Re: [Full-disclosure] noise: Possible skydrive link to gov

judging from your inane ramblings about things you obviously have zero clue about im pretty sure that you're the australian mirror of n3td3v you even have the same fondness of wowowowowow 1337 h4nd13 !oneoneone 2011/10/28 xD 0x41 > i think the latter. grow up. > > > > On 28 October 2011 2

Re: [Full-disclosure] noise: Possible skydrive link to gov

i think the latter. grow up. On 28 October 2011 20:49, doc mombasa wrote: > too lazy to google and find out what skydrive is? or too returded? > > 2011/10/27 xD 0x41 >> >> Hi. >> I recently have heard that police, in some places, are using an app called >> SkyDrive to get 'dox' on people, they

Re: [Full-disclosure] noise: Possible skydrive link to gov

too lazy to google and find out what skydrive is? or too returded? 2011/10/27 xD 0x41 > Hi. > I recently have heard that police, in some places, are using an app called > SkyDrive to get 'dox' on people, they seem to be hiding it but, i dont know > much yet on this expect, that is ptretty certai

Re: [Full-disclosure] noise: Possible skydrive link to gov

Skydrive is the Microsoft cloud storage product, for documents, pictures, etc. It is similar to Dropbox, which is already a well-known LE intel source. From: xD 0x41 mailto:sec...@gmail.com>> Reply-To: "sec...@gmail.com" mailto:sec...@gmail.com>> Date: Wed, 26 Oct 2011

Re: [Full-disclosure] noise

Like the divine-message link...has great potential as an internet off-ramp...style-points for including it... --sjs On 7/3/2011 1:17 AM, Jeffrey Walton wrote: On Sun, Jul 3, 2011 at 3:22 AM, Jonathan Brossard wrote:

Re: [Full-disclosure] noise

On Sun, Jul 3, 2011 at 3:22 AM, Jonathan Brossard wrote: > Please ignore. > > 8feb0981f825d47250a7e9b98124d437 > 43757802615ee62857e4747a7408b4f1 > a58cee1bc265f3f6cfd3317f8af14624 > 1c000334d57584543f62b835d06e0dd1 > cc1faeb253c29cd5836d7a7191431e50 > 39d315f113d3bc1c6ef65df24892b375 > > d2ecb3b0

Re: [Full-disclosure] noise about full-width encoding bypass?

Dear Brian Eaton, --Monday, May 21, 2007, 11:28:27 PM, you wrote to [EMAIL PROTECTED]: BE> Given how few application platforms decode full-width unicode to ASCII BE> equivalents, is there a case to be made that those application BE> platforms that do decide this conversion is a good idea are bro

Re: [Full-disclosure] noise about full-width encoding bypass?

Dear Brian Eaton, --Monday, May 21, 2007, 11:48:09 PM, you wrote to [EMAIL PROTECTED]: BE> On 5/21/07, 3APA3A <[EMAIL PROTECTED]> wrote: >> It's not true, because it's quite convertible character. At least for IIS: >> >> http://example.com/test.asp?q=%uFF1Cscript>alert("Hello") >> >> where test.a

Re: [Full-disclosure] noise about full-width encoding bypass?

On Mon, 21 May 2007 14:41:58 CDT, Steven Adair said: > I think you could be on either side, but I would learn towards this being > a feature than a bug. Multiple products appear to do the decoding in the > same manner and intentionally perform this function. No, they merely *claim* to do it the s

Re: [Full-disclosure] noise about full-width encoding bypass?

On 5/21/07, 3APA3A <[EMAIL PROTECTED]> wrote: > It's not true, because it's quite convertible character. At least for IIS: > > http://example.com/test.asp?q=%uFF1Cscript>alert("Hello") > > where test.asp is > > <%=Request.QueryString("q")%> > > launches javascript. This does not work for me for II

Re: [Full-disclosure] noise about full-width encoding bypass?

