Re: [Full-disclosure] Warning is about vulnerability
You are the Borat of FD. 2011/6/4 Григорий Братислава musntl...@gmail.com Hello is list!! I is like to warn you is about vulnerability. Is vulnerability is what get Sony, RSA, L3, Google and is Hilary Clinton hacked. Please is watch vulnerabilities and is never forgot when is you use !! many times, is many more take your advisories is serious!! http://www.thinkgeek.com/tshirts-apparel/unisex/popculture/78c6/ -- `I am epic win` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Auernheimer aka weev accused of peddling kiddie porn, sexual blackmail against woman
You could probably find a My Little Pony list somewhere, princess. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0-day vulnerability
zero day can happen to anyone. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] African ISP SekuritY
A password dump by any other name would smell as sweet. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Identifying handler and agency of police informant?
Tell them your mom says that they have to stop it. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Tool] - inundator - an intrusion detection false positives generator.
Want yet another go at replying to try and salvage what little credibility you have left? Or you just going to accept you got worked. JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew???
But if you look like this you deserve it: http://pics.livejournal.com/weev/pic/00090a2r/s640x480 Funny cuz it's true. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
On Tue, Jun 22, 2010 at 9:41 PM, valdis.kletni...@vt.edu wrote: On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said: Security is as easy as that.. http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490 OK. I'll bite. 1) What antivirus are they going to force me to install on my Fedora laptop? 2) How will they verify the presense of A/V software on a properly firewalled system? 3) If the answer to (2) is run some sort of agent software on every box, in how many different ways can this end badly? Trust you to break through the idealistic AV discussion with an ACTUAL logical implementation question. Shame on you! You've just made Belinda's shitlist. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
They had a committee working on this for a year and that's the best they could come up with? HAHAHAHA. Belinda Neal - With idiots like you and your colleagues tackling this issue, tax payers deserve to burn you at the stake. BTW... are you really a du0d? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN
On Wed, Mar 24, 2010 at 1:05 AM, n...@phocean.net wrote: Could you please stop all this fucking noise ? On such a mailing-list people want to read of technical facts, not all this shit that has been polluting the list recently. Retarted teens and computer nuts, please get out of here. Thanks. Recently? This list has always been like this... You must be new. STFU and enjoy your stay :-) -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] about jit and dep+aslr
No u. Yuange - opt out you useless dogshit. 2010/2/5 Charles Skoglund charles.skogl...@bitsec.se Ravi stop being a douchebag On 2/5/10 11:58 AM, yuange yuange1...@hotmail.com wrote: My native language is not English, if Full-disclosure rejected the non-English connection, I can opt out! -- Date: Fri, 5 Feb 2010 10:28:46 +0100 Subject: Re: [Full-disclosure] about jit and dep+aslr From: ravi.borgaon...@gmail.com To: yuange1...@hotmail.com dude, dont you know that we speak english on Full-Disclosure list. R 2010/2/5 yuange yuange1...@hotmail.com http://hi.baidu.com/yuange1975/blog/item/4e57c3c2474a183ee5dd3b58.html -- 更多热辣资讯尽在新版MSN首页! 立刻访问! http://cn.msn.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- 搜索本应是彩色的,快来体验新一代搜索引擎-必应,精美图片每天换哦! 立即试用! http://cn.bing.com/?form=CRMADS -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
On Mon, Dec 14, 2009 at 6:14 AM, Razuel Akaharnath raz...@gmail.com wrote: Oh I see, Funny... this needs to be brought in notice of the original creator to fix the upstream version. Posting other peoples bugs for fame! HAHAHAHAHAHAHA. Love your tekneeqz! -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple ptrace panic PoC - R.I.P str0ke
There are people at the end of the computers. Don't ever forget it. Did you and them get your degree from the same university of trolls? I have mistaken nothing for nothing. Fuck you. Regardless, you should have known he wasn't dead. Your tongue is so far up his ass didn't you feel he was still at 37c ? You remind me of: LEAVE BRITNEY ALONE -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] milw0rm
str0ke phone home! All of the security industries pen testers are losing valuable business! Perhaps str0ke is locked up someones basement being sodomized by a gimp. On Tue, Oct 20, 2009 at 7:06 AM, xsr xsr.40b...@unknown.global wrote: The french blog url was posted in July, i think i've read somewhere that str0ke had changed his mind after that to continue milw0rm again. For a site, even being referenced by cve.mitre, i still fail to understand the current update delay though. -- xsr -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event
