[Full-disclosure] Infosys TCS Wipro like companies don't know security basics?
Hi Security Experts, I have a question about the security track record of Indian IT vendors like Infosys, TCS, Wipro etc. An article about Indian IT vendors by an ex-employee of one of these companies is circulating in the different NITs (National Institute of Technology) of India today. My doubt is about this part of the article from http://susam.in/blog/re-infosys-tcs-or-wipro/#engineers : Many claimed that I am wrong about the poor standard of training in Infosys, TCS, or Wipro. I must tell them that I have attended some of these training programmes. Among the many horror stories pertaining to training in these companies, I'll share only one with you to make my point. In the training assessments, the instructors set question papers containing problems with code that invokes undefined behaviour and ask you to predict its output. 'It Invokes undefined behaviour' is not provided as an option you can select as the correct answer. Such training and knowledge is not only inaccurate but also very dangerous if you care about robustness and security of the software you create. I am trying to verify this by using Secunia. I can find plenty of Microsoft and Google security vulnerabilities [ http://secunia.com/advisories/search/?search=Microsoft+Google http://secunia.com/advisories/search/?search=Microsoft+Google%C2%A0] but none for Infosys TCS or Wipro [ http://secunia.com/advisories/search/?search=Infosys+TCS+Wipro http://secunia.com/advisories/search/?search=Infosys+TCS+Wipro%C2%A0]. What is the matter here? Indian software vendors are the best in the whole world in security matters or Secunia simply doesn't care about Indian software vendors? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?
On Thu, Dec 1, 2011 at 10:37 PM, TAS p0wnsa...@gmail.com wrote: Wonder guy, the basis of your conclusion are as ridiculous as your question. Microsoft and Google are products companies. Atleast TCS and Wipro are not. They are into offshore and managed business domains. Infosys is also into making custom solutions and they are all closed source. And none of the companies that you mentioned cater to the such a large audience as MS and Google do. Are you going to start looking for every single company in secunia and come up with such preposterous conclusions? Hi TAS, I never made any conclusions. I only asked a question and it was not a loaded question but a curious one. In case you missed it, here is the question once again: I am trying to verify this by using Secunia. I can find plenty of Microsoft and Google security vulnerabilities [ http://secunia.com/advisories/search/?search=Microsoft+Google ] but none for Infosys TCS or Wipro [ http://secunia.com/advisories/search/?search=Infosys+TCS+Wipro ]. What is the matter here? Indian software vendors are the best in the whole world in security matters or Secunia simply doesn't care about Indian software vendors? Thanks for the clarification that TCS and Wipro are not product companies. But I heard that Infosys makes banking products. But anyway, from all the replies to my email I am able to understand that Secunia is not listing vendors catering to small part of the software world. So that answers my question. Thanks TAS and everyone. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hacked data on open sale ?
Hello List, I stumbled upon a site selling the below services in January this year, it was in the news then and many (including me)blogged, tweeted about it. Hacking a military website $150 USD Hacking an Government website $99 USD Hacking Educational website $66 USD Hacking Online game website $55 USD Hacking forums, shopping carts $55 USD Immunity's CANVAS reliable exploit development framework LATEST VERSION! 2011! $66 USD Undetected Private Java Driveby Exploit $150 Source code and $30 for binary Fresh shopadmin/forums, USA, UK, AU, DE, Valid Email lists $10 per 1mb PHP mailers %100 inbox $5 USD per 1 Selling Edu/Gov database contain Firstnames, Lastnames, Email, Country, Address, Phone, Fax details$20 per 1k Selling fresh Emails for spam from Edu's websites and shop websites SQL Injection attacker bot (srb0tv2.0) Thought it'll go down in a day or so. However, today after nearly 7 months saw the same news in imperva blog, checked the site and found that it's not only still up and running but even updating frequently ! Apart from selling the services above, this guy also discloses SQL injection vulnerabilities in major websites including banks, universities, large corporations and Government organizations : https://www.playstation.ru/ http://www.playstation.ca/ http://www.hartford.edu/ http://armani.com/ http://www.parliament.gov.bw/ http://www.nbc.org.kh/ http://www.bot-tz.org/ http://www.na.gov.pk/ http://www.presidentofpakistan.gov.pk/ http://www.cbp.gov/ http://www.ad.gov.ir/ http://www.tacp.toshiba.com/ http://labs.oracle.com/ Check out the details here: http://esploit.blogspot.com/2011/08/open-sale-hacked-data-sqli.html Regards, Satyamhax http://esploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Practical RTLO Unicode Spoofing
Hello List, Did a quick PoC on Right To Left Override (RTLO) spoofing under windows 7 few months back, thought of sharing. Any thoughts are appreciated. http://esploit.blogspot.com/2011/05/practical-rtlo-unicode-spoofing.html Thanks, Satyamhax http://esploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Computer name should match with your real identity?
