Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Fri, 25 Jan 2008 09:58:33 EST, Dude VanWinkle said: > On Jan 24, 2008 4:37 PM, <[EMAIL PROTECTED]> wrote: > And my comment clearly indicates that I do not know about > greenish-yellow salmon, except to say that if they put it on my bagel, > I wouldn't touch it :-P And for those who couldn't f

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Jan 25, 2008 10:04 AM, Nate McFeters <[EMAIL PROTECTED]> wrote: > This is the best thread on FD ever, starts with secreview making a > completely unprofessional/mostly uninformed assessment of a consulting > group, moved into some question of secreview and why they think they can do > this, and

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

This is the best thread on FD ever, starts with secreview making a completely unprofessional/mostly uninformed assessment of a consulting group, moved into some question of secreview and why they think they can do this, and here we are, talking about bagels and salmon :). Nate On 1/25/08, Dude V

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Jan 24, 2008 4:37 PM, <[EMAIL PROTECTED]> wrote: > > On Thu, 24 Jan 2008 16:07:42 EST, Dude VanWinkle said: > > On Jan 24, 2008 3:54 PM, <[EMAIL PROTECTED]> wrote: > > > On Thu, 24 Jan 2008 15:18:10 EST, Dude VanWinkle said: > > > > OK, 10 points to the person who deciphers this one: > > > > >

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Thu, 24 Jan 2008 19:33:06 EST, Rob Michel said: > What is a salmon card ? If you know what the green and yellow cards are, extrapolate salmon. ;) pgpOlBf2wj3AT.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Security Providers - Exposed] PlanNetGroup ( F ) On Thu, 24 Jan 2008 15:18:10 EST, Dude VanWinkle said: > OK, 10 points to the person who deciphers this one: > > ... 7E7E The trailing 7E7E is a dead giveaway to anybody who's ever used a green, yellow,

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Thu, 24 Jan 2008 16:07:42 EST, Dude VanWinkle said: > On Jan 24, 2008 3:54 PM, <[EMAIL PROTECTED]> wrote: > > On Thu, 24 Jan 2008 15:18:10 EST, Dude VanWinkle said: > > > OK, 10 points to the person who deciphers this one: > > > > > > ... 7E7E > > > > The trailing 7E7E is a dead giveaway to an

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Jan 24, 2008 3:54 PM, <[EMAIL PROTECTED]> wrote: > On Thu, 24 Jan 2008 15:18:10 EST, Dude VanWinkle said: > > OK, 10 points to the person who deciphers this one: > > > > ... 7E7E > > The trailing 7E7E is a dead giveaway to anybody who's ever used a green, > yellow, or salmon card. ;) That is

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Thu, 24 Jan 2008 15:18:10 EST, Dude VanWinkle said: > OK, 10 points to the person who deciphers this one: > > ... 7E7E The trailing 7E7E is a dead giveaway to anybody who's ever used a green, yellow, or salmon card. ;) pgpyAmo6f0OT9.pgp Description: PGP signature __

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

OK, 10 points to the person who deciphers this one: E5F2C6F68595E5A6D7A8C2C4E8E6F48785E6F9F1C9C7D993E8F293A681C7E5A8C9C7F1F5C9C7C6A9E8F29397C9C8D9A5C9C7D18883F2E4F2D5C3C2938294D5A5E9C7E592C9C8D9A5C9C7E592E8F2D997E8A8C2F0E9E788F0D7A8C2D1C9C8D99682F3E59581C8D8878294F9F0C9D87E7E -JP __

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Should have made it a bit tricky. So the ensuing base64 and shar slugging could have been avoided. \x31\xc0\xbb\x01\x00\x00\x00\x50\x68\x70\x61\x6e\x79\x68\x20\x63\x6f\x6d\x68 \x79\x6f\x75\x72\x68\x6f\x72\x65\x20\x68\x6f\x20\x77\x68\x68\x75\x73\x20\x74 \x68\x70\x61\x79\x20\x68\x63\x61\x6e\x20\x68\

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Since I saw no response from XSS fans... PHNjcmlwdD5hbGVydCgncHduMzMgcjFkMycpOzwvc2NyaXB0Pg== On 1/21/08, reepex <[EMAIL PROTECTED]> wrote: > > On Jan 21, 2008 10:50 PM, Nick FitzGerald <[EMAIL PROTECTED]> > wrote: > > > Think pre-MIME/Base64 and U should be able to suss it out... > > > > nice a

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Very nice, and no, I will not resort to German. I think the point was made in my original post. How silly of me to overlook such common and simple (yes, albeit old) technologies. For those of you out there that are a bit lost and want to follow along at home: Make a simple file called uu.txt, ente

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Jan 21, 2008 10:50 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > Think pre-MIME/Base64 and U should be able to suss it out... > nice aol speak noob ;) it shar would be a pity if people didnt get this ___ Full-Disclosure - We believe in it. Charte

