[Full-disclosure] CVSphoto.com Stores Passwords Unhashed
I don't have the human bandwidth to deal with yelling at CVS for this right now, but figured I'd make a ML post about it if someone wants to do so. The email I got is here: http://i.imgur.com/bII9iGw.png Please feel free to try creating an account yourself and forgetting your password. -a ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Chat With The NGR Bot
I love these posts that troll for visits to someone's site. -- Alex Buie Network Coordinator / Server Engineer KWD Services, Inc Media and Hosting Solutions +1(703)445-3391 +1(480)253-9640 +1(703)919-8090 ab...@kwdservices.com ज़रा On Wed, Jun 13, 2012 at 4:28 PM, Adam Behnke a...@infosecinstitute.com wrote: NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was designed with the intention to steal digital identity, perform denial of service, and manipulate the domain name resolution. It spreads via Recycler bin social engineering as well as by hooking into via social networking sites. This article aims to provide some technical insights of this NGR Bot V1.0.3 sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: (1) Encryption tampering detection mechanism (2) Functionalities (3) Hooking technique (4) Architecture Set-up for communicating with this malware To view the entire article, go here: http://resources.infosecinstitute.com/ngr-rootkit/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Certificacion - Profesional Pentester
This is gonna be fun. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Accounts Security Vulnerability
This reminds me of my bank, where the password can only be 12 characters long and only alphanumeric, but they compensate with security questions, Web pin and SMS auth, where I would be perfectly content (and save time) sec-wise if they would just let me use my normal 24 character password scheme, and maybe the pin on unfamiliar computers. Oh, and their mobile app? Only requires my 4 number debit pin and no username. I'd be much more worried about losing my phone that's preauthed than someone scanning my brain and discovering the password. On May 12, 2012 7:59 AM, Michael J. Gray mg...@emitcode.com wrote: Effective since May 1, 2012. Products Affected: All Google account based services ** ** Upon attempting to log-in to my Google account while away from home, I was presented with a message that required me to confirm various details about my account in order to ensure I was a legitimate user and not just someone who came across my username and password. Unable to remember what my phone number from 2004 was, I looked for a way around it. The questions presented to me were: Complete the email address: a**g...@gmail.com Complete the phone number: (425) 4**-***7 ** ** Since this was presented to me, I was certain I had my username and password correct. From there, I simply went to check my email via IMAP at the new location.* *** I was immediately granted access to my email inboxes with no trouble. ** ** From there, I attempted to log-in to my Google account with the same username and password. To my surprise, I was not presented with any questions to confirm my identity. This completes the steps required to bypass this account hijacking counter-measure. ** ** This just goes to show that even the largest corporations that employ teams of security experts, can also overlook very simple issues. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Vulnerability research and exploit writing
What the hell is an empanelment? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
On Sun, Apr 22, 2012 at 8:22 PM, valdis.kletni...@vt.edu wrote: On Sun, 22 Apr 2012 19:59:46 -, Thor (Hammer of God) said: You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker Hell! :) Wait, wouldn't that require that the unerring Word of God was buggy? ;) Hahahahahaha, this made my day. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] is my ISP lying or stupid?