On Fri, Apr 29, 2011 at 3:26 AM, taneja.secur...@gmail.com wrote: Recently got a policy from admin to change your PC name with your name + organisation name. System admins typically aren't responsible for policy creation depending on the size of the organization. Was the request made due to an organization policy change, a new guideline, or just because? Was the admin given the appropriate authority to request such a change? I am not doing it for a long time as I feel it could be case of information leakage . While that's a valid point worth considering, orders are orders, which is why it's important to know under whose authority did the admin request the change. So need any ref./case study/security policy referencing not to have real name . For starters, a computer isn't a person. A more appropriate location to store equipment assignment data is in an asset management/tracking system. This way there's an audit trail and accountability. The equipment becomes the users responsibility, so when/if it's transferred to another user, there's motivation for them to make sure their asset manager is informed. Otherwise, they risk being charged or held responsible if the equipment goes missing. Also, an environment with roaming profiles or multi-user systems will make the computer name irrelevant/invalid once another user or users logs in. There are probably dozens of other reasons that just aren't worth mentioning. Think most would agree the admin's request is a terrible idea. Perhaps you could recommend an alternative naming convention that will provide more benefit to the organization in the long run. A couple of examples: BIT02DWS9966 - Bureau of IT, Building #02, Desktop Workstation, Property/Asset Tag 9966. BFS07LWS9211 - Bureau of Financial Service, Building #07, Laptop (mobile) Workstation, Tag #9211. PDC01SVWB012 - Primary Data Center #01, Server, Virtual Machine, Web/HTTP, #012 DDC02SPEX022 - Disaster Recovery Data Center #02, Server, Physical, Exchange #022. location,3 char type class code,asset#/clusterid/whatever Can apply this convention to any type of device on the network: SDB for databases, MFP for multi-function printers, HFW for hardware firewalls, etc. To distinguish between dev/test, use a higher number in the suffix, 999, 998, etc. Prod will use 000, 001, 002, etc. Just an initial thought, others may have better suggestions.. Would like to know how other organizations address this issue, though. I personally hate seeing devices on a network with ridiculous names as though the IT infrastructure is some kind of kiddy cartoon world. Gonzo, Nemo, Simba, and the like are not appropriate and provide absolutely no benefit to anyone. If users need to access a resource using simba, create a DNS alias/entry... Uh-oh, Sponge-Bob is out of ink, can you reprint the report on the Chim-Chim!!?!on1e??! Yea, didn't make that up... And just to be clear, the proposed naming convention above isn't something to distribute to end users or folks using the services on a host. Have had developers ask me to audit their web applications and provide a url like, http://PDC01SVWB996.int.the-domain.org/some-lame-app/MyAwesomeTool.aspx;. No. Create a DNS entry, don't distribute the actual host name... Good luck. Regards, Guy www.nullamatix.com Key: 0x353DA923 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pen-Testing Companies in Quebec
just make sure you dont hire my good friends @sekcore :PpPp our local media whore pierre-guy lavoie ... http://www.cbc.ca/news/story/2000/03/01/hacker000301.html http://www.cbc.ca/news/story/2000/03/01/hacker000301.html A 22-year-old Quebec City man has been convicted in a computer hacker case. Pierre-Guy Lavoie was sentenced to a year of community service and a year of probation for using computer passwords to commit computer crimes. Lavoie and two friends discovered passwords to hundreds of Internet sites, including the Pentagon, the FBI and such companies as Bell Canada and the National Bank of Canada. They then posted the passwords and access codes on a site called Corruption Addicts, and invited people to use them. and his ethical hacker buddy marek roy ... http://google.com/support/forum/p/gmail/thread?tid=00c1d20479653e47 http://google.com/support/forum/p/gmail/thread?tid=00c1d20479653e47 Yesterday I wasn't able to access to my email. I emailed google and requested to retrieve my password. Today I gain back my access to my email, after Log in I checked my email details and found that there were several IP addresses from Canada which log in to my account , the IPs are as the following : Canada (96.21.193.207) Canada (24.37.115.136) From my inbox I can see that the hacker attempt to access one's Skype account and I found he is using the following email address https://lists.grok.org.uk/mailman/listinfo/full-disclosure mroy at sekcore.com From google I can see this Hacker known as Marek Roy from Canada and work at www.sekcore.com lulz :D old habits die hard, heh. Dear Bob aka corruption.addicts () hushmail com, I am sure you are full of good intention. Feel free to use our contact details for any inquiries. It would be a pleasure for us to invite you somewhere for dinner. And if you need more clarification on the current matter, we will be glad to help you understand why we put REAL NAMES while performing black box penetration testing. I am sure you might have missed this part during one of our training session. Have a nice day. Regards, Pierre-Guy - Pierre-Guy Lavoie Conseiller en sécurité informatique pglav...@sekcore.com (418)265-4225 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Maps XSS (currently unpatched)
