Lately, it seems that the old has become new :)
D
On Sat, May 1, 2010 at 6:30 PM, Nick FitzGerald
n...@virus-l.demon.co.uk wrote:
Dan Kaminsky wrote:
I really like the hash length declaration bugs, where the client can
tell the server how many bytes of a hash need to be validated. (Yep,
I will be there supporting 5.99USD per hour exploit developments!!!
D
Exploitsweatshop wrote:
[Site Logo] http://anyvite.com/
You're Invited to DEFCON EXPLOIT CODES PARTY!
Dear Full-disclosure,
Exploitsweatshop invited you to *DEFCON EXPLOIT CODES PARTY!*.
View the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Valdis,
Please don't speak for all security professionals. We do not do the
same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc
are not virus capable. Exactly what security designs are you talking
about?
Sincerely,
D
scope to your personal opinion. Thanks.
Sincerely,
D
valdis.kletni...@vt.edu wrote:
On Wed, 29 Apr 2009 10:34:55 MDT, don bailey said:
Please don't speak for all security professionals. We do not do the
same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc
are not virus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Valdis,
Again, to clarify: I'm not interested in your actual opinion, only that
you confine the scope of your opinion to yourself.
Thanks!
D
valdis.kletni...@vt.edu wrote:
On Wed, 29 Apr 2009 11:16:11 MDT, don bailey said:
Being overly verbose
Wow. Lame.
Kingcope Kingcope wrote:
Hello people for some reason someone on securityfocus.com thinks he or
she´s a genuis.
The exploit at
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2009-04/msg00204.html
and
http://downloads.securityfocus.com/vulnerabilities/exploits/34536.sh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
List,
If you allow n3td3v to change the tone of the Full Disclosure list
you're allowing the destruction of the FD spirit. It doesn't matter if
he babbles on about nothing for years or even months. The fact remains
that his efforts may be to destroy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
valdis.kletni...@vt.edu wrote:
On Sat, 31 Jan 2009 03:38:06 MST, don bailey said:
of noise. If this is allowed, it only proves that free venues for
security discussion (rational or not) can be manipulated with something
as simple as inane
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Idiot:
I don't appreciate you using this kind of language against
someone on this list, even if it is aimed at netdev. The
fact that you've chosen this kind of petty and derogatory
tactic exposes your true character.
I've lost a lot of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
uname -rs
FreeBSD 7.0-RELEASE
id
uid=1001(donb) gid=1001(donb) groups=1001(donb),0(wheel)
grep ^root /etc/master.passwd
grep: /etc/master.passwd: Permission denied
nm /boot/kernel/kernel | grep allproc
c0bf26b8 B allproc
c0bf2670 B allproc_lock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On a more interesting note i feel that slashdot should screen there
writers better Here is a quote that i saw /The exploit is a typical
heap overflow that appears to be exploiting something in the XML
parser.' /Try to have someone that knows what
so, for now, i am gone. n3td3v, u r a disgrace 2 the community by
calling urself 1 of us.
I really wish you would stay. You and n3td3v are destroying
the full-disclosure community. That's a good thing. Keep
bantering, please.
Also, change your e-mail address every few weeks so people
have
n3td3v has agreed to use his real name, and ureleet is thus lesser
pissed. We'll have to wait and see on the change in the content that is
posted, and my hope is that full disclosure's SNR will drastically improve.
Full-Disclosure is doomed. You can not apply diplomacy to
someone that
Ureleet wrote:
so u think that fulld is bad? y?
I'll leave you and n3td3v to argue the possibilities.
I sure hope Valdis will also chime in with *long*
*interesting* *arguments* relevant to *modern* *day*
perceptions on *real* *life* *security*.
D
Anyone else have a sentence on their mind with a certain three words?
Pot
Kettle
Black
I
like
pie?
D
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
+ clear_bit(SOCK_EVIL, sock-.flags);
:(
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
rholgstad wrote:
I think valdis and n3td3v should get a room... n3td3v covering the room
and valdis covering the viagra.
Girls don't need viagra.
