Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-10-04 Thread laurent gaffie
More explication on cve-2009-3103

http://g-laurent.blogspot.com/2009/10/more-explication-on-cve-2009-3103.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]

2009-10-04 Thread dramacrat
So if I'm to understand you correctly, "gobbles 1337", Weev's mother or a
family member was searching the family name randomly on Google, came across
these threads, did *not* email the list but instead emailed you with a long
list of abuse about Weev, within which she did not disclose any information
about her own son that you did not know already; despite the fact that as
his mother she would surely be privy to such information. She also, if I am
to believe your emails, did not disagree with you on any point. You then
kindly stripped the email formatting and rather than forwarding the email to
the list, pasted it into your own email so that it would seem almost as
though *you* wrote these emails!

How strange.

2009/10/5 GOBBLES 

> Mr. Auernheimer,
>
> That's true. I'm not a hacker.
>
> Also, sorry for not clarifying that I use mrxisaplant too.
>
> Here is more correspondance received from your mom (added paragraph
> breaks):
>
> Actually, Andrew has no relationship to designadventures or sealpac. Years
> ago before sealpac came the US market, Andrew grabbed the domain name
> (before we knew anything about his mental issues). We want it back. We
> didn't even remember until this week that his name was on it as we paid for
> several years in advance and the recent renewal was paid by credit card.
> Design Adventures is my little interior design business-never had a thing
> to
> do with Andrew. Design Adventures and Sealpac have nothing to do with
> Andrew
> and have never done business with Andrew. In fact, even as parents we have
> never financially supported him since he left home. Years ago our
> communication with him was come home, get help, go to school and we will
> then and only then support you. He refused.
>
>  Andrew was never abused or neglected. When he lived with us he was a
> totally different person, prior to his substance abuse issues. He became a
> different person in Cal. He had to get as far away from us as he could to
> participate in this kind of behavior because we would have called the cops
> and kicked his ass to the curb.
>
>  From his postings he is deranged and a drug addict. We are not asking for
> sympathy for him. Andrew has been detained by the FBI twice this year? They
> didn't do anythin...@#!!! I don't know what the strategy should be for you
> or I if the FBI won't do anything to stop him and we can't find him.
> You don't want to call the FBI and we don't care if you do, if they need to
> they will contact you. Andrew's name has been available online for years so
> it never even occurred to me to disclose his name but I also spoke to law
> enforcement a year ago so even they knew.
>
> There are so many crazies on the
> web just like Andrew and we simply stopped trying with him when he went to
> California years ago. He would not give us his address or location.
> Truthfully, until about a year ago we didn't even know about this ugly,
> racist rhetoric because we weren't wasting our days looking.
>
> Many years ago
> he was online railing against Bill O'Reilly and the far right and saying
> anything to inflame. He used to be a radical liberal. I think he is so
> crazy
> now that he might be convinced that martians are ruining his life, not
> Jews.
> He's nuts. Sadly he is not alone. I could not believe, when I finally got
> wind of his livejournal, how many people were posting horrible things in
> agreement. I felt physically sick. All of those people are also a danger
> and
> who knows who those people are. They were smart enough to not post their
> own
> photos and link their real names to their ugly words. They may be more of a
> danger because we don't know who they are.
>
>
>  Original Message 
> From: Andrew A 
> To: GOBBLES 
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo
> Doc(TM) revision #1]
> Date: Sun, 4 Oct 2009 12:33:13 -0500
>
>
> Mr. Learner,
>
> You really are hilarious. I can infer one thing from your posts: you aren't
> a hacker, and you find this really awkward and aren't sure how this whole
> ruin thing works.
>
> You have no access to data that I have not made public. Once again, the
> only thing you found out was my name, which I put on my livejournal. Big
> deal. The rest was google-able. You really don't have anything. You also
> don't understand how to make this whole doxdrop deal effective and dramatic.
> You save up everything you can until you find a piece of data which is
> psychologically damaging to the target. You have to essentially find them
> guilty of wrongdoing, like using a nonprofit to defraud people, or sucking
> dicks for money. This whole thing where you post somebody's parents address,
> big deal. Everybody's got parents unless they're orphaned. Those parents
> inevitably live somewhere. If I were a basement dwelling loser, this tactic
> might be effective. Unfortunately I live on 60 acres in the sticks and have
> hungry dogs and guns. Not much you

Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload

2009-10-04 Thread 啊賢 .
> > >Successful exploitation requires the ability to execute the uploaded
JavaScript.
> > >The Geeklog Forum program can be used as an attack vector since it does
not
> >> properly validate many $_GET / $_POST variables.
> >Could you give us some more details about these XSS vulnerabilities ? :)
>>
> >Cause all I see here is a RCE in the admin panel.
>> You confirm that there are XSS but we don't have any details about
them...

>The
>easy one is when the forum allows anonymous posts and is configured for
>text posts.  The anonymous user name is never filtered, so you can put
>anything there, including a reference to the javascript uploaded as the
>user profile image..