On Tue, Jan 12, 2010 at 6:23 PM, sunjester tripmons...@gmail.com wrote: No I am not confusing the two. People want to separate them but fail to notice they are both one in the same when you are surfing the web. Being secluded from danger (behind a firewall) or being hidden from the view others (behind a firewall) sounds to similar for me to separate the two. Your security is your privacy, and yes your privacy is your security. You give them both up when viewing anything online, it's the price you should have to pay to keep the the internet safe for casual users. sunjester, First of all, security is a myth. One can presume they're secure (or secluded) from danger sitting behind a firewall, but to do so is just foolish. Second, how exactly does a firewall prevent (google|msn|twitter|facebook|take-your-pick) from archiving vital information, such as: search query history, financial information, surfing habits, buying habits, relationships, hobbies, interests, etc? With that amount of data, how can you (or anyone) believe the integrity of your privacy is uncompromised just because you're, (behind a firewall)? Finally, uuh - no... My security is my security, and my privacy is my privacy. I do not give up either of them when viewing anything online. I do, however, put them at risk. And who are you tell me I should give up my privacy/security when surfing the Internet because I owe something to the casual user[s]? Casual users are typically the ones ruining the experience for the rest of us, and I don't owe anyone of them sh-t. You really believe everyone using the Internet should forfeit their privacy and security because they owe you something? That's the price YOU might pay, but not everyone would agree, firewall or not. Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] stupid question again
On Fri, Dec 11, 2009 at 9:08 PM, frank^2 fra...@dc949.org wrote: Obfuscate? But that's what hackers do. Those companies don't hire hackers. Seriously.. Have a hard enough time trusting the debian contrib/non-free repos as it is. Let me know how that fast-flux McAfee solution works out. Real confidence builder there... Think the idea is to avoid getting infected to begin with. Would you really do business with a legitimate organization that implements the very tactics they're trying to combat? Guy www.nullamatix.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] why not a sandbox
On Fri, Sep 4, 2009 at 2:05 PM, RandallMranda...@fidmail.com wrote: how come we just can't sandbox the browser in away from the system. Who or what says you can't? Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] about PC AntiSpyware 2010
On Sat, Aug 29, 2009 at 4:49 AM, KYmana...@suiseeda.ddo.jp wrote: What you know about the authenticity of this tool? Not much, but with the right information, one could easily find out. From: http://en.wikipedia.org/wiki/Digital_signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. There's also the ill-suited and over used md5 hash method... -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
On Fri, Aug 14, 2009 at 4:17 PM, anto...@santo.franto...@santo.fr wrote: Gone beach for the Week End, more info on monday. Antoine. Lies. -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
** Test two : i just add a spoofed http header REFERER to a whitelisted (localdatabase) site Result : W00t !! ** Can you elaborate on, to a whitelisted (localdatabase) site? None of the rules defined in the Web Authentication Layer or Web Access Layer have a whitelist attribute. In the list of available actions for the Web Authentication Layer there's: Do Not Authenticate, ForceAuthenticate1 and Deny. In the Web Access Layer list of available actions there are a couple dozen options, none of which are labeled whitelist or whitelisted. Also, I'm not sure what you mean by localdatabase. Internal http traffic shouldn't hit the proxies... Using an 8100-C with SG05 5.2.4.3. -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
** Test two : i just add a spoofed http header REFERER to a whitelisted (localdatabase) site Result : W00t !! ** Antoine, Would you mind sharing the policy (on the bluecoat) you're referring to for www.mappy.fr? What is the Action for that host or IP set to? You mentioned whitelisted but that could mean anything from the list of options in the policy manager. Thanks, Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
i think it basically means 'to a site thats been configured as allowed in the configuration of the BC' - allowed = whitelisted, int he configuration = localdatabase alan Alan, The Bluecoat 8100-C I'm going through has 27 policies in the Web Access Layer. The first policy is configured to ForceContentFail for a list of destinations (a blacklist since colors seem to be in). The next 15 (2-16) policies are all DENY rules for specific hosts, IPs, regex patters, filenames, etc. The next 10 rules (17-26) are for destinations that should Bypass Caching. The final rule (27) is, Source: Any - Destination: Any - Service/Time: Any, Action: Allow. Google.com isn't listed anywhere in the first 26 policies - anyone on the LAN can access Google without authenticating. So, if I understand what you're saying, I should be able to spoof the Referer string sent from my browser to something like www.google.com, or cnn.com, whatever isn't listed in any of the DENY policies, and not only bypass authentication, but access sites explicitly defined in the deny policies? If that's the case, circumventing the auth or accessing blacklisted sites isn't happening. This is good of course; the device is working as it's supposed to, but I would like to confirm whether or not we're susceptible to this alleged bypass. So far, looks like a dud... Not even sure why this would work, it seems too simple. -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Slashdot hacked?
What's wrong with Slashdot today? Best regards,Danila Wartho _ Med Windows Live kan du ordna, redigera och dela med dig av dina foton. http://www.microsoft.com/sverige/windows/windowslive/products/photo-gallery-edit.aspx___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot hacked?
