Re: [Full-disclosure] Vulnerability-lab.com XSS
we fear your irc chan :( Den 3. feb. 2012 22.06 skrev doo...@gmail.com doo...@gmail.com: Your the idiot here.. Boone,will give u guys crap ya cuntzzz and I hope yur havin great time tryin to figure out how badly this list got owned,off yad do,forcing ppl to sho 0days,yet some ppl,nomatter how big yu may think,are anon,and that's simple,yu fd a good bug,well it gets patched,yur ass gets kicks from any groups ya in,and remembr ,yur bases are mine,and intercepting yu will be fun,been funny stall the latest bigs,sudo,etc,all thanks to me.ppl watched me massacre your entire network,and not one packet sent.I will day,thankx to Dana white,UFC.com,all of my irc channel,yea Fuji bout tht,do the math.. anonymous,anonymity is everything,and 2other groups who I can only day,are sum Srs hardcore bitch3z,rrspect always,ISG,magikh0e,peanuter,the rest..thx,it underground,and the aussies spread thru the world..anyone who sticks up for they're own,unlike lamer kcope and his pathetically dos code.Fuku budz. And greets also to-Richard goldner,mz,nullsecurity-noptrix,pi3,gizmore who runs our own coded wargames,Fernando gont,for helping to secure Ipv6.and to mouse the silent..and for my channel members,all of them,and to United hackers,I salute you..now,go ahead its me n3td3v..LOL.he can happily useme as some form if cover,now he just list any battles he had with u guys,coz simple,he's an idiotic,wannabe fedz. Adios mothrfukrs..and happily go fuck yurseves Sent from my HTC Incredible S on Yes Optus network. - Reply message - From: Luis Santana hackt...@hacktalk.net To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Vulnerability-lab.com XSS Date: Sat, Feb 4, 2012 2:21 am Earlier today I tried to contact the people over at http://vulnerability-lab.com about an XSS vulnerability I found on their site (ironic) but it appears they want nothing to do with me. Praise Full-Disclosure. [image: Vulnerability-lab.com XSS - HackTalk Security]http://i.imgur.com/CripA.jpg http://i.imgur.com/CripA.jpg The Irony Of A Site For Disclosing Site Being Itself Vuln To Something So Trivial Basically I tried to report this issue to them through a private message on youtube and then a follow request on twitter (so I could DM them) but to no avail. Eventually rem0ve joined freenode and messaged me and told me he didn’t want to be cooperative with me or even be friendly. Sometimes being a prick just makes you look like an idiot. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] can you answer this?
aah doom has aspergers.. that explains a lot :) Den 3. feb. 2012 22.10 skrev doo...@gmail.com doo...@gmail.com: Arserspeage.haha. Fku lamer. - Reply message - From: Zach C. fxc...@gmail.com To: ja...@zero-internet.org.uk Cc: funsec fun...@linuxbox.org, RandallM randa...@fidmail.com, full-disclosure@lists.grok.org.uk, full-disclosure-boun...@lists.grok.org.uk Subject: [Full-disclosure] can you answer this? Date: Fri, Feb 3, 2012 8:04 pm The original message reads thus: i was working with cleaning up any to any on fw. ran across inside ips doing netbios (NS) , and one using port 4330 to 7.8.0.106, or .107. a who is give .miil DoD Network Information Center. ? we are just a manufacturing company. One ip is from a NAS device for staorage. The other is DNS server I expect it's supposed to read like this: I was working on cleaning up my 'any to any' rulesets on my firewall and I ran across internal IPs using the NetBIOS protocol, which is unexpected behavior. One of my internal hosts also appears to be attempting to connect to 7.8.0.106 or 7.8.0.107 on port 4330. A WHOIS lookup tells me that those IPs belong to the IP range owned by the U.S. Department of Defense. What is going on? We're just a manufacturing company. One of the IPs participating in this traffic is supposed to be network storage, while the other is supposed to just do DNS. And because no one answered him, he decided to try another line of inquiry: My firewall logs have also picked up traffic from our internal trusted network to an external untrusted network with entries such as: 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied It was denied. What is happening here? I have no idea what's happening there; I'd suggest looking at the machines for strange activity, maybe doing some tcpdumps and seeing if you can trace back any of the packets you find to any of your machines. But I can't think of any reason your internal machines should be trying to connect to those hosts. (Especially considering those hosts may not exist!) On Fri, Feb 3, 2012 at 12:31 AM, ja...@zero-internet.org.uk wrote: So what's the question? --Original Message-- From: RandallM Sender: full-disclosure-boun...@lists.grok.org.uk To: funsec To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] can you answer this? Sent: 3 Feb 2012 08:20 since no one could answer the last one how bout this. In my FW log Trust (our 10.0.0.0. network) to untrust picked this up: 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied My any to any denied queue. -- been great, thanks RandyM a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sent from my BlackBerry® wireless device ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2384-2] cacti regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2384-2 secur...@debian.org http://www.debian.org/security/ February 04, 2012 http://www.debian.org/security/faq - - Package: cacti Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545 CVE-2011-4824 It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny. For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny5. The stable distribution (squeeze) is not affected by this regression. We recommend that you upgrade your cacti packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPLWrRAAoJEL97/wQC1SS+hzQH/2d+gt+JSTpYIuj1GARSnWNI LFMYVQ83iLdAD7kg4lqfPRP0bSvNndnPPkM3JfY5oHmzE2EXpjVpYvkEMWPJahZa 3fCymjOsmS3T6sS2Ed8rW/kmVBNi8L+UlcDzIO4iL+LGb4YmC12SMUNIjq3pR51z t0J6MW8p05VYfsLhoNLQf9IJC6ngba3B0NJrW91Qx4D0D0WcIy8IcE17K5Ao91l1 nvGhUMbGIgH57urmpKaGXwqJT+6FPtHWmK0rRtow46fR8YrphRlmnw6ST9JZvB4W oASZuLRIbjQHBW/zotdjQUN0zqfnEh2ICfqyQLbr+SNlBfHvdBb5knrKznqqHoQ= =MhcV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
On Sun, Jan 29, 2012 at 01:55:31AM +0100, Christian Sciberras wrote: Actually, *most* bands that make money do so off the concert tours - tickets and tshirts is where the actual money is at, not the album sales. So why bother with album sales in the first place? This is the same with free/commercial software. At the end of the day the creator decides the sales strategy. The only thing I can see in this is that the recording industry really needs to grow up to the times, but piracy is not a solution nor the means to one, just like DDoSing facebook is not the means to the removal of a certain bill/law (arguably, to the contrary). The recording companies have every right to retaliate just as the FBI has every right to arrest suspects involved in these childish acts. Just a quote: quote In Germany they first came for the Communists, and I didn't speak up because I wasn't a Communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me - and by that time no one was left to speak up. Martin_Niemöller /quote https://en.wikiquote.org/wiki/Martin_Niem%C3%B6ller -- j ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability-lab.com XSS
On Sat, 04 Feb 2012 08:06:47 +1100, doomxd said: Your the idiot here.. Boone,will give u guys crap ya cuntzzz and I hope yur havin great time tryin to ... Dale Carnegie is rolling over in his grave... pgp8LBdVljcam.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/