Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing individuals in the information security community doing great things, but for every one of them there's a hundred snake-oil peddling losers who are the real scriptkiddies. Though dated, the PHC production of the same name rings true for individuals such as yourself. Maybe you should read it and it'll challenge you to actually do something useful instead of tossing ad hominems on a mailing list: http://antisec.wordpress.com/2005/12/18/hack4txt-a-phc-production-the-real-scriptkiddies/ On Wed, Nov 17, 2010 at 9:10 PM, R S fifteenfourty...@gmail.com wrote: Speaking for only myself, I could care less about your personal / political views. The reality is you are inconsequential to security because you are a script kiddie. I had read articles about your various high profile 'trolling' incidents before, but until your asinine post here had never bothered to research you. What I've read was nothing but humorous. At one point you claim to hate bloggers, yet in a pre Web 2.0 world, you and your Encyclopedia Dramatica generation script kiddies would have no notoriety at all. Nobody would care about your bizarre high profile cries for attention, and personally, I certainly don't. You are a troll and a script kiddie. Your whiney rants have no place on a mailing list for the security community. I'm sure the kids that support you on various forums eat your crap up, but you will find little sympathy here. You claim constantly to hunt pedophiles, thats great. Somehow I'm sure most people in prison have done good in their lives as well as bad. Hopefully, if my tax dollars do their job, you will have plenty of time in the near future to contemplate all of this in jail. Grow up kiddo. Personally I resent how you and your ilk cheapen this profession, and applaud law enforcement for doing their job. R From: Andrew Auernheimer gluttony () gmail com Date: Wed, 17 Nov 2010 19:06:02 -0600 Troy, As with many of my critics, you insist on attempting to libel me and defame my character (clearly having an objection to my political views) instead of honestly debating the merits of my actions and the reality of my many well-received research contributions. I take ad hominem attacks like yours in stride with the civility and grace befitting of a Christian man, and urge you to think more
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing individuals in the information security community doing great things, but for every one of them there's a hundred snake-oil peddling losers who are the real scriptkiddies. Though dated, the PHC production of the same name rings true for individuals such as yourself. Maybe you should read it and it'll challenge you to actually do something useful instead of tossing ad hominems on a mailing list: http://antisec.wordpress.com/2005/12/18/hack4txt-a-phc-production-the-real-scriptkiddies/ On Wed, Nov 17, 2010 at 9:10 PM, R S fifteenfourty...@gmail.com wrote: Speaking for only myself, I could care less about your personal / political views. The reality is you are inconsequential to security because you are a script kiddie. I had read articles about your various high profile 'trolling' incidents before, but until your asinine post here had never bothered to research you. What I've read was nothing but humorous. At one point you claim to hate bloggers, yet in a pre Web 2.0 world, you and your Encyclopedia Dramatica generation script kiddies would have no notoriety at all. Nobody would care about your bizarre high profile cries for attention, and personally, I certainly don't. You are a troll and a script kiddie. Your whiney rants have no place on a mailing list for the security community. I'm sure the kids that support you on various forums eat your crap up, but you will find little sympathy here. You claim constantly to hunt pedophiles, thats great. Somehow I'm sure most people in prison have done good in their lives as well as bad. Hopefully, if my tax dollars do their job, you will have plenty of time in the near future to contemplate all of this in jail. Grow up kiddo. Personally I resent how you and your ilk cheapen this profession, and applaud law enforcement for doing their job. R From: Andrew Auernheimer gluttony () gmail com Date: Wed, 17 Nov 2010 19:06:02 -0600 Troy, As with many of my critics, you
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing individuals in the information security community doing great things, but for every one of them there's a hundred snake-oil peddling losers who are the real scriptkiddies. Though dated, the PHC production of the same name rings true for individuals such as yourself. Maybe you should read it and it'll challenge you to actually do something useful instead of tossing ad hominems on a mailing list: http://antisec.wordpress.com/2005/12/18/hack4txt-a-phc-production-the-real-scriptkiddies/ On Wed, Nov 17, 2010 at 9:10 PM, R S fifteenfourty...@gmail.com wrote: Speaking for only myself, I could care less about your personal / political views. The reality is you are inconsequential to security because you are a script kiddie. I had read articles about your various high profile 'trolling' incidents before, but until your asinine post here had never bothered to research you. What I've read was nothing but humorous. At one point you claim to hate bloggers, yet in a pre Web 2.0 world, you and your Encyclopedia Dramatica generation script kiddies would have no notoriety at all. Nobody would care about your bizarre high profile cries for attention, and personally, I certainly don't. You are a troll and a script kiddie. Your whiney
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing individuals in the information security community doing great things, but for every one of them there's a hundred snake-oil peddling losers who are the real scriptkiddies. Though dated, the PHC production of the same name rings true for individuals such as yourself. Maybe you should read it and it'll challenge you to actually do something useful instead of tossing ad hominems on a mailing list: http://antisec.wordpress.com/2005/12/18/hack4txt-a-phc-production-the-real-scriptkiddies/ On Wed, Nov 17, 2010 at 9:10 PM, R S fifteenfourty...@gmail.com wrote: Speaking for only myself, I could care less about your personal / political views. The reality is you are inconsequential to security because you are
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Lies? I have put forth absolutely bulletproof evidence of our past fights against child pornography. We have been doing this for years upon years, and will continue to do it. Similarly, we will continue our fight against corrupt federal agents, Russian and Israeli organized crime, snakeoil salesmen, and crackheaded idiots that can't even post in complete sentences. On Thu, Nov 18, 2010 at 3:40 AM, huj huj huj datski...@gmail.com wrote: yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing individuals in the information security community doing great things, but for every one of them there's a hundred snake-oil peddling losers who are the real scriptkiddies. Though dated, the PHC production of the same name rings true for individuals such as yourself. Maybe you should read it and it'll challenge you to actually do something useful instead of tossing ad hominems on a mailing list: http://antisec.wordpress.com/2005/12/18/hack4txt-a-phc-production-the-real-scriptkiddies/ On Wed, Nov 17, 2010 at 9:10 PM, R S fifteenfourty...@gmail.com wrote: Speaking for only myself, I could care less about your personal / political views. The reality is you are inconsequential to security because you are a script kiddie. I had read articles about your various high profile 'trolling'
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of internal government memos highlighting the implications of stuff we've outlined-- clearly a number of people think the things that we're doing are notable and have real world implications. I do not post on this list looking for sympathy-- quite the opposite. Unlike you, I believe in free speech, and even want to give my deepest critics a chance to hop into the dialogue. Finally, your profession deserves to be cheapened. I've actually attempted to innovate, and who are you? Oh yeah, you're some dude that hits a button on Core Impact for a living. There are a number of amazing
