Re: [Full-disclosure] RHEL Linux Kernel Exploit
http://28.media.tumblr.com/tumblr_l4sobiXxwf1qza4ndo1_400.jpg [[ rancor ]] @ [[ 15/12/2010 20:44 ]]-- -g musnt live is a parody of must live... humor this =) // rancor 2010/12/15 Greg Whynott gwhyn...@gmail.com mailto:gwhyn...@gmail.com funny... 1. you were root when you ran the code! epic elite. 2. he said red hat NOT redhat based. Redhat has no control over what others do to redhat based efforts. you need more coffee! 8) -g musnt live spewed: [musntl...@pizda ~]# awk '/rel/' /etc/issue Scientific Linux SL release 5.5 (Boron) [musntl...@pizda ~]# uname -a Linux allotropos 2.6.18-194.3.1.el5 #1 SMP Fri May 7 01:52:57 EDT 2010 i686 athlon i386 GNU/Linux [musntl...@pizda ~]# md5sum fullnullson.c b16e2a647bc8de1f72f25ab29aa916da fullnullson.c [musntl...@pizda ~]# gcc -o hakaruski fullnullson.c ./hakaruski [*] Failed to open file descriptors. [musntl...@pizda ~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),1337(hakaruskis) [musntl...@pizda ~]# whoami musntlive Is this exploit work and is my Linux is RedHat based. Thank you Dan and Ryan Seacrest! -- -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD IPSEC has backdoor
This is not make sense. Is you say: Theo is will never allow backdoor, he is responsible, then is you say No one said this. If someone is determined and bright enough then it is possible they could place a vulnerability in the code. one can only audit for vulnerabilities they know about The code is audited and for all you know any back door which was placed in this code has been found and fixed. then is why there is never mention from OpenBSD long time ago: Is we find backdoor code in audit and fix is that to me would be responsible. Is you cannot have your sarmale and eat it too. What are you talking about??? the allegation here is that this happened 10 years ago. Do you really believe that no security issues or errors, which could later be identified as security issues, have been fixed in that time. Don't be stupid, the fact that these issues where most likely identified as human error as opposed to malicious intent is because this is an open source project built on trust Something wrong with this is picture. If is this Theo responsible like you is say, and he is find backdoor long ago, because he is responsible, he should have is said long time ago As i have tried to make clear above. I said that this alleged issue could have been fixed, that does not infer that it was identified as a backdoor. I am not an OpenBSD developer so please read the following which puts across the point i am trying to make much more elegantly http://marc.info/?l=openbsd-techm=129237675106730w=2 It should be mentioned that at this point this is still just an accusation and one that is becoming more and more uncredible[1][2] [1]http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/ [2]http://marc.info/?l=openbsd-techm=129244045916861w=2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Making Security Suck Less
Hi, Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires. This is from my new article called, Making Security Suck Less you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
I might be lead by the leash on your little rant here, but let me say one thing... Half of the enthusiasm I had for your post evoparated after; How many of you have ever had a virus, scareware, cracks, hacks, or spontaneous reboots even though you've got your wares updated and patches installed? Many of you are keeping your hands up. Enthusiasm simply got replaced with some doubts after reading... Why did so many buy into the crap about There's no such thing as perfect security. and Security is a process.? Why? An unused harddisk under several meters of concrete is perfectly vulnerable to all kinds of attacks. Let alone servers which are supposed to be running 24/7. I'm sorry, but your rant is unrealistic. The next best approach to patch-test-release would be not releasing anything at all. Just my 2cents-worth. Chris. On Thu, Dec 16, 2010 at 8:46 AM, Pete Herzog li...@isecom.org wrote: Hi, Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires. This is from my new article called, Making Security Suck Less you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Binaries can be (and are) analysed just like source code can. That's how a lot of bugs have been found in Windows for example. A lot of open source software has bugs that have gone unnoticed for years. A backdoor can be in the form of an innocent looking programming error (which gives a plausible excuse and therefore deniability). In my opinion it is possible to hide a back door in open source software. Whether it's probable is a different question. Changing the s-boxes in DES (and therefore Triple DES as well) would break comparability with other implementations as it would no longer decrypt the same as a standard implementation. Why purposely program a backdoor when there are already probably already a latent vulnerability in it already? Then there is no deniability concerns and no audit trail of the source code. My 2 cents On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote: On Dec 15, 2010, at 5:23 PM, Graham Gower wrote: On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote: Has anyone read this yet? http://www.downspout.org/?q=node/3 Seems IPSEC might have a back door written into it by the FBI? Surely the thing to do now is not to audit *your own* OpenBSD code, but to audit the OpenBSD code from about 8 years ago. If there's nothing there, then the claim is BS. LJS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Or get hold of the old version of OpenBSD used at EOUSA and compare it to the OpenBSD code from the same time. __ why should anyone other than a us attorney or perhaps an asst us attorney give a rat's ass what may have been going on in their govt issue vpn some years ago? but, as they prosecute federal crimes, if anyone committed a federal crime within their office due to this they are certainly equipped to go after them. these guys have nothing to do with the fbi (they are familially one of the fbi's little first cousins within justice dept) and also have nothing to do with the openbsd distribution. justice and fbi and darpa barely talk with each other about technology is my very strong impression. this whole story makes very little sense to anyone who was at all acquainted with this scene at the time. unless you control the compiler (see ken thompson's turing award lecture) it's a fanciful idea that you could successfully plant a backdoor in an open source OS and expect it to survive. why even bother? (now, watering down the s boxes in single des, that might be feasible...) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
On Thu, 16 Dec 2010 23:26:25 +1100, Abuse007 said: Changing the s-boxes in DES (and therefore Triple DES as well) would break comparability with other implementations as it would no longer decrypt the same as a standard implementation. Not if you managed to tweak the s-boxes while DES was still being designed. It's been known for years that while IBM was designing DES, they had some talks with the NSA, and the rumor was that NSA convinced them to tweak the s-boxes to allow a backdoor. Recently, it was revealed that the NSA *did* give advice about the S-boxes, but it was because the IBM guys had independently come up with the concept of differential cryptanalysis, which the NSA knew about but nobody else did at that time. So NSA gave IBM some hints how to design the s-boxes to harden it against differential cryptanalysis. Or so they said. :) pgpjeCoqoywTL.