> On 5/21/07, ascii <[EMAIL PROTECTED]> wrote: >> Brian Eaton wrote: >> > To summarize what I've heard from various sources: I am missing >> > something important. =) Both PHP and ASP.NET will decode these >> > characters into their ASCII equivalents. >> >> (AFAIK) >> >> Only ASP.NET/IIS decodes t

Re: [Full-disclosure] noise about full-width encoding bypass?

On 5/21/07, ascii <[EMAIL PROTECTED]> wrote: > Brian Eaton wrote: > > To summarize what I've heard from various sources: I am missing > > something important. =) Both PHP and ASP.NET will decode these > > characters into their ASCII equivalents. > > (AFAIK) > > Only ASP.NET/IIS decodes that automa

Re: [Full-disclosure] noise about full-width encoding bypass?

Brian Eaton wrote: > To summarize what I've heard from various sources: I am missing > something important. =) Both PHP and ASP.NET will decode these > characters into their ASCII equivalents. (AFAIK) Only ASP.NET/IIS decodes that automatically. PHP *can* do that as like JSP and probably others

Re: [Full-disclosure] noise about full-width encoding bypass?

On 5/21/07, Brian Eaton <[EMAIL PROTECTED]> wrote: > Has anyone had a look at the full-width unicode encoding trick discussed here? > > http://www.kb.cert.org/vuls/id/739224 > > AFAICT, this technique could be useful for a homograph attack. I > don't think it's useful for much else. However, a fe

Re: [Full-disclosure] noise about full-width encoding bypass?

Dear Brian Eaton, --Monday, May 21, 2007, 6:22:21 PM, you wrote to [EMAIL PROTECTED]: BE> If the SQL engine is processing queries in ASCII or ISO-8859-1, the BE> conversion from unicode to the code page used by the engine will fail. BE> Either the engine will give up on the query, or it might s

Re: [Full-disclosure] noise about full-width encoding bypass?

We have tested this technique for both XSS and SQL Injection with IIS (and any backend database) and it works nicely. The issue is that the web server translates the graphical equivalent character to the actual character (so %uFF07 is actually translated by the web server to an ASCII quote charact

Re: [Full-disclosure] noise about full-width encoding bypass?

Hi, I think this encoding bypass may have some impact on applications which convert data from Unicode/UTF to other encodings. A naive example: http://lukasz.pilorz.net/testy/full_width_utf/index.phps But I don't suggest this was the main problem, I have probably missed something too. Best regards,

Re: [Full-disclosure] noise about full-width encoding bypass?

On 5/21/07, Łukasz Pilorz <[EMAIL PROTECTED]> wrote: > I think this encoding bypass may have some impact on applications > which convert data from Unicode/UTF to other encodings. A naive > example: > http://lukasz.pilorz.net/testy/full_width_utf/index.phps > > But I don't suggest this was the main

Re: [Full-disclosure] Noise

Nah dude, he stood in defence of Kevin Mitnick, works with the UN, whitehouse, fbi etc. He's a world leading advisor with much infulence on the super powers of the world in relation to information technology security.   http://www.nytimes.com/2005/07/31/business/yourmoney/31hack.html?ex=1280462400

Re: [Full-disclosure] Noise

end this now, I'd swear you wanted him to come back. On 3/30/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On Wed, 29 Mar 2006 23:36:28 +0100, n3td3v said: > You mean like Seiden who broke into banks and told everyone about it, and is > now one of the biggest security experts in the industr

Re: [Full-disclosure] Noise

On Wed, 29 Mar 2006 23:36:28 +0100, n3td3v said: > You mean like Seiden who broke into banks and told everyone about it, and is > now one of the biggest security experts in the industry. He sent me an > e-mail telling me a week or so back telling me to take you seriously, i'm > beginning to wonder

