[Full-disclosure] LulzSec EXPOSED!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lulzsec == pwnt logs taken from their priv8 irc server http://www.mediafire.com/?fizwcbbyu6pyl8d Some gems: May 31 11:58:25 * Topic for #pure-elite is: [pE] security research and development. | PRIV8!PRIV8!PRIV8! No leaks, no vanity. Everything stays here. | work with trollpoll on .es targets. MSG him for infos. google search site:gob.es for fun May 31 11:58:25 * Topic for #pure-elite set by Sabu!s...@netadmin.operationfreedom.ru at Wed May 25 16:25:57 2011 Jun 04 17:27:26 Topiary everyone leave ED IRC Jun 04 17:27:35 Topiary this is serious, military hackers trying to hack us Jun 04 17:27:37 Topiary don't stay there Jun 04 17:28:17 pwnsauce i propose Operation:/b/ackraid Jun 04 17:28:23 pwnsauce we need .mil targets Jun 04 17:16:27 Topiary already sent kayla money for bots, sending Sabu money for servers when he wants it Jun 04 17:16:30 Topiary we have 500USD in donations Jun 04 17:03:49 joepie91 4-6-2011 23:03:30 : SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Jun 04 17:03:50 joepie91 after this Jun 04 17:03:54 joepie91 it just starts using an entire CPU core Jun 04 17:03:58 joepie91 crash shit Jun 04 17:04:01 joepie91 use more and more memory Jun 04 17:04:04 joepie91 and not connect to the VPN Jun 01 02:26:46 storm still looking for an rfi/lfi bot :p Jun 01 02:28:30 lol i've got one lol :D with google bypass, if the bypass still works xD Jun 01 02:28:52 lol but it's on a USB but i think the USB might be infected xD Jun 01 02:29:04 lol so im scared to plug it in xD Jun 01 03:13:18 Topiary well A) they are a bunch of asshats, B) Jester is a fucktard who *everyone* would want to destroy, C) Apache 0day, D) Adrian needs a spanking Jun 01 03:13:29 joepie92 E) bring the lulz Jun 01 03:13:30 joepie92 :D Jun 01 03:13:35 Topiary yes, that too Jun 01 03:14:44 Topiary ah wait that was Adrian Chen sending us those insulting tweets Jun 01 03:14:47 Topiary both losers Jun 01 03:15:14 storm i like C most of all Jun 01 03:15:15 storm ;x Jun 01 03:15:17 Topiary he tried to arrange an interview with LulzSec, told him to fuck off before Gawker gets rooted BTW, one of them is already in FBI custody, and the rest are probably about to follow him (that one being Robert Cavanaugh of NY State, alias xyz, alias ev0) see his pictures here: http://89.248.164.63/dox/xyz/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 3.0 wsBcBAEBAgAGBQJN7HYtAAoJEP/vVbdQCraFfRYH/j63Zcpy2xXzzBoQoDgSbxSbF98p ZKpSAMTcp5I7JVfeCcxGW5QKPmJWpOc8iw4/CJ1SqldJR6QxNO9mGKRdeSQZwuKvNoya Ie79mrNxGs3lc/uVcaRFHIzkEFf+nFfm4932u7bXYXHWGL4vIOGNZtEKw+pwg0s2ZNBb m2hepJgZ9tD4H89BlP31r5AyVLnYa7FK2VR0zKF5qYLvxh5/G5lwNYCQg8GfBPp8YAS+ Gb21ixRZiBoASykOgImb9Gn+yRjx6O/J/bnn5GnvsDnNCIeXNSedEt5vVnZmfjh/lPyE 3ilVj6ubLoRQW+wx2j70fYi1Kj2Z4mY4KS48I4kzOug= =nOM7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Flash JIT Spraying is Back
Celebrating the announcement of Hacks in Taiwan Conference 2011, we would like to publish part of our recent researches to share with all document security researchers. Flash JIT Spraying couldn't work since Flash 10.1. Now we bring it back. http://exploitspace.blogspot.com/2011/06/flash-jit-spraying-is-back_04.html Hacks in Taiwan Conference 2011 http://www.hitcon.org/hit2011/en/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What are some of the top ...