According to Brad Spender (author of pax and linux) it's a bug in their perlscript.Was just discussed on #social on PtP. Anyone have screenshots? They seem to have taken Slashdot offline so I cannot access it anymore. - Danila Date: Thu, 23 Jul 2009 17:59:23 -0400 Subject: Re: [Full-disclosure] Slashdot hacked? From: 0xjbrow...@gmail.com To: compsec...@hotmail.com; full-disclosure@lists.grok.org.uk Whoever ./'d it should slashdot it! On Thu, Jul 23, 2009 at 5:47 PM, Compsec Guycompsec...@hotmail.com wrote: What's wrong with Slashdot today? Best regards, Danila Wartho Med Windows Live kan du ordna, redigera och dela med dig av dina foton. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Använd nätet för att dela med dig av dina minnen till vem du vill. http://www.microsoft.com/sverige/windows/windowslive/products/photos-share.aspx?tab=1___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FFSpy, a firefox malware PoC
From: saphex saphex_at_gmail.com Date: Wed, 20 May 2009 01:42:16 +0100 I think this is interesting, http://myf00.net/?p=18 So, how does someone manage to edit the overlay file? Are they going to use some javascript from a malicious website to edit the overlay file of an addon? Or are they supplying a malware addon as a normal addon in the firefox addon download page? Or is the attacker manually editing the addon on another user’s system by gaining access to that system? I don’t see any point in this. It is as good as some person taking some code from somewhere, editing it with some malware code and resuppplying it and saying “hey, I am not a verified author. you can now download and install my malware addon”. Any code out there can have mal addon. I doubt there is anything special in this. If it is open source, it is the user’s job to check the codebase for such malicious code. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FFSpy, a firefox malware PoC
On Mon, May 25, 2009 at 8:26 PM, saphex sap...@gmail.com wrote: This isn't about making the user install a malware add-on. It's about gaining access to the system trough an exploit, or physical access, modify an existing add-on with your code. And Firefox wont even notice. Instead of installing a fancy rootkit or keylogger, just go straight to the browser, simple. Go tell your average user to check the codebase of the plug-ins he has installed in is Firefox from time to time in order to make sure they haven't been tampered with, yeah good choice... I agree that attacking Firefox is a simpler way to carry out the attack than installing rootkit or keylogger. However, this is no simpler than asking someone to download a cool game, script of screensaver from my site. Moreover, only addons.mozilla.org and update.mozilla.org are set as allowed sites for addon installations by default in the browser. If one tries to install addons from other site, Firefox issues a warning. So, this is pretty good. As far as the possibility of malicious addon on Mozilla site is concerened, the probability is pretty low as the addons on the Mozilla site appear for download only after a review process. So, I don't see this type of attack particularly more dangerous than a user downloading a software or script with trojan and running it. I also don't see this type of attack any simpler than fooling a user to run a cool game or script. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] e-Holocaust
Okay e.hitler you mention you're attacking Israeli servers*, lets ignore the impact of that for a second. e.Hitler I want you to tell me, in more than a sentence, why you did that. Yeh, you failed to mention it in your original post. Tell me exactly how your cause makes you feel, and why. Now tell me how what you're doing makes a difference, that is: 'In what way does what you did help solve the problem that was bothering you?' (read it!: HOW does it make a difference, don't just tell me THAT it makes a difference, I want you to describe out a sequence of events. One more question. Do you think you're a good hacker (in terms of skill). I'm not saying you're good or bad, I've no idea. Further more I couldn't tell you what makes a good hacker, I don't know enough (any) of them. Do you think that this event here proves that, or at least aids proving it? *Btw defacements happen all the time - wanna do some research on pathetic skiddies? search the 'google dorks' included in web app exploits when they're published on milw0rm. They're actually competing for the servers (re-owning them, etc). Those 21 sites are a drop in the ocean compared to how many (even ant-Israeli, and the other side) defacements have happened. As for the paypal accounts and (so called) 'ownage' of individuals and their personal data, really this is another drop in the ocean for Israel (what its economy). Compare the well-being of these individuals with the number of people being killed in a WAR! Hell! Compare it to the holocaust, now argue with a WWII vet or holocaust survivor (are there any still living?) that you are e.Hitler, righteous internet warrior. Not only that, most CC companies give you the money you lost scams or stolen paypals. You can even cancel it before transactions are payed. Then there's insurance companies. Cheers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCIE makes u go nuts?? or is that only nuts get CCIE????
I don't get why this is news. Murder happens all the time. Has he even been found guilty yet? True it looks like it is, but just look at that news article! You can perve on some poor guys destruction because it makes great news. I remember this happened a few years back to someone else and the guy was found innocent, despite the way the news channels made it look. On 1/3/09, Joel Jose joeljose...@gmail.com wrote: http://www.networkworld.com/community/node/35713 It scares the hell out of me. when i read the topics...and try to learn i cant help my mind and heart doubting...when will my name come in a news like that.. maaa... 8 years in cisco... a voice architect. hm... i was wanting to become like that without the twists that is... ;(... its scary lemme see ur responses Joel. -- it's not the years in your life that count. It's the life in your years. Abraham Lincoln ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now
Oh my, you both seem to have emailed your conversation to the full disclosure mailing list by accident. How embarrassing. Every body who is subscribed has received emails of you two talking about something that ONLY CONCERNS YOU TWO. Maybe next time when you send emails to each other you should double check that you're not sending them to a mailing list about vulnerability disclosure. On 12/22/08, n3td3v xploita...@gmail.com wrote: On Mon, Dec 22, 2008 at 1:26 PM, Ureleet urel...@gmail.com wrote: u say u r a badass hacker When? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hotmail easter-egg found using Tamper Data....