What the fuck is this world coming to. A million plagues to whoever complained. Yahoo don't apologize for shit! The dude in the photo looks sus too, pocket rocket titties right in front and he's looking at the nerds on the sideline. Don't worry faggot, Jesus isn't crying for you. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
WTF is up with this mailing list? I signed up a few weeks ago expecting full disclosure of security exploits or at least good security discussion. Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be. BMF Im sorry, all I read there was WHINE WHINE FUCKIN WHINE. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AntiSec Lamers Exposed
On Tue, Jul 28, 2009 at 12:54 PM, antisec exposed antisec-expo...@null.netwrote: Also may I add, Mr. Romeo's real ip address usage on some other lame antisec forum he frequents. The lil idiot is so arrogant and thinks he is so untouchable he does not even use proxies: Used between the dates of 5-10-09 to 7-10-09 You think this info is not useful to FBI mr FaGeO? Think again... 188.50.41.73 87.109.227.67 77.30.176.89 77.30.226.251 77.31.57.64 77.30.128.170 77.30.182.53 77.30.188.173 77.30.180.169 77.30.195.91 212.71.37.110 87.109.134.196 77.30.143.27 77.31.98.221 188.52.58.14 188.50.84.224 How Tsutomu Shimomura of you. Please show us more kung-fu! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
On Fri, Feb 27, 2009 at 10:54 AM, jf j...@danglingpointers.net wrote: also keep in mind that null ptr deref's can sometimes be exploitable-- especially on certain processors that store important things at 0x0; of which, from what i recall, the iphone is one. Can you please give one example of a NULL deref that was exploitable? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
On Fri, Feb 27, 2009 at 12:26 PM, ne...@feelingsinister.net wrote: BM_X-Force_WP_final.pdf is called Application-Specific Attacks: Leveraging the ActionScript Virtual Machine and if you haven't read it, you should. It'll make you smile. OK, and what about this vulnerability makes use of a NULL pointer? This goes to show the shallow exploitation knowledge of this community. If you actually understood the paper it's (NULL + offset). This is NOT the same as a plain NULL deref bug. Also, you need to be able to map the NULL address, so I ask again, in examples such as this, in users-space apps name one exploitable condition. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
I'll clarify for everyone since you seem lost. EVERYONE, THE NULL POINTER DOES NOT GET DEREFERENCED. It only gets referenced. And Jubei isn't even sure a null pointer is involved at all =) With that out of the way, I'd just like to say that I only meant to encourage people to check out an excellent paper. I didn't mean to say anything related to your argument other than to say that that paper is a must-read. If you can't appreciate that, why the fuck are you on F-D? Think about it. I'm didn't even comment on Mark's paper, it is definitely a great piece of research, there is no doubt. It's just that some people have read this paper and thought, wow, all those NULL bugs are now exploitable. It's important to separate these bug classes. I'd even go to say that while this paper is a must-read, please also spend some time understanding it, otherwise don't bother. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
On Fri, Feb 27, 2009 at 5:04 PM, bob jones bhold...@gmail.com wrote: http://uninformed.org/?v=4a=5t=sumry This exploitation relies on the ability to have the top-level UEF point to an arbitrary address which hopefully you have the ability to control. The NULL pointer is only used as a mechanism to trigger the exception necessary to execute code where the handler now points. This doesn't need to be a NULL deref, it can be any unhandled exception. I guess you could compare the NULL pointer in this situation to a memory leak necesary to exploit another condition. The memory leak itself wouldn't be called a vulnerability, it's just used instrumentally to assist in exploitation. In this paper the NULL pointer is used to assist in the exploitation of a hijacked UEF by triggering the unhandled exception. My original point stands, the NULL pointer dereference can be used to assist in another explotiation, but in itself is not a vulnerability. Do you disagree? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
Why does the industry incessantly call any bug a DoS Vulnerability. Why are these bugs even published to a security mailing list and not privately dealt with by the vendor? Just because a bug class can crash an application doesn't make it a security issue. Does this frustrate anyone else? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploiting buffer overflows via protected GCC