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Interesting. Abuse007's observations make me think that maybe the backdoor was a vulnerability that was patched sometime in the past. Time to scan the CVE list for OpenBSD... -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Abuse007 Sent: Thursday, December 16, 2010 7:26 AM To: mark seiden Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC Binaries can be (and are) analysed just like source code can. That's how a lot of bugs have been found in Windows for example. A lot of open source software has bugs that have gone unnoticed for years. A backdoor can be in the form of an innocent looking programming error (which gives a plausible excuse and therefore deniability). In my opinion it is possible to hide a back door in open source software. Whether it's probable is a different question. Changing the s-boxes in DES (and therefore Triple DES as well) would break comparability with other implementations as it would no longer decrypt the same as a standard implementation. Why purposely program a backdoor when there are already probably already a latent vulnerability in it already? Then there is no deniability concerns and no audit trail of the source code. My 2 cents On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote: On Dec 15, 2010, at 5:23 PM, Graham Gower wrote: On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote: Has anyone read this yet? http://www.downspout.org/?q=node/3 Seems IPSEC might have a back door written into it by the FBI? Surely the thing to do now is not to audit *your own* OpenBSD code, but to audit the OpenBSD code from about 8 years ago. If there's nothing there, then the claim is BS. LJS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Or get hold of the old version of OpenBSD used at EOUSA and compare it to the OpenBSD code from the same time. __ why should anyone other than a us attorney or perhaps an asst us attorney give a rat's ass what may have been going on in their govt issue vpn some years ago? but, as they prosecute federal crimes, if anyone committed a federal crime within their office due to this they are certainly equipped to go after them. these guys have nothing to do with the fbi (they are familially one of the fbi's little first cousins within justice dept) and also have nothing to do with the openbsd distribution. justice and fbi and darpa barely talk with each other about technology is my very strong impression. this whole story makes very little sense to anyone who was at all acquainted with this scene at the time. unless you control the compiler (see ken thompson's turing award lecture) it's a fanciful idea that you could successfully plant a backdoor in an open source OS and expect it to survive. why even bother? (now, watering down the s boxes in single des, that might be feasible...) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:256 ] git
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:256 http://www.mandriva.com/security/ ___ Package : git Date: December 16, 2010 Affected: 2010.0, 2010.1 ___ Problem Description: A vulnerability was discovered and corrected in git (gitweb): A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables (CVE-2010-3906). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906 ___ Updated Packages: Mandriva Linux 2010.0: 15c6c8e663e112968a98f67243d4165c 2010.0/i586/git-1.6.4.4-6.2mdv2010.0.i586.rpm ea519ed2c9e56e0594c0771107356732 2010.0/i586/git-arch-1.6.4.4-6.2mdv2010.0.i586.rpm 895446404fa0dfce5d19144671ed1d58 2010.0/i586/git-core-1.6.4.4-6.2mdv2010.0.i586.rpm e1ab40047940ba28c6c0c9a5a68277ea 2010.0/i586/git-core-oldies-1.6.4.4-6.2mdv2010.0.i586.rpm b5fca4236ba01fb8fc0d6e40dd74eeda 2010.0/i586/git-cvs-1.6.4.4-6.2mdv2010.0.i586.rpm d6026b630526334ace8a9420b8cd1dc9 2010.0/i586/git-email-1.6.4.4-6.2mdv2010.0.i586.rpm 1d2ab4948d75bfb7af68bcd6de18a79e 2010.0/i586/gitk-1.6.4.4-6.2mdv2010.0.i586.rpm e000cbff804e4bb6dced1dfd15678d98 2010.0/i586/git-prompt-1.6.4.4-6.2mdv2010.0.i586.rpm fce22e0903d3dc13755d05ec1dcd7358 2010.0/i586/git-svn-1.6.4.4-6.2mdv2010.0.i586.rpm 2b9a48fb82d2521fce11d2eab51298b8 2010.0/i586/gitview-1.6.4.4-6.2mdv2010.0.i586.rpm 0e3f625e4b886577abce568a7db75da0 2010.0/i586/gitweb-1.6.4.4-6.2mdv2010.0.i586.rpm fe80f6e5e4db38dec9b8334378dc0e14 2010.0/i586/libgit-devel-1.6.4.4-6.2mdv2010.0.i586.rpm f2710d68e2c0290fa2b22000cef76a3f 2010.0/i586/perl-Git-1.6.4.4-6.2mdv2010.0.i586.rpm 730c9b5525ac0e2da39f8ef32a1498cd 2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a3afd97e663cb90681d50139edce49c7 2010.0/x86_64/git-1.6.4.4-6.2mdv2010.0.x86_64.rpm 12e76316c218b3d083d950d57a8194af 2010.0/x86_64/git-arch-1.6.4.4-6.2mdv2010.0.x86_64.rpm 92675ada81afedbad206f9c680210bef 2010.0/x86_64/git-core-1.6.4.4-6.2mdv2010.0.x86_64.rpm 9af754c3e680fd22802238f0cf583584 2010.0/x86_64/git-core-oldies-1.6.4.4-6.2mdv2010.0.x86_64.rpm 4ee453fd305589d3c64ffbd164eea546 2010.0/x86_64/git-cvs-1.6.4.4-6.2mdv2010.0.x86_64.rpm d9325cbbec0fb01f00b90cc159f2af2c 2010.0/x86_64/git-email-1.6.4.4-6.2mdv2010.0.x86_64.rpm 87be13e1d689c930b1af08c1ed3d904f 2010.0/x86_64/gitk-1.6.4.4-6.2mdv2010.0.x86_64.rpm 3962c77c3076c3b549d59ab1d4788586 2010.0/x86_64/git-prompt-1.6.4.4-6.2mdv2010.0.x86_64.rpm 508ce5a1e7532bf1241cce30248b1787 2010.0/x86_64/git-svn-1.6.4.4-6.2mdv2010.0.x86_64.rpm 3f0ea846c90614d0cccb6fc5a5d0e133 2010.0/x86_64/gitview-1.6.4.4-6.2mdv2010.0.x86_64.rpm 879caf7d5367b1cf6d09a0fb73c73e0d 2010.0/x86_64/gitweb-1.6.4.4-6.2mdv2010.0.x86_64.rpm f6d384b435e7f40a247e5c39cfc13bc5 2010.0/x86_64/lib64git-devel-1.6.4.4-6.2mdv2010.0.x86_64.rpm af291198629803300cf20d660eecb976 2010.0/x86_64/perl-Git-1.6.4.4-6.2mdv2010.0.x86_64.rpm 730c9b5525ac0e2da39f8ef32a1498cd 2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 62eb011ee3b83954a7507ecca7b7a4ca 2010.1/i586/git-1.7.1-1.2mdv2010.1.i586.rpm 1dab4de8f3ecb6707863b0175e96d29e 2010.1/i586/git-arch-1.7.1-1.2mdv2010.1.i586.rpm e4441bda2654842a96a65d4ca3cf8015 2010.1/i586/git-core-1.7.1-1.2mdv2010.1.i586.rpm 491f4f4bbd1c1f02c6cf7f87b73a82c0 2010.1/i586/git-core-oldies-1.7.1-1.2mdv2010.1.i586.rpm 8533935734290a831f0f4214726eab0c 2010.1/i586/git-cvs-1.7.1-1.2mdv2010.1.i586.rpm fb98b059578c98a512de02d4949571a6 2010.1/i586/git-email-1.7.1-1.2mdv2010.1.i586.rpm cacb3c8b70b9e96084db260d1dda3d10 2010.1/i586/gitk-1.7.1-1.2mdv2010.1.i586.rpm 3c7b76d7f637d53ba45554fbff24823b 2010.1/i586/git-prompt-1.7.1-1.2mdv2010.1.i586.rpm 0a304d8e50e7a9e57b69db4ab74af45c 2010.1/i586/git-svn-1.7.1-1.2mdv2010.1.i586.rpm 9eb13c3489600816342700b7b2b32c96 2010.1/i586/gitview-1.7.1-1.2mdv2010.1.i586.rpm 3f1df41a0701012b68652d956a631bed 2010.1/i586/gitweb-1.7.1-1.2mdv2010.1.i586.rpm 1bc26d6014ac921ef984bb24f7f6e3fc 2010.1/i586/libgit-devel-1.7.1-1.2mdv2010.1.i586.rpm fe5ad73829671056af9e74cf93447a51 2010.1/i586/perl-Git-1.7.1-1.2mdv2010.1.i586.rpm 117bb2fbc9c76897eab3a259710a7dda 2010.1/i586/python-git-1.7.1-1.2mdv2010.1.i586.rpm 0768add7131acc7c4534b0004bf6ad25 2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 998a1b44740e7e9e60028fd729274fd2 2010.1/x86_64/git-1.7.1-1.2mdv2010.1.x86_64.rpm
Re: [Full-disclosure] Making Security Suck Less
--On December 16, 2010 12:06:03 PM +0100 Christian Sciberras uuf6...@gmail.com wrote: I'm sorry, but your rant is unrealistic. The next best approach to patch-test-release would be not releasing anything at all. Which, come to think of it, is a release cycle that certain software vendors should consider. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PR10-06: Cross-domain redirect on PGP Universal Web Messenger
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-06 PR10-06 Cross-domain redirect on PGP Universal Web Messenger Advisory publicly released: Thursday, 16 December 2010 Vulnerability found: Wednesday, 10 February 2010 Vendor informed: Wednesday, 10 February 2010 Vulnerability fixed: Tuesday, 14 December 2010 Severity level: Medium/High Credits Jan Fry of ProCheckUp Ltd (www.procheckup.com). Description A remote URI redirection vulnerability affects the PGP Universal Web Messenger. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'retryURL' parameter. An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded once a PGP Universal Web Messenger specially-crafted URL is visited. Vulnerable server-side script: '/b/lnj.e?' Unfiltered parameter: 'retryURL' Proof of concept Example of specially-crafted URL: https://target-domain.foo/b/lnj.e?retryURL=//www.procheckup.com Consequences: Victim users can be redirected to third-party sites for the purpose of exploiting browser vulnerabilities or performing phishing attacks. How to fix The vendor has stated that this issue was addressed in the PGP Universal Web Messenger. References Legal Copyright 2010 Procheckup Ltd. All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: Just because someone got busted and found a number of lunatics in providing mirrors doesn't mean there's a whole industry. If anything, there must be some when we reach billions of lunatics YOU will be called a lunatic :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-292: Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability
ZDI-10-292: Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-292 December 16, 2010 -- CVE ID: CVE-2010-4113 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard Power Manager -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8314. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web based management web server. Proper bounds checking is not applied when parsing the Login variable which can result in an exploitable stack overflow. Successful exploitation can lead to complete system compromise under the SYSTEM credentials. -- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at: http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02239581 -- Disclosure Timeline: 2010-06-03 - Vulnerability reported to vendor 2010-12-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Tenable Network Security * Andrea Micalizzi aka rgod * SilentSignal * Anonymous * Anonymous * Anonymous * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] www.eVuln.com : error Non-persistent XSS in slickMsg
www.eVuln.com advisory: error - Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/163/summary.html Details: http://evuln.com/vulns/163/description.html ---Summary--- eVuln ID: EV0163 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) Description It is possible to inject xss code into error parameter in views/Site/error.php script. Parameter error is not properly sanitized before being used in HTML code. Condition: register_globals: on PoC/Exploit PoC code is available at: http://evuln.com/vulns/163/exploit.html -Solution-- Not available --Credit--- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/code-analysis.html - source code review service ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
I can tell you that it is not only possible, but done. OpenBSD is not the only affected OS. Linux also does contain vulnerabilities, as well as virtually all OS we know - as this is why there are allowed and why we can actually use them. --- On Thu, 12/16/10, Abuse007 abuse...@gmail.com wrote: From: Abuse007 abuse...@gmail.com Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC To: mark seiden m...@seiden.com Cc: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Date: Thursday, December 16, 2010, 12:26 PM Binaries can be (and are) analysed just like source code can. That's how a lot of bugs have been found in Windows for example. A lot of open source software has bugs that have gone unnoticed for years. A backdoor can be in the form of an innocent looking programming error (which gives a plausible excuse and therefore deniability). In my opinion it is possible to hide a back door in open source software. Whether it's probable is a different question. Changing the s-boxes in DES (and therefore Triple DES as well) would break comparability with other implementations as it would no longer decrypt the same as a standard implementation. Why purposely program a backdoor when there are already probably already a latent vulnerability in it already? Then there is no deniability concerns and no audit trail of the source code. My 2 cents On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote: On Dec 15, 2010, at 5:23 PM, Graham Gower wrote: On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote: Has anyone read this yet? http://www.downspout.org/?q=node/3 Seems IPSEC might have a back door written into it by the FBI? Surely the thing to do now is not to audit *your own* OpenBSD code, but to audit the OpenBSD code from about 8 years ago. If there's nothing there, then the claim is BS. LJS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Or get hold of the old version of OpenBSD used at EOUSA and compare it to the OpenBSD code from the same time. __ why should anyone other than a us attorney or perhaps an asst us attorney give a rat's ass what may have been going on in their govt issue vpn some years ago? but, as they prosecute federal crimes, if anyone committed a federal crime within their office due to this they are certainly equipped to go after them. these guys have nothing to do with the fbi (they are familially one of the fbi's little first cousins within justice dept) and also have nothing to do with the openbsd distribution. justice and fbi and darpa barely talk with each other about technology is my very strong impression. this whole story makes very little sense to anyone who was at all acquainted with this scene at the time. unless you control the compiler (see ken thompson's turing award lecture) it's a fanciful idea that you could successfully plant a backdoor in an open source OS and expect it to survive. why even bother? (now, watering down the s boxes in single des, that might be feasible...) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
On Thu, Dec 16, 2010 at 08:45:13AM -0500, valdis.kletni...@vt.edu wrote: On Thu, 16 Dec 2010 23:26:25 +1100, Abuse007 said: Changing the s-boxes in DES (and therefore Triple DES as well) would break comparability with other implementations as it would no longer decrypt the same as a standard implementation. Not if you managed to tweak the s-boxes while DES was still being designed. It's been known for years that while IBM was designing DES, they had some talks with the NSA, and the rumor was that NSA convinced them to tweak the s-boxes to allow a backdoor. Recently, it was revealed that the NSA *did* give advice about the S-boxes, but it was because the IBM guys had independently come up with the concept of differential cryptanalysis, which the NSA knew about but nobody else did at that time. So NSA gave IBM some hints how to design the s-boxes to harden it against differential cryptanalysis. Or so they said. :) There are no cryptographic S-Box backdoors in AES, I haven't verified this myself, it's on the agenda, but there have been many comb searches through the DES algorithm. ~malfy -- Wisdom begins in wonder -Socrates I don't read unencrypted mail PGP Key: C9E86E81 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
There are several problems with this story that seem to have been overlooked. First, if someone was able to alter the crypto source code 10 years ago, you have to assume that in the following 10 years not one person reviewing or editing that code would have noticed a thing. So, the person who did the altering has to be smarter than every other crypto guy who worked on the code. Smart enough that nobody would even notice what he did and smart enough that nothing would be noticed operationally. Not one entity, with all the security personnel those entities employed, would have ever noticed or even inadvertently stumbled across any traffic going to an unexpected place. Second, no one editing the crypto code after the alteration would have ever made a single change to the code that would affect the alteration in an adverse way, either rendering it inoperable or causing it to generate traffic that would be unexpected and noticed by watchful eyes. Now we're talking a genius on the level of Einstein, at least. Of all the code in use, crypto is probably the most scrutinized and is scrutinized by the smartest guys. All of whom were apparently too dumb to notice *anything* unusual in the code at all, if this story is to be believed. And he was able to alter it in a way that made it completely resistant to any future changes in the code. Finally, the guy who sent Theo the email obviously lied, or else there's a third Scott Lowe that hasn't yet been unearthed. It's impossible to prove a negative. So, if you want to hurt or get back at Theo for some reason, the easiest way to do it is claim there's a supersekrit backdoor in the code that no one has noticed for ten years. Now Theo gets to go on a wild goose chase that has no resolution, because you cannot prove there is no backdoor. The best you can do is claim to have thoroughly audited the code and not found one. Conspiracy theorists thrive on claims that can never be disproven. A hundred years from now, people will still be whispering that there's a backdoor in the crypto supplied by OpenBSD. Just like they claim that Oswald didn't act alone and the government blew up the twin towers. Common sense and the preponderance of the evidence tell you otherwise, but all that is ignored in favor of the grand theory that big brother is watching. Rational people don't fall for this stuff. Should the code be audited? Of course! Auditing is always useful and often productive. Should we assume the worst? Not without better evidence than what we have before us now. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