Hahahah, that's wonderful. On Mar 21, 2012 12:06 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: Actually, those promiscuous sub-VLANs are bad news. I got a virus from one that turned my hard drive into a floppy. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Giles Coochey Sent: Wednesday, March 21, 2012 8:49 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] is my ISP lying or stupid? On 2012-03-18 16:09, James Condron wrote: The routers of an ISP are sorta DHCP in the sense that the IPs are dynamic- DHCP really works as one network whereas an ISP switch will have a series of /30 vlans for obvious reasons. Getting an IP and connection is more complex than that but already we're down to a series of routers. No, they'd use private VLANs with the default router in a promiscuous sub- VLAN. That way they won't have to waste 4 IPs for every customer. Customers with multiple IPs can be put in community sub-VLANs, if they pay for it. Networking works very differently within Service Provider networks. A lot of it is technology that makes itself look like other technologies you might be familiar with, but what is happening behind the scenes is actually completely different. Just thought you might like to know. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Oracle Exadata Infiniband Switch default logins and world readable shadow file
I like the two day notification window... On Mar 14, 2012 6:36 PM, larry Cashdollar lar...@me.com wrote: Oracle Exadata Infiniband Switch default logins and world readable shadow file Hi Full-Disclosure List, I've noticed a minor issue with the 1/4 rack Oracle Exadata Solution. What is Exadata? From Oracle.com Oracle Exadata is the only database machine that provides extreme performance for both data warehousing and OLTP applications, making it the ideal platform for consolidating on private clouds. It is a complete package of servers, storage, networking, and software that is massively scalable, secure, and redundant. With Oracle Exadata customers can reduce IT costs through consolidation, store up to ten times more data, improve performance of all applications, deliver a faster time-to-market by eliminating systems integration trial and error, and make better business decisions in real time. http://www.oracle.com/us/products/database/exadata/overview/index.html The oracle engineered solution contains two leaf switches and in larger installations a spine switch. The installation I worked with didn't have a spine switch, but the two leaf switches were configured with three logins with easily guessable passwords and a shadow file that was world readable. There are three accounts with easily guessable default passwords on the exadata inifiniband switches: ilom-admin, ilom-operator and nm2user. rux0r:~ meep0$ ssh ilom-admin@192.168.0.113 cat /conf/shadow The shadow file is world readable: [root@exad-1swib2 ~]# ls -l /conf/shadow -rw-r--r-- 1 root root 749 Dec 23 2011 /conf/shado Vendor: notified 3/12/2012 Fix: Rotate default passwords. I am checking on if you can lock down file permissions on /conf/shadow with out causing issues. -- Larry Cashdollar http://vapid.dhs.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Just morbidly curious, what did you use for the SSID? On Feb 12, 2012 5:31 PM, Derek de...@madrock.net wrote: They should at least consider providing an option to disable the static pin only or disable it after an hour if the future is activated by the user. Seems to be something that could be included in a future firmware update. For a vendor to provide another mechanism for a user to get remotely hacked (within wireless TX/RX range) and not address it in a reasonable amount of time, exposes the less technical user, who is was intended to help in the first place. It would be interesting to see if this feature went through a technical security risk assessment and if so, how the static pin was rationalised for public release. I setup an isolated vulnerable device and had attack traffic within 2 days of it being activated. I did make the SSID very attractive, but the war drivers are certainly getting out of the house again. Thanks Derek On 13/02/2012, at 1:47, Rob Fuller jd.mu...@gmail.com wrote: I've tested a 6 models of Linksys, all of them appear to disable WPS completely as soon as a single wireless setting is set. I assume this would be the reason Cisco/Linksys aren't putting much stock in 'fixing' it further. If anyone has any experience to contradict this or have a modification to current tools to circumvent what I've perceived as disabled, I, as I'm sure Craig, would be very interested. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Sat, Feb 11, 2012 at 4:23 PM, farthva...@hush.ai wrote: _ Use Tomato-USB OS on them. _ Besides you void warranty... list of DD-WRT Supported routers: E1000supported E1000 v2 supported E1000 v2.1 supported E1200 v1 ??? E1200 v2 ??? E1500??? E1550??? E2000supported E2100L supported E2500not supported E3000supported E3200supported E4200 v1 not supported yet E4200 v2 not supported M10 M20 M20 v2 RE1000 WAG120N not supported WAG160N not supported WAG160N v2 not supported WAG310G not supported WAG320N not supported WAG54G2 not supported WAP610N not supported WRT110 not supported WRT120N not supported WRT160N v1 supported WRT160N v2 not supported WRT160N v3 supported WRT160NL supported WRT310N v1 supported WRT310N v2 not supported yet WRT320N supported WRT400N supported WRT54G2 v1 supported WRT54G2 v1.3 supported WRT54G2 v1.5 not supported WRT54GS2 v1 supported WRT610N v1 supported WRT610N v2 supported X2000not supported X2000 v2 not supported X3000not supported. _ Fixing? Heh. Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either. _ What about removing WuPS entirely? WuPS is a total failure because: 1. Even if everything is fine 8 digits long is very weak because once you got the pin after 7 month - 2 years for example, you are completely pwned. 2. Pin number is fixed you can't change it to a longer number or maybe a string like omgponnies 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad only cell phones), if some people are lazy, you don't have to weakening the security of a strong protocol. Farth Vader ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
On Sat, Jan 28, 2012 at 5:41 PM, Benjamin Kreuter ben.kreu...@gmail.com wrote: The best compromise I can think of is to treat noncommercial copyright infringement like a parking violation: you get a ticket for some small but annoying amount of money. This is the best solution I've seen anywhere, by far. Kudos. Alex ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/