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
of course you didn't... and you also don't have a beard and post lame rants as the iprophet :) as for me eating fecal matter, you're just envious you are not fighting anything other than your anonymity and empty wallet stop pretending otherwise nobody believes your silly little lies and misconceptions anyway you and the rest of your losercrew can go suck a lemon you were never anything.. hell hepkitten ousted you lol loser 2010/11/18 Andrew Auernheimer glutt...@gmail.com I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in information security but in an interdisciplinary manner. As far as my accomplishments in information security, I recently watched one of Samy Kamkar's presentations at Blackhat that cites our group repeatedly. One of our advisories is mentioned in his slides: http://i.imgur.com/YIl9I.jpg and he also states that cross-protocol scripting was made big by us. What about Robert Hansen/RSnake? He said I don’t see anyone outside of a handful of people, like Weev, Wade Alcorn, Samy Kumkar, Aaron Weaver and myself doing this kind of research. There’s literally thousands of potentially exploitable services out there! -- http://ha.ckers.org/blog/20100329/safari-integer-overflow-aids-inter-protocol-exploitation/ RSnake is well respected in the security community. Does he suddenly not know what he's talking about just for recognizing the validity of my research? I have stacks of
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
I have never denied the extensive production of politically motivated art I have produced, including the iProphet. I will continue making such compelling art to evoke emotion in my audiences. Regardless, the empirical evidence points to me being: * An anti-organized crime and anti-child pornography activist, a practice which I have been engaging in for years upon years. I have extensive evidence of merit to back this up and can say it under penalty of perjury. * A consumer rights advocate and white hat security researcher, something I have been cited by other respected researchers and won awards for public service for: http://techcrunch.com/2010/06/14/were-awarding-goatse-security-a-crunchie-award-for-public-service/ and your idea of a reliable source of information is... hepkitten? Clearly the only joke here is you, buddy. On Thu, Nov 18, 2010 at 4:03 AM, huj huj huj datski...@gmail.com wrote: of course you didn't... and you also don't have a beard and post lame rants as the iprophet :) as for me eating fecal matter, you're just envious you are not fighting anything other than your anonymity and empty wallet stop pretending otherwise nobody believes your silly little lies and misconceptions anyway you and the rest of your losercrew can go suck a lemon you were never anything.. hell hepkitten ousted you lol loser 2010/11/18 Andrew Auernheimer glutt...@gmail.com I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that information on the internet doesnt go away you are a joke and you make me laugh keep it up :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com The reality is that you are inconsequential to security because you are a script kiddie. Perhaps you are confused as to what this term means. Script kiddies are people who do not produce innovation of their own, and solely run things downloaded from Packetstorm. I have repeatedly stood up and done unique things to advance my nation, not just in
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
i didnt get the info from hepkitten? i dont see where you got that fact from what i said was that hepkitten ousted you from bantown maybe if you learned how to read your life would be easier.. white hat security researcher my ass is phishing myspace and livejournal accounts through lame memes whitehat? i doubt it.. get a grip and pull that dildo out of your ass you retard 2010/11/18 Andrew Auernheimer glutt...@gmail.com I have never denied the extensive production of politically motivated art I have produced, including the iProphet. I will continue making such compelling art to evoke emotion in my audiences. Regardless, the empirical evidence points to me being: * An anti-organized crime and anti-child pornography activist, a practice which I have been engaging in for years upon years. I have extensive evidence of merit to back this up and can say it under penalty of perjury. * A consumer rights advocate and white hat security researcher, something I have been cited by other respected researchers and won awards for public service for: http://techcrunch.com/2010/06/14/were-awarding-goatse-security-a-crunchie-award-for-public-service/ and your idea of a reliable source of information is... hepkitten? Clearly the only joke here is you, buddy. On Thu, Nov 18, 2010 at 4:03 AM, huj huj huj datski...@gmail.com wrote: of course you didn't... and you also don't have a beard and post lame rants as the iprophet :) as for me eating fecal matter, you're just envious you are not fighting anything other than your anonymity and empty wallet stop pretending otherwise nobody believes your silly little lies and misconceptions anyway you and the rest of your losercrew can go suck a lemon you were never anything.. hell hepkitten ousted you lol loser 2010/11/18 Andrew Auernheimer glutt...@gmail.com I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts. Do you? hahahahaha you're simply too funny what you mean is you dumped your own shitty trojan on their systems (the ones you couldnt sell...) we all remember your rant about having 3k mac osx machines for sale fucking retard you're forgetting that
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
You're getting really incoherent. Do you need some ESL classes? Perhaps you should contact one of those commercial services that write college papers for lazy students to draft your FD troll posts. On Thu, Nov 18, 2010 at 5:12 AM, huj huj huj datski...@gmail.com wrote: i didnt get the info from hepkitten? i dont see where you got that fact from what i said was that hepkitten ousted you from bantown maybe if you learned how to read your life would be easier.. white hat security researcher my ass is phishing myspace and livejournal accounts through lame memes whitehat? i doubt it.. get a grip and pull that dildo out of your ass you retard 2010/11/18 Andrew Auernheimer glutt...@gmail.com I have never denied the extensive production of politically motivated art I have produced, including the iProphet. I will continue making such compelling art to evoke emotion in my audiences. Regardless, the empirical evidence points to me being: * An anti-organized crime and anti-child pornography activist, a practice which I have been engaging in for years upon years. I have extensive evidence of merit to back this up and can say it under penalty of perjury. * A consumer rights advocate and white hat security researcher, something I have been cited by other respected researchers and won awards for public service for: http://techcrunch.com/2010/06/14/were-awarding-goatse-security-a-crunchie-award-for-public-service/ and your idea of a reliable source of information is... hepkitten? Clearly the only joke here is you, buddy. On Thu, Nov 18, 2010 at 4:03 AM, huj huj huj datski...@gmail.com wrote: of course you didn't... and you also don't have a beard and post lame rants as the iprophet :) as for me eating fecal matter, you're just envious you are not fighting anything other than your anonymity and empty wallet stop pretending otherwise nobody believes your silly little lies and misconceptions anyway you and the rest of your losercrew can go suck a lemon you were never anything.. hell hepkitten ousted you lol loser 2010/11/18 Andrew Auernheimer glutt...@gmail.com I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and Chinese organized crime Beyond this, I can't tell you the number of chink and russki botnet CNCs we've popped over the years. As soon as the federales give back our illegally stolen machines, I'll give you all the evidence you want of it. We have years and years of good public service under our belts.