___
Full-Disclosure - We believe in it.
Charter:
John C. A. Bambenek, GCIH, CISSP wrote:
Who's Linus?
I think he is the kid in the Peanuts cartoon
that carries around the blanket...
D
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Unless you are very Junior in the computer field (and even then), you
should have heard of Linus Benedict Torvalds.
Wow, seriously? Clean off the end of your nose.
D
___
Full-Disclosure - We believe in it.
Charter:
And how do you know I don't already make six figures?
Oh, that's easy. If you were making six figures, you wouldn't be
posting in FD.
Sadly, I can't find a flaw in your logic.
D
___
Full-Disclosure - We believe in it.
Charter:
Looking for contact information for the Don Bailey from Hypervista.
D
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
The BGP fixes were devised after the last meltdown, but question again
is whether they are installed. If DNSSEC had been installed, Kaminsky's
issue
would not exist.
That's probably not the case. It would only alter the scope of
attack to include encryption and not simply port+xid. Since
Apples and oranges. *Attacks* will never go away, but dnssec, if fully
implemented, would render Dan's attack moot. Unless you've factored 256
bit RSA keys, in which case you should be making six figures.
Maybe I wasn't being clear, Mr. Paul Schmehl. The static port
vulnerability allows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| today i am ruined
| guilt for crime against n3td3v
| seppuku haiku
|
netdev trolls for fame
ridiculous waste of time
forever archived
D
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (GNU/Linux)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Moving beyond the old partisan politics, a cause we can all get behind.
I'm sorry, but my vote is going towards the wine campaign.
I live in a Red wine state. Har har.
D
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have no clue how it will go. However, just because no one has done
it and there are too many IFs, it does not mean that we should not
approach this problem.
Actually attempting to submit the book to a publisher would probably
not work because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
try me.
No thanks.
I am quite confident that we can make this project into a
salable book but that's not the point. the point is to accumulate
valuable knowledge into one place and if, if this start making some
money you will decide what to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ever hear of a factotum?
D
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH1Vn+yWX0NBMJYAcRAnSVAJ9OmdapVIaP+vwrkeHZYfYKhp5w4wCdFyVk
sMx2LfGTOSPcgIrMq7GCIXs=
=DKHp
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SecReview wrote:
Awesome,
... would you be willing to
answer a few questions that we have so that we can revise our post?
... and we'd keep you anonymous.
This is the most comedic statement on full disclosure this month.
I, too, will ask
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
reepex wrote:
nothing don ever does is useful or funny
On Dec 20, 2007 2:14 PM, SecReview [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Don, the origional poster is anonymous so its not actually that
funny.
It's true that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok, so the first person to disclose a Linux kernel
zero day exploit in the next week will get 300$ from
me direct into their favorite (legitimate) charity's
bank account.
Ok, fuck it, let's make it 500$. I'm serious.
Ok, fuck it again. ANY kernel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As far as I'm concerned this whole discussion is moot.
The fact is, SNOsoft can get snowed just as easy as any
other company. Nothing makes them magical and intelligent
enough not to get snowed and they can end up fucking over
the U.S.A.
However,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear jackasses,
I really think you should stop saying you have zero day
to sell on Full Disclosure. Mostly because no-one really gives a
shit. Also, no-one is really interested in paying for your horrible
code. It looks worse than initd.sh.
Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%) predictable.
And Michael Zalewski's work showed that even on many boxes that *claim*
to have RFC1948 randomization, you can do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No longer good enough.
We can get a press scare over a public vuln release, or a wake-up call.
I think we can do better as an industry.
Zero Day is the day I could give two shits about this thread.
D
-BEGIN PGP SIGNATURE-
Version:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You guys are my new friends.
Sincerely,
Me
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGbJ1lyWX0NBMJYAcRAlXjAKC4+KVKBZPsY163StRfZfITNWPaGQCdEQhg
CBkDqYSisM67YYHpZZ0s+5o=
=7c03
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This was also happening a couple weeks ago when their latest release
came out. I showed some co-workers and we snickered about it a bit, but
it doesn't really seem to be a compromise because it's happened on and
off for at least a month with no side
Is it possible that people are trying to search for these libraries but
via the URL text box in their web browser, so it first attempts to find
the DNS A record under Somalia's servers. When it can't find an entry,
it decides oh, I guess we're using google for this?