OpenBSD is Backdoor facts 1) Is we look to monkey.org posting, we is see Theo make is change to CVS for this portion of code is work on by Jason (name is mentioned by Perry) 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6, musn't live theorize 2.6 * 2.6: December 1, 1999 - * Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. http://en.wikipedia.org/wiki/Timeline_of_OpenBSD 3) Is Theo not deny there is no backdoor, only say he is unaware (musn't live is unaware of exact time right now, is know time exist!) a) Theo and OpenBSD not audit anything (trusting trust) b) pre-emptive is wasn't me from Theo in event truth comes later Hey I is Theo I do right thing and strike err.. Disclose first! I not know! c) all of is the above 4) While is everyone claim Perry прил, is no one else outside of Jason on OpenBSD is say: Perry is lying even former developers is stay quiet to protect the DARPA/FBI innocent 5) Is possible at people by mentioned in named by Perry, go to Canada to hack code and plant is backdoor 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is controlled by those is accused, quick move and we is have: See is no backdoor in this backdoor! 7) OpenBSD is the most secure backdoored on the planet 8) Is need slogan change: Only two remote holes in the default install, in a heck of a long time! (Is besides backdoor!!!) 9) We is all peons to Theo and we is cannot figure out truth as we is brains are so too small 10) Claims surpass is Microsoft NSA theory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1033-1] Eucalyptus vulnerability
=== Ubuntu Security Notice USN-1033-1 December 16, 2010 eucalyptus vulnerability CVE-2010-3905 === A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: eucalyptus-java-common 2.0+bzr1241-0ubuntu4.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment. Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241-0ubuntu4.1.debian.tar.gz Size/MD5: 1089703 f069164d6b2ca21b88576a3ca0b9c2c4 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241-0ubuntu4.1.dsc Size/MD5: 3130 cc4ffed69d917b9b79a1e55ce4e4cce5 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241.orig.tar.gz Size/MD5: 1125937 53aa41e05e82eb21b9c22986b908bb90 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cc_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 521416 38de80370f3ee94f76830c29595d2fde http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cloud_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 297032 859b7a1d592ef6bfb0d0e336ac4df096 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-common_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 442732 ecf1716a8c5550632769e93faf6c653d http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-gl_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5:58358 924adeb96eae67118ea48ce66ccdd1de http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-java-common_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 5823190 9e2d42104ae6d4e99b73b9af3767b3ed http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-nc_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 295222 b2a2b8e919da3190fd7fc6b62eee3fd0 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-sc_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5:83592 24f5a556f6efe3370c65fdbc9fcfad9b http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-udeb_2.0+bzr1241-0ubuntu4.1_amd64.udeb Size/MD5:11386 ad7098126c99e9cf6b01be308fd15558 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-walrus_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5:95918 554c4d2a8a54c96ffb2f6df06150a771 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/uec-component-listener_2.0+bzr1241-0ubuntu4.1_amd64.deb Size/MD5: 9840 12f99f596ecb7663227fa252d6f98ed8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cc_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 456010 d3d65bdc406ffc849229db07fc932ed8 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cloud_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 296976 c897fe371e8cf30ce2ebfaa370a4ee2f http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-common_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 380950 9ffa8290b6a8c0170a8469cdbfb9e4aa http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-gl_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5:51464 95f8361795cd1a1f7371ed32b6c85bb9 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-java-common_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 5824096 3dac8ecf2fd4e1d1a3c4334678f8e827 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-nc_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 257456 fce08ca26921c9fdac1cb0191b2c03b8 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-sc_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5:83366 7cdad21c04f47a85fbba9549b4c5af91 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-udeb_2.0+bzr1241-0ubuntu4.1_i386.udeb Size/MD5:10788 717ac6e2fa4cb9cff22a2e9438cfe304 http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-walrus_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5:95682 7af42d18b09a7d9793d916588919b0ce http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/uec-component-listener_2.0+bzr1241-0ubuntu4.1_i386.deb Size/MD5: 9068 74a75f5e3609cf0d99b749e464c0fcd3 powerpc architecture (Apple Macintosh G3/G4/G5):
[Full-disclosure] New penetration testing tool for free
We are happy to announce the release of Insect Pro 1.0 a free tool for doing penetration test. Insect Pro examines potentially vulnerable services, exposes points where an attacker could breach the network, and exploits the vulnerability to prove its existence without a doubt. Get it while its hot from: http://www.insecurityresearch.com Weekly exploit updates will be distributed by email, stay tunned! This is the first release thus we would be glad to have your feedback! Regards from Argentina! Juan Sacco ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
Ahh, where was my head?!! Replace lunatic with sheep. :) On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski gunin...@guninski.comwrote: On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: Just because someone got busted and found a number of lunatics in providing mirrors doesn't mean there's a whole industry. If anything, there must be some when we reach billions of lunatics YOU will be called a lunatic :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Why OpenBSD is can be backdoored and no one is see comeing
Schmel is say There are several problems with this story that seem to have been overlooked. First, if someone was able to alter the crypto source code 10 years ago, you have to assume that in the following 10 years not one person reviewing or editing that code would have noticed a thing. So, the person who did the altering has to be smarter than every other crypto guy who worked on the code. Smart enough that nobody would even notice what he did and smart enough that nothing would be noticed operationally. Not one entity, with all the security personnel those entities employed, would have ever noticed or even inadvertently stumbled across any traffic going to an unexpected place. Schmehl is cuckoo. Is truth be is that, is someone in US government is make crypto beforehand and is give to the accused, backdoor is pre-programmed and is could be created by is same people who is create Magic Lantern, DCS1000, etc., is could include NSA. Second, no one editing the crypto code after the alteration would have ever made a single change to the code that would affect the alteration in an adverse way, either rendering it inoperable or causing it to generate traffic that would be unexpected and noticed by watchful eyes. Schmehl is smelly. Is not know about covert ICMP fragments that is can be reassembled. Is data parsed out of encryption, data too can be inserted into ICMP covert tunnel in fragment to say Google and is sniffer can see traffic. Person watching see ICMP to Google and say all is goodski Now we're talking a genius on the level of Einstein, at least. Of all the code in use, crypto is probably the most scrutinized and is scrutinized by the smartest guys. All of whom were apparently too dumb to notice *anything* unusual in the code at all, if this story is to be believed. And he was able to alter it in a way that made it completely resistant to any future changes in the code. Is you overlook is fact, coders at NSA could give someone pre-programmed code Finally, the guy who sent Theo the email obviously lied, or else there's a third Scott Lowe that hasn't yet been unearthed. Is how you know he lie? You is speculate It's impossible to prove a negative. So, if you want to hurt or get back at Theo for some reason, the easiest way to do it is claim there's a supersekrit backdoor in the code that no one has noticed for ten years. Now Theo gets to go on a wild goose chase that has no resolution, because you cannot prove there is no backdoor. The best you can do is claim to have thoroughly audited the code and not found one. Terrorist demand US soldiers go home Liberals demand US soldiers go home Is Liberal terrorist? Men still have to be governed by deception. Georg C. Lichtenberg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