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
the pot calling the kettle black? lol you are becoming increasingly delusional maybe you should go back to eating out hepkitten its no wonder your parents gave up on you.. 2010/11/18 Andrew Auernheimer glutt...@gmail.com You're getting really incoherent. Do you need some ESL classes? Perhaps you should contact one of those commercial services that write college papers for lazy students to draft your FD troll posts. On Thu, Nov 18, 2010 at 5:12 AM, huj huj huj datski...@gmail.com wrote: i didnt get the info from hepkitten? i dont see where you got that fact from what i said was that hepkitten ousted you from bantown maybe if you learned how to read your life would be easier.. white hat security researcher my ass is phishing myspace and livejournal accounts through lame memes whitehat? i doubt it.. get a grip and pull that dildo out of your ass you retard 2010/11/18 Andrew Auernheimer glutt...@gmail.com I have never denied the extensive production of politically motivated art I have produced, including the iProphet. I will continue making such compelling art to evoke emotion in my audiences. Regardless, the empirical evidence points to me being: * An anti-organized crime and anti-child pornography activist, a practice which I have been engaging in for years upon years. I have extensive evidence of merit to back this up and can say it under penalty of perjury. * A consumer rights advocate and white hat security researcher, something I have been cited by other respected researchers and won awards for public service for: http://techcrunch.com/2010/06/14/were-awarding-goatse-security-a-crunchie-award-for-public-service/ and your idea of a reliable source of information is... hepkitten? Clearly the only joke here is you, buddy. On Thu, Nov 18, 2010 at 4:03 AM, huj huj huj datski...@gmail.com wrote: of course you didn't... and you also don't have a beard and post lame rants as the iprophet :) as for me eating fecal matter, you're just envious you are not fighting anything other than your anonymity and empty wallet stop pretending otherwise nobody believes your silly little lies and misconceptions anyway you and the rest of your losercrew can go suck a lemon you were never anything.. hell hepkitten ousted you lol loser 2010/11/18 Andrew Auernheimer glutt...@gmail.com I never made those statements. They seem particularly ridiculous and not even remotely in my rhetorical style. But for the sake of argument, I have IRC logs showing that you're a degenerate shit eater: 01:42 Hujhujhuj last night I got a train run on me in a sling at a pozzing party 01:42 Hujhujhuj i loved having an ass packed full of semen 01:42 Hujhujhuj after it was done 4 hairy bears shit on my chest 01:44 Hujhujhuj i packed the delicious feces into my mouth and i loved every single scrumptious bite 01:46 Hujhujhuj im going to get tested later today, i hope its poz, ive been trying for ages What do you have to say for yourself? On Thu, Nov 18, 2010 at 3:42 AM, huj huj huj datski...@gmail.com wrote: ah sorry it was 8k owned macs you wanted to sell to the russians.. how very patriotic of you!! cunt :) 09:50 weev i gotta get some money 09:50 weev my cashflow sucks 09:51 weev whores 09:51 weev lavish cars 09:51 weev gigantic places to live 15:05 weev does anybody know these russians 15:06 weev that they are buying up hacked macs for 43 cents an install 15:26 weev i have access to like 15:26 weev 8k rooted macs 15:26 weev right now 15:26 weev and i would like to make a quick $3500 2010/11/18 huj huj huj datski...@gmail.com yeah takes one to know one you have always been a nobody chasing fame with silly memes and smalltime trolling you keep talking about what others have done well i save starving children in africa i singlehandedly removed all german pedophiles from pattaya in 2009 i stopped the cold war between usa and cccp i could go on but i already copied your silly lies too much let me recap you have done absolutely nothing to help anyone but yourself you are a greedy delusional drugaddict(hey i like drugs too but be realistic) all you want is fame for your shattered ego if you weren't such a joke you would make me sick have a nice day :) 2010/11/18 Andrew Auernheimer glutt...@gmail.com Yawn, another nobody continuing to libel me. I've never performed any such thing, nor attempted to sell trojaned computers. Continuing to assert blatant falsehoods only lends credence to my case. Who are you? What have you done that means anything or helps the world? On Thu, Nov 18, 2010 at 3:24 AM, huj huj huj datski...@gmail.com wrote: and keeping US citizens safe from Russian and
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
nah weev on irc is a horribly boring experience.. been there done that and the topic was fucked from the get go not to mention that the original post was nothing but ramblings from a crybaby criminal dont do the crime if you cant do the time andrew 2010/11/18 Benji m...@b3nji.com I can't even troll F-D this bad, and its no longer remotely on topic. Its become; Who-can-make-the-other-look-like-a-whiney-little-bitch-first Why not talk on IRC? Hint; weev hangs in #phrack Sent from my BlackBerry® wireless device -Original Message- From: huj huj huj datski...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 12:19:12 To: Andrew Auernheimerglutt...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
