[Full-disclosure] Introducing libOnionRoute, the library to anonymize software

Hi Everyone: LibOnionRoute, the library to anonymize software was just released. It is basically a modification of Tor to transform it into a library you can link to your software. Some of us believe is more secure in some situations to use it like that. To find out more please visit: http://oni

Re: [Full-disclosure] iPhone Geolocation storage

Masochists exist! On 5/13/11, Dan Tulovsky wrote: > Actually, the only thing boring here is your rant. > > On Wed, May 11, 2011 at 4:01 AM, wac wrote: >> So many ppl waste so much time in dead end technology. Amazing. I once >> purchased a Mac and that's because it w

Re: [Full-disclosure] iPhone Geolocation storage

So many ppl waste so much time in dead end technology. Amazing. I once purchased a Mac and that's because it was old and extremely cheap. Didn't even used it. Nothing worked there. It hanged, the harddrive always got wrong bits in the bitmap after the hang. I wasted my money. Apple users are nothin

Re: [Full-disclosure] sourceforge entry point seems still active.

So it actually happened! Not surprising at all. I suspected at first sight about a phish attempt because the email in another domain they sent for contact in case of problems with password reset (didn't bothered about headers anyway). Seems mine was not compromised according to what they say "Our

Re: [Full-disclosure] Making Security Suck Less

Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling

Re: [Full-disclosure] Google Maps XSS (currently unpatched)

> First of all, "security" is a myth. One can presume they're "secure" (or secluded) from danger sitting behind a firewall, but to do so is just foolish. Something is better than nothing ;). > People in power love to say "if you have nothing to hide then nothing to worry about" when it comes to t

Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs

In any case i wonder how much google is going to respect corporate, industry secret or all that stuff you don't want them to know with google wave. Best thing to do is not to use that. I really doubt that it is an improvement and i think i will hardly ever need it. Is just more fanboi food. (knowin

Re: [Full-disclosure] What the UK government care about in a hacker

>How will the UK government contact you? Brute guys will jump out of a range rover land rover which will have darkened windows and will give you an offer you can't refuse after abducting you for five minutes based on your research post on Full-Disclosure. Guys? Nope. __

Re: [Full-disclosure] Vacation reply

No, is called google spaming full-d to get userbase for gmail. The more I see it the more I want to drop it. Problem. They do user locking. Yeahh well we might publish some working code to help their locked users be free :D. Would you like it? I might finish that piece of code ;) On Mon, May 12, 2

Re: [Full-disclosure] Tool release: extract Windows credentials from registry hives

"Two Things Infinite: The Universe and Human Stupidity" Albert Einstein Google Error Forbidden Your client does not have permission to get URL /files/creddump-0.1.tar.bz2 from this server. (Client IP address: xxx.xxx.xxx.xxx) You are accessing this page from a forbidden country. Why google co

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

> > If I use strcpy() to read user input into a buffer, I am at fault and > not C compiler. I don't think that's a fair comparison. If you make the right algorithm and you do not get the expected results *is* not your fault but what are you sitting at (compiler, framework, library ...).

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

Hello: On 9/29/07, Andrew Farmer <[EMAIL PROTECTED] > wrote: > > > If your bank is doing financial calculations using Javascript in a > standard web browser, you have bigger things to worry about than > roundoff errors. Ok let's explain this with more details because I realize that you got some

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

Hello: On 9/28/07, Jimby Sharp <[EMAIL PROTECTED]> wrote: > > How is this serious and is it related to security in any manner? If > not, please do not spam. :-( Many bugs are security related (I would say all). How it is security related? Think. What happens if your bank calculates something wr

[Full-disclosure] www.archive.org <--- XSS (and under attack)

Hello: I could take a while to investigate this more but I have no time ATM (veeery busy) and the website is under attack. (should be a matter to try that script on some form. Get a virtual pass for the library, digg in the book publishing forms and report back) Try this links: http://www.archive

Re: [Full-disclosure] Remote hole in OpenBSD 4.1

Hello: Maybe if their microcode where open or at least not encrypted (was DES?) we could disassemble it and see for ourselves. Right now it doesn't matters if you can read the source code of your entire operating system + drivers + apps or even your ROM. At the end "they got you" whatever you run

Re: [Full-disclosure] FIREFOX 2.0.0.5 new vulnerability

the very same coin so you can see how it looks from the other side. The point? Don't do to others what you don't like to get back. Try that option next time!! Take it as a lesson. And grow buddy, you are still in the part "I'm l33t and better than everyone" the part when y

Re: [Full-disclosure] FIREFOX 2.0.0.5 new vulnerability

Well I hope the next version won't open 45 internet explorers when I click the mailto URLs. And that when you download something you don't have the save button enabled by default (and with that delay to avoid return hits security things) It should have enabled by default the cancel button. Instead

Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)

On 7/8/07, jt5944-27a <[EMAIL PROTECTED]> wrote: thank you? okay - thank you for creating this wonderful software that we use. thank you for listening to our defect requests and thank you for addressing them in a meaningful time frame. but thank you for finding bugs? are you on drugs? Drugs?

Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)

On 7/8/07, Dave Hull <[EMAIL PROTECTED]> wrote: On 7/8/07, ascii <[EMAIL PROTECTED]> wrote: > > Dave Hull wrote: > > Yep. This is nothing new (and nothing noble), there are at least a > > handful of web sites that will buy zero days. > > > > Maybe we should start zeBay. > > Because you are noble

Re: [Full-disclosure] Rutkowska faces ‘100% unde tectable malware’ challenge, teasing?

Blah blah blah. Please someone tell Rokowska that we know about what she calls "blue pill" since we where little kids. It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig in his Giant Book of Computer viruses Page 391 from American Eagle Publications, Inc. Chapter "Protecte

Re: [Full-disclosure] Fight Censorship on Full-Disclosure

On 5/12/07, Dr. Neal Krawetz PhD <[EMAIL PROTECTED]> wrote: Hello all, It was brought to my attention that this list has become moderated. Moderated? Is that correct? Please let me know. I once saw once something strange. An mail sent to the list months ago bouncing back to me. As a commun

Re: [Full-disclosure] INVASION OF THE CHILD HACKERS

On 4/16/07, Stack Smasher <[EMAIL PROTECTED]> wrote: My daughter is 3 and she has had a laptop of her own since she was 2. You would be amazed at how much more she likes going to the 6-7 sites I have bookmarked for her then watching TV. Sesame Street and Nick Jr. are her most favorite. My parent

Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

Hello: Firefox 2.0.0.3 (at least in windows) *seems to be vulnerable*. I don't remember exactly what it did but it behaved in a strange way I believe some file handle was left open and had to kill it the hard way. I don't know what they say in the docs but if it ends up calling the user32 functio

[Full-disclosure] Windows .ANI LoadAniIcon third party patch latest version 0.3 (so people can rollback their system before applying the patches)

Hello: I see that today I'm getting downloads from the website. Incredible yesterday (1:27 am here in -5 GMT) got more than the first day. Well anyway that could be maybe because people doesn't know that the Microsoft patch is out there or... just want to see. Who knows? Well previous versions we

[Full-disclosure] another .ani 0-day bug third party patcher more usefull this time, version 0.2

Get it here binary: http://aircash.sourceforge.net/micro-distro-0.2-bin.zip sources: http://aircash.sourceforge.net/micro-distro-0.2-src.zip Regards Waldo Alvarez ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosu

Re: [Full-disclosure] More information on ZERT patch for ANI 0day

Well I did my patch and I'm giving it away to be modifiable by everyone out there. I did it for version 5.1.2600.2622 of user32.dll, English version not sure if that is the last version from M$ (with the way they handle patches you know you could miss one) anyway in any case I believe there is en

Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

On 4/1/07, Larry Seltzer <[EMAIL PROTECTED]> wrote: >>The issue is that this only works with DEP turned off! Interesting point. I haven't seen this mentioned anywhere, including the Microsoft advisory (http://www.microsoft.com/technet/security/advisory/935423.mspx). Has anyone actually tested

Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

Hello: Does this works in *fully patched* XP pro + SP2? Mine seems to be totally immune (not even crashing). XP Pro + SP2 + 0 patches crashes (probably landing somewhere else in memory). On 3/30/07, dev code <[EMAIL PROTECTED]> wrote: /* * Copyright (c) 2007 devcode * * *

Re: [Full-disclosure] hi5 Antiphishing Departement

Yep it works. I cloned that and modified it to mail me the user cookie see http://bottester.hi5.com You have to be logged to make it work ok. Sometimes doesn't works correctly, it takes you to the home page. Try several times. No idea why. Sometimes when you modify your profile in hi5 you have to

Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

Hello: On 3/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On Sat, 24 Mar 2007 11:48:10 CDT, wac said: > Of course not, is enough to find a collision and you'll get for example a > message signed by somebody else that looks completely authentic since > signatures en

Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

Of course not, is enough to find a collision and you'll get for example a message signed by somebody else that looks completely authentic since signatures encrypt that hash with the private key. On 3/21/07, Blue Boar <[EMAIL PROTECTED]> wrote: 3APA3A wrote: > First, by reading 'crack' I tho

Re: [Full-disclosure] Wikipedia and Pedophilia

On 1/20/07, Timo Schoeler <[EMAIL PROTECTED]> wrote: In epistula a V Vendetta <[EMAIL PROTECTED]> die horaque Fri, 19 Jan 2007 13:29:53 -0800 (PST): > Full Dislosure: Wikipedia > (...) > > Also, I apologize for my english - as it is only my second language. > > The Wikipedia ideology is like co

Re: [Full-disclosure] Grab a myspace credential

On 1/16/07, Deepan <[EMAIL PROTECTED]> wrote: On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote: > "but at some point all this abuse will likely start sending users off > to another service. " > > thats only --if the know if they are being abused.. most of them are > not coherent about any s

Re: [Full-disclosure] Flog 1.1.2 Remote Admin Password Disclosure

On 1/8/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On Sun, 07 Jan 2007 16:08:23 +0100, endrazine said: > > yes that's correct but don't forget that hashes can collide > > > > it could be the case that: > > > can ? could ? might ? Do you have any mathematical prouve or are you > just guessi

Re: [Full-disclosure] Flog 1.1.2 Remote Admin Password Disclosure

On 1/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On Fri, 05 Jan 2007 15:34:49 EST, T Biehn said: > This isn't a password disclosure, it's a leak of password information. > > It's a password hash, you super hacker. And given the hash, and knowledge of how the hash is computed, it becomes

Re: [Full-disclosure] Vuln ....

Thanks. But don´t worry I won´t read sh... anyway :) Nothing interesting could come from that hitman anyway.RegardsWACOn 10/16/06, Pink Hat <[EMAIL PROTECTED]> wrote: On 10/16/06, wac <[EMAIL PROTECTED]> wrote:> Hey you could start by writing those sites in english :P> http://tr

Re: [Full-disclosure] Vuln ....

Hey you could start by writing those sites in english :POn 10/13/06, hitham hitham <[EMAIL PROTECTED] > wrote:===# Found By Sp1deR_NeT .. # E-mail :- [EMAIL PROTECTED]# Site's :- WwW.Sp1deR-N3T.Com +++ WwW.Pal-HackinG.Com # We Are :- PalEstine  HackerS Te

Re: [Full-disclosure] Server Redundancy

Hi:Thanks I'll check ipvs.RegardsWaldoOn 8/10/06, Tim Hecktor < [EMAIL PROTECTED]> wrote: Hello,   > DiG 9.2.1 <<>> ftp.freenet.de;; global options:  printcmd;;

Re: [Full-disclosure] Server Redundancy

Hi:Isn't there a way to map a name to several IPs?Or use aliases?I'm interested in the subject because I want to do the same thing.RegardsWaldoOn 8/9/06, Gary E. Miller <[EMAIL PROTECTED]> wrote:-BEGIN PGP SIGNED MESSAGE- Hash: SHA1Yo Sec!On Wed, 9 Aug 2006, Sec Bas wrote:> I was thinking

Re: [Full-disclosure] Gmail emails issue

Hi:Worried about a temp file in gmail servers and not by the fact that using a browser your mails goes who knows where server in plain text? Except for the login part that uses SSL of course. Somebody could be sniffing :D regardsWACOn 8/4/06, 6ackpace <[EMAIL PROTECTED]> wrote: Hi All,   Gmail stor

Re: [Full-disclosure] 70 million computers are using Windows 98 right now

On 8/1/06, Eliah Kagan <[EMAIL PROTECTED]> wrote: On 7/27/06, wac wrote:> > >  Now, Linux is definitely not a natural migration pathway. That theory> of> > > adapting server oriented operating systems to the desktop, and believe> if > > > was goin

Re: [Full-disclosure] 70 million computers are using Windows 98 right now

On 7/26/06, Eliah Kagan <[EMAIL PROTECTED]> wrote: Waldo--> It will run  everything  (almost) that runs on top of a win32> subsystem...(the top bar is higer actullay, it goes for native java, native> linux, native DOS, OS2 etc.. is a long list) and drivers as well, enought > for migration ;). Anywa

Re: [Full-disclosure] 70 million computers are using Windows 98 right now

On 7/11/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:On Tue, 11 Jul 2006 13:28:08 -0300, Cardoso said:> but I agree. Let them die. 98 is a very unsafe plataform, hope the > spyware guys act fast and kill all the remaining machines, under a ton> of popups.And where does that leave the users?  Ha

Re: [Full-disclosure] Vunerability in yahoo webmail.