Hello fellow F.D. Check out this funny hotmail post request I found whilst playing around with Tamper Data: http://img234.imageshack.us/my.php?image=hotmaileasteregg2tg1.png Look at the highlighted text. Sums me up completely. Also, security officers at hotmail are 'slack'? Lol. Have fun guys, try it out yourself. -Malformation _ Net yourself a bargain. Find great deals on eBay. http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Frover%2Eebay%2Ecom%2Frover%2F1%2F705%2D10129%2D5668%2D323%2F4%3Fid%3D10_t=763807330_r=hotmailTAGLINES_m=EXT___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft issues out-of-band patch
Here's an article explaining why Microsoft delays their patching: http://en.wikipedia.org/wiki/Patch_Tuesday Specifically this bit: In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on an anticipated date which system administrators can prepare for. On 12/19/08, Bipin Gautam bipin.gau...@gmail.com wrote: stop putting so much of attention to 0-day and possible use of it by government to get into a terrorist pc. if breaking into someones pc was a matter of national security importance 0-day may provide a easy leverage but you really dont need a 0-day to get into someones pc, neither you'd need a already existing/known backdoor, neither you'd need to bruteforce into the advisory or a physical access to it. all they need to do is poison a unsigned executable/plugin/update with a backdoor instead, that is being downloaded to the advisory computer over an unencrypted connection if you can control the network gateway or have isp level access. such attacks could work regardless of the OS or patch level. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Index Of redirection malware attack?
Hello fellow FD, I recently came across an interesting website redirecting and delivering malware and I'd like to ask a few questions An Index of that checks your referrer to see if you've found the site through a Google search. The index.php script is made to look just like a real 'Index of', except...it is a PHP script. If you are, it redirects you to http://us-euro.biz/in.cgi?4parameter=htac and that site serves you pop-ups and other spyware. Use refspoof and TamperData and check http://vtes.vega.id.au/%3Fp=67/wp-login.php/wp-includes/?p=67/wp-login.php/wp-includes They're looking for any Google referrer like this: http://www.google.com/search?hl=enclient=firefox-arls=org.mozilla%3Aen-US%3Aofficialq=somethingbtnG=Searchmeta= Not only that, but http://site.com/? would use index.php and http://site.com would give index.html Am I correct? They're really crafty I reckon, and it's the first time I've seen where they've used a fake index of AND checked your referrer. Can someone confirm my thoughts and theories here? -Malformation _ Time for change? Find your ideal job with SEEK. http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2F%3Ftracking%3Dsk%3Atl%3Ask%3Anine%3A0%3Ahottag%3Achange_t=757263783_r=SEEK_tagline_m=EXT___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Top 10 Coolest Hacking Moments in 2008
- Drive-by attacks with Java. JavaScript has been used to infect thousands of legitimate web pages to insert a trojan to visitors! Sound like a National Enquirer headline? No way! This attack method has been very successful and nearly transparent to users. This launches a new age in hacking. People, Java != Javascript -Malformation Date: Mon, 15 Dec 2008 11:20:26 +1100 From: ivan...@gmail.com To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Top 10 Coolest Hacking Moments in 2008 http://www.networkworld.com/community/node/36250?ts0hbstory=ts_purser ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Net yourself a bargain. Find great deals on eBay. http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Frover%2Eebay%2Ecom%2Frover%2F1%2F705%2D10129%2D5668%2D323%2F4%3Fid%3D10_t=763807330_r=hotmailTAGLINES_m=EXT___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Index Of redirection malware attack?
Oops, sorry for the horrible English. I just re-read it. -Malformation From: malformat...@hotmail.com To: full-disclosure@lists.grok.org.uk Date: Tue, 16 Dec 2008 16:41:23 +1030 Subject: [Full-disclosure] Index Of redirection malware attack? Hello fellow FD, I recently came across an interesting website redirecting and delivering malware and I'd like to ask a few questions An Index of that checks your referrer to see if you've found the site through a Google search. The index.php script is made to look just like a real 'Index of', except...it is a PHP script. If you are, it redirects you to http://us-euro.biz/in.cgi?4parameter=htac and that site serves you pop-ups and other spyware. Use refspoof and TamperData and check http://vtes.vega.id.au/%3Fp=67/wp-login.php/wp-includes/?p=67/wp-login.php/wp-includes They're looking for any Google referrer like this: http://www.google.com/search?hl=enclient=firefox-arls=org.mozilla%3Aen-US%3Aofficialq=somethingbtnG=Searchmeta= Not only that, but http://site.com/? would use index.php and http://site.com would give index.html Am I correct? They're really crafty I reckon, and it's the first time I've seen where they've used a fake index of AND checked your referrer. Can someone confirm my thoughts and theories here? -Malformation Find your ideal job with SEEK Time for change? _ It's simple! Sell your car for just $40 at CarPoint.com.au http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641_t=762955845_r=tig_OCT07_m=EXT___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 21 Million German bank accounts stolen