I can't even troll F-D this bad, and its no longer remotely on topic. Its become; Who-can-make-the-other-look-like-a-whiney-little-bitch-first Why not talk on IRC? Hint; weev hangs in #phrack Sent from my BlackBerry® wireless device -Original Message- From: huj huj huj datski...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 12:19:12 To: Andrew Auernheimerglutt...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [HITB-Announce] HITB2011AMS -- Call For Papers now Open
The Call for Papers for the second annual HITBSecConf in Europe is now open! Taking place from the 17th - 20th of May at the NH Grand Krasnapolsky in Amsterdam, HITB2011AMS will be a quad-track conference line up featuring keynote speaker Joe Sullivan (Chief Security Officer of Facebook) and a special keynote panel discussion on 'The Economics of Vulnerabilities'! HITB2011AMS will also feature a brand new Capture The Flag - World Domination competition run by the HITB.nl CTF Crew, an expanded Hackerspaces Village (with participation from .NL and .EU based hackerspaces) a Lock Picking Village run by members from TOOOL.nl and of course the HITBSIGINT sessions - 15 minute talks held during the coffee and lunch breaks with a focus on highlighting up and coming research and researchers. As always, talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Submissions are due _no later than 18th February 2011_ HITB CFP: http://cfp.hackinthebox.org/ === Topics of interest include, but are not limited to the following: # Cloud Security # 3G/4G/WIMAX Security # File System Security # SS7/GSM/VoIP Security # Smart Card and Physical Security # Network Protocols, Analysis and Attacks # Applications of Cryptographic Techniques # Side Channel Analysis of Hardware Devices # Data Recovery, Forensics and Incident Response # Analysis of Malicious Code / Viruses / Malware # Windows / Linux / OS X / *NIX Security Vulnerabilities # Next Generation Exploit and Exploit Mitigation Techniques # WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security Each non-resident speaker will receive accommodation for 3 nights / 4 days. For each non-resident speaker, HITB will cover travel expenses up to EUR1200.00. Your submission will be reviewed by The HITB CFP Review Committee which includes: Charlie Miller(Principal Analyst, Independent Security Evaluators) Jeremiah Grossman (Founder, Whitehat Security) Red Dragon Thanh (THC, VNSECURITY, Intel Corp) Mark Curphey (Director, Microsoft Corp) Cesar Cerrudo (Founder / CEO ArgenISS) Saumil Shah (Founder CEO Net-Square) Shreeraj Shah (Founder, BlueInfy) Fredric Raynal(Sogeti/Cap Gemini) Robert Hansen (rsnake) (SecTheory) Alexander Kornburst (Red Database) Emmanuel Gadaix (Founder, TSTF) Andrea Barisani (Inverse Path) Ed Skoudis(InGuardians) Haroon Meer (Sensepost) Chris Evans (Google) Philippe Langlois (TSTF) Skyper(THC) PLEASE NOTE: We do not accept product or vendor related pitches. If you would like to showcase your company's products or technology, please contact us for further participation opportunities. --- Hafez Kamal HITB Crew Hack in The Box (M) Sdn. Bhd. Suite 26.3, Level 26, Menara IMC, No. 8 Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia Tel: +603-20394724 Fax: +603-20318359 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
no i will not same as andrew(n3td3v) never did while trolling FD and other places for years if you dont like it well too bad for you and why should it matter if you know who i am? i dont know who you are and i dont give a rats ass either :) 2010/11/18 n...@phocean.net Will you shut up ? I personally don't care about you, Andrew and I am certainly not the only one to be bothered by this. I even don't know who you are, so go and live your life without bothering all folks here. We are here for serious and technical topics, not personal issues. On Thu, 18 Nov 2010 11:24:16 +, Benji m...@b3nji.com wrote: I can't even troll F-D this bad, and its no longer remotely on topic. Its become; Who-can-make-the-other-look-like-a-whiney-little-bitch-first Why not talk on IRC? Hint; weev hangs in #phrack Sent from my BlackBerry® wireless device -Original Message- From: huj huj huj datski...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 12:19:12 To: Andrew Auernheimerglutt...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
Will you shut up ? I personally don't care about you, Andrew and I am certainly not the only one to be bothered by this. I even don't know who you are, so go and live your life without bothering all folks here. We are here for serious and technical topics, not personal issues. On Thu, 18 Nov 2010 11:24:16 +, Benji m...@b3nji.com wrote: I can't even troll F-D this bad, and its no longer remotely on topic. Its become; Who-can-make-the-other-look-like-a-whiney-little-bitch-first Why not talk on IRC? Hint; weev hangs in #phrack Sent from my BlackBerry® wireless device -Original Message- From: huj huj huj datski...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 12:19:12 To: Andrew Auernheimerglutt...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer
Hello Zach and Christian. But it requires that the user/potential victim go to the URL and save it, you say? That doesn't quite seem realistic at all in terms of an attack... Yes, this vulnerability is complex and it'll be not easy to attack. But hidden iframe can be used, as I wrote in my advisory, to conduct this attack hiddenly. And this kind of vulnerability can be elevated from XSS to Code Execution (as I wrote in below-mentioned articles). As first hole in IE (which I disclosed in 2007), in Google Chrome (which I disclosed in 2008), in Opera (which I disclosed in 2008), in second hole in IE (which I disclosed recently). And in hole in Ad Muncher (which allows to conduct this attack via any browser at all), which I found in 2006 and which I wrote about in my article Local XSS (I mentioned a link to English version of it in my advisory). If MustLive says so, it must be realistic... This vulnerability is complex, but there is some possibility for successful attack. So taking into account complexity of vulnerability, I gave it low risk. Much lower than Mitre gave in CVE-2007-4478 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4478) and 3APA3A gave in SecurityVulns ID: 8081 (http://securityvulns.ru/news/Microsoft/IE/saved-css.html). I gave low risk (1/5 or 2/10). Mitre gave 4.3 (medium risk): CVSS v2 Base Score: 4.3 (MEDIUM) Impact Subscore: 2.9 Exploitability Subscore: 8.6 3APA3A gave 3/10. So other people consider it even more dangerous then I do :-). And taking into account that Microsoft fixed it in IE (fixed hiddenly and lamerly after two years in IE8), Google fixed it in Chrome (quickly) and Opera fix it (fixed hiddenly and lamerly after one year in Opera 10) - then it looks like browser vendors also consider such holes as dangerous. You guys also can read my articles Code Execution via XSS in Internet Explorer (http://securityvulns.ru/Udocument911.html) and Cross-browser Code Execution via XSS (http://securityvulns.ru/Udocument941.html), which I wrote in 2008 concerning this kind of vulnerabilities in different browsers which I found. How the attack can be elevated from XSS to CE. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - From: Zach C fxc...@gmail.com To: MustLive mustl...@websecurity.com.ua Cc: full-disclosure@lists.grok.org.uk Sent: Sunday, November 14, 2010 10:14 PM Subject: Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer But it requires that the user/potential victim go to the URL and save it, you say? That doesn't quite seem realistic at all in terms of an attack... On Nov 14, 2010, at 9:56 AM, MustLive mustl...@websecurity.com.ua wrote: Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Internet Explorer. This is Post Persistent XSS (Save XSS) (http://websecurity.com.ua/2641/). - Affected products: - Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.00.5730.13), Internet Explorer 8 (8.00.6001.18702) and previous versions. -- Details: -- This hole is similar to Cross-Site Scripting vulnerability in Internet Explorer (http://websecurity.com.ua/1241/) - CVE-2007-4478 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4478). Which I found in August 2007 and informed Microsoft, and they ignored it and didn't fix it in IE6, and they didn't fixed it in IE7 (and also in IE6) after my informing in 2008. But they silently and lamerly fixed it in IE8, as I found in May 2010 when checked this hole in IE8. This vulnerability is different from previous one in that, that the attack is going not via saving web page, but saving web archive (mht/mhtml file) - similarly to Cross-Site Scripting in Opera (http://websecurity.com.ua/2555/), which I wrote about in 2008. All versions of IE6, IE7 and IE8 are affected to this hole. XSS (WASC-08): http://site/?--scriptalert(XSS)/script For the attack it's needed to visit such URL and save html page as mht/mhtml file (Web archive). For executing of the code it's needed that file was saved not with mht or mhtml extension, but with htm or html extension. After that when opening saved page in any browser the code will run. Attacking code are saving inside of the file. This vulnerability - it's Saved XSS and Local XSS (http://websecurity.com.ua/4219/). To make hidden attack an iframe can be used in code of the page: iframe src='http://site/?--scriptalert(XSS)/script' height='0' width='0'/iframe Timeline: 2010.11.12 - found vulnerability. 2010.11.12 - disclosed at my site. 2010.11.13 - informed Microsoft. I mentioned about this vulnerability at my site (http://websecurity.com.ua/4677/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer
Hello Jacky Jack! It's another interesting aspect of saving html files, mentioned by RSnake and I've also read it in 2007. He mentioned about risks of save web page complete feature in Firefox (and such risks of this feature exist in other browsers), and I wrote in my advisories in 2007, 2008 and 2010 about risk of save web page complete and save web archive features. There was issue with saving web archive in Opera (in Opera 9.x and previous versions) and there was issue with saving web archive in IE (in 6, 7, 8 and previous versions), as I wrote in last advisory. You can read my article Local XSS (http://websecurity.com.ua/4219/). And also my articles Code Execution via XSS in Internet Explorer (http://securityvulns.ru/Udocument911.html) and Cross-browser Code Execution via XSS (http://securityvulns.ru/Udocument941.html), which I wrote in 2008 concerning this kind of vulnerabilities in different browsers which I found. How the attack can be elevated from XSS to CE. In case if you haven't read them (it's English versions of the articles). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - From: Jacky Jack jacksonsmth...@gmail.com To: Christian Sciberras uuf6...@gmail.com Cc: Zach C fxc...@gmail.com; full-disclosure@lists.grok.org.uk; MustLive mustl...@websecurity.com.ua Sent: Monday, November 15, 2010 6:29 PM Subject: Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer It's logical to RSnake's http://ha.ckers.org/blog/20070201/firefox-save-as-complete-issue/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
