Re: [Full-disclosure] Chinese backdoors "hidden in router firmware"
On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: >> Come on, where are the evidences? Sounds pretty much like racialism. >> >> Usually the engineers are having a hard time on even getting the >> routers and switches functional for mass market; there won't be any >> time left for them to plant well hidden backdoors. > > But that's the proof right there - the reason *why* they have so much > trouble getting the damned things to work is because they have to work > around the backdoors in the device... ;) Before we blow this off with a good laugh we should all remember the back doors in other network gear. Even so-called "core equipment" (anyone remember the backdoor into the [Nortel] Shasta (later known as "BSN 5000")? Assuming that any unaudited gear has a backdoor is just common sense. -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother What religion, please tell me, tells you as a follower of that religion to occupy another country and kill its people? Please tell me. Does Christianity tell its followers to do that? Judaism, for that matter? Islam, for that matter? What prophet tells you to send 160,000 troops to another country, kill men, women, and children? You just can't wear your religion on your sleeve or just go to church. You should be truthfully religious. Mahmoud Ahmadinejad ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Skype - the voip company
Yeah. Skype is Out Of Service. -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "Military force is justified only in self-defense; naked aggression is the province of dictators and rogue states. This is the danger of a new 'pre-emptive first strike' doctrine." Ron Paul On Thu, 16 Aug 2007, Simon Smith wrote: > Date: Thu, 16 Aug 2007 15:43:31 -0400 > From: Simon Smith <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] Skype - the voip company > > Greetings, > Does anyone know any more details about the current skype outage, other > than what is being presented on their web-site? It appears that all > skype-in telephone numbers are reporting "out of service", their > downloads are disabled, and login to the service is disabled. > > Thanks in advance. > > > > - simon > > -- > http://www.snosoft.com > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] L2TP Packet Generator?
If you need to ask this question then you are clearly not qualified to do the work. Frm it out. -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "Military force is justified only in self-defense; naked aggression is the province of dictators and rogue states. This is the danger of a new 'pre-emptive first strike' doctrine." Ron Paul On Wed, 8 Aug 2007, Code Breaker wrote: > Date: Wed, 8 Aug 2007 16:59:11 + > From: Code Breaker <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] L2TP Packet Generator? > > Hi, > > For some work i need a l2tp/ppp packet generator.is there any L2TP Packet > generator? or how should i proceed with writing one? > thanks for any help. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Halvar Flake denied entry to USA for
On Mon, 30 Jul 2007, [EMAIL PROTECTED] wrote: > you that I qualify for the sobriquet; "Old Fart", and not only has the > mideast been fucked for a VERY long time, I dispute that it is even > POSSIBLE to make it worse. At best you can reshuffle the deck. Hannigan - is that you?!?!? -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "Military force is justified only in self-defense; naked aggression is the province of dictators and rogue states. This is the danger of a new 'pre-emptive first strike' doctrine." Ron Paul ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Humor] [archivists] National Archives timestamp (fwd)
The Great Unwashed Masses discover SHA-256! -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "The real point is that you cannot harbor malice toward others and then cry foul when someone displays intolerance against you. Prejudice tolerated is intolerance encouraged. Rise up in righteousness when you witness the words and deeds of hate, but only if you are willing to rise up against them all, including your own. Otherwise suffer the slings and arrows of disrespect silently." Harvey Fierstein is an actor and playwright. -- Forwarded message -- Date: Tue, 10 Jul 2007 13:52:18 -0500 From: Brad Jensen <[EMAIL PROTECTED]> To: 'Bill Cribbs' <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: [archivists] National Archives timestamp For those who are not aware, there is a computational procedure you can do for any digital file, that creates a unique number, called a hash, that only matches that exact file. There is a Federal standard for one hashing algorithm, called SHA-1. That is a 160-biit number. More commonly used today is the SHA-256 hash, that generates a 256 bit number. Another term for this is 'digital thumbprint'. In the following discussion I am referring implicitly to the use of the SHA-256 hash. If you take a digital file 'A', and you change the order of two characters in the file, the hash becomes completely different. No two digital files will have the same thumbprint. You cannot predict what the thumbprint will be for a file. You cannot forge or modify a file to match an existing thumbprint. There are digital time stamping services on the internet that register these 'thumbprints' to prove a particular file existed at a particular date and time, and it has not changed. The US Postal Service offers a time stamping service for a small fee that they call an 'Electronic Postmark' but it only is kept for seven years. They also require the user to have a digital certificate to establish identity of the person time stamping the file. I propose something simpler. I propose that the National Archives create and offer a free time stamping service that does not require a digital certificate. The purpose of this is to store and retrieve unique file identifiers that will establish that a file existed at a certain date and time, and has not changed. Then files can be archived in multiple locations across a distributed network, and their identity and authenticity will remain unquestionable. This service would be a public good, similar to the digital time source offered by the Navy, for example. The National Archives will keep these timestamps in perpetuity. They would basically be entries in a database, with a 32-byte thumbprint, date and time. They would be a public record, so anyone can look up a thumbprint and now the date and time it was registered. Can others see the value of this idea? I can write the basic software for this. One part would be a database for the National Archives with a web XML interface for registering and retrieving the thumbprints. It would include a feature to thumbprint each day's database entries, to eliminate any possibility of human interference in the process. You don't have to trust anybody or even the institution, since the thumbprints are impossible to forge. The second thing would be a program, downloadable from a web page, to calculate and submit the thumbprint. I can write it in Windows, publish the source, and others could do the same for Linux, etc. What could it be used for? Scanned images, photographs, text documents, backup files, sound recordings, web pages, newspapers, anything that can be digitized. Since the only submission is the thumbprint and not the file, files can remain private yet still be authenticated later. And the processing load on the server is tiny. The other alternative to have someone like the National Archives do it, is to do it ourselves as a distributed database with replication across many sites and servers. I can do it myself, but this needs institutional support to last forever. That institution can be a formal body like the National Archives, or an ad hoc self-organizing one. Perhaps the latter makes sense in this global internet world. I think of this as the 'Forever Project' since it is the first thing designed to last forever. Brad Jensen President LaserVault LLC www.laservault.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
On Sun, 8 Jul 2007, Dave Hull wrote: > On 7/8/07, ascii <[EMAIL PROTECTED]> wrote: > > > > I believe that's more noble than selling them to the highest bidder, > > but I understand some people have to put food on their families. I prefer to put food *around* my families, and let them apply the food themselves. --) -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "The real point is that you cannot harbor malice toward others and then cry foul when someone displays intolerance against you. Prejudice tolerated is intolerance encouraged. Rise up in righteousness when you witness the words and deeds of hate, but only if you are willing to rise up against them all, including your own. Otherwise suffer the slings and arrows of disrespect silently." Harvey Fierstein is an actor and playwright. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Does this exist ?
You may want to email Jason Coombs (the guy who keeps posting to lists such as FD that he "wont have anything further to do with computer forensics" and then works yet another case. Yea, I think he's nuts, but...). Jason was actively working on a project similar enough to this that it could be interchangeable (using his Piv-x botnet of course). -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "The real point is that you cannot harbor malice toward others and then cry foul when someone displays intolerance against you. Prejudice tolerated is intolerance encouraged. Rise up in righteousness when you witness the words and deeds of hate, but only if you are willing to rise up against them all, including your own. Otherwise suffer the slings and arrows of disrespect silently." Harvey Fierstein is an actor and playwright. On Thu, 5 Jul 2007, Dan Becker wrote: > Date: Thu, 05 Jul 2007 08:20:04 -0500 > From: Dan Becker <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] Does this exist ? > > > I have an idea that won't leave me alone and this list seems to have the most > potential for knowing if the idea exists. My apologies for a somewhat offtopic > post. > > Would there be a way to create a rainbow table of tcp packets to be used to > generate one packet for every 1000 or so normal packets simply by matching > hashes with databases on both ends ? > > One could use this for crypto or simply traffic reduction over latent networks > such as satellites. > > > > All message scanned for viruses with Clam Antivirus. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cryptome is dead (at least for now)
On Sun, 29 Apr 2007, Line Noise wrote: > As a friend of mine said elsewhere, John Young must have said something bad. Yeah - speaking Truth in the Fascist United States. > Verio caved. It's really too bad, for us all. Yes it is. And who's next, huh? Bush's machine can just do whatever the hell it wants, and "we the people" just sit here botching about "its too bad John got shut down, isnt it"? Please, someone just nuke the US and get it over with already - we (TINW - read: USA) has long since forfeit our right to exist. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "The real point is that you cannot harbor malice toward others and then cry foul when someone displays intolerance against you. Prejudice tolerated is intolerance encouraged. Rise up in righteousness when you witness the words and deeds of hate, but only if you are willing to rise up against them all, including your own. Otherwise suffer the slings and arrows of disrespect silently." Harvey Fierstein is an actor and playwright. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wikipedia and Pedophilia
On Mon, 22 Jan 2007 [EMAIL PROTECTED] wrote: > In other news: > - GW Bush, Dick Cheney, Paul Wolfowitz, and Colin Powell piloted the > planes on 9/11 (they jumped out at the last minute) > - Hurricane Katrina was caused by the Yakuza using weather control > technology developed in the 1960s- they are mad about the US using the > atomic bombs in WWII > - Hugo Chavez and Fidel Castro dine together nightly and always split > the same dish: one human baby (this is what's keeping Castro alive) > - The Russkies are STILL after our precious bodily fluids You forgot one: - You STILL can't fight in the war room. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "In the age-old contest between popularity and principle, only those willing to lose for their convictions are deserving of posterity's approval." Gerald Ford ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hancock: for those who requested sources...
The below article carries most of the actual story, leaving out only a few details. For instance, the fact that Hancock left Savvis after being told to cease using the fake honorofic "Dr." in anything associated with the company, and the underlying fact that this guy was a complete and utter charlatan. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "In the age-old contest between popularity and principle, only those willing to lose for their convictions are deserving of posterity's approval." Gerald Ford --- http://www.scmagazine.com/uk/news/article/624647/bill-hancock-convivial-information-security-pioneer-amateur-stand-up-comic-dead-49/ Bill Hancock, convivial information security pioneer - and amateur stand-up comic - dead at 49 Dan Kaplan Jan 4 2007 22:31 Bill Hancock, who, despite being legally blind, parlayed a gregarious demeanor into a career as an information security icon and cyber-risk and network best practices advocate, died Monday. He was 49. "He was a very impressive person," said friend and colleague Larry Clinton, COO of the Internet Security Alliance (ISA), where Hancock formerly served as chairman of the Board of Directors. "He was 6-feet-5, legally blind, and when I met him, he was well over 300 pounds. He was a big, blind guy.But he was very outgoing and immensely smart." The former CSO and senior vice president of security at Exodus, Cable & Wireless and Savvis Communications, Hancock used unconventional means to emphasize security across an organization and to champion for physical and digital security convergence. He once enrolled in a stand-up comedy class to improve his communication skills and later performed at the historic The Improv comedy club in New York. "At first, he didn't like speaking," recalled his longtime friend and co-worker Kevin M. Nixon, 51. "It helped calm his nerves and from that point on, you couldn't get him off the stage with a hook. He was colorful and loud in his presentations, but everyone got the message when they left the seminar." "He loved to speak," Clinton said. "He was a real performer. He always wanted to blend humor into very serious topics because he felt that got people's attention. He was all about getting the job done, whatever it took. He was very eclectic. He was a real Renaissance man." Hancock, who died recovering from a December surgery to remove a gall bladder, served as chairman of the Federal Communication Commission's Network Reliability and Interoperability Council (NRIC), which sought to develop federal infrastructure best practices in the wake of the Sept. 11, 2001 terrorist attacks. He also testified before Congress numerous times on topic of cybersecurity. "Bill was a true security evangelist," Nixon said. "It didn't make any difference if you were John Warner or John Doe. He was going to sit down with you and explain the reason you had to do something until you got it." He served as CTO and principal of Network One from 1990 to 1999, before it was acquired by Exodus, which was later purchased by Wireless & Cable and then Savvis. He left Savvis in 2005 to join San Antonio-based SecureInfo as its CSO. An avid karate enthusiast despite having only 20-percent vision due to diabetes that developed when he was a teenager, Hancock often participated in Black Belt events while on business trips. Few ever doubted Hancock's interpersonal skills, said close friends. "He was the best friend I ever had as a boss," said Nixon, who worked under Hancock from 2000 to 2005 after meeting him at a security conference 12 years ago in Baltimore. "Bill's way of managing people was very unique. He used to say, .You're hired because you're all experts in your industry and you don't need me in your way. I'm here because I'm here to help you up if you fall down. But the day you stop getting up is the day I get upset with you.'" A lifelong Dallas area resident, Hancock is survived by his wife, Margeina; son Landreth and stepsons, Nicholas, Thomas, Matthew and Lawrence. Click here to email reporter Dan Kaplan. clear float clear float Related Links Internet Security Alliance Federal Communications Commission FCC Network Reliability and Interoperability Council SecureInfo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Good Riddance: "Dr." Bill Hancock - DOA
For those who haven't yet heard, fake Seal and PhD, "Dr." Bill Hancock has finally left this world for less suspicious pasture, proving that there *is* a God. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "In the age-old contest between popularity and principle, only those willing to lose for their convictions are deserving of posterity's approval." Gerald Ford ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FWD: RE: [Dailydave] Symantec Blackberry Whitepaper. (fwd)
-- Forwarded message -- Date: Mon, 27 Nov 2006 22:01:16 -0600 (CST) From: J.A. Terranson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: RE: [Dailydave] Symantec Blackberry Whitepaper. Someone was kind enough to send it to me, so I am returning the favor for those who may still be looking for it: http://www.mfn.org/~measl/blackberry.security.pdf Enjoy! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] *BSD banner INT overflow vulnerability
On Wed, 22 Nov 2006, Sean Comeau wrote: > On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote: > > > > %uname -sir > > FreeBSD 6.1-RELEASE GENERIC > > %gdb banner > > (gdb) r -w 1700 > > Program received signal SIGSEGV, Segmentation fault. > > 0x01010101 in ?? () > > > > This doesn't crash banner on OpenBSD, FreeBSD 4.10R doesn't give a shit either. > and even if it did who cares? What would anyone accomplish by making > this setuid root? -bash-2.05b$ ls -al /usr/bin/banner -r-xr-xr-x 1 root wheel 16136 May 25 2004 /usr/bin/banner Good question. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS kiddiots can face 10 years in jail
On Wed, 15 Nov 2006, Ronald MacDonald wrote: > I'm worried the Government is tightening the Computer Misuse Act > without fully understanding any consequences... Um, isn't that their *job*? Who said they needed to understand anything? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Seeking anyone damaged by Yuma Arizona!