Hi folks:Can I get this file somewhere else? Like a web site or something. This gmail thing detects it as a virus. I doub't yahoo will let it pass still, that's wht i don;t ask anyne to send it to me ;). I wonder who asked to have an stupid scanner in the e-mail that you can't disable. I don't even

Re: [Full-disclosure] FrSIRT Puts Exploits up for Sale

Jejej no Way, That would be the only thing that will make me to remove the bookmark from my browser. Anyway there are a couple of some other sites that give those files for free so we won't loose anything :D We'll simply change the provider. RegardsWaldoOn 3/16/06, Ivan . <[EMAIL PROTECTED]> wrote:

Re: [Full-disclosure] Phun! Search

LOL jajajajajajOn 3/21/06, Javor Ninov <[EMAIL PROTECTED]> wrote: i hope you soon reach 18 and start thinking about sex... you will likeit i am suren3td3v wrote:> \/\/3 53nd j00 m4d c0d35> ch3x j00r 1nb0x3r ph0r Xpl01t c0d3 2 m4n1pul4t3 phUN! s34rch> h0h0h0 >> On 3/21/06, *teh kids* <[EMAIL PRO

Re: [Full-disclosure] Re: what we REALLY learned from WMF

Hi:I think it would be good if Microsoft releases patches a la opensource. But I think since M$ does the whole thing is their decision after all to do it one way or another. I understand that sometimes is a matter that customers have no other choice than take things as they decide. The normal answe

Re: [Full-disclosure] WMF Exploit

HiInteresting. How much? :DRegardsWaldoOn 1/4/06, Todd Towles <[EMAIL PROTECTED] > wrote:Not sure, the last non-exploit pen auction was up pretty high> -Original Message- > From: Georgi Guninski [mailto:[EMAIL PROTECTED]]> Sent: Wednesday, January 04, 2006 3:57 PM> To: Todd Towles> Cc: [EM

Re: [Full-disclosure] Good proxy chaining applications

Hi: You can use openssh in one of the machines, plink (command line client that comes with putty). and freecaps ( http://www.freecaps.ru ) if you want a complete free system. But you can instead of freecaps use proxifier (www.proxifier.com) that works better, althoug proxifier sometimes have to be

Re: [Full-disclosure] Is this a Virus?

On 12/29/05, Shawn Cox <[EMAIL PROTECTED]> wrote: I doubt it's a virus.  Filling up a hard-disk is counter productive to propagation.  Though I do think it was an option in the VCL of old. Hi: Well if the virus releases the space before infection, can be productive to the propagation since it w

Re: [Full-disclosure] a call for full-disclosure to become a moderatedlist

Hi: I beleive that such moderated version should be given as an alternative when people subscribe to this list. I mean in the webpage or in the help mail. I also don't want this one to be moderated and I feel just fine with the messages sent but if anyone wants it filtered... Well why not, they ha

Re: [Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x

Hey guys I guess you are wasting so much time. Is very easy to just encrypt some modules and enjoy mcafee or any other to stupidly tell you that the computer is clean. Period, do not waste your time with McAfee or any other, it just takes 1 second. Poor world beleiving in antivirus. Regards WaldoO

Re: [Full-disclosure] Window's O/S

Hi: I guess that is the remaining of an old IE bug that opened notepad.exe on the desktop. I remember it quite well, it is archived somewhere for sure.On 11/24/05, jacob jango <[EMAIL PROTECTED]> wrote: Not sure if you guys are aware of this issue windows XP...!!     create an folder on deskop

Re: [Full-disclosure] Is this a phishing attempt?

Hi:   I have3 a couples of stories to talk about this.   Jejej I have even interchanged mail with those guys doing that. Do the following. If they are a prince or a king or a pressident or whomever wants to give you millions. Jejej tell them to pay you the airplane ticket that you have no money at

Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me

Hi ppl: Thanks to all those that tried to help me. I just can't read that much mail. But thanks to almost all responses (except the ironic one please save us both some time next time) Since most answers are like this one I'll use this as reply (sorry folks I guess this is the most optimized way f