On Fri, Jun 3, 2011 at 2:57 AM, t0hitsugu tohits...@gmail.com wrote: You are correct; a *true* professional knows to use Cain and Able (but thats not something you'll learn at school) lol please stop, my fucking digestive tract is bleeding now I can't laugh anymore On Jun 2, 2011 3:33 PM, Cal Leeming c...@foxwhisper.co.uk wrote: This is a joke, right? On Thu, Jun 2, 2011 at 11:29 PM, t0hitsugu tohits...@gmail.com wrote: While I make no claims of being a security professional, the abolute best thing you can do is look into schools that will lead to the prestigious CEH certification, highly vaued in the infosec community, which will teach you to use complex tools like sqlmap, nmap, and if youre skilled enough, metasploit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- taha karim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
I think its just a bruteforce. On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
LOL @ A timing attack on ssh passwords over the net? and I think its just a bruteforce. -Travis On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia chuksjo...@gmail.com wrote: I think its just a bruteforce. On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
http://89.248.164.63/dox/xyz/20.png look at the picture. On Mon, Jun 6, 2011 at 2:26 PM, T Biehn tbi...@gmail.com wrote: LOL @ A timing attack on ssh passwords over the net? and I think its just a bruteforce. -Travis On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia chuksjo...@gmail.com wrote: I think its just a bruteforce. On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Gichuki John Chuksjonia writes: I think its just a bruteforce. If so, why would they repeat already tested hashes? See first and last line of the cited block below (and another one starting with M6... a bit later)? M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe As Logins usually do not keep an internal state, repeats should not be necessary to reproduce such one. Strange... Volker On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011: http://89.248.164.63/dox/xyz/20.png Ah, that's a much saner explanation. :) Andreas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
(picture found by looking through dir) On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk andr...@andreas.org wrote: Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011: http://89.248.164.63/dox/xyz/20.png Ah, that's a much saner explanation. :) Andreas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jun 6, 2011, at 1:58 PM, Gichuki John Chuksjonia wrote: I think its just a bruteforce. Lesson 1 Kids, no remote root accounts enabled by default. Lesson 2, No Password Authentication enabled remotely Lessen 3, man ssh-keygen cheers, - -- Steve Clement https://www.twitter.com/SteveClement mailto:st...@localhost.lu .lu: +352 20 333 55 65 -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJN7MscAAoJEGmiD1Cb5K7pDqIP/RP66Xs1idF2tRhuDJONYeU7 BFBMEsz03bJEAtSVPavylY7UItkw90m+TkZyqa5XpdS/IjH57gjUtalsgMyG3qWk vytyU5X70jFNjv63eOM2b5GWbzkSoBTrmLxlR/+je1EoXs4oUJLZbKWCzg0dk1hL jGDQ8G4YpFXZ3NEtzLujrOkyZIXMqlVhoM2FCtK28rEc6ArLVN/176vwbtY0ZHfa gLp8jv0RCsSnJBrru7YgS9GAzB7qvbYH+1HXCdk1aiSSF7U1U6lkyAqM+UZI8n+F LCapCMdlrEdILNgiGVyrCUkHdGmjBmMsbq6lepDffqJk96jrjD9cwS8dQ7X/BI5h 0LAV4FunmrV+GHqAVMbKvHUM03higm1TV+LbVheex289Kxvu7fJaiKTKxWwbJ8yv hSb1yL0KmDJXlyhmYAXr+PfE8esx9OZJkImrhijR2beYHeN469pHF7bqmskBswD9 HjIto2VGzpL0PAMS1IZcW/f6RyuigjxIUJXG1A1GJPwejBnx+8R8TLxEvXN1eM37 sERQCI1zjYZBUZ7ucDxuszMJXNBJ72VBieIP3wzTEqvy12WnOLSM0sh0RzD3Fm49 EZYuP2T1SPuE7U0+5JWSTFluDsEPi4fXKR/dNFBqh3BLIu7QcBhxOvOPW5NeBYTT lV9U2W6aj5uTuiL2212H =YnX7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Will you be presenting at BlackHat? -Travis On Mon, Jun 6, 2011 at 9:57 AM, Benji m...@b3nji.com wrote: (picture found by looking through dir) On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk andr...@andreas.org wrote: Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011: http://89.248.164.63/dox/xyz/20.png Ah, that's a much saner explanation. :) Andreas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
Possibly. On Mon, Jun 6, 2011 at 2:58 PM, T Biehn tbi...@gmail.com wrote: Will you be presenting at BlackHat? -Travis On Mon, Jun 6, 2011 at 9:57 AM, Benji m...@b3nji.com wrote: (picture found by looking through dir) On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk andr...@andreas.org wrote: Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011: http://89.248.164.63/dox/xyz/20.png Ah, that's a much saner explanation. :) Andreas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
