-0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's
Hi List,
My recent post about purchasing exploits has generated more responses
than I can count. In response to the massive volume of email and questions
that I've received, I've posted the rules and requirements for using my
services to legitimately sell your exploits to authorized, legal
I know someone who will pay significantly more per vulnerability against the
same targets.
On 1/10/07 12:27 PM, contributor [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
Amen!
KF is 100% on the money. I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense, In some cases
over $75,000.00 per purchase. The company that I am working with has a
relationship with a legitimate buyer, all transactions are legal. If
Blue Boar,
Simply put, and with all due respect, you're wrong. Furthermore I don't
appreciate you directly or indirectly suggesting that these exploits are
being sold on the black market, that will never happen on my watch, ever!
More importantly, the company that I am working with is no
marketing.
I wanted to test the waters and see what kind of response I could get
from the community. So far, its been very interesting.
On 1/16/07 3:06 PM, Blue Boar [EMAIL PROTECTED] wrote:
Simon Smith wrote:
Blue Boar,
Simply put, and with all due respect, you're wrong.
About? I
contact me immediately at
[EMAIL PROTECTED]
Thank you.
Regards,
Simon Smith
SNOsoft Research Team
http://www.snosoft.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Very observant of you Bob, the SNOsoft site is not active right now. We hope
to reactivate it later on in 2007. Any more questions? :]
On 1/1/07 10:07 PM, Moore, Robert [EMAIL PROTECTED] wrote:
Simon Smith of the SNOsoft Research Team provides the url
http://www.snosoft.com http
So where's the source code for this?
On 12/14/06 4:17 AM, crazy frog crazy frog [EMAIL PROTECTED]
wrote:
works fine for me :)
On 12/14/06, Simon Smith [EMAIL PROTECTED] wrote:
Doesn't seem to work man ;P
On 12/13/06 10:08 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Sorry, I
Doesn't seem to work man ;P
On 12/13/06 10:08 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Sorry, I forgot to mention that a benchmark versus Nmap has
been done by someone on his blog:
http://www.computerdefense.org/?p=173
___
Full-Disclosure
Why would you do this?
On 11/28/06 3:19 AM, David Matousek [EMAIL PROTECTED] wrote:
Hello,
For all Nmap fans, our group have implemented Nmap Online service.
Its address is http://nmap-online.com/. The interface allows you to perform
custom
Nmap scans from our server with only a few
You have experience in disarming land mines with a hammer while you are
stark naked?
Now that¹s a real man¹s job!
On 11/27/06 4:20 PM, Brian Eaton [EMAIL PROTECTED] wrote:
On 11/27/06, J. Oquendo [EMAIL PROTECTED] wrote:
There is no hocus pocus here. Look at /var/log/secure and fine the
http://www.msfirefox.com/microsoft-firefox/index.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Does anyone have any contact information for Roxio? I called their
technical support team and they had no idea who to submit vulnerability
information to.
--
Regards,
Adriel T. Desautels
SNOsoft Research Team
--
Vulnerability Research
Alright,
If this is spam/email harvesting then please explain how it is
working without any legitimate return path? I understand blasting out
bunk emails with a legit return path, but these emails have no such
path. Whats the ditty?
Michael Holstein wrote:
Is this just another instance of
Guys,
It is not illegal to port-scan a target IP with or without
authorization. It would be impossible to prosecute someone because they
portscanned you. Hell, it would be near impossible to prosecute someone
who ran nessus against you but never penetrated your systems. From
expereince, the
Cool!
Well here's another useless email for you. Stop whining. If you
don't like the list, don't read it.
BsCaBl wrote:
Enough of this stupid billshit on the list
Full disclosure has NOTHING to do with the friggin government conspiracy
theories [sp?]
Im sick of getting 20 to 30 emails
All,
Has anyone seen this video? What do you guys make of it?
http://video.google.com/videoplay?docid=-5137581991288263801q=loose+change
-Simon
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
thats all that this video is...
Gary E. Miller wrote:
Yo Simon!