>
How about the php flaw?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #3]

2009-10-04 Thread TheLearner
Eyeballing Weev, An informative dossier.
=
  By Lisa Simpson

  Version
=
  Revision #3

  Purpose
=
  You can edit this document and submit it back as a new revision.

  An effort by community citizens to expose this person. If you
have any helpful knowledge about weev (even general) and have
something to add, please reply with any editions.

  Abstract
=
  Andrew "Weev" is a troll in his early 20's who has hacked into
various websites, harasses innocent people and companies, and
actually dropped dox on this very list. He's been covered in a
NYTimes article on cyberharassment and a WST online blog post
about a job he claims to have done on amazon.

  According to our contact with his mother Andrew used to live
a quiet life in Richmond, VA. Described as perfectly kind and
supportive of his brother and sister. But he began a life
of drugs, starting with ecstacy and moving up to heroin. His
former girlfriend was a user. He left to SoCal with no car
or phone number given to family. His parents tried to have him
involuntary committed.

  It is said in his NYTimes article that he is a wealthy cyber-
criminal. In reality, he's nothing more than a nomadic schizo-
phrenic with nothing better to do than reak havoc of the lives
of innocents.

  Some of his victims (Which are on a list too long for even his
associates to remember in entirity) consist of Rob Levin, Rich
Kyanka's (lowtax) and Kathy Sierra's identity theft. Also, at the
request of Girlvinyl (Sherrod DeGrippo), the owner of encyclopedia
dramatica,  weev was able to nail Randi Harper (freebsdgirl) to the
wall, still hocking up her name on google to this day.

  Andrew is known for his pathological sense of vanity and 
narcissism.
Every last act he does, he makes special effort to leave his mark
economically, reputationally and psychologically in his victims.
 He wants to be world famous. His remedy for distracting attention
from his own flaws and ironies is the age-old "blame it on the 
jews".

  For him, he doesn't try to use it in a sarcastic way, merely
pointing out absurb anti-semitism exists, he uses in this way to
say something so extreme any attempt of criticizing him stops.

  In general, a puppy that wants love, but apparently can't be
fixed. A Michael Crook.

  Real Identity
=
  - First name: Andrew
  - Last name: Auernheimer (mispelled as Aurenheimer sometimes)
  - Middle name: Alan Escher
  - Full name: Andrew Alan Escher Auernheimer

  DOB
=
  September 1st, 1985

  Past schools
=
  James Madison University

  Known address
=
  Criminal / 0day / Spam / Scam
  PO Box 61359
  Sunnyvale, CA 94088

  60 acres in the sticks with hungry dogs and guns, he claims.

  San Francisco, Los Angeles areas of California

  You can google his PO Box address (where he does biz from) and
see complaints about fraud.

  Known Aliases
=
  - Weev
  - Wbeelsoi
  - Uchiha Weevlos
  - Weevlar
  - Andrew wbeelsoi
  - Andrew weevlos
  - The iProhet
  - TheiProphet
  - The-iProphet

  Car
=
  Drives a silver, 2000 Honda Civic
  License plate 6EFJ814. 
  Most recently smog checked at Auto Chek in Anaheim, CA
  2009/01/21, at 3:30 pm.

  Traffic Violation
=
  http://visionweb.occourts.org/Vision_Public/SearchCase.do
  case "LH419349".

  Date of ticket: April 17th, 2009

  Details: 22107 VC I   Unsafe turn or lane change
  Disposition: Bail forfeiture (05/28/2009)

  Auernheimer tried to disguise his identity as Andrew Averngimer

  Known Affiliations
=
  - Bantown
  - Buttes
  - EFnet #down
  - SASS (Something Awful Sycophant Squad)
  - Encyclopedia Dramatica

  Known Enemies
=
  Organizations:
  - Something Awful
  - FBI
  - JDL
  - Possibly banks
  - Any law enforcement agency he knows him
  - Any jewish civil rights group that knows him

  Name:
  - Dennis Fetcho (TheFetch)
  - Kathy Sierra
  - Rob Levin (Lilo)
  - Richard Kyanka (lowtax)
  - Randi Harper (FreeBSDGirl)

  (Know more? http://tips.fbi.gov)

  Known business affiliations
=
  Sealpac. Richmond, VA

  (We're sorting through them as we speak)

  Photo
=
  - http://img8.imageshack.us/img8/7586/569pxinternetbusiness.jpg
  - http://imgur.com/V5hkG.jpg

  Known publicity stunts
=
  - Toorcon2111, Cybercrime
  Full URL: http://video.google.com/videoplay?docid=-
5643217366887354926&ei=iOzHSvzBOpbWrQKvlu2KDg&q=andrew+wbeelsoi
  TinyURL: http://tinyurl.com/auernheimercrime
  - LiveJournal hacking
  - NYTimes "Mawebulence" Expose
  Full URL: http://www.nytimes.com/2008/08/03/magazine/03trolls-
t.html?_r=1&hp&oref=slogin
  Tiny URL: http://tinyurl.com/au

Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]

2009-10-04 Thread GOBBLES
Mr. Auernheimer,

That's true. I'm not a hacker.