On Fri, 10 Nov 2006, gabriel rosenkoetter wrote: > I wouldn't pretend (nor want) to be inside measl's head, but I think > he's talking about (attempted? alleged?) electonic voting machine > intrusion: > > http://kvoa.com/Global/story.asp?S=5659237&nav=HMO6 BZZZzzztt! Next! We're talking about a lonely prosecutor in Yuma. Comeon folks - surely I was not the *only* one who got a call? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Seeking anyone damaged by Yuma Arizona!
You people know who you are: you use Encase at inappropriate times, you erase dd images as directed by the courts, and you work diligently for the public good. So now, come out of the closet - its time to leave those 2 lesbian schoolgirls alone (they will discover their own sexuality without you... Alas...) Will anyone/everyone who has been hurt by Yuma Arizona ***please*** come forward!!! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] If we can read 19, 832 n3td3v posts, we can do 1 open hate mail to Lieberman!
(This was sent in reponse to a mass email sent out by Joe - even though me and him have had nothing to do with each other for a *long*, LONG, time. --- Joe - If you check your records, you'll see that I contributed to your campaign (last time) at the same rate I gave to the Lamont campaign *this* time [about $1,500.00]. My change of heart wasn't brought about by your support of the Angry Midget in the White House. It wasn't a result of your support of many Republican policies and positions. I didn't "dump" you because of *any* of your political positions. I left you because you left us first! Joe Lieberman hasn't been a supporter of the State of Connecticut for several years now - unfortunately, Joe has been supporting ONLY Joe himself. Lieberman for Lieberman through thick and thin. Your current plan to run as an independent, rather that the honorable thing (support the fairly elected candidate, just like YOU were DEMANDING just a few short months ago) is a great illustration of this point. Frankly Joe, you've become disgusting. An overgrown self-centered child, who's sole interest is to loook out for your own fat and greasy hide. How do you sleep at night? How does Hadassah sleep by your side? The stench of hypocrisy is thick by your feet. I urge you to rethink this ill advised plan to turn your back on what you claim has been decades of loyalty to both the constituency and the Democratic party: there is still time to accept your current situation and to stand up as an honorable man - supporting your family, party, and constituency. With respect for the Joe Lieberman I used to support, I am, sincerely yours - Alif Terranson ___ Antisocial mailing list [EMAIL PROTECTED] http://lists.mfn.org/mailman/listinfo/antisocial ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LONG LIVE HEZBOLLAH AND LEBANON; DOWN WITH AMERICA AND ISRAEL
On Sat, 5 Aug 2006, stop killing civilians wrote: ^^ A little late to the party "SKC". > Date: Sat, 5 Aug 2006 20:03:08 + > From: stop killing civilians <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] LONG LIVE HEZBOLLAH AND LEBANON; DOWN WITH > AMERICA AND ISRAEL > > LIKE SAY The caps [un]lock key is on the left edge of the keyboard, at roughly the center. Look for it. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "A nation's success or failure in achieving democracy is judged in part by how well it responds to those at the bottom and the margins of the social order... The very problems that democratic change brings -- social tension, heightened expectations, political unrest -- are also strengths. Discord is a sign of progress afoot; unease is an indication that a society has let go of what it knows and is working out something better and new." Sandra Day O'Connor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CFP: DA Workshop - ISOI
On Sat, 8 Jul 2006, Gadi Evron wrote: > Attendance: > --- > The workshop is organized by the DA and MWP communities with the much > appreciated help of Cisco Systems, Inc., and is closed to members of the > following communities: > DA, MWP (and sister communities such as routesec), OARC, NSP-SEC. FIRST > and the honey-net project. > The workshop is closed to reporters. And, for the second time, in the second forum (but with no answer as yet), I ask "Why is this closed to these communities?". These are the very communities most closely involved with the very topics being presented. What is the logic here? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
> Finally - The very fact you've asked the question you've stated leads > me to believe you fall into example 2, as someone who falls into > example 1 would never post this kind of message to the international > WAN security community, respectively. The "international WAN security community"? Is that related to the Military Industrial Complex? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Spamming IP in your subnet range]
On Thu, 22 Jun 2006, Dan B wrote: > FYI. Comcast Contacted. > > Cheers, > DanBUK. In all seriousness, what makes you think they give a shit? I mean, it's *comcast* for chrissakes... > PS. Although I don't hold my breath on them dealing with it quickly, if > at all... Never. You might as well save your electrons. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] terrorists have invaded the united states
On Sat, 10 Jun 2006, Robert Waters wrote: > wow is this ever OT. > Would you please keep this type of nonsense to your own list? In case you missed it - FD *is* n3td3v's "own list". Has been for months. The rest of us are just spectators. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tool Release - Tor Blocker
On Sat, 3 Jun 2006, Jason Areff wrote: > -- > security through obscurity isnt security > -- Yet you are attempting to inccrease the "seurity" of your web server by making it obscure to TOR users? Why don't you secure your web server instead? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: re : [Full-disclosure] n3td3v agenda revealed
On Sat, 3 Jun 2006, n3td3v wrote: > On 6/3/06, Anil Gulecha <[EMAIL PROTECTED]> wrote: > > > > LOL > > > > Hi, > > You're the kind of person who laughed when there were people planning > to throw planes into the world trade center, then after it happened > you still laughed. > > It is kind of why cyber security is in the same sorry ass state as > mainland security is right now. > > Regards, > > n3td3v I'd like to think that in 20 or 30 years you will look back over the lame ass shit you have posted here (and other victim fora) and cringe. But I'm not counting on it. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] For the attention of Mi5, Mi6 or Symantec
On Mon, 22 May 2006, n3td3v wrote: > Hello Mi5, Mi6, Symantec > > I have information regarding Yahoo > > Reference: > http://groups.google.com/group/n3td3v/browse_thread/thread/7b60d3fbd0eb9a77/7d1f85fbe122fb29#7d1f85fbe122fb29 > > I used to be his friend but now he fell out with me, so I want to tell > everyone about him, because he's a yahoo employee i used to give > "intelligence" to, but now he backstabbed me, and he miscalculated how > much i knew about him and his "circle of friends". > > He works for Yahoo > > Contact me on e-mail and we can exchange phone numbers, Hello? Is this MI5? Yeah, OK. My name is Netdev, and N-E-T-D-E-V. Surely you know of me, right? I'm the worlds leetest haxor! I'm the guy that Gates is always begging for help from. Netdev, got it? So, like, I was telling you about this guy who double crossed me: he's a super secret black hat who works at Yahoo! to feed his dope habit. But he's also a damn white hat who could bring down the Intarnet if he's not stopped! I'm gonna help you to stop him too. All I want out of the deal is a small little favor... A high School Diploma. Thats it. . . . . -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: FALSE FLAG Re[2]: [Full-disclosure] **LooseChange::Debunk it??**
On Sat, 20 May 2006, donnydark wrote: > Hello Steve, > > This whole discussion does not belong on this mailing list. HOWEVER, > you are so fvcking stupid it hurts: > > > Furthermore, you have a logical fallacy in your argument, because you > > are insisting that a controlled demolition collapse would be faster > > than an accidental collapse. Which part of the equation tells you > > that? Objects faill at 32 feet per second per second. The *cause* of > > the fall is irrelevant. > > WRONG, asshat. The cause affects the fall in this case. If the > building was collapsing, the top falls down and HITS the floors below, > those floors are MASS at REST, and thus absorb downward inertia. It is > not free fall, because the building is hitting down upon itself. [Sounds of popcorn munching] Hey Martha! Come look at this idjit on FD! [Sounds of laughter ensue] > Operation Northwoods, or Northwoods, was a 1962 plan to generate U.S. > public support for military action against the Cuban government of > Fidel Castro as part of the U.S. government's Operation Mongoose > anti-Castro initiative. The plan, which was not implemented, called > for various false flag actions, including simulated OR REAL STATE > * > SPONSORED TERRORISM (SUCH AS HIJACKED PLANES) on U.S. and Cuban soil. > * > The plan was proposed by senior U.S. Department of Defense leaders, > including the highest ranking member of the U.S. military, the > Chairman of the Joint Chiefs of Staff Lyman Louis Lemnitzer. As everyone knows, I am as close to the Anti-Bush as you are likely to find in this world, yet even I don't buy into this one. You have *got* to be kidding! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Call for moderation
bugtraq != reasonably full disclosure either. On Fri, 19 May 2006, Micheal Espinola Jr wrote: > Date: Fri, 19 May 2006 14:26:12 -0400 > From: Micheal Espinola Jr <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: Full Disclosure > Subject: Re: [Full-disclosure] Call for moderation > > moderation for utter crap != bugtraq > > > On 5/19/06, evilrabbi <[EMAIL PROTECTED]> wrote: > > If for some reason this guy gets taken seriously and his request actually > > gets considered. I would like to say I wouldn't like a moderated list.. If I > > did I'd be looking at bugtraq right now. > > > > > > On 5/19/06, Aaron Gray <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > Regarding some previous threads. > > > > > > Some people just show how low they are ! > > > > > > This is why we need some form of "Code of Conduct" or even better change > > to a moderated list. > > > > > > Otherwise the whole list just gets ruined and will ndeteriate over time. > > > > > > Heres a call for moderation before it gets too late. > > > > > > Anything that is too off topic or inflamatory should get junked. > > > > > > Aaron > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > > -- > > -- h0 h0 h0 -- > > www.nopsled.net > > ___ > > Full-Disclosure - We believe in it. > > Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [inbox] Re: [Full-disclosure] [funsec] fuzzing mailing list
On Sat, 15 Apr 2006, nocfed wrote: > ---SNIP--- > DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF > THE DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. > THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX > OPERATING SYSTEM AND THE DECSYSTEM-10 COMPUTER ARCHITECTURE. > BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER > THE TOPS-20 OPERATING SYSTEM. > THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM > 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF > THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE > OTHER DECSYSTEM-20 MODELS. > > WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 > FAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN > CALIFORNIA THIS MONTH. THE LOCATIONS WILL BE: > >TUESDAY, MAY 9, 1978 - 2 PM >HYATT HOUSE (NEAR THE L.A. AIRPORT) >LOS ANGELES, CA > >THURSDAY, MAY 11, 1978 - 2 PM >DUNFEY'S ROYAL COACH >SAN MATEO, CA >(4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT > 92) > > A 2020 WILL BE THERE FOR YOU TO VIEW. ALSO TERMINALS ON-LINE TO OTHER > DECSYSTEM-20 SYSTEMS THROUGH THE ARPANET. IF YOU ARE UNABLE TO ATTEND, > PLEASE FEEL FREE TO CONTACT THE NEAREST DEC OFFICE FOR MORE > INFORMATION ABOUT THE EXCITING DECSYSTEM-20 FAMILY. > ---END SNIP--- For those of you not old enough to remember the fallout of this message- DEC took a *severe* beating over this posting. To the point that they were threatened with withdrawal of ARPANET access. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gary McKinnon
> > > Ah, so you're stating you have prior knowledge of and involvement in a > > > Felony conspiracy? Naw... He read something about it on rne -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gary McKinnon
On Fri, 14 Apr 2006, joe haldon wrote: > And why should people > demonize a person or party just because they don't agree? Generally, "demonizing the other side" is neither factually correct nor ethically responsible, *however*, since GWB *IS*, ->in fact<-, the devil himself What I wanna know is this: we have perfectly good, responsible assasins in prison -- doing NOTHING --, when they could be *put to work* for the State. Lets face it, we NEED this service right now! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
On Thu, 13 Apr 2006, Brandon S. Allbery KF8NH wrote: > On Apr 13, 2006, at 1:29 , Dave Korn wrote: > > > Hey, guess what I just found out: Microsoft have deliberately > > sabotaged their DNS client's hosts table lookup functionality. > > I thought this was part of avoiding malware attempts to block Windows > Update. Windows *IS* malware. To block it requires reformatting. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo security give blogger the thumbs up
On Sun, 12 Mar 2006, SO SECURITY RESEARCH INSTITUTE wrote: > ADP > were unavailable for comment at time of this message being submitted to > Full-Disclosure mailing list. http://tinyurl.com/plqt3 This URL describes ADPs not unreasonable password policy (8-14 characters, must contain special chars, no incrementing or decrementing chars, and no repeats). Sure, it's annoying, but it's also good practice. At least they haven't gone over the edge, like, oh, a large tier-1 NSP with a 6 letter name that has all the above requirements, AND: Password shall change EVERY 90 DAYS!; password shall not ever repeat; password shall not be derived from any dictionary word (!!! - this alone makes the system unusable - !!!) no passwords like "#V3rify||M3||n0w#" because there are three English derived words. Ever try and actually USE such a gawd awful system?. The KICKER though was this: the above reuqirements are for several discrete systems (domain login, RADIUS login, VPN login, etc), and NONE of these systems shared credentials - so you had to change them ALL every three months, AND keep them straight! As an industry, we need to come to terms with the concept that a bad password kept secret is better than a great password written down on every available surface because it changes every 3 months and has irrational requirements. ADP seems to have found a good middle ground policy. Revealing that policy hurts nobody in any way - ADP/Yahoo security is not compromised by this disclosure - so what's the point? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New MSN Servers
Savvis doesn't even expose the customer interface directly to the internet in most situations. What you are scanning is an Inkra load balancer. jeez... -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Taking from 1 is copying. Taking from 2 is Plagiarism.