Re: [Full-disclosure] Noise

Wel, theres certainly no chance i'll come back to the list after the way i've been treated. With all the trolls (much of them blackhat/scriptkid based) bashing legitmate security researchers who have been reporting shizzle to the big players within the industry for some 7 years so far, its not supr

Re: [Full-disclosure] Noise

You've said you were leaving about 3 times in the past, and then came back shortly after. Stay away. On Thu, 2006-03-30 at 03:08 +0100, n3td3v wrote: I will go away if you want, but that doesn't stop me being the founder of the biggest groups' with corporate hack information on the intern

Re: [Full-disclosure] Noise

I will go away if you want, but that doesn't stop me being the founder of the biggest groups' with corporate hack information on the internet. If you want me to F""k off I will...if that makes you sleep easier. Bye, then, I guess this will be my last ever FD post. I wil dispappear and Todd from RIN

Re: [Full-disclosure] Noise

So let me see if I get this right, yahoo employees are trying to tap you for information and you stopped contacting them. Plenty of people on this list want nothing of you and would love for you to stop contacting them. How can we pull a yahoo here and be rid of you? -sb On 3/29/06, n3td3v <[EM

Re: [Full-disclosure] Noise

er needs the phoneand his mom just yelled to him in the basement to come up for dinner. php0t wrote:> You need a hug.>> -Original Message-> *From:* [EMAIL PROTECTED]> [mailto: [EMAIL PROTECTED] ] *On Behalf Of *n3td3v> *Sent:* Thursday, March 30, 2006 12:57 A

Re: [Full-disclosure] Noise

    -Original Message-> *From:* [EMAIL PROTECTED]> [mailto: [EMAIL PROTECTED]] *On Behalf Of *n3td3v> *Sent:* Thursday, March 30, 2006 12:57 AM> *To:* full-disclosure@lists.grok.org.uk>     *Subject:* Re: [Full-disclosure] Noise>> I finished school 11

Re: [Full-disclosure] Noise

half Of *n3td3v > *Sent:* Thursday, March 30, 2006 12:57 AM > *To:* full-disclosure@lists.grok.org.uk > *Subject:* Re: [Full-disclosure] Noise > > I finished school 11 years ago, infact I left on my own accordance > (when I was 14) because they were going to chuck

Re: [Full-disclosure] Noise

http://mtf.news.yahoo.com/mailto?url=""   On 3/30/06, Alexander Hristov <[EMAIL PROTECTED]> wrote: Hey n3td3v have u ever consired brain surgery like braintransplantation or something like that ? I think it might help ! Try your favourite search engine yahoo for searching more info about thatok ?O

Re: [Full-disclosure] Noise

Hey n3td3v have u ever consired brain surgery like brain transplantation or something like that ? I think it might help ! Try your favourite search engine yahoo for searching more info about that ok ? On 3/30/06, n3td3v <[EMAIL PROTECTED]> wrote: > > Lets hear your story then, I bet thats a lot mo

Re: [Full-disclosure] Noise

Lets hear your story then, I bet thats a lot more interesting, right? Lets see, you grew up in a balanced family and social background, went to private school, finished all your exams, went to univeristy, studied computer science etc and then had the big peice of paper to say you can analyise code

Re: [Full-disclosure] Noise

On Wed, Mar 29, 2006 at 11:56:48PM +0100, n3td3v wrote: > I finished school 11 years ago, infact I left on my own accordance (when I > was 14) because they were going to chuck me out of school anyway. I soon got > involved in stealing cars, brekaing into houses, and taking goods from > shops. All m

RE: [Full-disclosure] Noise

Title: Message You need a hug. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3vSent: Thursday, March 30, 2006 12:57 AMTo: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] Noise I finished school 11 years ago

Re: [Full-disclosure] Noise

I finished school 11 years ago, infact I left on my own accordance (when I was 14) because they were going to chuck me out of school anyway. I soon got involved in stealing cars, brekaing into houses, and taking goods from shops. All my criminal friends went to jail, I was the only one left. I star