HAHAHAHAHAH!! GOD so are funny you!11 2010/12/16 musnt live musntl...@gmail.com OpenBSD is Backdoor facts 1) Is we look to monkey.org posting, we is see Theo make is change to CVS for this portion of code is work on by Jason (name is mentioned by Perry) 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6, musn't live theorize 2.6 * 2.6: December 1, 1999 - * Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. http://en.wikipedia.org/wiki/Timeline_of_OpenBSD 3) Is Theo not deny there is no backdoor, only say he is unaware (musn't live is unaware of exact time right now, is know time exist!) a) Theo and OpenBSD not audit anything (trusting trust) b) pre-emptive is wasn't me from Theo in event truth comes later Hey I is Theo I do right thing and strike err.. Disclose first! I not know! c) all of is the above 4) While is everyone claim Perry прил, is no one else outside of Jason on OpenBSD is say: Perry is lying even former developers is stay quiet to protect the DARPA/FBI innocent 5) Is possible at people by mentioned in named by Perry, go to Canada to hack code and plant is backdoor 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is controlled by those is accused, quick move and we is have: See is no backdoor in this backdoor! 7) OpenBSD is the most secure backdoored on the planet 8) Is need slogan change: Only two remote holes in the default install, in a heck of a long time! (Is besides backdoor!!!) 9) We is all peons to Theo and we is cannot figure out truth as we is brains are so too small 10) Claims surpass is Microsoft NSA theory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why OpenBSD is can be backdoored and no one is see comeing
--On December 16, 2010 4:04:27 PM -0500 musnt live musntl...@gmail.com wrote: Schmehl is cuckoo. Is truth be is that, is someone in US government is make crypto beforehand and is give to the accused, backdoor is pre-programmed and is could be created by is same people who is create Magic Lantern, DCS1000, etc., is could include NSA. Is pigs could fly, is musnt live is intelligent. Schmehl is smelly. Is not know about covert ICMP fragments that is can be reassembled. Is data parsed out of encryption, data too can be inserted into ICMP covert tunnel in fragment to say Google and is sniffer can see traffic. Person watching see ICMP to Google and say all is goodski Ooohhh, who in their right mind would look for things like covert channels in ICMP? I is never was thought is that. Thanks is so much for is you educate me. Is it time for your pills now? Terrorist demand US soldiers go home Liberals demand US soldiers go home Is Liberal terrorist? Is this rhetorical? Men still have to be governed by deception. Georg C. Lichtenberg Ah, well, if Lichtenberg said it, is must be truth. Who is was we to question Lickingberg Is your mind gone? Or merely on the road? -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Don't forget that the Apollo program was filmed on a sound stage... On a more serious note, every point you've made is valid. Anyone who's ever met Theo would be hard put to believe such a claim anyway. -- John Horn City of Tucson, IT Department Network Services (Network security) Phone: (520) 837-6036 -- CONFIDENTIALITY NOTICE: If you have received this email in error, please immediately notify the sender by e-mail at the address shown. This email transmission may contain confidential information. This information is intended only for the use of the individual(s) or entity to whom it is intended even if addressed incorrectly. Please delete it from your files if you are not the intended recipient. Thank you for your compliance, time and attention to this matter. On Thu, Dec 16, 2010 at 1:50 PM, in message 426e9c71c99e6db13e125...@utd71538.local, Paul Schmehl pschmehl_li...@tx.rr.com wrote: There are several problems with this story that seem to have been overlooked. First, if someone was able to alter the crypto source code 10 years ago, you have to assume that in the following 10 years not one person reviewing or editing that code would have noticed a thing. So, the person who did the altering has to be smarter than every other crypto guy who worked on the code. Smart enough that nobody would even notice what he did and smart enough that nothing would be noticed operationally. Not one entity, with all the security personnel those entities employed, would have ever noticed or even inadvertently stumbled across any traffic going to an unexpected place. Second, no one editing the crypto code after the alteration would have ever made a single change to the code that would affect the alteration in an adverse way, either rendering it inoperable or causing it to generate traffic that would be unexpected and noticed by watchful eyes. Now we're talking a genius on the level of Einstein, at least. Of all the code in use, crypto is probably the most scrutinized and is scrutinized by the smartest guys. All of whom were apparently too dumb to notice *anything* unusual in the code at all, if this story is to be believed. And he was able to alter it in a way that made it completely resistant to any future changes in the code. Finally, the guy who sent Theo the email obviously lied, or else there's a third Scott Lowe that hasn't yet been unearthed. It's impossible to prove a negative. So, if you want to hurt or get back at Theo for some reason, the easiest way to do it is claim there's a supersekrit backdoor in the code that no one has noticed for ten years. Now Theo gets to go on a wild goose chase that has no resolution, because you cannot prove there is no backdoor. The best you can do is claim to have thoroughly audited the code and not found one. Conspiracy theorists thrive on claims that can never be disproven. A hundred years from now, people will still be whispering that there's a backdoor in the crypto supplied by OpenBSD. Just like they claim that Oswald didn't act alone and the government blew up the twin towers. Common sense and the preponderance of the evidence tell you otherwise, but all that is ignored in favor of the grand theory that big brother is watching. Rational people don't fall for this stuff. Should the code be audited? Of course! Auditing is always useful and often productive. Should we assume the worst? Not without better evidence than what we have before us now. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Notice of Confidentiality: This communication may contain confidential and/or proprietary information and may not be disclosed to anyone other than the intended addressee. Any other disclosure is strictly prohibited by law. If you are not the intended addressee, you have received this communication in error. Please notify the sender immediately and destroy the communication, including all content and any attachments. Thank you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