Also, sorry for not clarifying that I use mrxisaplant too.

Here is more correspondance received from your mom (added paragraph breaks):

Actually, Andrew has no relationship to designadventures or sealpac. Years
ago before sealpac came the US market, Andrew grabbed the domain name
(before we knew anything about his mental issues). We want it back. We
didn't even remember until this week that his name was on it as we paid for
several years in advance and the recent renewal was paid by credit card.
Design Adventures is my little interior design business-never had a thing to
do with Andrew. Design Adventures and Sealpac have nothing to do with Andrew
and have never done business with Andrew. In fact, even as parents we have
never financially supported him since he left home. Years ago our
communication with him was come home, get help, go to school and we will
then and only then support you. He refused.

 Andrew was never abused or neglected. When he lived with us he was a
totally different person, prior to his substance abuse issues. He became a
different person in Cal. He had to get as far away from us as he could to
participate in this kind of behavior because we would have called the cops
and kicked his ass to the curb.

 From his postings he is deranged and a drug addict. We are not asking for
sympathy for him. Andrew has been detained by the FBI twice this year? They
didn't do anythin...@#!!! I don't know what the strategy should be for you
or I if the FBI won't do anything to stop him and we can't find him.
You don't want to call the FBI and we don't care if you do, if they need to
they will contact you. Andrew's name has been available online for years so
it never even occurred to me to disclose his name but I also spoke to law
enforcement a year ago so even they knew.

There are so many crazies on the
web just like Andrew and we simply stopped trying with him when he went to
California years ago. He would not give us his address or location.
Truthfully, until about a year ago we didn't even know about this ugly,
racist rhetoric because we weren't wasting our days looking.

Many years ago
he was online railing against Bill O'Reilly and the far right and saying
anything to inflame. He used to be a radical liberal. I think he is so crazy
now that he might be convinced that martians are ruining his life, not Jews.
He's nuts. Sadly he is not alone. I could not believe, when I finally got
wind of his livejournal, how many people were posting horrible things in
agreement. I felt physically sick. All of those people are also a danger and
who knows who those people are. They were smart enough to not post their own
photos and link their real names to their ugly words. They may be more of a
danger because we don't know who they are.

 Original Message 
From: Andrew A 
To: GOBBLES 
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) 
revision #1]
Date: Sun, 4 Oct 2009 12:33:13 -0500


> Mr. Learner,
>
> You really are hilarious. I can infer one thing from your posts: you aren't a 
> hacker, and you find this really awkward and aren't sure how this whole ruin 
> thing works.
>
> You have no access to data that I have not made public. Once again, the only 
> thing you found out was my name, which I put on my livejournal. Big deal. The 
> rest was google-able. You really don't have anything. You also don't 
> understand how to make this whole doxdrop deal effective and dramatic. You 
> save up everything you can until you find a piece of data which is 
> psychologically damaging to the target. You have to essentially find them 
> guilty of wrongdoing, like using a nonprofit to defraud people, or sucking 
> dicks for money. This whole thing where you post somebody's parents address, 
> big deal. Everybody's got parents unless they're orphaned. Those parents 
> inevitably live somewhere. If I were a basement dwelling loser, this tactic 
> might be effective. Unfortunately I live on 60 acres in the sticks and have 
> hungry dogs and guns. Not much you can do to me.
>
> Since you are so fucking inept that you can't even find my birthday: 
> September 1st, 1985
> My former school: James Madison University
>
> Protip: Nobody in the FBI takes internet submitted tips seriously. If you 
> want to go submit leads to the FBI, you can do it directly to the FBI agent 
> out to get me.
>
> Craig G. Mueller
> Special Agent
> Ph: (503) 552 5473
> Fa: (503) 552 5327
> craig.muel...@ic.fbi.gov
>
> I have attached a photo of his business card as well, for your personal 
> verification and convenience.
>
> Earlier you called for my "methods of alluding law enforcement." (sic; You 
> make so many errors in your English that it becomes hilariously obvious that 
> all your sockpuppets are the same person.) I've got some funny logs to give 
> you when you've exhausted your effort. You're going to LOL.
>
> On S

Re: [Full-disclosure] Take it from weev's mom.

2009-10-04 Thread TheLearner
   So weev, the psychopath who takes pleasure in ruining the lives 
of
innocents came from a diverse, caring, liberal family.

Apparently it was an error to bring the family into this, but if we
didn't post their info we'd never know the truth about weev's
upbringing.

I personally still believe weev needs to be behind bars for a few
decades. Let's face it, the internet will be a safer place with
this kid off the streets.

http://tips.fbi.gov make it happen.