On Mon, 8 May 2006, Simon Smith wrote:
Has anyone seen this video? What do you guys make of it?
http://video.google.com/videoplay?docid=-5137581991288263801q=loose+change
That has been floating around a while
Bkfsec,
Damn well put man! I am glad to see that I'm not the only one who
feels weary about this.
bkfsec wrote:
[EMAIL PROTECTED] wrote:
Been there, done that already. There was a phishing run a while ago,
the guys even had a functional SSL cert for www.mountain-america.net
(the
Mike,
I just had to respond to you.
Mike Owen wrote:
On 3/16/06, Simon Smith [EMAIL PROTECTED] wrote:
Flames like yours are useless. If you do not know how to answer the
question that I am asking, then just be quiet. Mark Coleman is one of
the few people that seems to have
Brian,
I fully agree and thanks for the references. My next step after I'd
found a good solution was going to be focusing in the session security.
Thanks for the input/help man. I appreciate it!
Brian Eaton wrote:
Simon Smith simon at snosoft.com wrote
My first thought was on how
Thanks felix!
Felix Lindner wrote:
Hi,
On Thu, 16 Mar 2006 09:48:07 -0500
Simon Smith [EMAIL PROTECTED] wrote:
My first thought was on how to harden the
authentication because the basic auth didn't cut it for me. Thats what I
am looking for ideas for.
you may be looking
Dave,
No shit, maybe I do have amnesia. I had one of those stupid days
yesterday anyway and you'd think that I'd know better than to write to
FD when I'm like that... but no... I'd rather make myself look like an
ass. ;]
Dave Korn wrote:
Simon Smith wrote:
Who ever said I was going
and others like it from being
compromised so easily. My first thought was on how to harden the
authentication because the basic auth didn't cut it for me. Thats what I
am looking for ideas for.
Andrew Simmons wrote:
Simon Smith wrote:
Ok, so what's your alternative?
[...]
Some form of challenge
Mark,
Thats a good alternative. I'll add that to my list of options. Thanks!
Mark Coleman wrote:
At the risk of being flamed, I'll chime in with this since I don't
think it's been mentioned as an alternative:
How about SecurID one-time passwords? Ride the HTTP Auth on SSL which
hides it
Mike,
Flames like yours are useless. If you do not know how to answer the
question that I am asking, then just be quiet. Mark Coleman is one of
the few people that seems to have understood my question and provided me
with a viable solution. Again, thanks Mark!
Michael Holstein wrote:
First
Sweet,
Someone else thats helpful! Thanks man!
Gary E. Miller wrote:
Yo Simon!
On Thu, 16 Mar 2006, Simon Smith wrote:
Encoding a username and password combination using base64 is not
secure, but, I understand why it is encoded in base64. Having said
that,
I am trying
if it is as weak as you say that may not help - you could
probably attack the interface that receives reports from the client
machines.
Good luck with that,
Keith
Simon Smith wrote:
List,
SSL is not a fix for the problem, SSL is just a way of evading the
issue or hiding the hole. I can
PROTECTED] wrote:
On Wed, 15 Mar 2006 10:14:23 EST, Simon Smith said:
I think that we've lost focus of my original question. My question
refined is, does anyone else agree with me that using HTTP BASIC AUTH
for important applications is a security risk/vulnerability (regardless
of SSL
Ok,
As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned...
Michael Holstein wrote:
which brings up a question... what are the odds that someone could
forcefully redirect
notice SSL server certificate changes?
I still agree with you.
On Wed, 15 Mar 2006, Simon Smith wrote:
Ok,
As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned
, it just makes it more difficult to get at.
I want to protect the authentication information better than it is
currently being protected.
I like the idea of encrypting the authentication traffic within the SSL
session...
bkfsec wrote:
Simon Smith wrote:
Ok,
As suspected... so I am correct
No Tim,
I am not missing your point. It is me who is not being clear about
what I am asking hence why everyone is telling me one thing when I
really want to hear something else. I want to protect the authentication
data within the SSL session because I do not trust the HTTP BASIC auth
and I
Actually,
You are trusting the user to do the right thing. Historically, users
don't always do the right thing. Hence, why I want a technology to
protect data and not a human being.
