Re: [Full-disclosure] Top Information Security Consultants to Hire -- WANTED

2013-07-23 Thread Travis Biehn
What an interesting mix of 'pro tips'. *ahem* On Tue, Jul 23, 2013 at 7:55 PM, Daniƫl W. Crompton < daniel.cromp...@gmail.com> wrote: > > I think he's collecting the names of people he can direct market to. > > D. > > > > On 24 July 2013 01:04, wrote: > >> On Mon, 22 Jul 2013 21:23:08 -0500, Bo

Re: [Full-disclosure] #warning -- DICE.COM insecure passwords

2013-02-12 Thread Travis Biehn
What Tim said. I think warning was writing about the public shame from having a massive pw dump not having some neckbeard expose them over using crypt on some random industry mailing list (shudders). Here is a long article on secure password storage. It is extremely exciting: http://www.cigital.co

Re: [Full-disclosure] Are software cracks also a form of security vulnerabilities?

2013-01-17 Thread Travis Biehn
s in licensing > systems of certain vendors, > does this also account as vulnerabilities, since licensing issues mostly > don't really account customers > directly, but pose a risk for the software manufacturer. > > COPiOUS > > On 17-1-2013 at 2:11 PM, "Travis B

Re: [Full-disclosure] new law proposal on EU against hacking tools and practices

2012-04-09 Thread Travis Biehn
'Clear purpose for committing any of the offenses' is usually easy to prove. -Travis On Mon, Apr 9, 2012 at 11:53 AM, wrote: > On Mon, 09 Apr 2012 16:43:16 +0200, psy said: > > this is the official text. > > > > > http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-47

Re: [Full-disclosure] CIntruder v0.1

2012-04-09 Thread Travis Biehn
Awesome. On Mon, Apr 9, 2012 at 10:58 AM, psy wrote: > Dear All, > > I am pleased to present a new tool called: *CIntruder* (v0.1) - the > captcha intruder. > > Description > === > CIntruder is an automatic pentesting tool to bypass captchas. > > Website > === > http://cintruder.sf.n

Re: [Full-disclosure] Circumventing NAT via UDP hole punching.

2012-02-22 Thread Travis Biehn
I'm looking forward to your article about how staplers can 'inject metal projectiles into vulnerable pulp-slurry attack surface substrates for information affixal.' http://en.wikipedia.org/wiki/STUN -Travis On Wed, Feb 22, 2012 at 11:04 AM, Dan Dart wrote: > Yes, isn't it great? > > __

Re: [Full-disclosure] Large password list

2011-12-02 Thread Travis Biehn
Thanks, I'm not really up on my hipster licensing schemes. -Travis On Fri, Dec 2, 2011 at 1:54 PM, Nate Theis wrote: > Creative Commons BY-SA might be more appropriate than the GPL. > On Dec 2, 2011 10:41 AM, "Travis Biehn" wrote: > >> My password leaks will

Re: [Full-disclosure] Large password list

2011-12-02 Thread Travis Biehn
My password leaks will all be released under the GPL. -Travis On Fri, Dec 2, 2011 at 7:28 AM, Mario Vilas wrote: > On Fri, Dec 2, 2011 at 3:05 AM, adam wrote: > >> C:\Users\adam\Desktop>ls -la combined.zip | gawk "{print $5}" >> *31337*317 >> > > That's a funny coincidence. :) > >

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

2011-11-08 Thread Travis Biehn
I think these details released are in line with our understanding of the attack: a) Enumerate network (by trying routes, or reading the broadcast list.) b) Scan the nodes c) Hack the vulnerable ones, installing malware, and/or add your own malicious nodes d) DOS the un-comprimized nodes, forcing ne

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

2011-10-24 Thread Travis Biehn
So they put up a fake network, 'hacked' most of the nodes, and with complete control of their dummy network they were able to figure out traffic movement? This is news why? -Travis On Mon, Oct 24, 2011 at 10:31 AM, Mohit Kumar wrote: > French researchers from > ESIEA

Re: [Full-disclosure] New open source Security Framework

2011-10-04 Thread Travis Biehn
XML Modules? In *my* exploit pack? -Travis On Tue, Oct 4, 2011 at 3:44 PM, Mario Vilas wrote: > I don't think it's supposed to be a secret. There are also references to > Insect Pro in the source code: > > > https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/mai

Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting

2011-09-25 Thread Travis Biehn
or (Hammer of God) wrote: > >> Maybe he can trick the user into installing on a FAT32 partition first, >> and THEN get the to execute from a remote share! >> >> On Sep 25, 2011, at 5:30 PM, "Travis Biehn" wrote: >> >> It might be a fun experim

Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting

2011-09-25 Thread Travis Biehn
It might be a fun experiment to see what DLLs they're looking for :.) -Travis On Sun, Sep 25, 2011 at 2:57 PM, wrote: > To replace a service executable you usually need administrator access > anyway. > > > --Original Message-- > From: Madhur Ahuja > Sender: full-disclosure-boun...@list

Re: [Full-disclosure] Fix for NTFS permissions issue in QuickTime 7.x for Windows

2011-09-20 Thread Travis Biehn
Lol... Nice. On Wed, Sep 21, 2011 at 12:24 AM, Robert Kim App and Facebook Marketing < evdo.hs...@gmail.com> wrote: > Geoff... what other platforms does this not help? Does this apply to > Android? Or am i totally missing the point? > > On Tue, Sep 20, 2011 at 3:42 PM, Geoff Strickler > wrote: >