On Sun, 04 Oct 2009 20:28:45 + GOBBLES  wrote:
>Remember, n3td3v always has the absolute finest in intelligence.
>
> Original Message 
>From: Alyse Auernheimer 
>To: fyo...@insecure.org, gobbles1...@safe-mail.net
>Subject: RE: So Weev...
>Date: Sat, 3 Oct 2009 02:28:54 -0400
>
>Mr. Lyon, Paul
>
>There is a thread on your website referencing my son Andrew 
>Auernheimer. I am totally sympathetic with those posting as my son 
>is guilty of horrible behavior. We are ashamed of him and wish we 
>could find him ourselves. Sadly, your contributors felt the need 
>to "Out" our family, Andrew's parents and siblings. There are 
>links to our younger children, one of whom is only 14, our address 
> and phone numbers are available, photos of the children and one 
>reference by one poster as to a desire to rape me. The truth is 
>everyone we know already knows we have a mentally ill child. We 
>have made no secret of Andrew.
>
>We too are victims of Andrew. The hardest part for all of us is 
>that he used to be normal. He loved us and was sweet and kind to 
>his siblings. Several years ago he developed a relationship with a 
>girl with a serious drug problem. He began by using xtc regularly 
>and eventually graduated to LSD and heroin. About three years ago 
>he had a mental breakdown and began hearing voices and talking to 
>himself. He vanished from our lives. My children would log into 
>AIM to see if he was still alive; if he was logged on too long  or 
>not recently they would worry something had happened to him. There 
>are references to his lavish lifestyle on this thread but the sad 
>truth is he is paranoid schizophrenic and has been homeless a 
>number of times. I am not excusing his pathetic behavior. My 
>husband and I contacted law enforcement in Southern California 
>almost a year ago as we wanted to try to "catch him" and have him 
>forcibly committed; he needs help. Unfortunately we were told that 
>the likely outcome would be 72 hours in a mental facility and they 
>would let him go and since we are in no financial position to pay 
>for mental health care for him we should just pray and forget it. 
>I cried every night for a year but I am done crying. I can only 
>worry about things that I can change and I really have NO 
>information about Andrew. He never once gave us a phone number or 
>address where we could reach him. When he left here he did not 
>have a car or a license. I don't even know what state he might be 
>in and frankly, I don't know if I want to anymore. 
>
>I don't know if any of you have ever had a mentally ill family 
>member. It is torture. For it to be your child is indescribably 
>painful.  I sometimes wonder if  because our lives as a family 
>have been dedicated to diversity and inclusion, that he may have 
>chosen his weapons to purposely hurt us. We are tough though and 
>committed to each other and making the most positive contributions 
>to our world as we are able. 
>
>I hope you all can find it in your hearts to please take down our 
>personal information. If your goal is to hurt US then you have 
>succeeded. Other than that I am not sure what the purpose of all 
>this was. I don't cry over Andrew anymore but I found this thread 
>when I googled my daughter looking for a school picture for her 
>dorm room and I sobbed. She has never said an unkind word to 
>anyone and I knew she would be devastated. We are not responsible 
>for Andrew's totally screwed up life, he is. I was contacted 
>erroneously on my Facebook page by someone named Anton Garcia 
>posing as a Dreamworks Animation Employee trying to find Andrew 
>because he was hacking Dreamworks. I suspected it was fake but I 
>answered anyway, truthfully. I too want him to own up to his 
>stupid behavior and take the consequences like a man. I'm sure I 
>will be disappointed. The worst part about this is you ONLY hurt 
>us. Andrew probably thought it was hilarious. He doesn't care what 
>you say or do to us, he only cares about himself. He, in the past, 
>has even made up a variety of ugly lies about us, but he is always 
>found out.
>
>Many of the postings referred to our family as nice. This is 
>accurate. Our other children are everything Andrew rejected, kind, 
>smart, hard-working, dedicated to making a difference through 
>public service, and we have left Andrew behind. There is so much 
>need in this world and so little time that spending it on tears 
>and regret is a colossal waste. Don't get me wrong we will always 
>love Andrew and our 

[Full-disclosure] Take it from weev's mom.

2009-10-04 Thread GOBBLES
Remember, n3td3v always has the absolute finest in intelligence.

 Original Message 
From: Alyse Auernheimer 
To: fyo...@insecure.org, gobbles1...@safe-mail.net
Subject: RE: So Weev...
Date: Sat, 3 Oct 2009 02:28:54 -0400

Mr. Lyon, Paul

There is a thread on your website referencing my son Andrew Auernheimer. I am 
totally sympathetic with those posting as my son is guilty of horrible 
behavior. We are ashamed of him and wish we could find him ourselves. Sadly, 
your contributors felt the need to "Out" our family, Andrew's parents and 
siblings. There are links to our younger children, one of whom is only 14, our 
address  and phone numbers are available, photos of the children and one 
reference by one poster as to a desire to rape me. The truth is everyone we 
know already knows we have a mentally ill child. We have made no secret of 
Andrew.