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Pat wrote: > All I could find was a loose relation to PGP? I might research this one a > bit later tonight... The hint (for anyone who ever saw much of this) is the obviously non- Base64, but still 7-bit sub-set, character set that includes lots of punctuation chars and no lowercase. Think pre-

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

All I could find was a loose relation to PGP? I might research this one a bit later tonight... Nothing like learning something new, as I mentioned in my Base-64 encoded message. On 22/01/2008, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > > Pat wrote: > > > > SSBkb25cJ3QgdW5kZXJzdGFuZCB3aGF0IHRoZS

Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F )

ssage- From: "Paul Melson" <[EMAIL PROTECTED]> Date: Mon, 21 Jan 2008 23:19:46 To:Pat <[EMAIL PROTECTED]> Cc:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F ) R2VuYXUh PaulM On Jan 21,

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

R2VuYXUh PaulM On Jan 21, 2008 10:50 PM, Pat <[EMAIL PROTECTED]> wrote: > SSBkb25cJ3QgdW5kZXJzdGFuZCB3aGF0IHRoZSBiaWcgaXNzdWUgaXMuIFNvIHdoYXQgaWYgcGVvcGxlIGRvblwndCB1bmRlcnN0YW5kLi4uPw0KU29tZSBwZW9wbGUsIGFuZCB0aG9zZSB0aGF0IHRoaXMgaXMgb2J2aW91c2x5IHJlbGV2YW50IHRvLCB3aWxsIGxvb2sgYXQgdGhlIGFib3ZlIHN

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Pat wrote: > SSBkb25cJ3QgdW5kZXJzdGFuZCB3aGF0IHRoZSBiaWcgaXNzdWUgaXMuIFNvIHdoYXQgaWYgcGVvcGxlIGRvblwndCB1bmRlcnN0YW5kLi4uPw0KU29tZSBwZW9wbGUsIGFuZCB0aG9zZSB0aGF0IHRoaXMgaXMgb2J2aW91c2x5IHJlbGV2YW50IHRvLCB3aWxsIGxvb2sgYXQgdGhlIGFib3ZlIHN0cmluZywgb3IgZXZlbiB0aGlzIG9uZSwgYW5kIGtub3cgd2hhdCBpdCBpcyB0a

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

SSBkb25cJ3QgdW5kZXJzdGFuZCB3aGF0IHRoZSBiaWcgaXNzdWUgaXMuIFNvIHdoYXQgaWYgcGVvcGxlIGRvblwndCB1bmRlcnN0YW5kLi4uPw0KU29tZSBwZW9wbGUsIGFuZCB0aG9zZSB0aGF0IHRoaXMgaXMgb2J2aW91c2x5IHJlbGV2YW50IHRvLCB3aWxsIGxvb2sgYXQgdGhlIGFib3ZlIHN0cmluZywgb3IgZXZlbiB0aGlzIG9uZSwgYW5kIGtub3cgd2hhdCBpdCBpcyB0aGF0IHdlIGFyZSB

Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F )

: Monday, January 21, 2008 1:12 PM To: J. Oquendo Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F ) On Mon, 21 Jan 2008 13:04:52 EST, "J. Oquendo" said: > eW91IGNhbiBwYXkgdXMgdG8gd2hvcmUgeW91ciBjb21wYW55Cg=

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

c2h1dCB1cCBoaXBwaWU= On Jan 21, 2008 9:50 PM, Pat <[EMAIL PROTECTED]> wrote: > SSBkb25cJ3QgdW5kZXJzdGFuZCB3aGF0IHRoZSBiaWcgaXNzdWUgaXMuIFNvIHdoYXQgaWYgcGVvcGxlIGRvblwndCB1bmRlcnN0YW5kLi4uPw0KU29tZSBwZW9wbGUsIGFuZCB0aG9zZSB0aGF0IHRoaXMgaXMgb2J2aW91c2x5IHJlbGV2YW50IHRvLCB3aWxsIGxvb2sgYXQgdGhlIGFib3

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

umm, who said I even bothered... and if you'd ever even looked at ldap password hashes you'd have a clue... but I'm sure you're too old-skool for that, huh? reepex wrote: > On Jan 21, 2008 8:39 PM, Harry Hoffman <[EMAIL PROTECTED] > > wrote: > > Is this anything m

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

heh, anything more then a passing glimpse on this list is asking alot... funny string and all, but blah... to answer your guestion about who would recognize this type of string, anyone who's dealt with ldap and moving user passwords to ldap would recognize... doesn't even necessarily have to be

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Jan 21, 2008 8:39 PM, Harry Hoffman <[EMAIL PROTECTED]> wrote: > Is this anything more then a base64 encoded password hash? > "base64 encoded password hash" - lol - what security for dumbies book did you get this phrase from? also after identifying it as base64 could you really not decode it t

Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F )

Agreed. Sent via BlackBerry from T-Mobile -Original Message- From: reepex <[EMAIL PROTECTED]> Date: Mon, 21 Jan 2008 21:25:48 To:Maxim <[EMAIL PROTECTED]>, full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Professional IT Security Providers -