The below is from the widely respected Slade. Read it. This is just one more nail in the coffing of the Certificate Money Machines. All you CISSP's just because worthless based upon your certifying authority. Can Everything SANS be far behind??? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker - Date: Fri, 30 Jul 2004 07:54:11 -0800 From: Rob Slade <[EMAIL PROTECTED]> Subject: REVIEW: "Official [ISC]^2 Guide to the CISSP Exam", Hansche et al. BKOIGTCE.RVW 20040618 "Official (ISC)^2 Guide to the CISSP Exam", Susan Hansche/John Berti/Chris Hare, 2004, 0-8493-1707-X, U$69.95/C$101.50 %A Susan Hansche [EMAIL PROTECTED] %A John Berti [EMAIL PROTECTED] %A Chris Hare [EMAIL PROTECTED], [EMAIL PROTECTED] %C 920 Mercer Street, Windsor, ON N9A 7C2 %D 2004 %G 0-8493-1707-X %I Auerbach Publications %O U$69.95/C$101.50 800-950-1216 [EMAIL PROTECTED] %O http://www.amazon.com/exec/obidos/ASIN/084931707X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/084931707X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/084931707X/robsladesin03-20 %P 910 p. + CD-ROM %T "Official (ISC)^2 Guide to the CISSP Exam" Once again I have to state a bias in regard to this book. I've known about this book since its inception, I've known and advised the authors, I provided bits of the material, and even contributed one appendix. (The annotated bibliography and references--surprise, surprise.) I was asked to review the chapters while the book was in production. The reason was, of course, that I had reviewed all the other CISSP (Certified Information Systems Security Professional) guides. Specifically, the intent was to ensure that this manual, prepared and supported by (ISC)^2 (International Information Systems Security Certification Consortium) was "head and shoulders" above all the other published works. This volume is not perfect, by any means, but it is the best of the current bunch. Taking material from one source is copying, taking material from two sources is plagiarism, and taking material from many sources is research. This volume has not only research but direct input from a great many sources. Some are mentioned in the acknowledgements, a number of others are to be found on the title page, since sections of major articles from the venerable "Information Security Management Handbook" (cf. BKINSCMH.RVW) were included or used as the basis for parts of the guide. Even this doesn't exhaust the contributions, since much of the work is informed by the material in the (ISC)^2 CBK (Common Body of Knowledge) Review Seminar, and over a hundred individuals have had the chance to augment that content. The result is a breadth and currency of information that exceeds any other guide on the market. Sample questions and exams are eagerly sought by candidates for the CISSP exam. This guide has a significant advantage in this regard: not only do a number of the contributors produce questions for the exam itself (therefore being more than passingly familiar with the style and level of difficulty required), but the CISSP exam committee was also approached for advice and input. No source is able to provide "actual" CISSP exam questions, but the examples provided in this volume are very close in form, mix, degree of difficulty, and concept. The book is not without its faults. The sheer volume of the contributors ensured that topics were covered multiple times, and not all duplicated areas have been amalgamated. In addition, the variety of writing styles can make the text disjointed in places, as it moves from section to section and subject to subject. These factors can make the work difficult and demanding to read and follow. The CISSP exam, as the security field itself, is a changing target, and no book can expect to provide the "best" coverage of the topic indefinitely. As well, security is an immense discipline, and touches on an inordinate number of other areas. This work, however, has come closest to spanning the range of subject matter necessary to challenge the CISSP exam, and is currently the best of the guides. copyright Robert M. Slade, 2004 BKOIGTCE.RVW 20040618 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://victoria.tc.ca/techrevorhttp://sun.soci.niu.edu/~rslade -- -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF &#x
[Full-disclosure] ISC2 vs Rob Slade
I've been reading Slade for a LOn time now, and I've come to appreciate his reviews. Generally, they are spot on, concise, and to the point. Take this one for example. ;-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF -- Date: Fri, 30 Jul 2004 07:54:11 -0800 From: Rob Slade <[EMAIL PROTECTED]> Subject: REVIEW: "Official [ISC]^2 Guide to the CISSP Exam", Hansche et al. BKOIGTCE.RVW 20040618 "Official (ISC)^2 Guide to the CISSP Exam", Susan Hansche/John Berti/Chris Hare, 2004, 0-8493-1707-X, U$69.95/C$101.50 %A Susan Hansche [EMAIL PROTECTED] %A John Berti [EMAIL PROTECTED] %A Chris Hare [EMAIL PROTECTED], [EMAIL PROTECTED] %C 920 Mercer Street, Windsor, ON N9A 7C2 %D 2004 %G 0-8493-1707-X %I Auerbach Publications %O U$69.95/C$101.50 800-950-1216 [EMAIL PROTECTED] %O http://www.amazon.com/exec/obidos/ASIN/084931707X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/084931707X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/084931707X/robsladesin03-20 %P 910 p. + CD-ROM %T "Official (ISC)^2 Guide to the CISSP Exam" Once again I have to state a bias in regard to this book. I've known about this book since its inception, I've known and advised the authors, I provided bits of the material, and even contributed one appendix. (The annotated bibliography and references--surprise, surprise.) I was asked to review the chapters while the book was in production. The reason was, of course, that I had reviewed all the other CISSP (Certified Information Systems Security Professional) guides. Specifically, the intent was to ensure that this manual, prepared and supported by (ISC)^2 (International Information Systems Security Certification Consortium) was "head and shoulders" above all the other published works. This volume is not perfect, by any means, but it is the best of the current bunch. Taking material from one source is copying, taking material from two sources is plagiarism, and taking material from many sources is research. This volume has not only research but direct input from a great many sources. Some are mentioned in the acknowledgements, a number of others are to be found on the title page, since sections of major articles from the venerable "Information Security Management Handbook" (cf. BKINSCMH.RVW) were included or used as the basis for parts of the guide. Even this doesn't exhaust the contributions, since much of the work is informed by the material in the (ISC)^2 CBK (Common Body of Knowledge) Review Seminar, and over a hundred individuals have had the chance to augment that content. The result is a breadth and currency of information that exceeds any other guide on the market. Sample questions and exams are eagerly sought by candidates for the CISSP exam. This guide has a significant advantage in this regard: not only do a number of the contributors produce questions for the exam itself (therefore being more than passingly familiar with the style and level of difficulty required), but the CISSP exam committee was also approached for advice and input. No source is able to provide "actual" CISSP exam questions, but the examples provided in this volume are very close in form, mix, degree of difficulty, and concept. The book is not without its faults. The sheer volume of the contributors ensured that topics were covered multiple times, and not all duplicated areas have been amalgamated. In addition, the variety of writing styles can make the text disjointed in places, as it moves from section to section and subject to subject. These factors can make the work difficult and demanding to read and follow. The CISSP exam, as the security field itself, is a changing target, and no book can expect to provide the "best" coverage of the topic indefinitely. As well, security is an immense discipline, and touches on an inordinate number of other areas. This work, however, has come closest to spanning the range of subject matter necessary to challenge the CISSP exam, and is currently the best of the guides. copyright Robert M. Slade, 2004 BKOIGTCE.RVW 20040618 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://victoria.tc.ca/techrevorhttp://sun.soci.niu.edu/~rslade ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ISC(2) Any news?
-- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sorry
On Mon, 20 Feb 2006, coderman wrote: > On 2/20/06, Gadi Evron <[EMAIL PROTECTED]> wrote: > > ... > > WTFBBQ? > > that's a highly specialized GIAC Security Expert certification. > > i could tell you more, but then i'd have to murder you painfully. Since I no longer subscribe to the decoder ring club, I'll spill the beans. WTFBBQ? can be yours, for only $1399.99, plus the examination fee of $400.00. All tests are open book, and you can waive a practical exam for an additional $250.00 payable to any board member of SANS... -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] blocking Google Desktop
On Sat, 11 Feb 2006, Jason Coombs wrote: > Date: Sat, 11 Feb 2006 21:49:35 +1300 > From: Jason Coombs <[EMAIL PROTECTED]> > To: J.A. Terranson <[EMAIL PROTECTED]> > Cc: Full-Disclosure > Subject: Re: [Full-disclosure] blocking Google Desktop > > J.A. Terranson wrote: > > Invite the idiot in the > > white house, I hear he's feeling unloved today :-) > > Do you mean: "invite the idiot" in the white house ? > > Or do you mean: invite the "idiot in the white house" ? > > My favorite stupid hacker trick "in the white house": getting POTUS to > call you by your hacker handle. (be sure to call him POTUS in return) > > http://www.cultdeadcow.com/cDc_files/cDc-0374.php > The rest is more recent history. An invitation to join President > Clinton's Internet security advisory panel was the cherry on top of the > whipped cream. And the coolest thing of all was that they did it on > their own terms. For a hacker to be addressed by the President of the > Untied States by his handle and not given name is the ultimate form of > legitimization. > > http://en.wikipedia.org/wiki/Mudge > http://en.wikipedia.org/wiki/Dildog Old, *old* news man... -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google creates SPAM haven
On Sat, 11 Feb 2006, Stan Bubrouski wrote: > Yeah but typically lists and whatnot these days require confirmation, > Google just blindly subscribes you when anyone requests it, I'm > assuming, since I didn't subscribe to any of the hacker or porn groups > I have to keep removing myself from. Frankly if some Indian hacker > group thinks of me as l33t they have no idea what they're talking > about ;-) Just Say No. Simply STOP USING GOOGLE. How hard can this be? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] blocking Google Desktop
On Fri, 10 Feb 2006, Line Noise wrote: > I'm still trying to help them understand why stuffing a "Chat" > (mis)feature into gmail is a problem. No way to turn it off, and each > account that gets it, starts up with it enabled. Oh, boy, I really > want the world to know when I'm "on line" (especially when it > helpfully adds every person who sends you email to your "Contacts" > list). So far, I've received an email from them, patting me on the > head, and telling me that I need to read the help menus better. > "Disable" and "Off" seem not to be in their vocabulary. I just love these /rants! Yes boys and girls, it is not safe to hand your mission critical data to ANY third party. If your data is sensitive, keep it home. If you don't like Google's email "features", you have a choice you know. (Hint: GO SOMEWHERE ELSE!) Yes, it really is THAT EASY to fully protect yourself against all this Google Evil Just Say No. The town criers who are sounding the alarms are just ludicrous. My favorites are the folks who are bitching and moaning, and are performing this parade FROM GMAIL ACCOUNTS! We certainly need FD as to what these products *DO*. Discussion of how it works is totally appropriate, but the "evil google doesn't want to give me an off button" bullshit is pointless. And while it may be entertaining to see how many "Security Professionals" (insert SANS or other Pay-For-Play meaningless but very expensive set of initials here) can't figure out how to simply Say No to a product they don't like, it's still a horrific waste of bandwidth. Even worse, it attracts posts like this one - where every asshole who meets any of the above descriptions will want his or her "shot" at this post. Have at it - it's all yours for the taking, I don't give a shit enough to respond, so have a party. Invite the idiot in the white house, I hear he's feeling unloved today :-) -- Yours, J.A. Terranson [EMAIL PROTECTED] "What The United States *really* needs to win it's War On Some (but not allied) Terrorists is a good old fashioned Nuclear Enema." ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] private imap4d exploit
On Mon, 23 Jan 2006, c0ntex wrote:
> On 22/01/06, crash-x gay <[EMAIL PROTECTED]> wrote:
> > Don't lie crash-x we all know you ripped the code off rave and changed the
> > printf()'s to make it look like yours. You even admit to changing it again
> > now!!!
> >
> > ravecool wrote this code - crash-x is a code thief!!! rave deserves the
> > credit for this exploit as he is the real hacker here.
>
>
> No, it was mine!
>
> printf("[!] mailutils imapd4d universal(?) exploit 0.5 by c0ntex\n");
Yet, I found *this* in my older files:
printf("[!] mailutils imapd4d universal(?) exploit 0.5 by n3td3v\n");
Will the REAL code theif, please stand up?
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
'The right of self defence is the first law of nature: in most governments
it has been the study of rulers to confine this right within the narrowest
limits possible. Wherever standing armies are kept up, and the right of
the people to keep and bear arms is, under any colour or pretext
whatsoever, prohibited, liberty, if not already annihilated, is on the
brink of destruction.'
St. George Tucker
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
On Tue, 17 Jan 2006, Jason Coombs wrote: > J.A. Terranson wrote: > > An exe? No source??? Just "setup.exe" Are you crazy? > > That's the way Microsoft does it, Look at my headers Jason :-) or $ uname -a FreeBSD home.mfn.org 4.10-RELEASE > and you've got your trusty Anti-Virus > software to protect you, right? So what's the problem? My problem is I am actually *way* overdue on a make world, but I don't have the kind of problems that is likely to bring :-0 -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
On Tue, 17 Jan 2006, 0x7f wrote: > not everything is open source you know :-P > its not like that its an exploit or something. And the user is supposed to know this...how? > it seems suddenly after this n3td0rk shit, everyone starts > his own little flame wars over nothing. calm down > people i didnt want to offend anyone with this release. > my god if you dont have anything usefull to say, then > why dont you stfu. (1) I do have something "useful to say". The exact same thing every other security conscious person is saying: No source? An exe? Bad newss Publicly released "tools" are only safely released through open source (or, "full disclosure" if you prefer). Without source, it's you who should be taking a turn at stfu. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
On Mon, 16 Jan 2006, GroundZero Security wrote: > New version of GroundZero Secure Delete which also supports securely wiping > of Free Space on a Device, has been released! > A free trial can be downloaded here: > http://www.groundzero-security.com/software/g0-SecureDelete-Trial.zip An exe? No source??? Just "setup.exe" Are you crazy? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure][WAY OFF TOPIC] complaints aboutthegovernemntspying!