Is we has packet we is do this: 1) Program is write to take copy of messages before encryption and is write to tmp file 2) Program is write to split tmp file and insert into fragments on wire at 2bytes 3) Program is write to send to random source and is someone watch, who care. Is never tell 2 bytes is sifted for reassemble elsewhere. Is you send packets to gOOgle, no one stop think about this. Packets =- Google | | 2bytes sniffed { reassemble bytes later } Is anyone see packets who can tell what is go through the wire? No one. Is ICMP used for covert backdoor or is this message can be sent when someone browse in HTTP header later, or, e.g.: Network Stack Program -- is someone ping with special ICMP code -- come to papa -- you send response to knocker with 2bytes in unreachable. Knocker reassemble full message. Sidechannel backdoor! Network stack program possible to blame as is Theo change ICMP in 2007 and he also was spoofing time, do not is believe me, is see for yourself: http://seclists.org/bugtraq/2005/Jul/93 From: Theo de Raadt deraadt () cvs openbsd org Date: Wed, 06 Jul 2005 20:17:36 -0600 Is yet, he send in 2007. For why is he underhanded the world? 's/Demi/Theo/g http://www.moviequotes.com/fullquote.cgi?qnum=167829 ' ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
God, i cant even understand half the shit he is saying? English so upside down! On 12/17/10, Christian Sciberras uuf6...@gmail.com wrote: HAHAHAHAHAH!! GOD so are funny you!11 2010/12/16 musnt live musntl...@gmail.com OpenBSD is Backdoor facts 1) Is we look to monkey.org posting, we is see Theo make is change to CVS for this portion of code is work on by Jason (name is mentioned by Perry) 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6, musn't live theorize 2.6 * 2.6: December 1, 1999 - * Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. http://en.wikipedia.org/wiki/Timeline_of_OpenBSD 3) Is Theo not deny there is no backdoor, only say he is unaware (musn't live is unaware of exact time right now, is know time exist!) a) Theo and OpenBSD not audit anything (trusting trust) b) pre-emptive is wasn't me from Theo in event truth comes later Hey I is Theo I do right thing and strike err.. Disclose first! I not know! c) all of is the above 4) While is everyone claim Perry прил, is no one else outside of Jason on OpenBSD is say: Perry is lying even former developers is stay quiet to protect the DARPA/FBI innocent 5) Is possible at people by mentioned in named by Perry, go to Canada to hack code and plant is backdoor 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is controlled by those is accused, quick move and we is have: See is no backdoor in this backdoor! 7) OpenBSD is the most secure backdoored on the planet 8) Is need slogan change: Only two remote holes in the default install, in a heck of a long time! (Is besides backdoor!!!) 9) We is all peons to Theo and we is cannot figure out truth as we is brains are so too small 10) Claims surpass is Microsoft NSA theory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On Thu, Dec 16, 2010 at 10:03:56PM +0100, Christian Sciberras wrote: Ahh, where was my head?!! Replace lunatic with sheep. :) itz all the same, only the namez will change: when we reach multi billions of sheepz YOU will be called an ``овца'' :) On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski gunin...@guninski.comwrote: On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: Just because someone got busted and found a number of lunatics in providing mirrors doesn't mean there's a whole industry. If anything, there must be some when we reach billions of lunatics YOU will be called a lunatic :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
--On December 16, 2010 4:25:27 PM -0500 musnt live musntl...@gmail.com wrote: Is we has packet we is do this: 1) Program is write to take copy of messages before encryption and is write to tmp file Is no one is noticed this program or its temp file because everyone dumb except us govt. Is program have cloaking feature that hide from everyone except Klingons. 2) Program is write to split tmp file and insert into fragments on wire at 2bytes Is program is in memory but no one is noticed because everyone dumb except us govt. Is ls can't find, is sockstat no good, is filestat dumb too. Everything hide from everyone. 3) Program is write to send to random source and is someone watch, who care. Is never tell 2 bytes is sifted for reassemble elsewhere. Is you send packets to gOOgle, no one stop think about this. Is you did, but you is obviously smarter than the average bear. Packets =- Google | | 2bytes sniffed { reassemble bytes later } Is anyone see packets who can tell what is go through the wire? No one. Is ICMP used for covert backdoor or is this message can be sent when someone browse in HTTP header later, or, e.g.: Is ICMP not blocked at edge of network, because everyone dumber than rocks and no one have IDS because is way to sofisticatable than the average bear. Network Stack Program -- is someone ping with special ICMP code -- come to papa -- you send response to knocker with 2bytes in unreachable. Knocker reassemble full message. Sidechannel backdoor! If Papa have sniffer on your network, you is have bigger problem than papa. Network stack program possible to blame as is Theo change ICMP in 2007 and he also was spoofing time, do not is believe me, is see for yourself: http://seclists.org/bugtraq/2005/Jul/93 Now we get to the bottom line. Theo is evvviiilll because, well Theo is Theo. From: Theo de Raadt deraadt () cvs openbsd org Date: Wed, 06 Jul 2005 20:17:36 -0600 Is yet, he send in 2007. For why is he underhanded the world? Is he want to dominate world, because he is . Just like Bill Gates. Is you need me send you to some meds? -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
Hello Full Disclosure!!! I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is like to smell Theo's crotch. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
On 16 December 2010 22:26, musnt live musntl...@gmail.com wrote: Hello Full Disclosure!!! I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is like to smell Theo's crotch. Sorry Paul, your response was witty but i think musnt live has bested you here. you should probably admit defeat and call it a day. there is no chance you would be able to counter wit like this ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
--On December 16, 2010 11:23:10 PM + John Bond john.r.b...@gmail.com wrote: On 16 December 2010 22:26, musnt live musntl...@gmail.com wrote: Hello Full Disclosure!!! I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is like to smell Theo's crotch. Sorry Paul, your response was witty but i think musnt live has bested you here. you should probably admit defeat and call it a day. there is no chance you would be able to counter wit like this I am unable to respond because I am laughing so hard. Perhaps tomorrow -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Perry explains OpenBSD backdoor more
http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd Hello Robert, I did not really intend for Theo to cross post that message to the rest of the Internet, but I stand by my original email message to him in those regards. The OCF was a target for side channel key leaking mechanisms, as well as pf (the stateful inspection packet filter), in addition to the gigabit Ethernet driver stack for the OpenBSD operating system; all of those projects NETSEC donated engineers and equipment for, including the first revision of the OCF hardware acceleration framework based on the HiFN line of crypto accelerators. The project involved was the GSA Technical Support Center, a circa 1999 joint research and development project between the FBI and the NSA; the technologies we developed were Multi Level Security controls for case collaboration between the NSA and the FBI due to the Posse Commitatus Act, although in reality those controls were only there for show as the intended facility did in fact host both FBI and NSA in the same building. We were tasked with proposing various methods used to reverse engineer smart card technologies, including Piranha techniques for stripping organic materials from smart cards and other embedded systems used for key material storage, so that the gates could be analyzed with Scanning Electron and Scanning Tunneling Microscopy. We also developed proposals for distributed brute force key cracking systems used for DES/3DES cryptanalysis, in addition to other methods for side channel leaking and covert backdoors in firmware-based systems. Some of these projects were spun off into other sub projects, JTAG analysis components etc. I left NETSEC in 2000 to start another venture, I