We too are victims of Andrew. The hardest part for all of us is that he used to 
be normal. He loved us and was sweet and kind to his siblings. Several years 
ago he developed a relationship with a girl with a serious drug problem. He 
began by using xtc regularly and eventually graduated to LSD and heroin. About 
three years ago he had a mental breakdown and began hearing voices and talking 
to himself. He vanished from our lives. My children would log into AIM to see 
if he was still alive; if he was logged on too long  or not recently they would 
worry something had happened to him. There are references to his lavish 
lifestyle on this thread but the sad truth is he is paranoid schizophrenic and 
has been homeless a number of times. I am not excusing his pathetic behavior. 
My husband and I contacted law enforcement in Southern California almost a year 
ago as we wanted to try to "catch him" and have him forcibly committed; he 
needs help. Unfortunately we were told that the likely outcome would be 72 
hours in a mental facility and they would let him go and since we are in no 
financial position to pay for mental health care for him we should just pray 
and forget it. I cried every night for a year but I am done crying. I can only 
worry about things that I can change and I really have NO information about 
Andrew. He never once gave us a phone number or address where we could reach 
him. When he left here he did not have a car or a license. I don't even know 
what state he might be in and frankly, I don't know if I want to anymore. 

I don't know if any of you have ever had a mentally ill family member. It is 
torture. For it to be your child is indescribably painful.  I sometimes wonder 
if  because our lives as a family have been dedicated to diversity and 
inclusion, that he may have chosen his weapons to purposely hurt us. We are 
tough though and committed to each other and making the most positive 
contributions to our world as we are able. 

I hope you all can find it in your hearts to please take down our personal 
information. If your goal is to hurt US then you have succeeded. Other than 
that I am not sure what the purpose of all this was. I don't cry over Andrew 
anymore but I found this thread when I googled my daughter looking for a school 
picture for her dorm room and I sobbed. She has never said an unkind word to 
anyone and I knew she would be devastated. We are not responsible for Andrew's 
totally screwed up life, he is. I was contacted erroneously on my Facebook page 
by someone named Anton Garcia posing as a Dreamworks Animation Employee trying 
to find Andrew because he was hacking Dreamworks. I suspected it was fake but I 
answered anyway, truthfully. I too want him to own up to his stupid behavior 
and take the consequences like a man. I'm sure I will be disappointed. The 
worst part about this is you ONLY hurt us. Andrew probably thought it was 
hilarious. He doesn't care what you say or do to us, he only cares about 
himself. He, in the past, has even made up a variety of ugly lies about us, but 
he is always found out.

Many of the postings referred to our family as nice. This is accurate. Our 
other children are everything Andrew rejected, kind, smart, hard-working, 
dedicated to making a difference through public service, and we have left 
Andrew behind. There is so much need in this world and so little time that 
spending it on tears and regret is a colossal waste. Don't get me wrong we will 
always love Andrew and our hearts will forever be broken where he is concerned 
but what else can we do but move on. It's like the Andrew we knew died long 
ago. Hope does spring eternal and sometimes I dream the real Andrew is home and 
we are all together, but my hopes are waning.  Who knows, the future is never 
certain. I have been referred to an FBI agent who is involved with the cyber 
crimes division. I will forward this email to her tomorrow.

Again, please don't make my younger children suffer any more. Do what you will 
with Andrew, he's earned it, but please let our family try to move on. We have 
been dealing wit

Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload

2009-10-04 Thread Andrew Farmer
On 4 Oct 2009, at 08:47, Jaloh Smith wrote:
> The
> easy one is when the forum allows anonymous posts and is configured  
> for
> text posts.  The anonymous user name is never filtered, so you can put
> anything there, including a reference to the javascript uploaded as  
> the
> user profile image..
>
> 

That's actually a much worse exploit than the file upload. There's no  
reason the script you load has to be stored locally -- it works just  
as well if you pull it from another domain.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]

2009-10-04 Thread Andrew A
Mr. Learner,

You really are hilarious. I can infer one thing from your posts: you aren't
a hacker, and you find this really awkward and aren't sure how this whole
ruin thing works.

You have no access to data that I have not made public. Once again, the only
thing you found out was my name, which I put on my livejournal. Big deal.
The rest was google-able. You really don't have anything. You also don't
understand how to make this whole doxdrop deal effective and dramatic. You
save up everything you can until you find a piece of data which is
psychologically damaging to the target. You have to essentially find them
guilty of wrongdoing, like using a nonprofit to defraud people, or sucking
dicks for money. This whole thing where you post somebody's parents address,
big deal. Everybody's got parents unless they're orphaned. Those parents
inevitably live somewhere. If I were a basement dwelling loser, this tactic
might be effective. Unfortunately I live on 60 acres in the sticks and have
hungry dogs and guns. Not much you can do to me.

Since you are so fucking inept that you can't even find my birthday:
September 1st, 1985
My former school: James Madison University

Protip: Nobody in the FBI takes internet submitted tips seriously. If you
want to go submit leads to the FBI, you can do it directly to the FBI agent
out to get me.