Tim wrote:
(assuming the admin doesn't notice the cert changes and all that good
stuff.)
There's
Ain't that the truth.
Michael Holstein wrote:
I want a technology to protect the data, not a user who can be
social engineered into doing something wrong.
The technology already mentioned *will* protect the data. SSL works,
and works well.
As for trying to make it idiot proof .. remember
Nick,
I partially agree with what you've said and rather enjoyed your email...
Nick FitzGerald wrote:
Simon Smith wrote:
I am not missing your point. It is me who is not being clear about
what I am asking hence why everyone is telling me one thing when I really
want to hear
Dave Korn wrote:
Simon Smith wrote:
Ok,
As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned...
Responding to youw ill be fun...
]\
Utter garbage.
are you from
Why do we give these guys so much of our time?
Michael Mohr wrote:
The messages all had a Received header with www.c0replay.net in it. In
addition, they all had the same types of subject lines. So it was an easy
task to filter by the header and quickly scan the subject lines while
Currently I only want pricing, I don't care about the details. I'll
compare the full details later.
Micheal Espinola Jr wrote:
There are a few. How close/far to Boston to you need/want? What type
of redundancy/security are you looking for?
On 3/13/06, Simon Smith [EMAIL PROTECTED] wrote
List,
Does anyone else feel that using HTTP BASIC AUTH for a firewall is a
bad idea even if it is SSL'd. All basic auth does is creates a hash
string for username:password using base64. That can easily be reversed
and the real username and password extracted. Sure it's SSL but can't a
crafty
List,
SSL is not a fix for the problem, SSL is just a way of evading the
issue or hiding the hole. I can bypass SSL with a man in the middle
attack (which I've already done several times). Once I bypass SSL I am
able to capture the http headers and extract the auth string. The auth
string is
Right,
Did this ever work? This fails for me man. How did you verify it?
Steven wrote:
ok?
So what exactly are you going to exploit here? This site doesn't have any
logins or even use cookies. Are you going to trick a user into entering in a
credit card number before they can search
Can anyone reccommend a perl based nessus wrapper that has the ability
to dump results into a mysql database?
Gadi Evron wrote:
Q Beukes wrote:
no, what I was talking about was programs/algorithms that actually
scan software to find new unknown problems.
i have never heard of anything like
Jason Coombs wrote:
Craig Wright wrote:
Cyber-trespass leaves one in a state of doubt. It is commonly stated
that the only manner of recovery from a system compromise is to
rebuild the host.
Don't you mean that the trespass disrupts the condition of denial and
neglect that normally
I want to have cookies. They are good with milk. Damn you anti-cookie
lovin freaks!
nodialtone wrote:
Lets all ensure that all the crumbs are vacuumed up as well.
On Tue, 2006-02-21 at 14:14, Dave Korn wrote:
Nigel Horne wrote:
Nigel Horne wrote:
Thanks for the comments.
Mar,
You are a dork... but thanks for posting this to the world, its very
useful, we'll get right on fixing this, can we fix you too?
[EMAIL PROTECTED] wrote:
whitehouse.gov MX 100 mailhub-wh2.whitehouse.gov
[EMAIL PROTECTED]:~$
[EMAIL PROTECTED]:~$ telnet
Are you suggesting that my house is a mess?
Babak Pasdar wrote:
Here is a recent blog entry on why your neighbor's security is important
to your organization's security.
When I was a child, my mother would share with me a proverb about a
woman who lived in a large village. This woman was,
Gee,
I wonder how much money iDefense is going to make from this?
-simon
[EMAIL PROTECTED] wrote:
iDefense Labs is pleased to announce the launch of our quarterly hacking
challenge. Going forward, on a quarterly basis, we will select a new
focus for the challenge and outline the rules for
101 - 149 of 149 matches
Mail list logo