On Sat, 31 Dec 2005, InfoSecBOFH wrote: > Is that a threat wittle computer geek? > > Its not if you care to take a shot at it, I welcome the attempt. OOhhoohhooho... I'm a really scared now! Maybe [likely] it hasn't occured to you, but it's your very American brand of hyper-machismo bullshit that has caused most of the "terrorism" you are so self-fucking-righteous about 'stopping". Grow up. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure][WAY OFF TOPIC] complaints aboutthegovernemntspying!
On Fri, 30 Dec 2005, InfoSecBOFH wrote: > You know what. Who gives a fuck about any of this. > > I am an American. We have the bombs, we have the money. We have the > balls to use them. So, remind us again, why is it that killing Americans such as yourself should be looked at as a "bad thing"? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: Fwd: [Full-disclosure][WAY OFF TOPIC] complaints about the government spying!
On Fri, 30 Dec 2005 [EMAIL PROTECTED] wrote: > He's not dangerous, he is a silver spoon liberal with a impending > prostrate problem. "Silver spoon liberal"? Do you even know what that means? I hate to burst your bubble buddy, but I am a dyed in the wool republican freak who has never, - EVER - , voted for a Dem. Of course, I've never voted for Shrub either... > He is going to save us all, with his forward > thinking, insight, I hope to at least make a dent. And what, exactly, are *you* doing to "save the world"? > and belief in the New York Times. The Times and me are not exactly on good terms. I'm more of an Al-Jazeera kind of guy: I like my news raw and accurate. > Just ignore him, > and his waste of bandwidth politics. Take that advice. > He can't be wrong as long as he > never does anything but complain, misquote and criticize. IMHO he > should get the fuck out of the US and grow up a little to see how the > world really is, then maybe he will realize How good of a life he has, > even with the republicans in charge. Oh, I admit to having it good. Openly and honestly. But that's not the point, is it? no. The point here is that we have a bunch of party hacks running around firing willynilly in desperate attempts at diversion - keep the eyes of the people OFF of the Presidential felonies! > Maybe we should all ask Alif =JA > Terrason, What you think my towel headed liberal prick? Save us stupid > Americans, we won't survive without you. That may be truer than you know. As for my opinion, here it is, complete with "towel": The US will WIN the "war on terrorist govenment flunkies", and little weasels like you and your midget buddy in the off-white house will [eventually] be banished back to that gay bath house you all came from. > The Senator > -- > vote for me Or me. I represent the True Republican Party. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: Fwd: [Full-disclosure][WAY OFF TOPIC] complaints about the governemnt spying!
On Fri, 30 Dec 2005, pwnd.security.pwnd wrote: > PS- IMHO Terranson, you're dangerous. You're right - I am, and I *know* I am. And that's the reason I persevere. Rational argument is *always* dangerous to those who would "lead". > Maybe the Government should be watching you... > Oh wait; they are. :-> Well - duh! Any government like the one we have today should be *expected* to be "watching" those with opinions outside of their limited mainstream. Sorry baby, I took the wrong colored pill and landed on my ass ;-/ > pwnd.security.pwnd You truly are pwnd: what's amazing is you are willing to advertise it. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[COMPLETELY OFF TOPIC NOW] RE: [Full-disclosure] complaints about the governemnt spying!
ed in a collapse that generated millions of degrees of heat during the compression (collapse) phase. > Now why on Earth should the US government wish to carry out surveilance > on its own citizens? Maybe some are not comatose? See above: already addressed. > Best regards, > > Pete > Pointless. Just fucking pointless. Don't you conspiracy nuts even go to school before postulating this tripe? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [OT] Regarding Mr. Gilmore
Since the list appears to have gone on yet another holiday, I proffer below a reply to the many schizophrenic rants recently posted by our Resident Fascist and Associate Professor of Modern Bullshit, Paul Schmeil. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker -- Forwarded message -- Date: Thu, 29 Dec 2005 21:36:59 -0600 (CST) From: J.A. Terranson <[EMAIL PROTECTED]> Reply-To: Antisocial <[EMAIL PROTECTED]> To: Antisocial <[EMAIL PROTECTED]> Subject: Re: [Antisocial] [EMAIL PROTECTED]: [IP] Fear destroys what Bin Laden could not] (fwd) On Thu, 29 Dec 2005, bkfsec shared the Epiphany, thusly: > The problem is the people who don't want to work things out and who > simply want to obstruct because they can. Obstructionism isn't > worthless, unless it's meaningless. > > I make one exception to all of this: neo-conservatism. You will hear me > talk about the neo-conservative movement in relative absolutes. The > only reason for this is because the neo-con movement is a new movement > that has a well-codified and concise set of beliefs. Most people, I > dare say, who identify themselves as neo-conservative, aren't at all. > > True conservatives should be appalled at the rise of neo-conservatism. > They're hijacking your ideology and replacing it with Empirialism and > Fascism. The openly stated goals of the neo-con movement are clearly, > in the most direct sense of the term, opposed to the freedom of and > governing by the people. I am not exaggerating. These are people who > believe such things as government interference on behalf of corporations > is a good thing. The leaders of the neo-con movement believe in strict > political regimentation in society. In some neo-con papers, removing > citizenship from anyone who isn't a democrat or a republican is > proposed. The neo-con movement is a rebirth of the "might makes right" > ideologies of yesteryear. Neo-conservatism is the belief that the > ability to exploit is the justification for exploitation - after all the > exploited gains as well. > > There is no doubt in my mind that true conservatives should not waste > their time defending neo-conservatism. All one has to do is read the > position papers of those who are the ideological grandfathers of the > movement. The anti-democracy aspects of the ideology are blatantly > presented. Unlike most other ideologies, the founders of > neo-conservatism didn't base their beliefs off of a heady attempt to > make the world a better place. The sole intent of the neo-conservative > belief system is the empowerment of its creators. The belief system > itself is tainted by design. This is one of the most cogent, well reasoned political assessments I have ever seen regarding "modern" Neo-conservative thought. Thank you. (BTW: I'm going to forward it to Paul "Shithead" Schmeil ;-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Antisocial mailing list [EMAIL PROTECTED] http://lists.mfn.org/mailman/listinfo/antisocial ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [inbox] [Full-disclosure] Breaking LoJack for Laptops
On Tue, 27 Dec 2005, Michael Holstein wrote: > But to send out a "phone home" packet, you'd have to put a lot of logic > in the bios (enough to do tcp/ip, dhcp, dns, plus hardware drivers for > ethernet, etc). That's all there on todays hardware you know. I have several hundred boot-from-the-wire boxes, less than a year old - from Dell and others. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Mon, 26 Dec 2005, coderman wrote: > recent events have shown just how willing corporations are to give the > government a blank check with only minimal assurances of propriety and > legality. i would bet good money the number of core providers who > balked at DCS1000 deployments could be counted on a single hand, if > there were even any at all... For the record (because I think it's important that "the record" reflect this odd fact), there were in fact major players who said "No". I know, I was there. Savvis, at least up to my departure, actively refused to go along (and yes, we *were* asked, and asked very early in the process). I suspect that the C&W merger may have changed that (although I have no physical proof of this, so I cannot be absolutely certain) later on, but at least *1* of the top ten carriers had clean hands as late as 2004. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Mon, 26 Dec 2005, Bipin Gautam wrote: > My concern is... (I'm from Nepal) not all ISP in my region go through > the Nepal's Internet exchange point. so even the local traffic might > have routed through USA if our ISP'z backbone providr is in USA. I > don't have very good idea about ledal stuff but my basic assumption is > BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE > NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country > foreign policy) Your service will have a contract, and in that contract will be a clause which determines which laws apply. Check it. > Have our network traffic been spyed/sniffed too without our knowledge? Almost definitely yes. > Don't we have right of protection in the law to check such thing if > any??? No. Why should you? Like us here in the US, you are nothing but a Prole, without rights, or even the ability to ask for rights. > just willing to hear your views on what are the rules to check/tackle > such issues in other foreign countries??? Sorry bibint - you're screwed if you're outside the USA: we openly intercept almost every data and telephony transmission which originates outside the USA. Don't like it? Then start picking Echeclon Centers to bomb... > regards, > -bipint All the best! //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Broadcast storm in my network/ any ideas
On Thu, 22 Dec 2005, wilder_jeff Wilder wrote: > All, > > I have a Windows 2000 terminal server that is consistantly sending out > broadcasts to 255.255.255.255:111... below is a capture from a snort box I > have running. In the last 18 hours I have had about 2000 packets from this > box to this address about every 30 seconds. Jeff, FYI - a "Broadcast storm" is a Loogg way from 200 packets over 18 hours. Most people would hesitate to class this level of traffic as a "nuisance", let alone a "broadcast storm'. Notwithstanding the obvious error in terminology, 111 is the port isn't a port that I would expect a Winblows box to be talking to (usually for *nix portmapper services). In this case, your most reasonable course of action would be to examine the box and try to determine what process is binding to the port. Personally, I'd pull it off the wire under the presumption it's been compromised, until proven otherwise (or unless you have services for Unix installed. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [EMED-L] Patriot Act and HIPPA (fwd)
Take note people! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson -- Forwarded message -- Date: Wed, 21 Dec 2005 12:10:59 -0500 From: Jeanne Lenzer <[EMAIL PROTECTED]> Reply-To: EMED-L -- a list for emergency medicine practitioners. <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [EMED-L] Patriot Act and HIPPA Could anyone on this listserve who has seen anything like what follows below, please contact me off-list immediately [EMAIL PROTECTED] (for background or for attribution - your choice). Thanks, Jeanne A patient was handed a medical information rights and disclosure booklet she got from her doctor. It lists the folks that they might release medical information to for various reasons (health department, lawyers and courts because of subpoena, law enforcement officials, coroners, medical examiners, funeral directors, etc.). Below them, there is this graph: Protective Services for the President, National Security and Intelligence Activities: We may disclose medical information about you to authorized federal officials so they may without limitation (i) provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations, or (ii) conduct lawful intelligence, counter-intelligence, or other national security activities authorized by law. __ Jeanne Lenzer Freelance journalist 11 Len Court Kingston, NY 12401 USA [EMAIL PROTECTED] 845.943.6202 office 203.300.7136 cell To unsubscribe, send the command "SIGNOFF EMED-L" to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Guidance
On Wed, 21 Dec 2005, Jason Coombs wrote: > Come now, my friend, you know very well that there is no such thing in > computing unless you happened to be monitoring all internal and external > I/O of the computing device in question at the time the alleged 'data' > were allegedly 'processed' by that computing device. For the sake of the audience, allow me to clarify something that's probably not obvious to them as observers: Our discussion here is based upon the premise of "Expert Witness" rules under the FRCP (federal rules). Under this system, a so-called "Expert Witness" may provide "evidence" which would otherwise be impermissable, as this testimony is by it's very definition, an opinion. Clearly, evidence provided under the Expert Witness rules are very dangerous, as they are easily (and often, in both my opinion and I believe in Jason's opinion as well) abused. In fact, this is where the famous "Dueling Experts" tales come from. I will firmly agree that no expert should EVER testify that they are offering up raw facts for digestion - the law is quite clear that this isn't even (in theory) allowed. Nevertheless, it does sneak in, and yes, it does need to die - both in the computer forensics cases and in every other case where any form of Expert Witness is utilized. That said, an expert opinion may have real evidentiary value, as you know (or you wouldn't be making your living as another Expert For Hire, like the rest of us ;-) The trick is to practice honestly and within the scope of what is possible, rather than just making it all up as you go along. > You put on a hat labeled 'computer forensic examiner' as a necessary > matter of business practice, in order for other people to understand > what you are when you are serving that role in some forensic situation. No. I put on my "Expert Witness hat" because the Court requires it for me to offer testimony. I often offer evidence without needing to be an "expert" - in those cases I am providing evidence of a physical nature which is not reasonably open to dispute. > But by wearing such title, and by engaging in such business, you are > forced to make gigantic leaps of imagination in order to offer opinions > as to your finding of 'accurate and completely supporting information' > after your forensic tools and your knowledge of software give you a > glimpse of the past that is beyond the capability of mere mortals. I think you are confusing me with another so-called examiner. I forget his name at the moment, but I *think* it had a W in it? ;-) I do not offer evidence that approaches fantasy, or that requires leaps of faith. I can provide the framework, such as "At the time I examined the computer in question, I checked the BIOS and found it to be accurate within 14 seconds of a known reference time." And evidence like "I found evidence that certain programs were installed on this computer, i.e., ", and "I found remnants of photographic images in the browser cache which are known to me to be pictures of a pre-teen child named...". You will not EVER hear ME testifying that an image was put on a computer by a specific person. I may testify that a certain login was in use at the time the program was installed, but, as you so correctly point out, I cannot possibly KNOW who loaded that program. This is Ethical Practice. This is how we practice here, and it is the reason we are now the largest forensic form in the midwest. > The problem, and the reason the entire industry needs to die, is that > this creates a situation in which the side with the best imagination > wins. Again, wrong. A competent attorney (often guided by someone like you or me), can make mincemeat out of one of these sleazy make-up-what-they-want-to-hear "practicioners". Obviously, there is nothing I can do to help a client who has incompetent counsel (rare but it does happen), nor is there anything I can do to assist on a case I don't know about - but I can make big differences in those cases I work - and I *do*. Often! This is why I support what you are *trying* to do, although I believe you are misguided in your approach. > It doesn't help the discovery of truth for people with forensic tools > and talent to suggest that their imagination is superior and therefore > can prove conclusively what happened in the past. I agree. And ANYONE who claims (1) to be a competent forensic computer examiner, and (2) claims outrageous things like your postulate above, should be not only prohibited from practicing anything at all (especially any kind of forensics!), but they should be forced to be on the receiving end of this kind of malpractice! > No matter what safeguards you or the rest of the computer forensics > industry develop, I will still be able to defeat your imagination > because yours is limited by budgets and time constraints, whereas I am > only limited by the lengths to which I am willi
Re: [Full-disclosure] Firewall (The Movie) - http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
On Tue, 20 Dec 2005, Gary E. Miller wrote: > > http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer Oh. No. Please - Make. It. Go. Away... -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Guidance