To you or someone who knows anything about banks, fraud, and how they work and things. I have a German bank account. Should I do something!? On 12/9/08, James Matthews [EMAIL PROTECTED] wrote: German banks are some of the oldest in the world. This is pretty scary however it is also the reality of germanys new laws... I hope they find it soon and protect the people that need to be protected http://it.slashdot.org/it/08/12/09/0125201.shtml -- http://www.astorandblack.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're letting the bad guys win
ok this is what this whole thing looks like to me: To n3td3v: You often post ideas and express your opinion to this list. The some (often the more liberal) of us often disagree with you and others mock you for your adventurousness. Actually sometimes it looks childish, almost as if you're desperately trying to propose the big new thing that changes the world. The thing is your posting to a list where really, all that happens is people (mostly sec companies) post information on vulnerabilities in software and news in the sec field. You say you came here for information, then LEACH like the rest of us - just shut up. If you want a mailing list for proposed security project ideas then make one. You're enthusiastic and a dreamer who's obviously very forward and ambitious with that excellence. Just think before you talk, and maybe do something, like sit down and think: I want to be $A(as in what you're going to do with your LIFE!). To be that I need to get $B done. To do that I have to do $C[]/*-that's a list(:s)*/. To all that oppose n3td3v: Some of you (UreLeet + others) get a little too excited and flame. If you don't like how someone acts, what they have to say, who they are: then shut up! You don't need to bully something into submission just because you don't like it. If you get some angry rush feeling when you see a some stupid fat kid majorly embarrass himself by attempting to be funny with his freinds and just looking like that annoying retard kid the don't bully him! Be gentle and point out the problem (privately) (of course first think are you really of a knowledge and responsibility to instruct this child how to change his life) OR, much better: shut up, and go take your (own) anger out somewhere else, PC games do it for me, www.thepcmanwebsite.com/media/pacman_flash/ - even that's good enough. btw n3td3v - I don't think you're a retarded fat child (ur not right?). Come to think about it: We're being listened to by a bunch of other people, mostly geeks who think FD is the shitz where all the l33t sec companies go for their patches and sec news (it isn't!). But are we all just doing this crap for the benefit of out audience. I mean I could have written these things to the individuals they where intended for. Hell I could have taken my own advice and shut up, blocked the troublesome email addresses, and carried on with my life (I'm a hobbiest). Are You All Just Doing This For The Benefit Of The Sec Gods We Wish We Where? THINK ABOUT IT Oh also I don't care about me - I'm a leach, I'll should probably not post on this list unless I have something decent to say too. On 12/9/08, Ureleet [EMAIL PROTECTED] wrote: thats all he does is deflect, weve established that he never gives a real answer. On Tue, Dec 9, 2008 at 12:25 PM, Elazar Broad [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brilliant use of deflection, keep it up, you might end up as some loser serial rapist on Law and Order, oh wait, they want actor's, not the real thing... On Tue, 09 Dec 2008 11:55:08 -0500 n3td3v [EMAIL PROTECTED] wrote: On Tue, Dec 9, 2008 at 3:08 PM, Paul Schmehl [EMAIL PROTECTED] wrote: --On Tuesday, December 09, 2008 00:25:18 -0600 [EMAIL PROTECTED] wrote: On Tue, 09 Dec 2008 04:03:57 GMT, n3td3v said: We need to stop this back and forth fighting its making infosec look bad, this isn't what infosec should be about. It's making one very small insignificant corner of infosec look bad. Let's keep a sense of perspective, guys. Or, to look at it another way, it's tying up all the idiots in one place and keeping the rest of infosec unsullied. :-) I agree, But full-disclosure shouldn't be full of idiots so why do we let it be that way. It's because we reply to them that it happens. I was gullible and naive to reply to them, i'm not replying to them anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkk+qhEACgkQi04xwClgpZg3kQP9GEBAH9byz3/fJKvWHN9IFX0ycf17 0LS0fUg/5BRHXck+a2uEZsNujlKoMYyl1XshW+HWH0rwmDTw/1S88vCqULiqiMI7yXD0 G01L1MDkA+dM9ntF0IHSPUz3r2a4qVfP4D8o6KB45oDizZOLiCB5zGQdV5g1hwlHEBsL KMecN/o= =dDzW -END PGP SIGNATURE- -- Click for free info on getting an MBA, $200K/ year potential. http://tagline.hushmail.com/fc/PnY6qxsZwUO4JCrKLyAXmX1gJtIyy84Kr2W2NrYeIgv5LuxCIhDBW/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
Re: [Full-disclosure] FD culture!?