Re: [Full-disclosure] Noise

On 3/29/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: But as a Big-Phallused Expert that hangs with all these Important D00dz fromYahoo and Microsoft, you probably haven't broken into all that many computersystems yourself.   What are you suggesting? Employees have given mad infos? Thats a big s

Re: [Full-disclosure] Noise

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yeah, I do actually, but due to the nature of the company that I work for, I'm not actually able to disclose any of that information. I'm also legally not allowed to disclose any vulnerabilities publicly, as per my contract of employment. Most the

Re: [Full-disclosure] Noise

Well actually breaking into systems and showing the result to Google Yahoo etc sure is a bigger buzz than blogging about "current issues" within the media that you currently blog about. Wheres your hacker stories of breaking into systems, wheres your unique/original posts that haven't been seen bef

Re: [Full-disclosure] Noise

On Wed, 29 Mar 2006 22:20:22 +0100, n3td3v said: > nothing special. How many corporate systems and networks have you broken > into, just as I thought...none. But as a Big-Phallused Expert that hangs with all these Important D00dz from Yahoo and Microsoft, you probably haven't broken into all that

Re: [Full-disclosure] Noise

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bwahahahahahahahahahahahahahaahahahahaha. To live in your world must be so much fun. xyberpix Blog: http://blogs.securiteam.com On 29 Mar 2006, at 22:20, n3td3v wrote: And of course, you want to advertise that securiteam.com let you setup a b

Re: [Full-disclosure] Noise

And of course, you want to advertise that securiteam.com let you setup a blog on their domain because they felt sorry for you. I believe theres a e-mail link on the securiteam.com site for anyone to ask for a blog, its nothing special. How many corporate systems and networks have you broken into,

Re: [Full-disclosure] Noise on the list

I am unsubscribing from the list now,   I know when i'm not wanted :-)   ENJOY  On 3/21/06, Jason <[EMAIL PROTECTED]> wrote: netdev,That you inferred from my mail that I called you and idiot says a lot.Those are not my words and I did not call you an idiot. I did call out that there is a netdev in

Re: [Full-disclosure] Noise on the list

netdev, That you inferred from my mail that I called you and idiot says a lot. Those are not my words and I did not call you an idiot. I did call out that there is a netdev in every crowd with netdev == undesirable in this case. I also opined that FD is a great training ground for learning how to

Re: [Full-disclosure] Noise on the list

On Tue, 21 Mar 2006 19:12:56 GMT, n3td3v said: > But keep calling netdev an idiot, you'll go far in your career. It's sad when somebody gets 2 out of 6 letters wrong in their own name. pgp3EGoysF7r1.pgp Description: PGP signature ___ Full-Disclosure -

Re: [Full-disclosure] Noise on the list

The only people driving off quality discussion and people are the folks complaining that posters don't meet their standard of intellect and disclosure policy and presentation of vulnerabilities.   But keep calling netdev an idiot, you'll go far in your career.     On 3/21/06, Jason <[EMAIL PROTECT

Re: [Full-disclosure] Noise on the list

Frederic, Your reaction is the intent of the spam and porn and trolling. It is in an attempt to drive off quality discussion and people. If you cannot keep up with it we all understand. I personally consider this list great training for handling the idiots that exist in every day life. There is a

Re: [Full-disclosure] Noise on the list

Frederic Pasteleurs wrote: Hello everybody, I subscribed to this mailing list in 2004 just to keep me informed about some useful tips and the latest issues/problems in the software packages i'm using for my everyday computing habits. I had a hard time to keep up with the flow of mails in the be

Re: [Full-disclosure] Noise on the list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Frederic Pasteleurs, thanks for your question. I'm 16 years old but still old enough to set email filter rules and ignore a group of people. ;-) - -Manuel Santamarina Suarez aka 'FistFuXXer' Frederic Pasteleurs wrote: > Hello everybody, >