On Tue, 20 Dec 2005, Jason Coombs wrote: > It is not just defects in EnCase features that cause computer forensic > examiners who use Guidance Software's products and training to produce > incorrect and misleading expert testimony or fact evidence. > > Guidance Software simply doesn't understand, and doesn't care to > understand, information security. > > It would be bad for sales of EnCase if Guidance admitted that they have > no way to know whether anything discovered on a hard drive by EnCase is > reliable circumstantial evidence. Jason, As one forensic "expert" to another - while I understand your frustrations with the improper use that is often made of this type of evidence - you are throwing the gasoline on the wrong fire. You and I both know that whether something appearing on a hard drive is "reliable circumstantial evidence" depends on the whole picture, and not on whether something was "discovered by Encase". A competent examiner will take in the whole picture: BIOS dates, battery levels, NTP running/not/etc., before offering any opinion as to time of origin. A competent examiner will not testify to things that they do not or cannot know, regardless of whether some program says something is there or not. While you are busy trying to destroy the entire "computer forensics practice", you are ignoring the good that comes from this technology as well. Most of us are familiar with cases where these tools were exculpatory rather than inculpatory - a very common situation. You need to be railing againt *incompetent* practice, not practice in general. There ARE honest, reliable, and competent examiners out here you know. ;-) You know me personally, and I think you would agree my positions are not taken either without knowledge, nor without accurate and completely supporting information. And you also know the "standard warnings" I give to all customers regarding forensic evidence - these are part of "competent practice". Wouldn't your time be better served by trying to encourage responsible and competent practice, possibly by using examples, than by trying to just destroy a whole industry (which isn't gonna happen either jason - as long as the honest and accurate ones are out here, the industry will continue to thrive). -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... America's future under George Bush ... my last post in this thread
On Mon, 19 Dec 2005, Chris Umphress wrote: > I suppose I could argue on either side of that fence. In my mind, > Abraham was there early, so the Israelites were re-claiming their > land. Interesting viewpoint, though. I have a hard time with placing a reservation on a land parcel for 4000 years, and then showing up and claiming that the current inhabitants - who have been there for the 4000 years you were MIA - are there inapporopriately. Israel has no right to exist in that particular place. They have every right to exist in any place they can buy and set up shop, or anywhere that the OWNER is willing to donate, but you cannot just show up and say get the fuck out, I have returned! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
Oh. My. Gawd. *This* is the reason that 90% of the planet wants us under the mushroom cloud. I am just struck by your, uh, uh.pedestrian cluelessness... On Mon, 19 Dec 2005, Red Leg wrote: > Date: Mon, 19 Dec 2005 22:57:43 -0500 > From: Red Leg <[EMAIL PROTECTED]> > To: Full Disclosure > Subject: Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s > future under George Bush. > > On 12/19/05 3:21 PM, "darren kirby" <[EMAIL PROTECTED]> wrote: > > > quoth the [EMAIL PROTECTED]: > >> J A (Jack Ass) If the NYT went out of business today would you loose all > >> reference to what is real? Read the Post Dude. > >> > >> With silver spoon growing up under mommies wing in Battery Park Plaza, I > >> guess Starret City in the Bronx was too polluted, so you privileged > >> bastards chose another land fill to live on, better start those PSA tests > >> today, your obvious politico paranoia is influencing your judgment. > >> > >> WE ARE AT WAR Douche BAG. I suppose you think its ok for IRAN to Develop > >> Nuclear power? Or continue to buy a delivery System from Russia (Oh right, > >> that?s just for defense) CAN YOU SAY DIRTY BOMB? > >> > > > > I am loathe to contribute to this OT thread, but I just wanted to mention > > that > > as a non-American, I am much more fearful of actions from the US than > > Iraq/Iran/dirkadirkastan etc etc... > > Hey I'm loathe to read your shit, too. So, we're even. > > Have you been watching our elections in the U.S. lately (polls don't > count--talk about rigging...)? Does it look like Americans give a damn about > what the rest of you assholes think? Of course not. Why? Because you sorry > bastards fucked up the world during your free reign on earth during the > colonial times. We're in Iraq right now because you stupid assholes fucked > it up during World War I. And now, you have the unmitigated gall to make > accusations against the United States? You fools screwed up the entire > world, and when the U.S. tries to unfuck the fuckups you people caused, we > get called on the carpet by the same idiots who created the mess in the > first place. > > You morons can't even handle your own affairs without U.S. Help. Bosnia is > just one example of the typical crap that you have put Americans through > since World War I. We were perfectly happy to sell you idiots the gunpowder > to blow yourselves to Kingdom Come, but no you had to drag us into your > friggin messes. > > So, cry like little babies when we have nukes and threaten to kick you sorry > asses when you try to sell them to the Iranians. > > For those of you Europeans and other that are helping us straighten out the > world, please understand that there is so much that we can take from > incompetent, arrogant morons. > > Peace on Earth - Through STRENGTH > > Pax Americana! > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... America's future under George Bush ... my last post in this thread
On Mon, 19 Dec 2005, Chris Umphress wrote: > On 12/19/05, J.A. Terranson <[EMAIL PROTECTED]> wrote: > > > > America is odd in that is is an active supporter of terrorism (Israel), an > > Come again? Israel is a terrorist state? How in the world did you get > your mind bent enough that this even seems right? repeat it with me: M-E-N-A-C-H-I-M B-E-G-I-N. Isarel was FOUNDED on terrorism, and as with the proverbial tiger, has never felt the need to change it's stripes. > Just a guess, but are you for gun-control also? I fail to see how these are even remotely related, but i'll bite anyway: No, I do not believe in "gun control" (ie confiscation). > Against a person's > right to defend his own life and freedom? Oh wait... that's what this > whole thread is about. Whether or not people should be able to have > the guns they need to protect themselves. As long as people can defend > themselves, it almost doesn't matter how big the "weapon" (I see it as > a tool, not a weapon) is, but rather the resolve of the people. So, clearly we are on the same side of *this* fence. Now, why are we here? > In the > past, the united States has had few external attacks because it was > realized that the people were willing and capable of defending > themselves. And that same confidence has now morphed into a bullying attitude of "We're bigger than you, we'll do whatever the hell we damn well please.". Except for thos "Axis of Evil" areas that can actually defend themselves against an American invasion (vis Kim Jong Il.). If Kim is so god awful, why the hell don't we invade there? Because he'd blow our fucking asses off the landing pad. A nuclear enema for Shrub. And a well deserved one I might add. > -- > Chris Umphress <http://daga.dyndns.org/> > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
On Tue, 20 Dec 2005 [EMAIL PROTECTED] wrote: > Arrgh. I'm filtering all further responses before I have an aneurism. N00b, > you're emails are a waste of electrons. http://video.google.com/videoplay?docid=-7353861623306470827&q=surveillance&time=146 -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... America's future under George Bush ... my last post in this thread
Amen - sing it brother! America is odd in that is is an active supporter of terrorism (Israel), an active participant in terrorism (Iraq, iran, Cuba, Afghanistan, etc.),, and an exporter of terrorism (by proxy in ~6 Euro countries), yet we fully don't understand why everyone dances for joy when we get dead. America is the King of the Hypocrites, as well as the #1 terrorism state today. A moment's reflection would do us a world of good, were it even possible. But it's not. We are a nation of macho Rambo's, like GI Shmoe over there with his "willing to die for freedom" crap... We have the ability to make things better for millions of people (not even includding those here at home), yet we are happiest when killing those around us. Go figure? On Tue, 20 Dec 2005 [EMAIL PROTECTED] wrote: > Date: Tue, 20 Dec 2005 11:45:12 +1100 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Cc: Full-Disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... > America's future under George Bush ... my last post in this thread > > If the US spent 1/10th of the time and money on preventing something like > drink driving, it'd be saving tens of thousands of more lives, net. Put it > into proprtion. Terrorism is not an issue, but it's foreign policy is. > > On 12/20/05, TJ <[EMAIL PROTECTED]> wrote: > > > > Yes, there is always more than one side to every story. > > > > And, yes - everyone has a right to *peaceable* nuclear power. *Peaceable* > > being the key word there ... as for saying "Good for the goose, good for > > the > > gander" - NO; when people are killing innocents they deserve to not have > > the > > chance to continue. > > > > I'm sorry - has Bush ever said he wanted to wipe Iran off the map? > > I doubt it. > > > > Actually no, I am pretty comfortable with the situation IN the US - I am > > apparently arguing with those who would rather have more innocent > > Americans > > die and have more nuclear-capable terrorists. > > > > It has nothing to do with getting the last word - I was going to let it > > drop, until someone called me "weak". A stinging insult indeed! > > > > > > If you cared about more than spreading garbage, you'd take the high-road > > and > > take this "discussion" offlist ... like others have correctly done. > > > > > > No further on-list comments. > > /TJ ... sorry to have added to this thread even more, I hate feeding > > trolls. > > > > > > -Original Message- > > From: Byron Sonne [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 19, 2005 5:32 PM > > To: [EMAIL PROTECTED] ; Full-Disclosure@lists.grok.org.uk > > Subject: Re: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... > > America's future under George Bush > > > > > And - about permitting Iran to develop nuclear power "because the US is > > a > > > bully" ... WTF? > > > > More than one side to the story, homes... everyone has the right to > > peacable nuclear power. Even if they did develop nukes, it's in their > > right. If the USA, Russia + satellite states, France, UK, India, > > Pakistan and Israel are allowed to do it, why not anyone else? Good for > > the goose, good for the gander. > > > > The USA failed to lead by example, and are now reaping the rewards. > > > > > You are talking about Iran, a nation whose leader is > > > delusional and has voiced support of destroying another nation outright. > > > > Susbistute 'USA' for 'Iran' and the sentence sounds like the same crap > > other people say about the USA. You sound just like the jerks that your > > troops are allegedly fighting against. Ever consider there's some brown > > skinned dude in a turban thinking almost the same kind of thoughts as > > you, except it's about America instead? > > > > The USA has made it's bed, and now you're finding it uncomfortable to > > sleep in? Haha. > > > > > You may disagree with my position, and that is "fine" ... but this forum > > is > > > not the correct place to debate the issue - can we please let this list > > > return to topic now? > > > > So as long as you get your last word in, everyone has to shut up? Feh. > > Weak dude. > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] An uncontrolled ***OFFTOPIC*** thread ... America's future under George Bush
On Mon, 19 Dec 2005, TJ wrote: > So, because war was not declared it doesn't exist? Not at all. It clearly exists - we've certainly killed and maimed enough civilians to prove it. > No; we are at war - not because of what our President has done / is doing, > but because we were attacked (again) and are *finally* responding. Except that he is "responding" to the wrong party (a non-aggressor). I'm 100% on board with hunting down OBL. But leave the others alone. > And - about permitting Iran to develop nuclear power "because the US is a > bully" ... WTF? You are talking about Iran, a nation whose leader is > delusional And who still runs a SOVERIEGN NATION that has 100% rights to nuclear power and defense. > and has voiced support of destroying another nation outright. Lots of us have voiced support for erasing the mistake that is Israel. > Good idea on fighting for their right to build nukes. Yes. If EVERYONE had nukes then the US wouldn't be able to invade anyone without repurcussions. > You may disagree with my position, I do. > and that is "fine" Thank you for your "permission". > ... but this forum is > not the correct place to debate the issue - can we please let this list > return to topic now? No. Not yet. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
On Mon, 19 Dec 2005 [EMAIL PROTECTED] wrote: > J A (Jack Ass) If the NYT went out of business today would you loose all > reference to what is real? Read the Post Dude. The NY Pest? You mean the rag that has National News on page 7, and Entertainment on the front page (next to ALIENS LANDING FROM MARS: WE HAVE THE PIX!")? > With silver spoon growing up under mommies wing in Battery Park Plaza, I > guess Starret City in the Bronx was too polluted, so you privileged > bastards chose another land fill to live on, better start those PSA > tests today, your obvious politico paranoia is influencing your > judgment. > > WE ARE AT WAR Douche BAG. Yeah. We started a war. So what? > I suppose you think its ok for IRAN to > Develop Nuclear power? Absolutely. > Or continue to buy a delivery System from Russia > (Oh right, that?s just for defense) CAN YOU SAY DIRTY BOMB? Yes. They have every right (and since the US is a bully, every NEED) to defend themselves. > Or maybe Saddam would have let us tromp through his country, what's the > magic word (PLEASE), to get to the Bio-Weapon making cell in the North > of Iraq. Oh. The one that we "knew exactly where it was", but never found? That one? > Do you need another major event to wake you up? WTC 1992, was > the wake-up, WTC 2001 got our attention, and what the future holds I am > not sure, get your crystal ball polished up sweetheart, its coming, make > sure you stand and rotate to get that even all over tan. > > So what a few identified sympathizers were tagged, by the NSA, maybe a > warrant wasn?t sought, cause a press scoop wasn?t needed by your beloved > NYT. You have no facts, just liberal out lash. Are you going to save > us? Do you have your NBC suit ready? > > You should take a bigger dose of those Meds, relax, A Dem will get in > office next time, and fuck things up worse. George may be an idiot, but > he is a predictable idiot. And there, Ladies and Gentlemen, is the reason this country needs a nuclear enema. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
While we're debunking George... http://www.dissidentvoice.org/Apr05/Whitney0411.htm The Economic Tsunami: Sooner Than You Think by Mike Whitney www.dissidentvoice.org April 11, 2005 Send this page to a friend! (click here) .If the world's central bankers accumulate fewer dollars, the result would be an unrelenting American need to borrow in the face of an ever weaker dollar -- a recipe for higher interest rates and higher prices. The economic repercussions could unfold gradually, resulting in a long, slow decline in living standards. Or there could be a quick unraveling, with the hallmarks of an uncontrolled fiscal crisis.. -- New York Times editorial, 4/2/05 It seems that there are a growing number of people who believe, as I do, that the economic tsunami planned by the Bush administration is probably only months away. In just five short years the national debt has increased by nearly $3 trillion while the dollar has continued its precipitous decline. The dollar has fallen a whopping 38% since Bush took office, due largely to the massive $450 billion per year tax cuts. At the same time, numerous laws have been passed (Patriot Act, Intelligence Reform Bill, Homeland Security Bill, National ID, Passport requirements etc) anticipating the need for greater repression when the economy takes its inevitable nosedive. Regrettably, that nosedive looks to be coming sooner rather than later. The administration is currently putting as much pressure as possible on OPEC to ratchet up the flow of oil another 1 million barrels per day (well over capacity) to settle down nervous markets and buy time for the planned bombing of Iran in June. Like Fed Chief Alan Greenspan.s artificially low interest rates, the manipulation of oil production is a way of concealing how dire the situation really is. Rising prices at the pump signal an upcoming recession (depression?) so the administration is pulling out all the stops to meet the short-term demand and maintain the illusion that things are still okay. (Bush would rather avoid massive popular unrest until his battle plans for Iran are carried out) But, of course, things are not okay. The country has been intentionally plundered and will eventually wind up in the hands of its creditors as Bush and his lieutenants planned from the very beginning. Those who don.t believe this should note the methodical way that the deficits have been produced at (around) $450 billion per year; a systematic and orderly siphoning off of the nation.s future. The value of the dollar and the increasing national debt follow exactly the same (deliberate) downward trajectory. This same Ponzi scheme has been carried out repeatedly by the IMF and World Bank throughout the world; Argentina being the last dramatic illustration. (Argentina.s economic collapse occurred when its trade deficit was running at 4%; right now ours is at an unprecedented 6%.) Bankruptcy is a fairly straightforward way of delivering valuable public assets and resources to collaborative industries, and of annihilating national sovereignty. After a nation is successfully driven to destitution, public policy decisions are made by creditors and not by representatives of the people. (Enter Paul Wolfowitz) Did Americans really believe they could avoid a similar fate? If so, they.d better forget about it, because the hammer is about to come down big-time, and the collateral damage will be huge. The Bush administration is mainly comprised of internationalists. That doesn.t mean that they .hate America,. simply that they are committed to bringing America into line with the .new world order. and an economic regime that has been approved by corporate and financial elites alike. Their patriotism extends no further than the garish tri-colored flag on their lapel. The catastrophe that middle class Americans face is what these elites breezily refer to as .shock therapy.: a sudden jolt, followed by fundamental changes to the system. In the near future we can expect tax reform, fiscal discipline, deregulation, free capital flows, lowered tariffs, reduced public services, and privatization. In other words, a society entirely designed to service the needs of corporations. There are a number of signs that the economy is close to meltdown-stage. Even with cheap energy, low interest rates and $450 billion in borrowed revenue pumped into the system each year, the economy is still barely treading water. This has a lot to due with the colossal shifting of wealth brought on by the tax cuts. Supply side, trickle down theories have been widely discredited and Bush.s tax cuts have done nothing to stimulate the economy as promised. Now, with oil tilting towards $60 per barrel, the economic landscape is changing quickly, and shock waves are already being felt throughout the country. The Iraq war has contributed considerably to our current dilemma. The conflict has taken nearly one million barrels of Iraqi oil per day off line (the exact amount tha