had some fairly significant concerns with many aspects of these projects, and I was the lead architect for the site-to-site VPN project developed for Executive Office for United States Attorneys, which was a statically keyed VPN system used at 235+ US Attorney locations and which later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad. The person I reported to at EOSUA was Zal Azmi, who was later appointed to Chief Information Officer of the FBI by George W. Bush, and who was chosen to lead portions of the EOUSA VPN project based upon his previous experience with the Marines (prior to that, Zal was a mujadeen for Usama bin Laden in their fight against the Soviets, he speaks fluent Farsi and worked on various incursions with the CIA as a linguist both pre and post 911, prior to his tenure at the FBI as CIO and head of the FBI’s Sentinel case management system with Lockheed). After I left NETSEC, I ended up becoming the recipient of a FISA-sanctioned investigation, presumably so that I would not talk about those various projects; my NDA recently expired so I am free to talk about whatever I wish. Here is one of the articles I was quoted in from the NY Times that touches on the encryption export issue: In reality, the Clinton administration was very quietly working behind the scenes to embed backdoors in many areas of technology as a counter to their supposed relaxation of the Department of Commerce encryption export regulations – and this was all pre-911 stuff as well, where the walls between the FBI and DoD were very well established, at least in theory. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenBSD joins Checkpoint, NSA, Verint and ATT
As musntlive theorized a cooperative collaberation between NSA and FBI musnt been used to backdoor and deliver predefined payloads: The project involved was the GSA Technical Support Center, a circa 1999 joint research and development project between the FBI and the NSA; the technologies we developed were Multi Level Security controls for case collaboration between the NSA and the FBI due to the Posse Commitatus Act Is we see ATT + Narus + NSA and is we turn stupid eye: ATT is would never tap the United States! http://www.wired.com/science/discoveries/news/2006/04/70619 Is we see collusion from OpenBSD + FBI + NSA and we hear Theo: Is not me Is Americans really stupid to believe is not happen? We hear that US attorneys is was also backdoored. Is Americans too high on Theo to believe is this not true: a statically keyed VPN system used at 235+ US Attorney locations and which later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad. Is Perry say: The person I reported to at EOSUA was Zal Azmi, who was later appointed to Chief Information Officer of the FBI by George W. Bush Is Azmi say: As former FBI CIO Zal Azmi says, “There have been a number of government cybersecurity plans put forward over the last several years… When it comes to cybersecurity, the time for talk is over and the time for action is way overdue…policies and procedures have been talked to death.”68 (http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Template.asp?articleid=2167zoneid=280) Is we to remember, Checkpoint was backdoored, and is US (FBI, DOJ, DEA, etc) have all phone taps before (http://www.coffinman.co.uk/an_israeli_trojan_horse.htm) http://archives.neohapsis.com/archives/firewalls/2000-q4/2514.html So we is think: US DOJ - pwneruski US DEA - pwneruski US FBI - pwneruski Internet in US - Narus + ATT - pwneruski US District Attorneys - pwneruski OpenBSD - advocates and Theo nuthuggers (Schmehl, etc.) say NO PWNERUSKI And this is because? OpenBSD is would never sell out? musntlive laugh at marvel Donot is worry those in America. Is not like your President isn't looking to backdoor everything http://boingboing.net/2010/09/27/obama-administration.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Instead of an overt back-door, is it possible that Theo's old friend (;)) is referring to exploitable vulnerabilities. These vulnerabilities may or may not have been found in the interim and fixed, but not recognized as backdoors. As you said, it's impossible to prove a negative (prove to me that you haven't read Moby Dick), but the scenario above sounds kind of reasonable to me. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Paul Schmehl Sent: Thursday, December 16, 2010 3:50 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC There are several problems with this story that seem to have been overlooked. First, if someone was able to alter the crypto source code 10 years ago, you have to assume that in the following 10 years not one person reviewing or editing that code would have noticed a thing. So, the person who did the altering has to be smarter than every other crypto guy who worked on the code. Smart enough that nobody would even notice what he did and smart enough that nothing would be noticed operationally. Not one entity, with all the security personnel those entities employed, would have ever noticed or even inadvertently stumbled across any traffic going to an unexpected place. Second, no one editing the crypto code after the alteration would have ever made a single change to the code that would affect the alteration in an adverse way, either rendering it inoperable or causing it to generate traffic that would be unexpected and noticed by watchful eyes. Now we're talking a genius on the level of Einstein, at least. Of all the code in use, crypto is probably the most scrutinized and is scrutinized by the smartest guys. All of whom were apparently too dumb to notice *anything* unusual in the code at all, if this story is to be believed. And he was able to alter it in a way that made it completely resistant to any future changes in the code. Finally, the guy who sent Theo the email obviously lied, or else there's a third Scott Lowe that hasn't yet been unearthed. It's impossible to prove a negative. So, if you want to hurt or get back at Theo for some reason, the easiest way to do it is claim there's a supersekrit backdoor in the code that no one has noticed for ten years. Now Theo gets to go on a wild goose chase that has no resolution, because you cannot prove there is no backdoor. The best you can do is claim to have thoroughly audited the code and not found one. Conspiracy theorists thrive on claims that can never be disproven. A hundred years from now, people will still be whispering that there's a backdoor in the crypto supplied by OpenBSD. Just like they claim that Oswald didn't act alone and the government blew up the twin towers. Common sense and the preponderance of the evidence tell you otherwise, but all that is ignored in favor of the grand theory that big brother is watching. Rational people don't fall for this stuff. Should the code be audited? Of course! Auditing is always useful and often productive. Should we assume the worst? Not without better evidence than what we have before us now. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
I can only speculate the following with regards to Perry coming out of the blue with this news and it obviously means nothing as I'm not a profiler, psychologist, etc. and even if I were, who cares at the end of the day. There is probably some form of credibility to perhaps the government wanting to backdoor OpenBSD or any other operating system but that obviously does not mean this occurred. What I think about his disclosure is, Perry sought to make something known to Theo which took Theo by surpise and Theo being who he is disclosed it to the public. The following strike me as odd though: I have never seen Theo come out of the blue publicly for something non-BSD related. I never struck him as the type to put his business out there especially in a case like this. My thoughts are: If he DID know something, why would he PUBLICLY out himself like that. It would have made more sense for him to keep that conversation private and lie enough to dissuade this Perry go to hush/think about things differently, etc. I'm think if it were me, I would have done the same had I no knowledge. Had I knowledge, my first thought would be: By publicly disclosing anything, the people I report(ed) to will be pissed and it'll kick up a firestorm (this is for those who speculate Theo had something to do with this). So I think, what does this