'British intelligence service'!? According to this: http://lists.grok.org.uk/full-disclosure-charter.html ...Full Disclosure is run by secunia. And administered by one man. Does the 'British Intelligence Service' doesn't even exist? There's: The Security Service AKA MI5. and SIS AKA the Secret Intelligence Service. Also any one who thinks FD is/should be something read the info in the link above. On 12/6/08, n3td3v [EMAIL PROTECTED] wrote: What part of there are no moderators don't you get. This list is run by the British intelligence service and you are a guest here. On Sat, Dec 6, 2008 at 6:00 AM, Bipin Gautam [EMAIL PROTECTED] wrote: Shame on FD moderators ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state of cyber security
I'd just like to point out that Symantec has something similar. See here: http://www.symantec.com/security_response/threatconlearn.jsp It's not applied in such a useful way as you suggest - but in case you wanted to know. On 11/29/08, Mike C [EMAIL PROTECTED] wrote: Hi, It is time to take an example from Homeland Security and define codes of color for cyber-warfare threat levels. I propose the following: Green level: There is negligible threat to online security. Yellow level : There is a minimal level of threat, and this must be monitored and contained. Orange level: This level of threat indicates there are parties who are actively engaging in cyber-warfare. Caution is required when online. Red level: This level indicates a full blown cyber-war. It indicates very high probability of all communications being intercepted. While homeland security's implementation does not seem to have a real world merit, such a threat level would certainly be very useful in the online security realm. Please disseminate this announcement of the project Chroma levels for online security. The immediate mission of the project is to be picked up by the antivirus and security tools vendors, so as to add the color codes to their products and provide users with a tangible measure of their online security. Current status: Threat level Yellow. -- MC Security Researcher Lead, Project Chroma. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Indian allegations alarm Pakistan
Aren't they just a bunch of kids trying to brag on IRC that they hacked their 'enemy' country? Maybe they don't like them because of propaganda is telling them Indians did the bombing. Or maybe they, like most kids, they've no idea about current affairs and just want to prove themselves good in their own little world. Like what happned with Russia vs. Georgia. On 11/30/08, James Matthews [EMAIL PROTECTED] wrote: India was attacked the attackers came from Pakistan, I understand why Pakistan feels threatened however why would they attack Indian sites? On Sun, Nov 30, 2008 at 9:19 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 11:11 AM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 5:25 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 7:39 AM, Raj Mathur [EMAIL PROTECTED] wrote: On Sunday 30 Nov 2008, n3td3v wrote: Indian-Pakistan war is about to kick off folks... http://news.bbc.co.uk/1/hi/world/south_asia/7757031.stm I know it's not going to happen, but can I request you once again shut the fuck up about events that you have no clue about? At least try to keep your sensationalist retarded drivel to your own backyard. Although a knee-jerk reaction, this post has some value. The tensions between the countries is on the rise, and the recent blasts in Bangalore would increase the chances of war. BTW, does anyone have an idea on what kind of cyber-warfare is currently underway between the two nations? -- MC There was a report earlier in the week via pcworld.com, but I don't think its connected to this conflict, maybe just a coincidence: http://www.pcworld.com/businesscenter/article/154544/feuding_india_pakistani_hackers_deface_web_sites.html Thanks. I'm looking into this and will report on any further info. -- MC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lazy bum approach to security
Hi I agree with you. It's just these 'underground communities' tend to be a bunch of kiddies playing with milworm, bots, and asking help with basic programming. Where's the original ideas, the research, and the worth-while discussion? I guess I described an extreme scenario, but you get the picture. Really, tell me. If there was a friendly, 'academic'(as aposed to 'business-like') online community then show me, I'd join up in a flash. -- I'm your best best friend. Usually I like it when you contradict me, it might help me learn. Just don't be so angry. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Just to summarise what's been said and what I think so we can get back on topic, and conclude something: No-one hacks using metasploit! Go back to 2003. Terrorists with metasploit! What to you have a picture in your head of Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? Reasons Why It's Hard to archive: - It violates freedom. - It's hard to enforce without: invading privacy, expending too much money/resources. - Most writers of these tools won't want to have to do this (most writers of security tools are hackers, you-know: back orifice, pinch, exploit kits, phising kits, malware creation kits, the entire contents of milworm, bots, THCs Hydra... it goes on. - Geographical constraints. All governments doing the exact same thing at the same time? Or one organisation forcing it onto the net (with no power to put people in jail or anything). - You cant/shouldn't moderate the internet. Reasons Why It's Pointlessly ineffective: - Piratebay. - People writing tools intended for hackers. - The massive number of tools that you'd have to moderate to be effective. - If not everything is a dangerous security tool then it's reduced in effectiveness. - Most big hacks you see don't take many tools. Like a big database being dumped with a browser/scripts. - You don't solve the problem, at all. Maybe reduce it a little. Reasons Why It Wouldn't Happen: - Most developed western governments like to keep they're 1984 I'm watching you crap behind the curtains. - Most governments only do these things because something bad happened and they have to make up a law to cover their asses, or something bigger than your rapidshare passes is at stake. - I'd protest - I'd go to my countries(UK) capital and march in protest! Reasons Why It Sucks: - It violates freedom (programs are intellectual property - you can't do that kind of thing to them and call it nice). - It would ruin the internet and break a load of enthusiastic geeks' harts. - It would force the underground hackers deeper underground. - It would discourage security professionals. Pointless things that people mentioned that made them look like a child in front of a shit load of subscribers: - Personal comments. - Attacks at the way someone writes something instead of what they write about. Questions for to think about/answer: - Would you deserve a license. Really? (me: NO!) - Would you wish you had one. (me; yeh!) - How many of the tools that'd be outlawed have you already written an equivalent of? (me: loads). - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!) It's a silly idea. Final Question: - Are we finished? Is it over? Is it established that it's a bad idea now? -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed?