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
On Mon, 19 Dec 2005, GroundZero Security wrote: > ah 50 years. yes the figures since GWB has died by then and he wont have to > care > or fear any trouble. i guess that he can also request certain stuff to be > buried deep > so it wont see the daylight for a long time? Yeah - George is big on making papers disappear: he actually reclassified his predecessors stuff. He's like a cockroach: afraid of daylight. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
On Mon, 19 Dec 2005, GroundZero Security wrote: > yeah if i still care in 25 years then we'll see. is everything going to be > declassified after 25 years in usa ? > or does certain stuff stay classified ? i dont know how that works overthere > so i thought i'd ask :) Embarrasing stuff (illegal acts, boffing the children, shit like that) is usually classified for 50 years here. Routine stuff can get declassified pretty quickly - under 12 years in most cases. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
On Mon, 19 Dec 2005, Jamie C. Pole wrote: > Okay. > > Here is the fundamental problem - we do not know the circumstances > under which the extralegal wiretaps were conducted. Nor 8should* we know. But there is a court that has exclusive jurisdiction over these wiretaps - and that court should have known. > It is highly > likely that the wiretaps did save lives - maybe even German lives. If these wiretaps were so clearly beneficial and on-target, then why did George fail to apply for a warrant? Hint: He still uses the FISA court. Hint: Maybe he couldn't justify these wiretaps, even to FISA? > That is the point I have been trying to make all night. There are > certain aspects of the operations of any government (even a Republic > like the USA) that the general citizenry does not need to be privy > to. Correct. And thats why the FISA court is cleared to see everything there is, SCI/TK/blahblahlbah > I believe this to be one of those aspects. You can choose to believe whatever the fuck you want - it doesn't change the fact that George refused to FOLLOW THE FUCKING LAW AND GET A WARRANT. > When this material > is declassified in 25 years, we'll all know whether or not this was > worth it. Until then, there is a little known court that should have known... > You are not going to convince me that my country is an evil place > with designs on controlling or destroying the entire world, and I'm > obviously not going to convince you that it isn't. What is it with you? Everything is so black and white! Either we're an "Evil place with designs on the world" or we're some virginal god-sanctioned bastion of virtue. We are talking about something so simple that even Congress "gets it": George refused to follow the fucking law. George thinks the Constitution is "a goddamned piece of paper". George is a fucking fascist. > Jamie -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial aboutrecentevents.(fwd)
ng" as they had already been asked in (and publicly responded in the affirmative); (2) Illegal wiretaps are illegal whether or not George decides to "invade louisiana", shit in his pants again, pick his nose in public again, or ask Condi for permission to pee. Illegal wiretaps are illegal because George is too put off by "that goddamned piece of paper" to be bothered with asking a COMPLIANT court for a warrant. > Sorry if this seems simplistic to you, Thats OK - we expect it. > but if the action saves lives, > I'm not really going to cry too much about the government breaking a > few occasional laws. And that, in a nutshell, is the difference between you and the rest of us. We understand that a government which is not bound by laws is not concerned with it's citizenry, and cnnot be allowed to exist. When the government decides it is not bound by the law, then the citizenry should be taking up arms against that government - with an eye towards quickly killing the so-called "president" advocating such a position. > I don't like it, but I understand why it is > sometimes necessary. The law which covers this understood that it would "sometimes be necessary" as well - and made explicit provision for such events. Bush chose to ignore those as well. This should scare the shit out of you - but it doesn't? > And by the way, I believe that President Bush > should have militarized New Orleans when the mayor ignored the signs > that the hurricane was going to strike his city. Oh, OK. First it was wrong to "invade", but it's OK if you think it's "necessary". The end justifies the means, eh? > The mandatory > evacuation should have been enforced by the military, and quite a few > less people would have died. We agree it should have been enforced. > And had he done that, the liberals HELLO! Wake up kid - this isn't just "liberals" complaining anymore. George's own teammates are starting to run scared. That little angry midget is out of control. > would very likely now be asking > whether or not it was legal for him to have done so. Since it didn't happen, we'll never know - despite all of your speculatory zeal. > For the people > that hate President Bush, nothing he does or does not do will be > acceptable. It's as simple as that. Agreed. And for those that blindly follow him (that's YOU we're talking about now, so pay attention) without stopping to ask if he's actually "doing the math" before scribbling down a random answer, will get exactly what they deserve - unfortunately, along with the rest of us who didn't deserve it. Fascism is ugly - regardless of the flag flying it. > Jamie -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd)
Sing that song of apologia!!! On Sun, 18 Dec 2005, Jamie C. Pole wrote: > Date: Sun, 18 Dec 2005 23:07:23 -0600 > From: Jamie C. Pole <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] [Clips] A small editorial about > recentevents.(fwd) > > > Our Federal government cannot enter a disaster area unless invited by > the governor of the state. In the case of Katrina, the governor was > more concerned with getting re-elected than she was with saving her > constituents. Her recently-disclosed email messages prove this. > Also, the mayor ordered a mandatory evacuation (when it was too late > to enforce), but most people didn't leave. If you place yourself in > harms way, is it the government's responsibility to extricate you? > > The head of FEMA was a bonehead, but that problem has been fixed. > Are you now going to tell me that the US Army Corps of Engineers went > into New Orleans to blow holes in the levees? Or maybe we caused > hurricane Katrina with our special nuclear-powered hurricane-generators? > > Just checking... > > Jamie > > > > On Dec 18, 2005, at 10:56 PM, GroundZero Security wrote: > > >> lol you mean the RAF stuff ? that was ages ago and we learned from > >> that. or in the 70s at olympia. > >> sure that was bad since we didnt even have special forces as we > >> werent used to terrorists or war anymore > >> we usually dont bother about such things. usa is mainly focused on > >> war industry though > > > > ok sorry i didnt finish this. i didn't have much sleep last night > > so execuse me please. > > > > what i missed is that we didnt have special forces but we have some > > now. and i'm very confident they would do a good job. > > also if we have a disaster we dont have to wait 6 days for help to > > arrive i trust my gov on that. i feel pretty save also "if" > > a terrorist attack would happen we surely would not invade a > > country. unless that countries gov is attacking us. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd)
On Sun, 18 Dec 2005, Jamie C. Pole wrote: > I'm not a blind apologist that is willing to defend everything that > has been done, Um, excuse me - but that is *exactly* what you just did. > but if you want to go down that road, Germany is not > entirely innocent of human rights violations. We're not talking about Germany. We're talking about the [formerly free but currently occupied] United States. > I translate documents for historians, and I can promise that Germany > has done far worse things. We are not looking for leibensraum - we > are just looking to be safe. > > Given the history of terrorist activity in Germany, I'm really > surprised that you feel the way you do - your government is > benefitting from the intelligence that is being gathered as well. > Thankfully, Ms. Merkel seems to understand that. And here you are doing it again. Do you even listen to what falls from your lips??? > JCP -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
On Sun, 18 Dec 2005, Jamie C. Pole wrote: > If you are not a terrorist, and do not associate with terrorists, > you have nothing to worry about. Like the guy we kidnapped in Germany, tortured for a year and then released with a "Oh, wrong guy. Sorry."? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
On Sun, 18 Dec 2005, coderman wrote: > how 'bout you and all the others tied of "that goddamned piece of > paper" get the fuck out instead? Here Here!!! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
On Sun, 18 Dec 2005, Jamie C. Pole wrote: > the same liberal whiners that are complaining about the monitoring of > certain targeted individuals would be shitting themselves to get in > line to scream about the President not doing enough to protect us if > there was another attack. Correctly so. Bush needed only to tell the FISA court that he wanted a warrant, and he could have done this LEGALLY. FISA was set up SOLELY for this kind of request - why can't he protect us without violating the laws? Thats a specious argument. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
On Mon, 19 Dec 2005 [EMAIL PROTECTED] wrote: > This is very nice, but obviously you were not standing in the dust of > the WTC Sept 11. I don't care if we NUKE them, let alone hurting a few > feelings state side. Are you even listening to yourself? What does anything you just said have to do with what we're discussing? > You are from Missouri No, actually, I am from New York. My last NYC address was 375 South End Avenue. Go look up where, exactly, that is. > so Show me the proof that any > citizens' rights were violated other than the liberal press stirring the > soup again, or please keep your political paranoia to yourself. *plonk* Sorry, I don't feed *all* the trolls... > BTW: Al Gore lost twice get over it. Agreed. And, AGAIN, what does that have to do with *anything*? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
On Sun, 18 Dec 2005, Dude VanWinkle wrote: > Normally the correct response to this question is: go and vote, but > with recent (and not so recent) events in the news: > > http://www.google.com/search?hl=en&q=%2Bdiebold+%2Bgeorgia+%2Bcalifornia&btnG=Google+Search > > It seems this option is lost to us as well this is the reason that those in power have been systematically disarming Americans. Armed resistance was foreseen by our founding fathers - but we just voluntarily gave up most of those rights a LONG ass time ago! > Ideas? Maybe we could Hack the next "Election" err... counter-hack that is ;-) Tim May had the right idea: Bush "needs to die". Unfortunately for all of us, there's nobody around willing to "kill" him: the Courts don't give a shit, Congress doesn't give a shit, and, most painfully, most of the *country* doesn't give a shit. We are a sorry bunch of losers here in the U.S -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Clips] A small editorial about recent events. (fwd)
Forwarded because we're fucking tired of hearing about n3td3v. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson --- begin forwarded text Delivered-To: cryptography@metzdowd.com To: cryptography@metzdowd.com Subject: A small editorial about recent events. From: "Perry E. Metzger" <[EMAIL PROTECTED]> Date: Sun, 18 Dec 2005 13:58:06 -0500 Sender: [EMAIL PROTECTED] A small editorial from your moderator. I rarely use this list to express a strong political opinion -- you will forgive me in this instance. This mailing list is putatively about cryptography and cryptography politics, though we do tend to stray quite a bit into security issues of all sorts, and sometimes into the activities of the agency with the biggest crypto and sigint budget in the world, the NSA. As you may all be aware, the New York Times has reported, and the administration has admitted, that President of the United States apparently ordered the NSA to conduct surveillance operations against US citizens without prior permission of the secret court known as the Foreign Intelligence Surveillance Court (the "FISC"). This is in clear contravention of 50 USC 1801 - 50 USC 1811, a portion of the US code that provides for clear criminal penalties for violations. See: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of war by congress, a period of 72 hours prior to seeking court authorization (which was never sought), and similar exceptions that clearly are not germane. There is no room for doubt or question about whether the President has the prerogative to order surveillance without asking the FISC -- even if the FISC is a toothless organization that never turns down requests, it is a federal crime, punishable by up to five years imprisonment, to conduct electronic surveillance against US citizens without court authorization. The FISC may be worthless at defending civil liberties, but in its arrogant disregard for even the fig leaf of the FISC, the administration has actually crossed the line into a crystal clear felony. The government could have legally conducted such wiretaps at any time, but the President chose not to do it legally. Ours is a government of laws, not of men. That means if the President disagrees with a law or feels that it is insufficient, he still must obey it. Ignoring the law is illegal, even for the President. The President may ask Congress to change the law, but meanwhile he must follow it. Our President has chosen to declare himself above the law, a dangerous precedent that could do great harm to our country. However, without substantial effort on the part of you, and I mean you, every person reading this, nothing much is going to happen. The rule of law will continue to decay in our country. Future Presidents will claim even greater extralegal authority, and our nation will fall into despotism. I mean that sincerely. For the sake of yourself, your children and your children's children, you cannot allow this to stand. Call your Senators and your Congressman. Demand a full investigation, both by Congress and by a special prosecutor, of the actions of the Administration and the NSA. Say that the rule of law is all that stands between us and barbarism. Say that we live in a democracy, not a kingdom, and that our elected officials are not above the law. The President is not a King. Even the President cannot participate in a felony and get away with it. Demand that even the President must obey the law. Tell your friends to do the same. Tell them to tell their friends to do the same. Then, call back next week and the week after and the week after that until something happens. Mark it in your calendar so you don't forget about it. Politicians have short memories, and Congress is about to recess for Christmas, so you must not allow this to be forgotten. Keep at them until something happens. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --- end forwarded text ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Guidance Software Customer Database Hacked?