Craig G. Mueller
Special Agent
Ph: (503) 552 5473
Fa: (503) 552 5327
craig.muel...@ic.fbi.gov

A photo of his business card as well, for your personal verification and
convenience: http://tinypic.com/r/1j84ly/4

Earlier you called for my "methods of alluding law enforcement." (sic; You
make so many errors in your English that it becomes hilariously obvious that
all your sockpuppets are the same person.) I've got some funny logs to give
you when you've exhausted your effort. You're going to LOL.


On Sat, Oct 3, 2009 at 8:37 PM, TheLearner  wrote:

> Eyeballing Weev, An informative dossier.
> =
>  By FeelTheBurn Udmncrmnl
>
>  Version
> =
>  Revision #1
>
>  Purpose
> =
>  You can edit this document and submit it back as a new revision.
>
>  An effort by community citizens to expose this person. If you
> have any helpful knowledge about weev (even general) and have
> something to add, please reply with any editions.
>
>  Abstract
> =
> I noticed seclists.org was taking down information relating to the
> "doxing" of Andrew Auernheimer.
>  - Original post
> http://seclists.org/fulldisclosure/2009/Oct/0013.html
>  - Mirror (http://www.webcitation.org/5kD6O0OEd)
>
>  Andrew is a troll in his early 20's who has hacked into various
> websites, harasses innocent people and companies, and actually
> dropped dox on this very list. Some of his victims (Which are on a
> list too long for even his associates to remember in entirity)
> consist of Rob Levin, Rich Kyanka's (lowtax) and Kathy Sierra's
> identity theft. Also, at the request of Girlvinyl (Sherrod
> DeGrippo) weev was able to nail Randi Harper (freebsdgirl) to the
> wall, still hocking up her name on google to this day.
>
>  Andrew wants glory. He wants to be in the news. His remedy for
> distracting attention from his own flaws and ironies is the age-old
> "blame it on the jews".
>
>  For him, he doesn't try to use it in a sarcastic way, merely
> pointing out absurb anti-semitism exists, he uses in this way to
> say something so extreme any attempt of criticizing him stops.
>
>  In general, a puppy that wants love, but apparently can't be
> fixed. A Michael Crook.
>
>  Real Identity
> =
>  - First name: Andrew
>  - Last name: Auernheimer (mispelled as Aurenheimer sometimes)
>  - Middle name: Alan Escher
>  - Full name: Andrew Alan Escher Auernheimer
>
>  DOB
> =
>  We need this!
>
>  Past schools
> =
>  We need this!
>
>  Known address
> =
>  Family
>  2038 W Grace St
>  Richmond, VA 23220
>
>  Criminal / 0day / Spam / Scam
>  PO Box 61359
>  Sunnyvale, CA 94088
>
>  San Francisco, Los Angeles areas of California
>
>  You can google his PO Box address (where he does biz from) and
> see complaints about fraud.
>
>  Known Aliases
> =
>  - Weev
>  - Wbeelsoi
>  - Uchiha Weevlos
>  - Weevlar
>  - Andrew wbeelsoi
>  - Andrew weevlos
>  - The iProhet
>  - TheiProphet
>  - The-iProphet
>
>  Known Affiliations
> =
>  - Bantown
>  - Buttes
>  - EFnet #down
>  - SASS (Something Awful Sycophant Squad)
>  - Encyclopedia Dramatica
>  - SealPac
>
>  Known Enemies
> =
>  Organizations:
>  - Something Awful
>  - FBI
>  - JDL
>  - Possibly banks
>  - Any law enforcement agency he knows him
>  - Any jewish civil rights group that knows him
>
>  (Know more? http://tips.fbi.gov)
>
>  Name:
>  - Dennis Fetcho
>  - Kathy Sierra
>  - Rob Levin
>  - Richard

[Full-disclosure] gmail pipe character inconsistencies and fun

2009-10-04 Thread com|com pipecharacter
Gmail will not let you send email to an email address with a | in it. It
just goes directly to /dev/null. For good reason - it doesn't belong in an
email address. It will not let you create an email address that uses it, and
if you use google apps, you can't create a "group" or mailing list with it
in it.

For some reason google's smtp servers are more than willing to accept an
email from (or to) an email address with the pipe character in it. So if you
start sending someone annoying emails to someone from an email address like
"com|bugging...@example.com", they might try to send your emails straight to
the trash. So they click on the downward arrow in the top right, click on
"filter messages like this", see "com|bugging...@example.com" in the "From:"
field, click on "Next Step >>", delete it, and create filter. Now a huge
chunk of their email will go into the trash. If they clicked "Also apply
this filter to ...", they even delete a huge chunk of the email they already
had.

If course there is a search in the last step, but if you have it filled up
with your junk email they might never even notice what they are doing.

Is this a huge security flaw? Of course not. It still shouldn't exist. The
truth is it doesn't concern me at all.

What really bothers me is what I said above, that you can also send TO an
email address with a pipe character in it. I use a catchall on my google
apps domain, and I control spam by taking all of the fake email addresses
spammers have generated and create an empty mailing list with those names.
Now their spam gets rejected by the smtp servers, and they know they aren't
getting anywhere. My spam box tends to stay empty.

