike McMan <[EMAIL PROTECTED]> wrote: Looks like there was a bug in blogger that let someone make a

Re: [Full-disclosure] Security Rss Feeds

Add two more to that list   http://portal.spidynamics.com/blogs/msutton/rss.aspx http://ha.ckers.org/blog/feed/ Paul, thanks for the new add's to me reader :)-   On 9/30/06, Paul Schmehl <[EMAIL PROTECTED]> wrote: --On September 30, 2006 10:21:51 PM +0530 crazy frog crazy frog< [EMAIL PROTECTED]

[Full-disclosure] end of the interent ?

I had to share this wierd err   http://www.google.com/reader/next?go=noitems-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's "This message is printed on Recycled Electrons." ___ Full-Disclosure - We believe in it. Charter: http://lis

Re: [Full-disclosure] GOOGLE BUG

""It looks like a thrip, a very small (1mm or so) insect. The size might explain how it got involved in the printing process. The brown glob at the posterior end is bug poop, forced out of the poor critter as it got squished between a glass plate and the film during the scanning process"   http://

[Full-disclosure] Gmail phishing attacks

A clever exploit in a little known Google service could be used to launch phishing attacks, by imitating Google services -- hosted on Google's own servers !! more details here http://ericfarraro.com/?p=6 ___ Full-Disclosure - We believe in it. Charter: ht

Re: [Full-disclosure] [botnets] the world of botnets article and wrong numbers

I cant' present data, but I'll opinion that Gadi is pretty much on track with figures and numbers. In fact his stat's are on the lower side   our current intel reports indicates overall incidents by " Zombie machines on organization's network/ bots/use of network by BotNets" = 20%.  which is ANY NE

Re: [Full-disclosure] Orkut URL Redirection Vulnerability

add another country ..:)-   In Turkish, Orkut means "the holy meeting place." and yes, Googles Orkut was built by a Turkish Google engineer – Orkut Buyukkokten  On 9/7/06, cardoso <[EMAIL PROTECTED]> wrote: Well, so now TWO countries care about orkut stuff, Brazil and Finland ;)I think its creator,

Re: [Full-disclosure] Microsoft Vista's IPv6: Dangerous Information Leak?

V6  tunnel over V4 should be ok.  I really dont see only UDP *ONLY* packets at the stack level.  TCP/IP is enabled too within vista.   http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx#ESG    /pd   On 8/27/06, TJ <[EMAIL PROTECTED]> wrote: Yes, Teredo is a concern - both for

Re: [Full-disclosure] ICMP Destination Unreachable Port Unreachable

for an instance, I thought it was a ping sweep varition in occurance.. snort logs s/have some more info .. were the src and dst  IP's random or static.. ? On 8/15/06, Richard Bejtlich <[EMAIL PROTECTED]> wrote: Adriel T. Desautels wrote:>> Hi List,> I've been receiving this traffic for a while from

Re: [Full-disclosure] Getting rid of Gadi Evron and Dude VanWinkle

thats seems to be MERIT issue, take it up with those mod's .  FD is still FD.. theres no whining in here !   On 8/13/06, vodka hooch <[EMAIL PROTECTED]> wrote: Eliah Kagan <[EMAIL PROTECTED]> wrote: On 8/13/06, vodka hooch wrote:> no sir full dis for exploits no off topic security chats about

Re: [Full-disclosure] If we can read 19, 832 n3td3v posts, we can do 1 open hate mail to Lieberman!

ACK that !! :)- On 8/11/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: What a maroon   http://www.google.com/search?hl=en&q=%22Alif+Terranson%22&btnG=Google+Search   -- http://peterdawson.typepad.com PeterDawson Home of ThoughtFlickr's "This message is printed on Recycled Electrons." ___

Re: [Full-disclosure] New Laptop Polices

LA time is reporting   "If you're going international, stash your laptop; US airports are banning carry-on electronics for overseas flights" !!     On 8/11/06, Jeremy Bishop <[EMAIL PROTECTED]> wrote: On Friday 11 August 2006 10:54, Michael Holstein wrote:> Then your "traveling salesman" needs only

Re: [Full-disclosure] New Laptop Polices

We have done some storming on this issue. The issue is basically forked in terms of 1) Airline security 2) Data Security   Wrt to item(1) , it is deemed to be  "possible" that IATA will move to banning any electronic devices as carryon. This certainly is the way that other entities are looking into

Re: [Full-disclosure] BlackBerry Vulnerabilities

this is the last BB vulnerabilities (that I know of)  which was deemed to be elevated.   http://www.kb.cert.org/vuls/id/570768  On 8/11/06, Nicolas RUFF <[EMAIL PROTECTED]> wrote: > Does anyone have any details on the 2 BB vulnerabilities.  Some more> substantial then rumors? Which one ? ;)If you a

Re: [Full-disclosure] LONG LIVE HEZBOLLAH AND LEBANON; DOWN WITH AMERICA AND ISRAEL

googlemail.com...its a UK/EU based gDC On 8/5/06, Alice Bryson <[EMAIL PROTECTED]> <[EMAIL PROTECTED] > wrote: your email address is interesting, googlemail.com, not gmail.com? areyou from google?--mailto:[EMAIL PROTECTED]http://www.lwang.org-- http://peterdawson.typepad.comPeterDawson Home of Th

Re: [Full-disclosure] Gmail emails issue

==>"You're wrong there, lets look at Yahoo Messenger"   Dude, screw yahoo..who cares !! Everyone here, is posting using gmail , including yourself !!  On 8/4/06, n3td3v <[EMAIL PROTECTED]> wrote: On 8/4/06, Stan Bubrouski < [EMAIL PROTECTED]> wrote: I'm reading your message in gmail and there i

Re: [Full-disclosure] ProtectFly/RegisterFly - Whois information - Non-Disclosure legal??

is not registration by proxy an accepatable practice by Registers ?   If harvesting is being done and malious activites [spam and whatever] then just contact the register admin and let them know..   On 8/4/06, Nancy Kramer <[EMAIL PROTECTED]> wrote: Yes having a "private" registration is legal at l

Re: [Full-disclosure] Re: Gmail emails issue

FWIW--  All replies [less one] ,  on this thread was seeded thru a gmail account :)-   go figure.. thread titled  "Gmail emails issue   " !!!  On 8/4/06, John Dietz <[EMAIL PROTECTED]> wrote: Yes, I realize SSL is not that secure either, but I was just using it as an example in comparison to plain

Re: [Full-disclosure] Gmail emails issue

if thats on the gmail server, then the same gmail servers /clusters hold all  other information collateral .. that is CC#, Phones, names. pwds etc ...and when GHhealth comes out your blood type and if you want your SIN# too..!!   So whats the big deal with the temp folder  at the server end being

Re: [Full-disclosure] Limited Google access in China.

your ip is blocked for 40 min.  Repeated queries thereafter will get the cops on you !!    Golden Project is in production status !!   If in the .cn zone, I would be prudent what I query..use your common sense.. as if we have any !! :)-  On 8/3/06, Alice Bryson <[EMAIL PROTECTED]> <[EMAIL PROTECTE

Re: [Full-disclosure] Attacking the local LAN via XSS

interesting..but forgive my ignorance   can you further articulate ..."a URL that will exploit the XSS flow in the border router" in a broader context ??  On 8/3/06, pdp (architect) <[EMAIL PROTECTED]> wrote: this is my humble opinionhttp://www.gnucitizen.org/blog/xssing-the-lan I didn't go to Blac

  1   2   >