Interesting... So you and Andrew are the same person!! And I am not telling my life here, so I don't expect anyone to care about who I am. You are just doing the opposite, so please don't compare or insult me. I am just a subscriber interested in security, not in someone's life or law cases. I hope it sounds reasonable and understandable to you. Le jeudi 18 novembre 2010 à 15:55 +0100, huj huj huj a écrit : no i will not same as andrew(n3td3v) never did while trolling FD and other places for years if you dont like it well too bad for you and why should it matter if you know who i am? i dont know who you are and i dont give a rats ass either :) 2010/11/18 n...@phocean.net Will you shut up ? I personally don't care about you, Andrew and I am certainly not the only one to be bothered by this. I even don't know who you are, so go and live your life without bothering all folks here. We are here for serious and technical topics, not personal issues. On Thu, 18 Nov 2010 11:24:16 +, Benji m...@b3nji.com wrote: I can't even troll F-D this bad, and its no longer remotely on topic. Its become; Who-can-make-the-other-look-like-a-whiney-little-bitch-first Why not talk on IRC? Hint; weev hangs in #phrack Sent from my BlackBerry® wireless device -Original Message- From: huj huj huj datski...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 12:19:12 To: Andrew Auernheimerglutt...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
On Wed, Nov 17, 2010 at 11:16 PM, Andrew Auernheimer glutt...@gmail.com wrote: ... Inspired by a sermon I heard at a Mormon stake conference,... lol, wut? maybe if the word of wisdom inspired you more you wouldn't be under fed heaters. can't imagine this thread taking a more surreal, off-topic tangent, but surely weev will deliver! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Coderman, Everything I do is in service to Christ. I believe it is the opposite: if you truly believe in the life and actions of Christ and you follow his word in completeness, you will soon find yourself persecuted by the Pharisees that run the world. Following Christ and avoiding government sanction are utterly incompatible in this brave new world we live in. Who wants to bow to a lifeless, cold Jesus That all of the preachers have painted their way They hold their revivals, yet worship their idols Serve God in title but to mammon they slave. But the Jesus that I know stood up to rival And calls His disciples to come do the same. On Thu, Nov 18, 2010 at 1:10 PM, coderman coder...@gmail.com wrote: On Wed, Nov 17, 2010 at 11:16 PM, Andrew Auernheimer glutt...@gmail.com wrote: ... Inspired by a sermon I heard at a Mormon stake conference,... lol, wut? maybe if the word of wisdom inspired you more you wouldn't be under fed heaters. can't imagine this thread taking a more surreal, off-topic tangent, but surely weev will deliver! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Spambox Spam Quarantine Notification
anyone seeing SPAMBOX used to report spam for gmail? ...a phish or what? -- Forwarded message -- From: SPAMBOX supp...@spambox.com.au Date: Thu, Nov 18, 2010 at 7:03 AM Subject: Spambox Spam Quarantine Notification To: fatherlap...@gmail.com Spambox Spam Quarantine Notification Dear fatherlap...@gmail.com, You currently have 1 message/messages in your quarantine and they will expire in 14 days. Quarantined Email From Subject Date Release Aliyu Mohammedmoham...@msn.com OFFICE OF THE NATIONAL SECURITY ADVISER TO THE PRESIDENT FED... 18 Nov 2010 View All Quarantined Messages(1) Note: This message has been sent by a notification only system. Please do not reply If the above links do not work, please copy and paste the following URL into a Web browser: http://quarantine.spambox.com.au:82/Search?h=c70f83242f0f873e96f89a03ab1530beemail=fatherlaptop%40gmail.com Regards, Spambox === Headers and such: Delivered-To: fatherlap...@gmail.com Received: by 10.213.27.140 with SMTP id i12cs43054ebc; Thu, 18 Nov 2010 05:03:50 -0800 (PST) Received: by 10.42.180.67 with SMTP id bt3mr104562icb.349.1290085428634; Thu, 18 Nov 2010 05:03:48 -0800 (PST) Return-Path: boun...@platformnetworks.net Received: from inbound.spambox.com.au (inbound.spambox.com.au [202.62.145.58]) by mx.google.com with ESMTP id u36si315871vbb.75.2010.11.18.05.03.46; Thu, 18 Nov 2010 05:03:48 -0800 (PST) Received-SPF: neutral (google.com: 202.62.145.58 is neither permitted nor denied by best guess record for domain of boun...@platformnetworks.net) client-ip=202.62.145.58; Authentication-Results: mx.google.com; spf=neutral (google.com: 202.62.145.58 is neither permitted nor denied by best guess record for domain of boun...@platformnetworks.net) smtp.mail=boun...@platformnetworks.net Received: from localhost by inbound.spambox.com.au; 19 Nov 2010 00:03:39 +1100 Content-Type: multipart/alternative; boundary2120642660== MIME-Version: 1.0 Message-Id: 09c4cc$b67db59=a105064353876...@ironport1.spambox.com.au From: =?utf-8?q?SPAMBOX?= supp...@spambox.com.au Sender: boun...@platformnetworks.net To: fatherlap...