It's futile trying to use the law to change things. It will simply force people into the shadows. Which today involves using tor and some Russian web money account. I read a slogan from before my time, in a book: If source is outlawed outlaws will have source - same applies to zero days. Anyway I don't think it should be Illegal. I own a set of lock picks - I don't intend to break into someone's house. And if I did I'd go to jail (for the burglary and being equipped with picks), untill then I'm innocent. The UKs law has an attitude like that - I like it! Resources should go into actually preventing crimes taking place. Not stumbling around hoping that making it awkward for criminals to get the tools they need will make a difference. Simon. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk
*Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk* Building an e-business inevitably requires a dedicated ecommerce hosting solution that can support the infrastructures. There are plenty of areas to take care of. Depending on your business types, you will need to consider the technical areas that support the e-business transactions. Then * Storesonline* is the right fit for you. You also need to have strong customer support from the website provider. Reputation and security are critical factors which sustain your business. In order to avoid pitfalls due to an inferior host, this article reveals the mentioned areas and helps you determine the steps to proceed further. *Storesonline* does avoid these pitfalls and it's working really well. Unlike hosting an ordinary website, running an ecommerce website such as an online store can demand a high technical focus. For instance, you may need a shopping cart and a payment processor. Other than these, you may also wish to have regular backup service, site monitoring or digital certificates that can protect your valuable business. If so, you have to choose an ecommerce web site hosting plan that fits your needs. But it is really dependent on the business size. If you sell a few products, a simple ecommerce web hosting will be sufficient. *Storesonline* can handle the smallest mom and pop site to the biggest on the planet. However, for a business site of much larger scale, you need to consider the server usage and bandwidth. In such case, a fast and stable server with bigger memories may be necessary. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] No subject
Not just Rouge apps, it's much more widespread: other colors such as magenta, mauve, fuschia, and even the extremes of pink and purple can also be impacted. On Wed, Aug 6, 2008 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP [EMAIL PROTECTED] wrote: What's the infection vector? URL Link? Rouge Facebook app? On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron [EMAIL PROTECTED] wrote: Hi all. There's a facebook (possibly worm) something malicious sending fake messages from real users (friends). The sample also has a remote drop site (verified by someone who shall remain nameless). This is possibly zlob, not verified. Thanks Nick Bilogorskiy for his help. Infection sites seen so far are on .pl domains. The AV industry will soon add detection. Facebook's security folks are very capable, so I am not worried on that front. It's not that we didn't expect this for a long time now, but... Be careful. Some users know to be careful in email.. but not on facebook. Note: unlike 2003 when we called everything a worm and the 90s when everything was a virus--this is a bot which also spreads/infects on facebook. Gadi. -- You don't need your firewalls! Gadi is Israel's firewall. -- Itzik (Isaac) Cohen, Computers czar, Senior Deputy to the Accountant General, Israel's Ministry of Finance, at the government's CIO conference, 2005. (after two very funny self-deprication quotes, time to even things up!) My profile and resume: http://www.linkedin.com/in/gadievron ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Click here for great computer networking solutions! http://tagline.hushmail.com/fc/Ioyw6h4fM6mUaUAfTcWMkR2Fx209IMXh1QMeRcp6eoXffMEOga9j6I/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] n3td3v.com
I just saw n3td3v.com up for sale on sedo... https://sedo.com/search/details.php4?domain=n3td3v.comtracked=partnerid=language=us -SecGuy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Jan Kruska
Jan Kruska is a pedophile that had sex with a child when she was 22 years old. Now she campaigns to let others have sex with children. If you disagree with her, feel free to let her know. You can contact Jan at: Jan Kruska 4102 W Woodridge Dr. Glendale, Arizona 85308 (503) 389-7679 (602) 579-8580 (602) 714-8397 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Aliases: Jan Elizabeth Kruska, Amanda Rogers, Jan Elizabeth Gustafson, Jan Nelson You can read about Jan's crimes here, and her pro-pedophile activities since her release here: http://www.wikisposure.com/Jan_Kruska You can read about her interview on 20/20, and plans to boycott 20/20 and Disney here: http://disney2020boycott.blogspot.com/ http://tampapirate.com/petition-to-disney/ http://absolutezerounited.blogspot.com/2007/08/fluff-n-stuff.html http://www.youtube.com/watch?v=-PUzAZD_gRQ Please spread the word. - Never miss a thing. Make Yahoo your homepage.___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wachovia Bank website sends confidential information
Or hey, if you're not getting anywhere with him, talk to this guy! http://www.belkcollege.uncc.edu/jpfoley/ Let me see: wachovia security cissp incident +network via Google This looks interesting: http://www.bryceporter.com/ I would have contacted someone on this level to put me in touch with the right person. But hey, guess its more hip to add stupid little tags next to your resume or webpage: I broke $INSERT_VENDOR_HERE -- Lasciate ogne speranza, voi ch'intrate ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-Disclosure] blocking SkyPE?
Alain, Check the FAQ at: http://www1.cs.columbia.edu/~salman/skype/ They present two distinct methods for blocking Skype. Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/