hoax these 'dox' were dropped months/yrs ago: http://pastebin.com/mmvBT7n5 (May 13th, 2011) boards.808chan.org/fail/res/263.html (2010) try again ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello list! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ (SI2000 Callisto821+ Router). These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative (and this modem was bough at Ukrtelecom) about multiple vulnerabilities in this model of Callisto modems (and other models also could be affected). SecurityVulns ID: 11700. - Affected products: - Vulnerable is the next model: SI2000 Callisto821+ Router: X7821 Annex A v1.0.0.0 / Argon 4x1 CSP v1.0 (ISOS 9.0) [4.3.4-5.1]. This model with other firmware and also other models of Callisto also must be vulnerable. -- Details: -- These attacks should be conducted on modem owner, which is logged into control panel. Taking into account that it's unlikely to catch him in this state, then it's possible to use before-mentioned vulnerabilities (http://websecurity.com.ua/5161/) for conducting of remote login (for logining him into control panel). After that it's possible to conduct CSRF or XSS attack. CSRF (WASC-09): This vulnerability allows to delete domain search order. http://websecurity.com.ua/uploads/2011/Callisto%20821+%20CSRF11.html In section DNS Relay (http://192.168.1.1/configuration/dns_relay2.html) via CSRF it's possible to add, edit and delete DNS servers. XSS (WASC-08): In form of deleting domain search order there is a persistent XSS vulnerability. http://websecurity.com.ua/uploads/2011/Callisto%20821+%20XSS16.html In this case the code will be executed immediately, and also at visiting of pages http://192.168.1.1/system/events.html and http://192.168.1.1/shared/event_log_selection.html. In section DNS Relay (http://192.168.1.1/configuration/dns_relay2.html) there are persistent XSS vulnerabilities in all text fields. Timeline: 2011.04.14 - informed Ukrtelecom about multiple vulnerabilities in modems, which they give (sell) to their clients. 2011.06.02 - disclosed at my site. 2011.06.03 - informed developers (Iskratel). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/5189/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)
it's a hoax, these 'dox' were dropped months ago http://pastebin.com/mmvBT7n5 (may) http://boards.808chan.org/fail/res/263.html(from 2010) try again ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2255-1] libxml2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2255-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 6, 2011 http://www.debian.org/security/faq - - Package: libxml2 Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no Debian Bug : 628537 Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-3. We recommend that you upgrade your libxml2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJN7QwPAAoJEOxfUAG2iX57YJAH/josuE57GS1ccWBCgGPy6iZB v1fYpvcstvnjOlkMtWzgnrSZVoDm6VLuaIabAzIZ/sXvrcWvC+pXsu73KsksTf2N ryEbEWdeb/uuEMbcDewzUl5Ywix2amHrwIBvH0VV/tgQax3gHAtr8sg3H649NC/X rI4qu+TzTMPKQpXxvnvZt1A65kaIQMKQ5vkY3S4Ol0QmbohVsOcbZDR86/8FWhLN qwG1+gm6CKWwHzXDNJMaWlou3vOPipiX958rkrrHk3xVHg9H/cEZ+LP/bv3OEzPn Bob54WQjQZoXwgWmQdEba667HqvrICxdsUER6A5rG3BQnCNeUzuYd64yBVuYYsQ= =TfN+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability
ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-172 June 6, 2011 -- CVE ID: CVE-2011-1699 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11201. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-01-24 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
Just checked on two of those themes you wrote (Typebased and NewsPress) and they don't have any test.php file. Did you check them all? On 4 June 2011 17:17, MustLive mustl...@websecurity.com.ua wrote: Hello list! I want to warn you about Information Leakage and Cross-Site Scripting vulnerabilities in multiple themes for WordPress. - Affected products: - Vulnerable are the next themes by WooThemes: Live Wire (all three themes from Live Wire series), Gotham News, Typebased, Blogtheme, VibrantCMS, Fresh News, The Gazette Edition, NewsPress, The Station, The Original Premium News, Flash News, Busy Bee, Geometric. Other vulnerable themes for WP are possible. -- Details: -- In different themes there is test.php - script with phpinfo() - which leads to Information Leakage (disclosure of FPD and other important information about the server) and XSS (in PHP 4.4.1, 4.4.3-4.4.6). Information Leakage (WASC-13): http://site/wp-content/themes/_theme's_name_/includes/test.php XSS (WASC-08): http://site/wp-content/themes/_theme's_name_/includes/test.php?a[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E For Live Wire the script is placed at address http://site/wp-content/themes/livewire/includes/test.php, similarly for other themes. Timeline: 2011.04.11 - announced at my site. 2011.04.12 - informed developers. 2011.06.04 - disclosed at my site. These vulnerabilities are still not fixed by developers. So users of these themes are need to fix the vulnerabilities manually (e.g. by deleting of this script). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/5071/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability
ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-173 June 6, 2011 -- CVE ID: CVE-2011-1700 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11200. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability
ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-175 June 6, 2011 -- CVE ID: CVE-2011-1702 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11202. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the file-date-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability
ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-176 June 6, 2011 -- CVE ID: CVE-2011-1703 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11203. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-178 June 6, 2011 -- CVE ID: CVE-2011-1705 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11195. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability
ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-180 June 6, 2011 -- CVE ID: CVE-2011-1708 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11205. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-06 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-181 June 6, 2011 -- CVE ID: CVE-2011-1707 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11206. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-04 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability
ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-174 June 6, 2011 -- CVE ID: CVE-2011-1701 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11175. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability
ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-177 June 6, 2011 -- CVE ID: CVE-2011-1704 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11192. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability
ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-179 June 6, 2011 -- CVE ID: CVE-2011-1706 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11196. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. -- Vendor Response: Novell states: The defect associated has been updated with the following patch(es): http://download.novell.com/Download?buildid=6_bNby38ERg~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86-64) http://download.novell.com/Download?buildid=BKCEl4nPhLA~ iPrint on Open Enterprise Server SP2 (Open Enterprise Server 2.0.2 Support Pack 2 x86) http://download.novell.com/Download?buildid=E7JKbXS39S8~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86-64) http://download.novell.com/Download?buildid=rOKxHB2JX7c~ iPrint on Open Enterprise Server SP3 (Open Enterprise Server 2.0.3 Support Pack 3 x86) http://download.novell.com/Download?buildid=DyaFUz6Hx_U~ * These patches may be Field Test Patches and should be tested first on a staging or test machine before being applied directly to a production system. If you have any questions please contact a Customer Service Representative at 1-800-858-4000. -- Disclosure Timeline: 2011-03-31 - Vulnerability reported to vendor 2011-06-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Rodriguez Almuina -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)
Am I the only one thinking who gives a fuck to this entire situation? :S On Mon, Jun 6, 2011 at 2:44 PM, mclul...@safe-mail.net wrote: it's a hoax, these 'dox' were dropped months ago http://pastebin.com/mmvBT7n5 (may) http://boards.808chan.org/fail/res/263.html(from 2010) try again ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't believe is was implied that these dox on xyz/ev0 are related to anything recent or this lulzsec exposure. They are there so that we can see who this ev0/xyz is. On Mon, 06 Jun 2011 14:44:11 +0100 mclul...@safe-mail.net wrote: it's a hoax, these 'dox' were dropped months ago http://pastebin.com/mmvBT7n5 (may) http://boards.808chan.org/fail/res/263.html(from 2010) try again ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wsBcBAEBAgAGBQJN7RWZAAoJECEJtEphO6gEMU4H/19bbA9DrP85Jqagcxdx8mqswtRA AcZ/pVazO/J+KmI4AvhIoT2VTOoAYALXSB+oe/vElX3oHsjJ2MO2Rdnu3AgF3LGcymNB UNcO7AyHaZbQrJkntH+SRy0QoA58/Jff22OUnDQNTybbPJcAHM1eld7W9ZK6lbOiflni 6CUNCJ8H7yiDgRArbs005LW05Q5JTjWytWxZgFKpLx0EwrUJh21UogtEr5GRiw5Z9lDH 8wfXMqMu34LId73BI1D0PQpjIVFWcnobuyl5kf0zarr00Sn1dDSArvFquhN3cuz3yCIN iSuOuz7PU/JWZE0UuoUUMFR1WAkpeCJCl2QKHdIMI7Q= =Cqi+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
ooo ooo speculation time! - Hacker creates website that offers free online password management - in javascript - bugdoors it - collects passwords - uses passwords TL;DR: over 9000 lulz were had -Jen On Mon, Jun 6, 2011 at 8:26 AM, T Biehn tbi...@gmail.com wrote: LOL @ A timing attack on ssh passwords over the net? and I think its just a bruteforce. -Travis On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia chuksjo...@gmail.com wrote: I think its just a bruteforce. On 6/6/11, Andreas Bogk andr...@andreas.org wrote: Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: Lulzsec == pwnt I've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXzavMm 3xLl1-_\wC ffsakTgyc~H ZZrz,pJrgB b{4Bv_Y$$Z6 XDh;vDU-;3 FB-hvg%g_'t }qHNvkS'g RNBKvUi5yO| z`(}v1^u *V4?vh9#^f2 /R*9vfhZ# 9P65vjKhh.N \rfsv~PhNDz Bfpv|uhGpy J%kvf]hGf0 sY0v{2hf7p 9dev%Qh6_v *Tbv7?h.** }:lkvV^hN2U ;5Xv'Sh#}_ MOqpvi_hg+# Md9/viVhu7 M(%rvomhb' MI5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M'?v]sh`Te M/Z,vI1h`Te M.9vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe MeCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCvLhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLhTe M7eCvSLhTe MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/