@gmail.com Date: 19 Nov 2010 00:03:39 +1100 Subject: Spambox Spam Quarantine Notification Spambox Spam Quarantine Notification --===2120642660== Content-Type: text/plain; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: base64 CisrIE5vdGU6IFRoaXMgbWVzc2FnZSBoYXMgYmVlbiBzZW50IGJ5IGEgbm90aWZpY2F0aW9uIG9u bHkgc3lzdGVtLiBQbGVhc2UgZG8gbm90IHJlcGx5ICsrCgpTcGFtYm94IFNwYW0gUXVhcmFudGlu ZSBOb3RpZmljYXRpb24KCkRlYXIgZmF0aGVybGFwdG9wQGdtYWlsLmNvbSwKCllvdSBjdXJyZW50 bHkgaGF2ZSAxIG1lc3NhZ2UvbWVzc2FnZXMgaW4geW91ciBxdWFyYW50aW5lIGFuZCB0aGV5IHdp bGwgZXhwaXJlIGluIDE0IGRheXMuCgoKLS0tLS0tLS0tLS0gTmV3IFF1YXJhbnRpbmUgTWVzc2Fn ZXMgLS0tLS0tLS0tLS0tLS0tCgpNZXNzYWdlIDEKICAgRnJvbTogIkFsaXl1IE1vaGFtbWVkIjxN b2hhbW1lZEBtc24uY29tPgogICBTdWJqZWN0OiBPRkZJQ0UgT0YgVEhFIE5BVElPTkFMIFNFQ1VS SVRZIEFEVklTRVIgVE8gVEhFIFBSRVNJREVOVCBGRURFUkFMIFJFUFVCTElDIE9GIE5JR0VSSUEK ICAgRGF0ZTogMTggTm92IDIwMTAKICAgUmVsZWFzZTogaHR0cDovL3F1YXJhbnRpbmUuc3BhbWJv eC5jb20uYXU6ODIvTWVzc2FnZT9hY3Rpb249UmVsZWFzZSZtaWQ9NDY4MjQ3MyZoPTk5YWRlMmIz Y2VhMzEyYTJlZWVmMzE2YWIwOGJkYjliJmVtYWlsPWZhdGhlcmxhcHRvcCU0MGdtYWlsLmNvbQoK LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgpUbyBt YW5hZ2UgeW91ciBxdWFyYW50aW5lIHBsZWFzZSB2aXNpdCB0aGUgVVJMIGJlbG93OgpodHRwOi8v cXVhcmFudGluZS5zcGFtYm94LmNvbS5hdTo4Mi9TZWFyY2g/aD1jNzBmODMyNDJmMGY4NzNlOTZm ODlhMDNhYjE1MzBiZSZlbWFpbD1mYXRoZXJsYXB0b3AlNDBnbWFpbC5jb20KCgpSZWdhcmRzLAoK U3BhbWJveA== --===2120642660== Content-Type: text/html; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: base64 CjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25h bC8vRU4iCiAgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0MC9sb29zZS5kdGQiPgo8aHRtbD4K PGhlYWQ+CiAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0 bWw7IGNoYXJzZXQ9VVRGLTgiPgogIDx0aXRsZT4KICAgIFNwYW1ib3ggU3BhbSBRdWFyYW50aW5l IE5vdGlmaWNhdGlvbgogIDwvdGl0bGU+CjwvaGVhZD4KCjxib2R5IHN0eWxlPSJjb2xvcjogIzAw MDAwMDsgZm9udC1mYW1pbHk6IHZlcmRhbmEsIGFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDExcHg7Ij4KPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIw IiB3aWR0aD0iMTAwJSI+CiAgPHRyPgogICAgPHRkIHZhbGlnbj0idG9wIj4KICAgICAgPGgxIGlk PSJwYWdlX3RpdGxlIiBzdHlsZT0iY29sb3I6ICM2MTYxMzI7IGZvbnQtZmFtaWx5OiB2ZXJkYW5h LCBhcmlhbCwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxLjZlbTsgcGFkZGluZzogMHB4OyI+CiAg ICAgICAgU3BhbWJveCBTcGFtIFF1YXJhbnRpbmUgTm90aWZpY2F0aW9uCiAgICAgIDwvaDE+CiAg ICA8L3RkPgogIDwvdHI+CjwvdGFibGU+Cjxicj4KPGRpdiBpZD0iY29udGVudCI+CiAgRGVhciBm YXRoZXJsYXB0b3BAZ21haWwuY29tLDxicj4KPGJyPgpZb3UgY3VycmVudGx5IGhhdmUgMSBtZXNz YWdlL21lc3NhZ2VzIGluIHlvdXIgcXVhcmFudGluZSBhbmQgdGhleSB3aWxsIGV4cGlyZSBpbiAx NCBkYXlzLjxicj4KPGJyPgoKICAgIDx0YWJsZSBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9 IjAiIGJvcmRlcj0iMCIgc3R5bGU9ImNvbG9yOiAjMDAwMDAwOyBtYXJnaW46IDBweDsgcGFkZGlu
[Full-disclosure] ZDI-10-256: Novell iPrint Activex GetDriverSettings Remote Code Execution Vulnerability
ZDI-10-256: Novell iPrint Activex GetDriverSettings Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-256 November 18, 2010 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10670. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib!IppGetDriverSettings2 where the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: TID 7007234 (http://www.novell.com/support/viewContent.do?externalId=7007234). -- Disclosure Timeline: 2010-11-15 - Vulnerability reported to vendor 2010-11-18 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Platitudes, lies, half truths, and bullsh*t aside Andrew, let's get down to brass tacks. By the time you get out of jail, there's not even going to _BE_ IPv4 anymore. What, with the multiple state level drug charges, and the federal computer fraud charges, you've gotta be looking at at least 20 years. Mods, time to killfile this loser, I don't think he's got any friends left here. Andrew D Kirch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse SecurityiPad case.
Although I very much agree with what you've said, Andrew has said previously that the charges have been dropped, or atleast, they have been 'forgotten about'. Sent from my BlackBerry® wireless device -Original Message- From: Andrew Kirch trel...@trelane.net Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 20:39:49 To: Andrew Auernheimerglutt...@gmail.com; Full Disclosurefull-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case. Platitudes, lies, half truths, and bullsh*t aside Andrew, let's get down to brass tacks. By the time you get out of jail, there's not even going to _BE_ IPv4 anymore. What, with the multiple state level drug charges, and the federal computer fraud charges, you've gotta be looking at at least 20 years. Mods, time to killfile this loser, I don't think he's got any friends left here. Andrew D Kirch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Spambox Spam Quarantine Notification
Have u checked the site? I cannot access the same now. It might be a phishing site or a malware infected page. I doubt if google would use a different domain for spam reporting. Regards; w0lf www.maestro-sec.com -- sent from BlackBerry -- -Original Message- From: RandallM randa...@fidmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 18 Nov 2010 13:48:00 To: funsecfun...@linuxbox.org; full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Fwd: Spambox Spam Quarantine Notification anyone seeing SPAMBOX used to report spam for gmail? ...a phish or what? -- Forwarded message -- From: SPAMBOX supp...@spambox.com.au Date: Thu, Nov 18, 2010 at 7:03 AM Subject: Spambox Spam Quarantine Notification To: fatherlap...@gmail.com Spambox Spam Quarantine Notification Dear fatherlap...@gmail.com, You currently have 1 message/messages in your quarantine and they will expire in 14 days. Quarantined Email From Subject Date Release Aliyu Mohammedmoham...@msn.com OFFICE OF THE NATIONAL SECURITY ADVISER TO THE PRESIDENT FED... 18 Nov 2010 View All Quarantined Messages(1) Note: This message has been sent by a notification only system. Please do not reply If the above links do not work, please copy and paste the following URL into a Web browser: http://quarantine.spambox.com.au:82/Search?h=c70f83242f0f873e96f89a03ab1530beemail=fatherlaptop%40gmail.com Regards, Spambox === Headers and such: Delivered-To: fatherlap...@gmail.com Received: by 10.213.27.140 with SMTP id i12cs43054ebc; Thu, 18 Nov 2010 05:03:50 -0800 (PST) Received: by 10.42.180.67 with SMTP id bt3mr104562icb.349.1290085428634; Thu, 18 Nov 2010 05:03:48 -0800 (PST) Return-Path: boun...