That is, until a spammer started sending email to an email address with | in
it. I can't do anything to stop them. Google is impossible to talk to, so I
had to create a fake vulnerability to get people outside google interested
in it. The original "vulnerability" I talked about does exist, and I'm sure
people could have some fun with it.

Which reminds me, here is another "vulnerability". If you want to spam
someone with a google apps domain and a catchall, they can't block you if
you send email to an email address with a | in it!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload

2009-10-04 Thread Jaloh Smith


> 
> > Successful exploitation requires the ability to execute the uploaded 
> > JavaScript.
> > The Geeklog Forum program can be used as an attack vector since it does not
> > properly validate many $_GET / $_POST variables.
> Could you give us some more details about these XSS vulnerabilities ? :)
> 
> Cause all I see here is a RCE in the admin panel.
> You confirm that there are XSS but we don't have any details about them...

The
easy one is when the forum allows anonymous posts and is configured for
text posts.  The anonymous user name is never filtered, so you can put
anything there, including a reference to the javascript uploaded as the
user profile image..



  
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [EquipoFraude] Full Path Disclosure in most wordpress' plugins [?]

2009-10-04 Thread Victor Antonio Torre Villahoz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This not only happens in the plugins, all files in wp-admin/import/ have
errors like it.

I'm fix it using:

if ( defined('WP_ADMIN') or defined('WP_USE_THEMES') ){
;//coninue
}
else{
die();
}


Fernando A. Lagos B. escribió:
> Exists an call to add_action() without validate with function_exists().
> When I run the php script directly, I get the full path of wp installation.
> 
> Example:
> [+] http://www.marco2010.cl/wp-content/plugins/akismet/akismet.php
> [+] http://www.marco2010.cl/wp-content/plugins/hello.php
> 
> 
> Is a bug? Is a feature?
> 
> More details posted in my blog:
> http://blog.zerial.org/seguridad/vulnerabilidad-en-la-mayoria-de-los-plugins-para-wordpress/
> (spanish)
> 
> 
> cheers.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


- --
Victor Antonio Torre
vtorre @ hispasec.com
PGP Key ID: 74FA965E
Hispasec Sistemas S.L
+34 902 161 025
29590 Málaga (Spain)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJKxp8qAAoJEO8OrbJ0+pZeCwgH/iISumx4AM7EYvebIT39U3L3
/W383B2oNkqYOpsIdb2nmLWoBXgpSWdnZNhZ6Oqy0OPvqMQQjT/DLW0DoXqMPHlT
MrF9ex7eJs6d0u17pMUiIHllqKg/pnWvNvPP2zwQ34L2JxdmesOcbCJ4+faRWfNg
PtPkEWhj44D7qXGNFSubWYbzTr/8nxd7sBjfjedhxDBsbmSKFVTuEAgAubCRaSpO
NQ3Fqls9bAUTBHGI9Yy5x/GQbqAa99v8Mvvb3BgZqQeV+cqxK4HDMqSwXPi7siFa
AODX4dndrEUo5VLoHftEpha2YGQtH7Q1N+C7wxCiupCw5mkT3lhMyx8vvRyHA+0=
=ZYwQ
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #2]

2009-10-04 Thread TheLearner
Eyeballing Weev, An informative dossier.
=
  By FeelTheBurn Udmncrmnl

  Version
=
  Revision #2

  Purpose
=
  You can edit this document and submit it back as a new revision.

  An effort by community citizens to expose this person. If you
have any helpful knowledge about weev (even general) and have
something to add, please reply with any editions.

  Abstract
=
I noticed seclists.org was taking down information relating to the
"doxing" of Andrew Auernheimer.
  - Original post
http://seclists.org/fulldisclosure/2009/Oct/0013.html
  - Mirror (http://www.webcitation.org/5kD6O0OEd)

  Andrew is a troll in his early 20's who has hacked into various
websites, harasses innocent people and companies, and actually
dropped dox on this very list. Some of his victims (Which are on a
list too long for even his associates to remember in entirity)
consist of Rob Levin, Rich Kyanka's (lowtax) and Kathy Sierra's
identity theft. Also, at the request of Girlvinyl (Sherrod
DeGrippo) weev was able to nail Randi Harper (freebsdgirl) to the
wall, still hocking up her name on google to this day.

  Andrew wants glory. He wants to be in the news. His remedy for
distracting attention from his own flaws and ironies is the age-old
"blame it on the jews".

  For him, he doesn't try to use it in a sarcastic way, merely
pointing out absurb anti-semitism exists, he uses in this way to
say something so extreme any attempt of criticizing him stops.

  In general, a puppy that wants love, but apparently can't be
fixed. A Michael Crook.

  Real Identity
=
  - First name: Andrew
  - Last name: Auernheimer (mispelled as Aurenheimer sometimes)
  - Middle name: Alan Escher
  - Full name: Andrew Alan Escher Auernheimer

  DOB
=
  September 1st, 1985

  Past schools
=
  We need this!