memset(buf, 'A', 528); Don't do that. This sort of whoops is exactly what the gcc SSP canary is designed to stop. I could comment on this, but... I'll leave it. I have googled my brains out for a solution, but all I have gathered is that my Ubuntu's gcc is compiled with SSP and everytime I try to overwrite the return address it also overwrites the canary's value, and triggers a stop in the program. I've disassembled it and anybody who can help me probably doesn't need me to explain much more, but I would like to know a way to get this. There seems to be some people on this list who may know something on how to exploit on *nix systems with this protection enabled. What you want to do is be more precise in your splatting. Instead of one memset, see if you can come up with a way to do *two* memsets, which leave your stack looking like: 'A' (above the canary) 4 unmolested bytes of canary 'A' (below the canary) Of course, if you're trying to exploit already-existing code, you probably only have one memset/strcpy you can abuse, and the starting address of the destination is already nailed down, which means you need to fill in the 4 bytes of canary correctly. This means you need to find a way to obtain the value so you can use it. One hint - sometimes you're better off targeting the stack frame 2 or 3 function calls back, rather than the *current* frame. You commenting on exploitation is kind of like asking a deaf person what their favorite song is. You obviously have no clue what you are talking about due to the fact you offered absolutely no insight in to the protection mechanism he was asking about, nor potential means of exploitation. Given this the real question remains, do you actually believe you have any clue about this stuff, or are you like Wallace and just want to post useless shit? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Barack Obama
On Fri, Jan 23, 2009 at 6:06 AM, andrew.wallace andrew.wall...@rocketmail.com wrote: I'm the only one who thinks cyber security politics are allowed on full-disclosure? You're the only one on this list that thinks a lot of things. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mr wallace must be stopped and i know how
Anyone that can cop that much abuse and prosper has to be extremely sadomasochistic. The delusion that a blogger such as Mr Wallace somehow contributes to the security community is hilarious at first and when the comical side clears you have that pathetic little failed abortion asking why he's the target of abuse. To be honest, I'd rather have my children babysat by Josef Fritzel than take security advice from this schizo. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] News for Ureleet
On Fri, Dec 5, 2008 at 11:49 AM, ghost [EMAIL PROTECTED] wrote: a wanka mate? well i be a fag from down unda, cheers jolly ho ol chap. This is the only contribution youve made to full-disclosure. So whos the useless wanka then? go on back to your bread pudding before i take a piss on ya and give you a good rodging. Wrong country, that's all British slang you extra chromosomal piss-freak. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What Christianity means to me
On Sat, Nov 8, 2008 at 8:55 AM, Michael Krymson [EMAIL PROTECTED] wrote: Valdis, if you're not careful, going down this route will lead a certain spammy/ranty/unwanted someone to have a defense for all his meandering and fitful email crap he sends daily. :) To response, however, let me just say there is something to be said about exercising certain skills in appropriate places so as not to waste everyone's time and patience. Want an employee who can intelligently dive into metaphysics/religion/rhetoric? There are better places to look and/or test. Intelligence and religion shouldn't be in the same sentence. To even pretend, yet alone believe, that some pathetic moron has an insight in to the mindset of a celestial dictator is ridiculous. Religion may have been a foolish first attempt at science, but the fact that it still has a place in modern times where science explains so much shows how subservient people want to be. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Let's make a spy-proof communications infrastructure
Yes as i've been saying already the intelligence services for years like MI5, MI6 have been laughing at Full-Disclosure for years about us and the media getting excited about internet explorer, fire fox, opera, safari drama and the other likes. While that may be stimulating for some, it hasn't chipped a single inch out of the government and the intelligence services. The biggest government hack of all time? Some faggot weirdo called Gary Mckinnon probing the Pentagon and other government networks with a text file of manufacturer default passwords, and he is about to be extradited to the U.S.A for it and be put in jail for 65 years, lmao!!! The government are laughing their asses off at how softcore the world elite hackers are, we need to crank up a gear and give the government something to think about. I'm not talking about anything illegal or breaking the law, i'm talking about lawful critical vulnerability discosure on the mailing lists thats going to make the intelligence services and the government wake up and bring real credibility to the mailing list. Right now, folks releasing quicktime flaws and other gay shit, thats so 1999, its time to research and disclose stuff thats going to get you stopped at passport control and have your vulnerability research taken off you for analysis when you plan to do a speech at a security conference etc. Like say, we need to move away from gay shit, and think about the government and the intelligence services, they are currently walking all over all of us, its time to get even technically. All the best, n3td3v Put your money where your mouth is. What have you released that will make the government respect this list? Secondly, what does FD and the world of elite hackers have in common? Nothing. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/