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

you said it was 'fun' implying that you felt happy after you had accomplished the task ( decoding the string in this case ). so unless you naturally have fun decoding simple strings, then this must of been a new experience for you/challenging one to solve On Jan 21, 2008 9:28 PM, Maxim <[EMAIL PRO

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Mon, 21 Jan 2008 21:39:08 EST, Harry Hoffman said: > Is this anything more then a base64 encoded password hash? So close, and yet so far :) pgpOUvXNYWoUg.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://list

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Harry Hoffman wrote: > Ok, I'll give... > > Is this anything more then a base64 encoded password hash? Nope, it's not _even_ that. You were half right though -- for half-credit you can try again... (Hint: You'd have to be pretty stellar to not need to deode it to get the answer!) Regards,

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

reepex wrote: > if base64 was challenging for you then maybe you should switch fields of > work Yes -- I guess he could try whatever it is you do... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/f

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

... if base64 was challenging for you then maybe you should switch fields of work On Jan 21, 2008 9:04 PM, Maxim <[EMAIL PROTECTED]> wrote: > that was fun ... :-) > > stuff like that should be on people's job interviews. > > On Mon, 2008-01-21 at 21:59 -0500, [EMAIL PROTECTED] wrote: > > Remembe

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

that was fun ... :-) stuff like that should be on people's job interviews. On Mon, 2008-01-21 at 21:59 -0500, [EMAIL PROTECTED] wrote: > Remember that although 99.98% of the Internet population ends up using it, > 99.97% are totally unaware of the fact because they have point-n-drool GUI > interf

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Ok, I'll give... Is this anything more then a base64 encoded password hash? Nick FitzGerald wrote: > [EMAIL PROTECTED] wrote: > >> Cute, but probably lost on the half of the list that couldn't >> figure out what it was. :) > > Wow -- you think that _many_ understood it?? > > > Regards, > >

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Mon, 21 Jan 2008 20:48:29 CST, Nate McFeters said: > I mean, it is used all over the place... it'd seem like half of the list > could know. Remember that although 99.98% of the Internet population ends up using it, 99.97% are totally unaware of the fact because they have point-n-drool GUI inte

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

I mean, it is used all over the place... it'd seem like half of the list could know. On 1/21/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > On Mon, 21 Jan 2008 23:32:00 -0300, damncon said: > > Come on ... that == pretty much says what it is > > OK, I'll bite - where would the average nmap/n

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Mon, 21 Jan 2008 23:32:00 -0300, damncon said: > Come on ... that == pretty much says what it is OK, I'll bite - where would the average nmap/nessus/XSS ankle-biter (both amateur and professional) have a need to learn what it means? pgpLDD2YZaOnU.pgp Description: PGP signature ___

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Come on ... that == pretty much says what it is On Jan 21, 2008 11:22 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > > Cute, but probably lost on the half of the list that couldn't > > figure out what it was. :) > > Wow -- you think that _many_ understood it?? > > >

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

[EMAIL PROTECTED] wrote: > Cute, but probably lost on the half of the list that couldn't > figure out what it was. :) Wow -- you think that _many_ understood it?? Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

On Mon, 21 Jan 2008 13:04:52 EST, "J. Oquendo" said: > eW91IGNhbiBwYXkgdXMgdG8gd2hvcmUgeW91ciBjb21wYW55Cg== Cute, but probably lost on the half of the list that couldn't figure out what it was. :) pgpYeb9638WcT.pgp Description: PGP signature ___ Full-

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

SecReview wrote: Nate, Your email was constructive and much appreciated. We'll go over the review a second time and incorporate some of your suggestions. Thank you for taking the time to provide so much good feedback. Hey all, I'd like to get into reviewing security companies as well. B

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

eW91IGNhbiBwYXkgdXMgdG8gd2hvcmUgeW91ciBjb21wYW55Cg== The interesting thing is that they don't seem to be reviewing large companies... perhaps they are interested in extorting the smaller ones??? Just a thought, not an accusation. Nate On 1/21/08, J. Oquendo <[EMAIL PROTECTED]> wrote: > > SecRev

Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F )

nice to see some have mlk off and nothing better to do - Original Message - From: "SecReview" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Monday, January 21, 2008 10:40 AM Subject: Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanN

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

Nate, Your email was constructive and much appreciated. We'll go over the review a second time and incorporate some of your suggestions. Thank you for taking the time to provide so much good feedback. On Mon, 21 Jan 2008 02:07:50 -0500 Nate McFeters <[EMAIL PROTECTED]> wrote: >SecReview,

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

SecReview, My 2 cents on your review, although I will try to be nicer then you were to the reviewee. I'm completely skipping your section where you talked to the non-technical person, that's not even fair... sorta like reviewing a consulting group based on their website alone... oh shit, I forgot

[Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

The PlanNetGroup is a Professional IT Security Services Provider located at http://www.plannetgroup.com. One of our readers requested that we perform a review of the PlanNetGroup, so here it is. It is important to state that there isn’t all that much information available on the web about the PlanN