  Known address
=
  Family
  2038 W Grace St
  Richmond, VA 23220

  Criminal / 0day / Spam / Scam
  PO Box 61359
  Sunnyvale, CA 94088

  San Francisco, Los Angeles areas of California

  You can google his PO Box address (where he does biz from) and
see complaints about fraud.

  Known Aliases
=
  - Weev
  - Wbeelsoi
  - Uchiha Weevlos
  - Weevlar
  - Andrew wbeelsoi
  - Andrew weevlos
  - The iProhet
  - TheiProphet
  - The-iProphet

  Car
=
  Drives a silver, 2000 Honda Civic
  License plate 6EFJ814. 
  Most recently smog checked at Auto Chek in Anaheim, CA, on 
2009/01/21,
  at 3:30 pm.

  Traffic Violation
=
  http://visionweb.occourts.org/Vision_Public/SearchCase.do
  case "LH419349".

  Date of ticket: April 17th, 2009

  Details: 22107 VC I   Unsafe turn or lane change
  Disposition: Bail forfeiture (05/28/2009)

  Auernheimer tried to disguise his identity as Andrew Averngimer

  Known Affiliations
=
  - Bantown
  - Buttes
  - EFnet #down
  - SASS (Something Awful Sycophant Squad)
  - Encyclopedia Dramatica
  - SealPac

  Known Enemies
=
  Organizations:
  - Something Awful
  - FBI
  - JDL
  - Possibly banks
  - Any law enforcement agency he knows him
  - Any jewish civil rights group that knows him

  Name:
  - Dennis Fetcho (TheFetch)
  - Kathy Sierra
  - Rob Levin (Lilo)
  - Richard Kyanka (lowtax)
  - Randi Harper (FreeBSDGirl)

  (Know more? http://tips.fbi.gov)

  Known business affiliations
=
  Sealpac. Richmond, VA

  (We're sorting through them as we speak)

  Photo
=
  -
http://img.waffleimages.com/239fb622e4e5188627f39af8045575a70182f8c7
/569px-Internet_business.jpg /
http://img8.imageshack.us/img8/7586/569pxinternetbusiness.jpg /
http://imgur.com/V5hkG.jpg

  Known publicity stunts
=
  - Toorcon2111, Cybercrime
  Full URL: http://video.google.com/videoplay?docid=-
5643217366887354926&ei=iOzHSvzBOpbWrQKvlu2KDg&q=andrew+wbeelsoi
  TinyURL: http://tinyurl.com/auernheimercrime
  - LiveJournal hacking
  - NYTimes "Mawebulence" Expose
  Full URL: http://www.nytimes.com/2008/08/03/magazine/03trolls-
t.html?_r=1&hp&oref=slogin
  Tiny URL: http://tinyurl.com/auernheimernytimes
  - He is also taking credit for Amazon hack of 2009. However this
has not been confirmed
  - Corrupt: www.corrupt.org/act/interviews/weev
  - Public naming by JewishReview
  Full URL: http://www.jewishreview.org/local/Police-question-
two-men-about-threats-to-Jewish-community
  TinyURL: http://tinyurl.com/auernheimer
  Archival: http://www.webcitation.org/5jnPBPyHG

  Family
===
  Phone number: (804) 355-2889

  Mother
- Name: Catherine Auernheimer
- Affiilations: Richmond PTA, Democratic Party
- Alias: Alyse
- Photograph: http://imgur.com/AQpSd.jpg /
(http://img19.image

Re: [Full-disclosure] n3td3v mentioned in a book?

2009-10-04 Thread GOBBLES
For your information, my client n3td3v is a trusted security researcher.

He's cited in f0b1dd3n -- A qualified, peer-reviewed source for infosec data.

 Original Message 
From: Gichuki John Chuksjonia 
Apparently from: full-disclosure-boun...@lists.grok.org.uk
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] n3td3v mentioned in a book?
Date: Sun, 4 Oct 2009 10:37:54 +0300

> Maybe its not a Ban, maybe its a burn notice!
> 
> 
> 
> 
> 
> 
> 
> On 10/4/09, full-censors...@hushmail.com  wrote:
> > if this guy is mentioned in a book and we banned him?
> >
> > http://f0rb1dd3n.com/links.php
> >
> > i'm calling for a serious review of whats going on with the ban
> > list.
> >
> >
> >
> >
> >
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
> 
> -- 
> -- 
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> infosig...@inbox.com
> 
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://nspkenya.blogspot.com/
> http://chuksjonia.blogspot.com/
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] n3td3v mentioned in a book?

2009-10-04 Thread Gichuki John Chuksjonia
Maybe its not a Ban, maybe its a burn notice!







On 10/4/09, full-censors...@hushmail.com  wrote:
> if this guy is mentioned in a book and we banned him?
>
> http://f0rb1dd3n.com/links.php
>
> i'm calling for a serious review of whats going on with the ban
> list.
>
>
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
-- 
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/