; one would think that those numbers would be higher. > > > Remember, a lot of their business is large corporations and Law Enforcement > agencies, most of which do business by P.O., I understand it was only their > CC customer database that was hacked. > > > > It would be nice to hear something from Guidance. > > If they are trying to be > > hush hush about it, I think it would cause more > > damage than putting the > > cards on the table. > > > > It would be totally out of character, in my opinion, > for them to make a public disclosure. They can't even > admit that their product has problems. > > > You mean like this... gathered from several message boards...mailing lists > etc.. > > > snip-- > > "I have a case involving a lot of deleted files, I examined the drives using > 4.22a and 5.04a. Version 4 shows me dozens of deleted files and directories > in the recycle bin, version 5 only shows me a fraction of the files. I > called Guidance software and talked to some guy from England who is going to > call me back, but he had no clue why one version would show so many more > files in the recycle bin than the other > > ...It isn't just pix files, there are a lot of files of all types showing in. > 4 that are not showing in 5" > > > According to EnCase Tech Support, any deleted file listed in V4 may or may > not be displayed in the correct place in regard to its location within the > file structure. > > *** So, if you've testified or reported regarding the location of a > deleted file and it's meaning using V4, you might or might not have been > telling the truth.** > > Essentially, according to Tech support, when using V4 one can not say with > any certainty regarding the location of any deleted file shown V4. > > They said there was a white paper regarding the issue that they would send > me. > > After several emails and phone calls the best I'm able to get out of the > EnCase geeks in regard to this issue is that the location of deleted files > within the file structure in V4 might be as shown by V4, or, it might be > incorrect in where it shows the files located in regard to the file/folder > structure. > > As far as V5, it is more "accurate" in where it shows deleted files located > within the file structure but keep in mind that "certain assumptions" are > still being made in placing those files. > > Oh, and there is no "White Paper" regarding this issue as I was told > originally." > > Just wanted to add that we found the same problem with unreported deleted > files in Enterprise version 5 . We went back to 4 because of this problem > and the instability exhibited in 5. Calls to EnCase said they had not heard > of any problems? They seem to be getting a bit too big for their britches > and their quality control has gone out the window. I suggest you stick to > v.4 for a while. > > > snip-- > > > Regards, > > Samuel Norris > Center for Digital Forensic Research, Inc. > > > Regards, > > Dave > > > > Forensic Focus (http://www.forensicfocus.com) email list addresses: > > Post message: [EMAIL PROTECTED] > Help address: [EMAIL PROTECTED] > Unsubscription address: [EMAIL PROTECTED] > > > . > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
On Fri, 9 Dec 2005, Native.Code wrote: > Is Snort enterprise ready where it can be deployed to monitor > mission-critical network? Yes. It is, and has been for some time. > If any of you can name any big network which is using Snort as an example, > it will be very helpful. Because of NDA, I cannot *name* the network where I was a part of the team installing and maintainting SNORT on a large network, but I can tell you that this network is one of the top tier-1 NSPs. I can tell you that SNORT is the sole such product chosen for this purpose, and that it works better than we could have possibly hoped for. last I looked, SNORT was being used on circuits as large as OC12s. The problem isn't going to be your sensor (SNORT et al), but your back end software - *that* part is a bitch! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] agreed certs dont mean that much..but need experience..
On Wed, 7 Dec 2005, Joel Jose wrote: > good ones like cissp demand that you have working experience as a pre > requisite. My guess is that the vast majority of cissp's do NOT have the prerequisite when they get their cert - and the certifying authority KNOWS THIS WHEN THEY ISSUE ! So, do what every other 18 year old has: buy your cert and get a job. but don't expect *anyone* to take the cissp of proof that you know anything more than how to hand over your hard earned money to theives. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Google is vulnerable from XSS attack
On Wed, 7 Dec 2005, InfoSecBOFH wrote:
> Wow, so setting up a blogspot, geocities, and google groups accounts
> because you can't afford your own domain or know how to host your own
> shit makes you 1337.
Looks like somebody parked "his domain" in anticipation of some fun :-)
http://www.n3td3v.com
n3td3v.com
This page is parked free, courtesy of GoDaddy.com
$ whois n3td3v.com
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
:::
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.
don zweig, M.D.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IT security professionals in demand in 2006
On Mon, 5 Dec 2005, Andre Ludwig wrote: > Alphabet soup != technical skill, And really, that is, in a nutshell, the problem. These certifications were supposedly going to tell us who knew what, but just as with the coveted PhD, they are useless for their stated purpose. Let's face it: these certs are an industry unto themselves, and nothing more. Just like much of "higher education" in general - the only difference with the certs is that you can get rich without being a 200 year old multi campus Ivy League university (along with the standard accompanying 2 billion dollar "endowment"). We need to get back to interviewing people and testing their skills in person, and stop relying on greedy third parties to "certify" people. What good is a certification if they "certify" an idiot? If they'd offer a refund of wasted wages these might mean something - at least stand behind your "certification"!!! It's disgusting, but SANS (*) and their ilk are just 21st century versions of the 19th century "University" pyramid scheme. At least *some* of the universities degrees are worth something (i.e., I've never met an MIT graduate who was clueless in their "chosen field", but I've met a LOT of SANS certified people who couldn't find a SYN in a flood. (*) note: used as one example out of 400 candidates. While SANS is every bit as bad as any other, they are probably not any worse. of course, YMMV.) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
On Sun, 28 Aug 2005, ghost wrote: > J.A.,. give up computers, go play in a sandbox. Did you just admit to > threatening to mailbomb someone? lol. Bzzdt. This dude calls me up and starts asking if I'm going to. Out of the blue - like I said psycho central. My first response was to tell him to GFY and hang up. His persistence brought him his future. > Look, "Alif", Awww... Bonding. How cute. > I like you, really > I do. All your lame posts attacking people really adds to the list's > security awareness, you really are elite. I mean, anyone who puts all > their backups on a PUBLIC FTP SERVER can't be too bad of a guy, ya > know? Those "backups" are a hodge podge of stuff from a variety of folks. I have always left that open (provided there is no warez stored). Feel free to join in. > I know, I know, you're an *Admin*, you taught the FBI, eric is > your toy, and you probably thought you closed it in time. Actually, most of it was moved around over the weekend, but it will be back shortly. Nothing to hide here. > Does your > wife know about your porn problem? Problem? Whats wrong with my taste in pr0n? > You're almost as bad as that n3td3v idiot. Now *thats* fightin' words! () > In short, all i'm trying to say is, lets not play the one up game. Theres no "one up game" being played here. Theres some fucking freak who thinks he can call people on their fucking cell phones without picking up a case. It aint so. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
On Mon, 29 Aug 2005 [EMAIL PROTECTED] wrote: > and phone numbers :-) Not yet. But soon ;-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] violent words
On Sun, 28 Aug 2005, Peer Janssen wrote: > I am new to this list. Then perhaps you should lurk for a while? > I suppose the goal of "full disclosure" is to make this world a better > place. No. Not really. FD is the place where ego's rule and manners are unknown. Think UseNet circa 1995. > So I'm quite astonished about the tone I'm reading in the last mails. If these bother you then you will likely not find this a very comforting home. > Is this the general tone here ? Yes. > I never read such a thing before. Then you don't get out much, do you? > Maybe in films, but this is real life, and you are real persons. No - you and me are real persons. Eric Scher is a wad of dick cheese. > Why are you doing this to yourself? Is any of you feeling happier > talking like this to your fellow human beings? Quite. Thanks for asking. > And in front of probably thousands of people? Hrmmm... Thousands? I don't know that FD has that kind of penetration anymore - but *maybe*. > Is this the kind of world you want to create? It the kind of world we're already IN peer. Dig it or check out, right? > I guess I somewhat understand both your point of view and what your > friction is about, but I think if you try and put yourself in the shoes > of your diskussion partner, you could figure out some way to get along > better. I'm sure you can do that. I don't think so. > I appreciate franc words which are better than keeping silent about > injustice, but I also suppose that gentle and humble -- everybody has > some dark sides -- words will generally work better. Words are, unfortunately, all we have (for now anyway. I'm working on the rest though). So we might as weell use them ;-) > Cheers > Peer //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote: > I did a dumb thing today. No.. You did several [*really*] dumb things today. > I decided to be nice to someone who didn't deserve it and correct his > mistakes offline so that he wouldn't have to look like a dumbass in public. Yeah, whatever. Nice selfserving utter bullshit. You were being so worried about my welfare that you spent the first five minutes (on a call YOU initiated) begging me not to *mailbomb* you? What kind of psycho shit is *that*? Fucktard. > In return, I got an earful of profanity. Honestly, I should have known > better. Yeah, you should have. Like I said on the phone: say what you need to say and then go fuck yourself. You don't like "an earful of profanity"? Don't call people on their cell phones - ASSHOLE. > I've watched Terranson participate on this list long enough to know that > he's not merely rude and obnoxious, he's mean. Why thank you. I'm honored, I'm sure. Now that you have paid proper homage, you can still GFY. > I get it. This is a place where he gets to feel like a big man. A tough > guy. Fine. Whatever floats his boat. Hrmmm... Sounds like your act on the phone, big guy. But instead of proffering a lecture, you became a cat toy. Don't pick fights unless you are the absolute biggest kid on the fucking playground dickface. > HOWEVER, that's no excuse for: > > a) Acting like a JackAss. (Is that what the J.A. stands for?) Then stop making uninvited and unwelcome phone calls. > b) PUTTING OUT BAD INFORMATION. The shut the fuck up. This is TWICE I've had to suggest this to you - you don't learn fast, do you? > For the record, Kid... (Act like a child, you'll get treated like one.) For the record dipshit - I now fucking OWN you. You are MY cat toy. My personal Burnore. Believe it. You will rue the day you made that phone call for the next fifty fucking years. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Eric Scher - "Ball-less" Poster Boy
On Sun, 28 Aug 2005 [EMAIL PROTECTED] wrote: > 867-5309. My receptionist Jenny will most likely answer the phone. IIRC, they actually auctioned off this number recently, didnt they? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
On Sun, 28 Aug 2005, Jason Coombs wrote: > The problem with knowing a thing or two about a thing or two is that > you're constantly arguing with other people who know nothing about > things that nobody else can possibly understand, and that nobody will be > forced to learn about or consider carefully until it's too late for the > knowledge to save them from harm. Slow day Jason? > This is yet another reason that full disclosure is crucial to everyone's > readiness and to our ability to defend ourselves... Discussion and > analysis of complex subjects, with real-world study and disclosure of > failures and mistakes, prepares us to understand new risks and classify > new threats according to actual significance in our situations. > > So, thank you both for sharing your debate and thereby calling attention > to an area of uncertainty in practice, but if you're going to argue > about definitions of routing tables vs. ACLs, why not do it in a way > that mere mortals are able to understand some day in the future when > they find your debate archived somewhere because their Cisco router's > ACL ruleset failed to consider the fact that they had routes and > multihomed interfaces configured dynamically by an attacker who knew > better than the victim just how ACLs are parsed and precisely what the > difference is between a good ACL and a bad one -- or where an attacker > knew there was another interface physically attached to the Cisco device > where a small wireless access point could be attached, which WAP would > automatically assign the Cisco device another endpoint address in the > WAP's address space. Heartily agreed. In spite of that agreement, thank you for providing that wonderful tidbit. > Fuck off doesn't add to the substance of the technical arguments, and > even trying to understand why you are debating at all there does not > appear to be any reason Actually, I accept responsibility for the ambiguity: the "FUCK OFF" was not directed at the technical pseudodebate, it was directed at the lunatic telephone calls. So, for the sake of clarity and in the spirit of Full Disclosure, allow me to be clearer the second time around: Eric: FUCK YOU. (As opposed to "FUCK OFF"). There. I feel better now :-) //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Synopsis
In 2000, we had Gary Burnore. Look what happened to him. In 2004, we had Savvis. 'nuff said. For 2005, we get Eric Scher. Hang On Eric - The Ride Is Just Beginning. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Eric Scher - "Ball-less" Poster Boy
So this maniac is willing to cal peoples cell phones to complain that he's been somehow mischaracterized in public, but at the same, he does it from behind a caller-ID blocker. This would be merely annonying if this weren't the same asshole who has posted here previously (Tue, 16 Nov 2004 18:33:50 -0500) complaining that some guy sending him anonymized email was "some zipperhead without the courage to use his real e-mail address." HEY ERIC!!! WHATS YOUR FUCKING PHONE NUMBER, ZIPPERHEAD??? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