@platformnetworks.net Received: from inbound.spambox.com.au (inbound.spambox.com.au [202.62.145.58]) by mx.google.com with ESMTP id u36si315871vbb.75.2010.11.18.05.03.46; Thu, 18 Nov 2010 05:03:48 -0800 (PST) Received-SPF: neutral (google.com: 202.62.145.58 is neither permitted nor denied by best guess record for domain of boun...@platformnetworks.net) client-ip=202.62.145.58; Authentication-Results: mx.google.com; spf=neutral (google.com: 202.62.145.58 is neither permitted nor denied by best guess record for domain of boun...@platformnetworks.net) smtp.mail=boun...@platformnetworks.net Received: from localhost by inbound.spambox.com.au; 19 Nov 2010 00:03:39 +1100 Content-Type: multipart/alternative; boundary2120642660== MIME-Version: 1.0 Message-Id: 09c4cc$b67db59=a105064353876...@ironport1.spambox.com.au From: =?utf-8?q?SPAMBOX?= supp...@spambox.com.au Sender: boun...@platformnetworks.net To: fatherlap...@gmail.com Date: 19 Nov 2010 00:03:39 +1100 Subject: Spambox Spam Quarantine Notification Spambox Spam Quarantine Notification --===2120642660== Content-Type: text/plain; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: base64 CisrIE5vdGU6IFRoaXMgbWVzc2FnZSBoYXMgYmVlbiBzZW50IGJ5IGEgbm90aWZpY2F0aW9uIG9u bHkgc3lzdGVtLiBQbGVhc2UgZG8gbm90IHJlcGx5ICsrCgpTcGFtYm94IFNwYW0gUXVhcmFudGlu ZSBOb3RpZmljYXRpb24KCkRlYXIgZmF0aGVybGFwdG9wQGdtYWlsLmNvbSwKCllvdSBjdXJyZW50 bHkgaGF2ZSAxIG1lc3NhZ2UvbWVzc2FnZXMgaW4geW91ciBxdWFyYW50aW5lIGFuZCB0aGV5IHdp bGwgZXhwaXJlIGluIDE0IGRheXMuCgoKLS0tLS0tLS0tLS0gTmV3IFF1YXJhbnRpbmUgTWVzc2Fn ZXMgLS0tLS0tLS0tLS0tLS0tCgpNZXNzYWdlIDEKICAgRnJvbTogIkFsaXl1IE1vaGFtbWVkIjxN b2hhbW1lZEBtc24uY29tPgogICBTdWJqZWN0OiBPRkZJQ0UgT0YgVEhFIE5BVElPTkFMIFNFQ1VS SVRZIEFEVklTRVIgVE8gVEhFIFBSRVNJREVOVCBGRURFUkFMIFJFUFVCTElDIE9GIE5JR0VSSUEK ICAgRGF0ZTogMTggTm92IDIwMTAKICAgUmVsZWFzZTogaHR0cDovL3F1YXJhbnRpbmUuc3BhbWJv eC5jb20uYXU6ODIvTWVzc2FnZT9hY3Rpb249UmVsZWFzZSZtaWQ9NDY4MjQ3MyZoPTk5YWRlMmIz Y2VhMzEyYTJlZWVmMzE2YWIwOGJkYjliJmVtYWlsPWZhdGhlcmxhcHRvcCU0MGdtYWlsLmNvbQoK LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgpUbyBt YW5hZ2UgeW91ciBxdWFyYW50aW5lIHBsZWFzZSB2aXNpdCB0aGUgVVJMIGJlbG93OgpodHRwOi8v cXVhcmFudGluZS5zcGFtYm94LmNvbS5hdTo4Mi9TZWFyY2g/aD1jNzBmODMyNDJmMGY4NzNlOTZm ODlhMDNhYjE1MzBiZSZlbWFpbD1mYXRoZXJsYXB0b3AlNDBnbWFpbC5jb20KCgpSZWdhcmRzLAoK U3BhbWJveA== --===2120642660== Content-Type: text/html; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: base64 CjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25h bC8vRU4iCiAgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0MC9sb29zZS5kdGQiPgo8aHRtbD4K PGhlYWQ+CiAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0 bWw7IGNoYXJzZXQ9VVRGLTgiPgogIDx0aXRsZT4KICAgIFNwYW1ib3ggU3BhbSBRdWFyYW50aW5l IE5vdGlmaWNhdGlvbgogIDwvdGl0bGU+CjwvaGVhZD4KCjxib2R5IHN0eWxlPSJjb2xvcjogIzAw MDAwMDsgZm9udC1mYW1pbHk6IHZlcmRhbmEsIGFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDExcHg7Ij4KPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIw IiB3aWR0aD0iMTAwJSI+CiAgPHRyPgogICAgPHRkIHZhbGlnbj0idG9wIj4KICAgICAgPGgxIGlk PSJwYWdlX3RpdGxlIiBzdHlsZT0iY29sb3I6ICM2MTYxMzI7IGZvbnQtZmFtaWx5OiB2ZXJkYW5h
Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer
Only those who take security to heart and got hacked can see the real impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Hilarious words from a known criminal that made a statement that they would put everyone from the GNAA in prison to nenolod. But thank you for publicly and irrevocably demonstrating that you have a longstanding ax to grind with me, so the logs you announced on IRC that you altered in corroboration with two other parties now can no longer be used in court. Toodles, and thank you trelane 3 On Thu, Nov 18, 2010 at 7:39 PM, Andrew Kirch trel...@trelane.net wrote: Platitudes, lies, half truths, and bullsh*t aside Andrew, let's get down to brass tacks. By the time you get out of jail, there's not even going to _BE_ IPv4 anymore. What, with the multiple state level drug charges, and the federal computer fraud charges, you've gotta be looking at at least 20 years. Mods, time to killfile this loser, I don't think he's got any friends left here. Andrew D Kirch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
From: phocean n...@phocean.net I am just a subscriber interested in security, not in someone's life or law cases. I disagree, law is a very serious part of this community. Also you have to admit it's sort of funny. From: Andrew Kirch trel...@trelane.net By the time you get out of jail, there's not even going to _BE_ IPv4 anymore. What, with the multiple state level drug charges, and the federal computer fraud charges, you've gotta be looking at at least 20 years. Doubt it on both cases. As for charges, trullery can make serious enemies so who knows. Maybe a moving target is harder to hit? From: Andrew Auernheimer glutt...@gmail.com But thank you for publicly and irrevocably demonstrating that you have a longstanding ax to grind with me Why dig a hole, why even do it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Known Criminal? wow, you're a nutcase. On 11/18/2010 11:32 PM, Andrew Auernheimer wrote: Hilarious words from a known criminal that made a statement that they would put everyone from the GNAA in prison to nenolod. But thank you for publicly and irrevocably demonstrating that you have a longstanding ax to grind with me, so the logs you announced on IRC that you altered in corroboration with two other parties now can no longer be used in court. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/