Perry guy have against the others. Are there any documented exchanges or disagreements between Perry, Wright or Lowe? For someone to come out of the blue, name names 10 years later makes little sense. It must have been a hell of a bone to grind to wait 10 years once an NDA has expired to out someone. For that, an anonymous email to a mailing list would have sufficed as opposed to waiting 10 years. I then think, wait a minute, something like this (backdooring anything) must go beyond a 10 year NDA. Even if it didn't, the potential blowback Perry could face would be so enormous, it would not only be insane to come out of the woodworks, but likely career suicide as well. The 'bone to pick' doesn't sound realistic. After all, he could have submitted an anonymous email years ago to air his dirt. What I believe happened is an iteration of rumors. Perhaps there came a time when an agency in government wanted to place backdoors, maybe even approached BSD developers [1]. Did it fly? Only three people would completely know at the end of the day: Perry, Scott Lowe (whomever he is) Jason Wright. Would you like to help the government... We need you to ... which after time became the government placed a backdoor. Ten years is an awful long time to sit around with whiffs of news like this. I doubt a secret like that could have been kept secret for 10 long years. At the same time though, I doubt there is reason for Perry to outright make this up. I think maybe he heard a rumor and rolled with it. I've re-read Perry's email to Theo and another response. His initial e-mail didn't impose a sense of payback is a bitch but more of a I think you should know so for those claiming he wanted to get back at Theo you may be oblivious to the fact that he sent the email to Theo in private, not to a mailing list. That debunks any notion to me that he was trying to hurt Theo. He would have had to have known 100% that Theo would disclose the email. So the point of him coming out of the closet to hurt Theo is weak and moot if you ask me. As for the credibility of a former agent saying we tried it didn't work sounds fishy as well. I don't know about anyone else but I can't imagine him admitting to anything sure we backdoored it That wouldn't make any sense and would likely make him a few enemies both on and off that agency. At the end of the day though, I could honestly care less if they backdoored my VPN. They'd be might bored wondering why terminals are always tail -f'ing, and how the hell I manage to type so much without shutting up ;) [1] https://twitter.com/ejhilbert/status/14891845825863680 -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently. - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x5CCD6B5E ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Allegations regarding OpenBSD IPSEC
Talking about hidden backdoors and how long until people notice in the source. Maybe the backdoor is not in the source anymore, but has been cleverly removed: please read Ken Thompson's 1984 Trusting Trust lecture http://cm.bell-labs.com/who/ken/trust.html (I am not suggesting that any such thing has ever been done.) Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
On Thu, Dec 16, 2010 at 8:47 PM, paul.sz...@sydney.edu.au wrote: Talking about hidden backdoors and how long until people notice in the source. Maybe the backdoor is not in the source anymore, but has been cleverly removed: please read Ken Thompson's 1984 Trusting Trust lecture http://cm.bell-labs.com/who/ken/trust.html Good find. I tried looking it up, but I lacked the magic keywords and got gamed by the google ad-word folks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
fuck that is stop with your is theories. is bring facts. is. and learn actual english ffs. is! On Thu, Dec 16, 2010 at 11:26 PM, musnt live musntl...@gmail.com wrote: like to warn you about Paul Sch -- faust. Nobody wants to say how this works. Maybe nobody knows ... Xorg.conf(5) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying
is a fucking laugh riot this thread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Just FYI, APPLE-SA-2010-12-16-1 Released for Airport Firmware
Honourable mention for a strong and swift [PS] response to security announcements. Apple has released fixes for various problems with Airport firmware, whose vulnerabilities date back to 2008. You can read the full announcement at: http://support.apple.com/kb/HT4298 My unsanitised FTP PORT command problem (thanks for credit Apple, but which I have long since dealt with by not running an FTP server behind a Time Capsule) was nine months old. I couldn't find the reference for the latest CVE, but it seems to be for a month ago. A happy day. :-) Cheers, Sabahattin PS: If anybody at Apple, or anybody with a humour impairment, should read this, it's a joke, dammit. Of course I'm happy they've honoured the problems. I'm almost sure they feel the same way I do about the whole thing, though. I mean, the CVE comes out, they put an autoresponder in front of the security contact (which takes the form of a person using copy and paste) and nothing happens - either they just genuinely don't care for the severity of the problems (can you imagine Cisco doing that?!!), or they're too busy releasing shiny new iGadgets to put most of these little problems aside as minor inconveniences. But until they remedy that, they won't get these things into business. Which, FTR, I think would be a big shame. No, seriously - there's something badly, badly wrong when you have to time your security announcements so that their availability heralds a new product release. :-( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
I did understand the differences. The main issue is that dangerous material may be published anonymously without verification or indeed, any peer review. Keep in mind that you can easily set off people by telling them a UFO crashed in the centre of New York, and there are actually those that would believe it. Just consider the kind of laymen running blogs and how they react over anything that stirs the slightest news. I am with you on this one. Take a look at the shitstorm in Pakistan over faked wikileaks cables (0), (1) (2). (0) http://www.google.com/hostednews/afp/article/ALeqM5jP2p0uuRX56yc0w9vXP8PRH5t5YA?docId=CNG.ff5b1dec5d31e4c8a507f2ccde331d41.881 (1) http://www.dawn.com/2010/12/17/massaging-public-opinion.html (2) http://www.thehindu.com/news/international/article948427.ece ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
Extreme Yodaism is my guess... 2010/12/16 Gichuki John Chuksjonia chuksjo...@gmail.com God, i cant even understand half the shit he is saying? English so upside down! On 12/17/10, Christian Sciberras uuf6...@gmail.com wrote: HAHAHAHAHAH!! GOD so are funny you!11 2010/12/16 musnt live musntl...@gmail.com OpenBSD is Backdoor facts 1) Is we look to monkey.org posting, we is see Theo make is change to CVS for this portion of code is work on by Jason (name is mentioned by Perry) 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6, musn't live theorize 2.6 * 2.6: December 1, 1999 - * Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. http://en.wikipedia.org/wiki/Timeline_of_OpenBSD 3) Is Theo not deny there is no backdoor, only say he is unaware (musn't live is unaware of exact time right now, is know time exist!) a) Theo and OpenBSD not audit anything (trusting trust) b) pre-emptive is wasn't me from Theo in event truth comes later Hey I is Theo I do right thing and strike err.. Disclose first! I not know! c) all of is the above 4) While is everyone claim Perry прил, is no one else outside of Jason on OpenBSD is say: Perry is lying even former developers is stay quiet to protect the DARPA/FBI innocent 5) Is possible at people by mentioned in named by Perry, go to Canada to hack code and plant is backdoor 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is controlled by those is accused, quick move and we is have: See is no backdoor in this backdoor! 7) OpenBSD is the most secure backdoored on the planet 8) Is need slogan change: Only two remote holes in the default install, in a heck of a long time! (Is besides backdoor!!!) 9) We is all peons to Theo and we is cannot figure out truth as we is brains are so too small 10) Claims surpass is Microsoft NSA theory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/