[Full-disclosure] Google Sacure V2.0 -- Sacure Corporation

2007-11-23 Thread whupass
Dear Sacure Corporation, Todd Michael Cohan and FD: This will be my last email, its getting boring, but I figured that I'd give Sacure the chance to clear the air. I've done a bit of research on the Sacure Corporation (Google) and decided that instead of bashing Sacure I'd just ask them some

Re: [Full-disclosure] Google Sacure

2007-10-29 Thread worried security
On 10/27/07, reepex [EMAIL PROTECTED] wrote: please stop trying to ruin a noname company - all you are doing is giving n3td3v more things to talk about so that people click his link and his terrorist cell can be funded by adsense. I'm a lawful researcher and n3td3v is a non-profit

Re: [Full-disclosure] Google Sacure

2007-10-27 Thread webby devil
ole: your site itself has problems! how are you going to solve others problems? Welcome ole! Your request has been directed to the Customer Servicedepartment. Please wait for our operator to answer your call. Call accepted by operator JC. Currently in room: JC. ole: any answers? JC: Hello Ole

Re: [Full-disclosure] Google Sacure

2007-10-27 Thread whupass
God, this is just more proof that they have no idea what they are doing. How long does it take to fix errors on a website? I mean, I know that they are using Godaddy.com and don't host their own stuff... wait... that can't be right! How can a leader in Managed Security Services not have the

Re: [Full-disclosure] Google Sacure

2007-10-27 Thread reepex
please stop trying to ruin a noname company - all you are doing is giving n3td3v more things to talk about so that people click his link and his terrorist cell can be funded by adsense. If you want a company to laugh at you should instead try irm and their cisco xss. On 10/27/07, [EMAIL

Re: [Full-disclosure] Google Sacure (A. Jodoin)

2007-10-26 Thread alexandre jodoin
How can security companies protect us if they can't even configure their shit right? More on that : From their Pen Test Whitepaper on http://www.sacure.com/index.php The Web-based authentication is exploited by using XSS (cross-site shipping) or SLQ injection or MITM (Man-in-the-Middle)

Re: [Full-disclosure] Google Sacure (A. Jodoin)

2007-10-26 Thread Juha-Matti Laurio
When typing these words _shipp_ing and script_ing_ these keys aren't even near each other on the keyboard... :) - Juha-Matti alexandre jodoin [EMAIL PROTECTED] wrote: How can security companies protect us if they can't even configure their shit right? More on that : From their Pen

Re: [Full-disclosure] Google Sacure (A. Jodoin)

2007-10-26 Thread Michael Holstein
WTF is cross-site shipping ??? A way to implement RFC 1149. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure (A. Jodoin)

2007-10-26 Thread alexandre jodoin
In fine prints, at the end of the document (Pen Test Whitepaper) : While every precaution has been taken in the preparation of this document, Sacure assumes no responsibility for errors, omissions or damages resulting from the use of the information herein. What a joke...

Re: [Full-disclosure] Google Sacure

2007-10-26 Thread whupass
The truth about Sacure is that they have little to no capabilities or talent what so ever. Their website has been malfunctioning since well before August 2007 and they never caught it. Why would anyone hire a “Managed Security” company that can’t detect issues in their own network? How the

Re: [Full-disclosure] Google Sacure

2007-10-26 Thread scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They can't even spell 'secure'.What the hell is 'sacure'? Regards, Scott [EMAIL PROTECTED] wrote: The truth about Sacure is that they have little to no capabilities or talent what so ever. Their website has been malfunctioning since well

Re: [Full-disclosure] Google Sacure

2007-10-26 Thread Jim Popovitch
On Sat, 2007-10-27 at 00:06 -0400, scott wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They can't even spell 'secure'.What the hell is 'sacure'? Perhaps it's suppose to be sauce. :-) -Jim P. ___ Full-Disclosure - We believe in it.

[Full-disclosure] Google Sacure

2007-10-25 Thread whupass
How can security companies protect us if they can't even configure their shit right? http://www.sacure.com/news/index.php Warning: mysql_pconnect(): Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) in /home/content/s/a/c/sacure/html/news/snews.php on line 457 Warning:

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread Tremaine Lea
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So their sql server fell over. Shit happens. - --- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On 25-Oct-07, at 1:19 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How can security companies protect us if they

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread whupass
Fell over a few months ago. They're supposed to be a security company... you'd think that they would notice. This is G o o g l e's cache of http://www.sacure.com/news/index.php as retrieved on Aug 22, 2007 08:14:11 GMT. On Thu, 25 Oct 2007 15:47:25 -0400 Tremaine Lea [EMAIL PROTECTED]

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread Tremaine Lea
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... I take it all back. You were right :) Heck, you'd think *any* company would notice. - --- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On 25-Oct-07, at 3:53 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Fell

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread whupass
amen. On Thu, 25 Oct 2007 18:02:17 -0400 Tremaine Lea [EMAIL PROTECTED] wrote: ... I take it all back. You were right :) Heck, you'd think *any* company would notice. --- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On 25-Oct-07, at 3:53 PM, [EMAIL PROTECTED]

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread Juha-Matti Laurio
http://www.sacure.com/news/home/sacure-to-offer-security-staffing-and-consulting-services/ generates the same result as well. - Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread Fabrizio
Way too much info. Let's map out some tables names now http://www.sacure.com/login_process.php On 10/25/07, Juha-Matti Laurio [EMAIL PROTECTED] wrote: http://www.sacure.com/news/home/sacure-to-offer-security-staffing-and-consulting-services/ generates the same result as well. -

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread Michael Bann
Maybe it's a joke. :-) Fabrizio wrote: Way too much info. Let's map out some tables names now http://www.sacure.com/login_process.php On 10/25/07, *Juha-Matti Laurio* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:

Re: [Full-disclosure] Google Sacure

2007-10-25 Thread scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First off,it's on GoDaddy (dot)com.That should be the first pointer. Michael Bann wrote: Maybe it's a joke. :-) Fabrizio wrote: Way too much info. Let's map out some tables names now http://www.sacure.com/login_process.php On