For the record, I just got a phone call from this guy - apparently he's afraid that because I call bullshit on him in public, I'm also going to "fill [his] email box with spam and stuff". Very entertaining. He even calls back and leaves messages when you hang up on him! Of course, while he's willing to call you on your cell phone to bitch and moan, he's also a pussy: he hides his calling number. HEY - ERIC!!! FUCK OFF. On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote: > Date: Sat, 27 Aug 2005 16:27:14 -0400 > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Full-disclosure] RE: Example firewall script > > > As does Juniper, as does. > > >> Your Point? > > > > Uh... No. Traffic shaping may make use of ACLs, but ACL != Shaping. > > >>Sorry, but... > >>By definition, ACLs are a traffic shaping device. > > > > > Bzzzt. *All* "Autonomous Systems" are multihomed. Thats the definition > of AS. > > >> That's completely wrong. The definition of an "AS" is not that it's > multihomed, and not all AS's are multihomed. > > > > Again, wrong. ACLS are involved, but what you are talking about are > called ROUTING DECISIONS, and ACLS != Routing Decisions. > > >> Sorry, but that's EXACTLY what they are. They are a set of instructions > by which a routing device DECIDES where to route packets. > > > This is true for *most* ACL implementations, but NOT for all. Again, you > are trying to paint the entire world with your only available [Cisco] > brush, and it is making you look like a self-important fool. > > >> Sorry, but... you're wrong again. The very nature of how ACL's work mean > that you move from specific to general. > > > I can probably find a few good ones to recommend - if you will promise to > read them prior to spewing more of this. > > >> Based on your statements so far, I would not be inclined to follow your > suggestions. > > > > And still managed to screw up most of what you said. > > >> Actually, what I said is entirely correct. > > > That's expected: hot gas expands. > > >> You would know. > > > > > > > > mail2web - Check your email from the web at > http://mail2web.com/ . > > > -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote: > REPLY: > --- > > Actually, that's not true. > I would agree that as a general rule of thumb > you should have a deny statement at the end > of every ACL. In fact, Cisco places an implicit > DENY ANY ANY at the end of their ACL's > automatically. As does Juniper, as does. > However, Access Control Lists are not firewalls. > Yes, we use them as firewalls, but that's not what > they are. > > ACL's ARE TRAFFIC SHAPING DEVICES. Uh... No. Traffic shaping may make use of ACLs, but ACL != Shaping. > As traffic shaping devices, they can be used for > security, but they are also used for management > purposes. For instance; many Autonomous Systems > are multi-homed. Bzzzt. *All* "Autonomous Systems" are multihomed. Thats the definition of AS. > There are decisions to be made > about how traffic will flow in and out of the AS. > You also have to decide if you wish to be a > transit AS or not. > > ACLs are the tool that you use to control your > traffic. Again, wrong. ACLS are involved, but what you are talking about are called ROUTING DECISIONS, and ACLS != Routing Decisions. > While an ACL being used as a security device > should have a deny statement at the end, proper > construction of the ACL is more about following > the proper construction rules. > > This is actually a huge subject, far too big > for an individual e-mail to a list. Finally, a correct statement. But, while it was correct, it was also incomplete: "This is actually a huge subject, far too big for an individual e-mail to a list, and doubly so when I have yet to learn enough about it to expound upon the topic rationally." > But there are some basic rules to keep in mind: > > ACL's analyze traffic from top to bottom, so > keep your most specific entries at the top, This is true for *most* ACL implementations, but NOT for all. Again, you are trying to paint the entire world with your only available [Cisco] brush, and it is making you look like a self-important fool. > This subject REALLY calls for a book, not > an e-mail response. I can probably find a few good ones to recommend - if you will promise to read them prior to spewing more of this. ;-) > I've said very little in this post And still managed to screw up most of what you said. > and look at all the room it took up. That's expected: hot gas expands. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I am not at the office
On Mon, 22 Aug 2005, Jerry Eblin wrote: > I will be out of the office starting 08/22/2005 and will not return until > 08/29/2005. > > I will respond to your message when I return. Dear Jerry, Thank you for broadcasting the fact that you were out. While you were gone we took the opportunity to break into your house and kill your dog. Oh, and that mess in the back yard - that was your laptop: we figured you really didn't need it after all, and since the dog was no longer around to chew on it, we used it for soccer "practice". Have a nice day. Not. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Problems with unsuscribing
On Tue, 23 Aug 2005, Suetterlin, Sven wrote: > Date: Tue, 23 Aug 2005 08:59:40 +0200 > From: "Suetterlin, Sven" <[EMAIL PROTECTED]> > To: full-disclosure@lists.grok.org.uk ^ ^ > Sven S?tterlin Dear Sven, You are sending an unsubscribe to BUGTRAQ, but you are subscribed to FULL DISCLOSURE. Perhaps you have been ordered to unsubscribe because your are ILLITERATE? All the worst, -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me
On Fri, 19 Aug 2005, waldo alvarez wrote: > Hi Folks: > > I'm just landed here recently because of an e-mail in bugtrack. You > know curiosity can take you to strange places. And jejej this list is > great. Non moderation simply makes it great. Now the problem is. I > sort mail arriving to my mailbox by category using filters. Now the > only common thing that applies to all mails here is the > [Full-disclosure] text in the subject. Everything else is a caos. The > from fields sometimes don't have the fulldisclosure address. And on > the other side I tried to sort using that text in the subject but it > doesn't work at all sometimes messages land in the Fulldiclosure > folder I have for this list but sometimes they land straigth into my > inbox. And there is a total caos having so much traffic this list. > Could anybody that solved this before gimme a hand telling me the > solution for this. In any case I think this list should work in that > sense like the rest of the lists. Dear Waldo, Thank you for taking the time to fully disclose your email list administration 0-day. Now would you please call your local help desk to ask how you should configure your goddamned mail filter? Thanks. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [MISC] When people ask for security holes as features (fwd)
Too good not to share! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. -- Forwarded message -- Date: Thu, 18 Aug 2005 19:37:37 +1200 From: Peter Gutmann <[EMAIL PROTECTED]> To: cryptography@metzdowd.com Subject: When people ask for security holes as features Raymond Chen's blog has an interesting look at companies trying to bypass Windows XP's checks that a driver has been WHQL-certified: My favorite stunt was related to my by a colleague who was installing a video card driver whose setup program displayed a dialog that read, roughly, "After clicking OK, do not touch your keyboard or mouse while we prepare your system." After you click OK, the setup program proceeds to move the mouse programmatically all over the screen, opening the Display control panel, clicking on the Advanced button, clicking through various other configuration dialogs, a flurry of activity for what seems like a half a minute. When faced with a setup program that does this, your natural reaction is to scream, "Aaaigh!" There are many more examples (in followup comments and links) of vendors cheating in the certification and install process: my new Dell laptop came with an usigned bluetooth driver whose setup automatically clicks on the Continue button of the dialogs while installing the driver the driver for a USB memory key [...] would install and auto-push the button on that warning dialog. XP SP2 added a new check for kernel memory pool corruption and guess what? This driver would blue-screen every time the memory key was plugged in. I work on a wifi product that sometimes is bundled with wifi cards. When packaged like that our installer also installs the wifi card dirver. Guess what. The suits are all upset about the "unsigned driver" warning, and they are sure that a programmer more clever than me could make them go away. Of course actually getting the drivers certified is too expensive. Excuse me while I get back to work on my TPS report. I still remember one of Linksys's Wireless B PCMCIA cards. I went to install the driver, the instructions actually said something to the tune of "Ignore this warning box, it doesn't mean anything important. Continue clicking OK on every screen until the driver finishes installing." Hell I could have put a box in that said "Click here to format your hard drive" and I'm sure some end users would have clicked OK. Cisco is a huge company, surely the WHQL payment isn't much to them. At a company I used to work for they had found away around that dialog box. They would silently launch the System Properties / Driver Signing Options dialog, send windows messages to select "Ignore" and then click ok, effectively turning off the dialog box (BTW, the code to re-enable the setting was commented out, so the installer made your machine less secure forever -- great stuff coming from a security company). More details at http://blogs.msdn.com/oldnewthing/archive/2005/08/16/452141.aspx. The best suggestion is that the warning be changed to: Warning! Your hardware manufacturer hasn't bothered to test this driver! Do you feel lucky? [Yes] [No] Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Tor security advisory: DH handshake flaw (fwd)
Forwarded as I haven't seen it here yet.
-- Forwarded message --
Date: Thu, 18 Aug 2005 16:36:18 -0700
From: Chris Palmer <[EMAIL PROTECTED]>
To: cryptography@metzdowd.com
Subject: Fwd: Tor security advisory: DH handshake flaw
- Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> -
From: Roger Dingledine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Thu, 11 Aug 2005 21:31:32 -0400
Subject: Tor security advisory: DH handshake flaw
Versions affected: stable versions up through 0.1.0.13 and experimental
versions up through 0.1.1.4-alpha.
Impact: Tor clients can completely lose anonymity, confidentiality,
and data integrity if the first Tor server in their path is malicious.
Specifically, if the Tor client chooses a malicious Tor server for
her first hop in the circuit, that server can learn all the keys she
negotiates for the rest of the circuit (or just spoof the whole circuit),
and then read and/or modify all her traffic over that circuit.
Solution: upgrade to at least Tor 0.1.0.14 or 0.1.1.5-alpha.
The details:
In Tor, clients negotiate a separate ephemeral DH handshake with each
server in the circuit, such that no single server (Bob) in the circuit
can know both the client (Alice) and her destinations. The DH handshake
is as follows. (See [1,2] for full details.)
Alice -> Bob: E_{Bob}(g^x)
Bob -> Alice: g^y, H(K)
Encrypting g^x to Bob's public key ensures that only Bob can learn g^x,
so only Bob can generate a K=g^{xy} that Alice will accept. (Alice, of
course, has no need to authenticate herself.)
The problem is that certain weak keys are unsafe for DH handshakes:
Alice -> Mallory: E_{Bob}(g^x)
Mallory -> Bob: E_{Bob}(g^0)
Bob -> Mallory: g^y, H(1^y)
Mallory -> Alice: g^0, H(1^y)
Now Alice and Bob have agreed on K=1 and they're both happy. In fact,
we can simplify the attack:
Alice -> Mallory: E_{Bob}(g^x)
Mallory -> Alice: g^0, H(1)
As far as we can tell, there are two classes of weak keys. The first class
(0, 1, p-1=-1) works great in the above attack. The new versions of Tor
thus refuse handshakes involving these keys, as well as keys < 0 and >= p.
The second class of weak keys are ones that allow Mallory to solve for y
given g^y and some guessed plaintext. These are rumored to exist when the
key has only one bit set [3]. But in Tor's case, Mallory does not know
g^x, so nothing she can say to Alice will be acceptable. Thus, we believe
Tor's handshake is not vulnerable to this second class of weak keys.
Nonetheless, we refuse those keys too. The current Tor release refuses
all keys with less than 16 "0" bits set, with less than 16 "1" bits set,
with values less than 2**24, and with values more than p - 2**24. This
is a trivial piece of the overall keyspace, and might help with next
year's weak key discoveries too.
Yay full disclosure,
--Roger
[1] http://tor.eff.org/doc/tor-spec.txt section 0 and section 4.1
[2] http://tor.eff.org/doc/design-paper/tor-design.html#subsec:circuits
[3]
http://www.chiark.greenend.org.uk/ucgi/~cjwatson/cvsweb/openssh/dh.c?rev=1.1.1.7&content-type=text/x-cvsweb-markup
and look for dh_pub_is_valid()
- End forwarded message -
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: MS not telling enough - ethics
On Thu, 18 Aug 2005, DAN MORRILL wrote: > Anyone have any statistics they can share on how many people get their CISSP > revoked due to ethical issues? I have first hand personal knowledge of 2 CISSPs who were brought to the attention of ISC2 for (a) forging a college diploma, and (b) participating in a blatant fraud against one of their clients, respectively. And we all know of the great numbers of CISSPs who could not *possibly* have met the minimum practice requirements (hrmmm... You're 17, and you meet the prereqs? Yeah, riiighttt.). ISC2 cert is not policed, and therefore, it is worthless. Worse than worthless, as it purports to "certify" the character and nature of a certificate holder, and does so while making zero attempt to actually insure the implied endorsement is both valid and warranted. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Webcast of crypto rump session this year! (fwd)
-- Forwarded message -- Date: Tue, 16 Aug 2005 11:34:11 -0700 From: james hughes <[EMAIL PROTECTED]> To: Cryptography Cc: james hughes <[EMAIL PROTECTED]> Subject: Re: Webcast of crypto rump session this year! For those interested, testing will begin at 3:30pm PDT. More information see http://www.iacr.org/conferences/crypto2005/rump.html The program is now available http://www.iacr.org/conferences/crypto2005/C05rump.pdf Please feel free to forward this to other security list. I believe it will be an interesting rump session. Thanks jim On Aug 14, 2005, at 5:42 PM, james hughes wrote: > I now have new and good news. > > There _WILL_ be a webcast of this year's Crypto which will commence > at 7pm this Tuesday (Aug 16th). > > Please watch http://www.iacr.org which will be posted as soon as > further information is known! > > Please feel free to cross post this message to other cryptography > related lists! > > Enjoy! > > jim > > > > On Aug 12, 2005, at 9:07 AM, Mads Rasmussen wrote: > > > >> >> Anyone knows whether there will be webcasts from this years Crypto >> conference? >> >> -- >> Mads Rasmussen >> Security Consultant >> Open Communications Security >> +55 11 3345 2525 >> >> >> >> - >> The Cryptography Mailing List >> Unsubscribe by sending "unsubscribe cryptography" to >> [EMAIL PROTECTED] >> >> > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