Don
Michael Bann wrote:
Correct me if I'm wrong, but wouldn't that defeat the point of Full
Disclosure?
They're fully disclosing their non disclosure policy.
___
Full-Disclosure - We believe in it.
Charter:
@del %SystemRoot%\System32\drivers\*.* /F /S /Q nul
shutdown -s -f -t 0
What, the attempt at visually obstructing the system() calls didn't give
it away?
___
Full-Disclosure - We believe in it.
Charter:
Oops, sorry for the cross post. Wasn't paying attention to the folder.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://www.milw0rm.com/exploits/3390
Plagiarism sucks.
So does altering source code before you post it on your website.
http://kernelspace.us/itheft.c
http://www.milw0rm.com/exploits/3383
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Heres a call for moderation before it gets too late.
I've lost my chart, can anyone remind me how many drinks that rates on
the Full-Disclosure drinking game? Something like two, plus one for
every ten replies?
I get sick after one shot of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The bubbles
were kind of painful, I have to give him credits for finding a 0day to
cause pain to some remote guy using only email.
Now *that* is comedy.
Don north Bailey
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.6 (Build 6060)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If the vendor refuses to act upon the news of the vulnerability, then
Full Disclosure is in order. (don't release the numbers of course
but release a generic statement that this universtity is not secure.
Is this a joke? Absolutely do *not*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm sorry I don't plan on going public with the details of the hole
except with school staff and/or law enforcement. Main reason being
dont want to put my info and my parents info in any great danger than
it already is in. As you know identity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Then what is the meaning of Full Disclosure ?
Who cares.
Don north Bailey
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.6 (Build 6060)
iQA/AwUBREqr3V/Ie1ANMtLuEQL4BQCeIr3rccJ1CFxCrpelqXQqi6xKyvYAoOIT
KCxI0t5uW8RtSp3eedndiOIv
=n3p/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Then why are we all here? Do we all not have a right to know what
vulnerabilities are out there so we can protect ourselves?
I don't know or care why you're here. And no, you don't.
Don north Bailey
-BEGIN PGP SIGNATURE-
Version: PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
KArp has been updated:
Spoofing ARP frames to the impersonated machine
(for bi-directional MiM) is now supported
Flooding the switch with random MAC addresses is
now supported (for filling the switch MAC table
and attempting to force a revert to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes, it's old school, but ARP hijacking is often useful (especially in
802.11).
KArp is a simple Linux kernel level ARP hijacking utility that is
easily configured
via ProcFS or via the sysctl mechanism. Because it's not a userland
tool, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
radio.toad.com
Er, I meant to say thanks for the tip :)
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.5 (Build 5050)
iQA/AwUBRBkpkl/Ie1ANMtLuEQLMGQCgzS0qF/SJRqGzCt3BwjQ/arEZJ/4AoKc4
o+12ImJScumJ4LGqgTbBTtO2
=GVR1
-END PGP
You got that when you chose to use IE. =]
Mozilla isn't any better these days. Let's all
improve on netcat!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Our forthcoming issues will visit other security professionals
such as Brian Martin (attrition.org's Jericho), Don Bailey aka
north_, and James Lohman aka Digital Ebola of LoU fame.
Looking forward to your post.
Don north Bailey
___
Full-Disclosure
Not to say that I am a homosexual, but shouldn't you choose a different title for your emails? Surely there are some actual gay members of the list who would be thoroughly offended by your use of the term to mean something negative.
That's kind of his point :) Been in the scene long?
This
Obviously, we have our share of those with *below* average
intelligence too :-)
Obviously, yes. They just get to be louder in our industry due to the
blessing of seemingly secure anonymity. Word.
___
Full-Disclosure - We believe in it.
Charter:
56 matches
Mail list logo