Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
>DLL Hijacking is highly effective in combination with use of Social Engineering Toolkit. Isn't *any* mechanism for code execution going to be effective with the use of social engineering? I mean, isn't that what we've known for years, that the weakest component of any security system is the users? -- Rohit Patnaik On Wed, Sep 8, 2010 at 3:36 AM, YGN Ethical Hacker Group wrote: > A vulnerability is a vulnerability. > A SQL Injection is a type of Vulnerability. > For each type of Vulnerability, there will be thousands of web > applications that might be vulnerable to it. > DLL Hijacking is same. > > We do each post rather than a list so that security vulnerability news > site can get required detailed information > as possible. > > If you don't want it, set filter for each post subject with "DLL > Hijacking" or from our email. > > We can't underestimate such an easy flaw that leads to system > compromise or command execution under user' privilege. > > Disabling remote share/WebDav is not a solution to DLL Hijacking at all. > > DLL Hijacking is highly effective in combination with the use of > Social Engineering Toolkit. > > > > > On Tue, Sep 7, 2010 at 2:28 PM, Christian Sciberras > wrote: > > I'm getting a bit tired of throwing away these "security advisories". > > > > Really, someone should install a whole load of popular applications, > ensure > > any of them load their own files, and finally, thanks to a mass > dependency > > check, ensure DWM is being loaded at runtime. > > > > At least, it would be just one email/thread to trash. > > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
One problem with your scenario: any person sophisticated enough to know what nmap is (much less use it) is going to be just a little suspicious about running nmap on some random "data file" that you send them. --Rohit Patnaik On Wed, Sep 8, 2010 at 8:29 PM, wrote: > jf wrote: > > > ... my understanding of the issue was not the default library search > > path, but rather that people are using SearchPath() or similar to locate > > DLLs which they then pass to LoadLibrary() ... > > And, people loading DLLs they do not need, for OS version detection. > (Maybe others?) > > > ... I can't see anyone opening a URL with nmap itself ... > > An "exploit scenario" for nmap: send a ZIP (or somesuch) archive to > the victim, containing a data file and a "hidden" DLL, with message: > Hey, these seem infected with conficker, check with nmap > and the victim using "nmap -iL datafile" from current dir. > > Cheers, Paul > > Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of SydneyAustralia > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Patent Absurdity - How software patents broke the system
Now here's a question that should bring this thread back on-topic. How patentable are security tools? Lets say, for example, that I got a patent on fuzzers - i.e. a patent on the process of generating random input for a program. Could it be that I could restrict the availability and use of these tools? That'd be pretty worrying from a security perspective, no? -- Rohit Patnaik On Thu, Jul 15, 2010 at 11:31 PM, M.B.Jr. wrote: > Hello. > > Patent Absurdity explores the case of software patents and the history > of judicial activism that led to their rise, and the harm being done > to software developers and the wider economy. The film is based on a > series of interviews conducted during the Supreme Court's review of in > re Bilski — a case that could have profound implications for the > patenting of software. > > http://patentabsurdity.com/watch.html > > > Regards, > > > > Marcio Barbado, Jr. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Uncle Sam
Well written. I should also add that even authoritarian countries treat their hackers better than the US. In China, for example, if a kid is caught hacking, he's given an offer of recruitment by the PLA. In the US, that same kid would be hauled off to jail. Now which country do you think is going to have a better "cyber command?" -- Rohit Patnaik On Fri, Jul 23, 2010 at 10:18 AM, Iadnah Enoch wrote: > Dear Uncle Sam: > > Apparently the United States is having some issues with its “cyber > command” > <http://www.npr.org/templates/story/story.php?storyId=128574055>effort. This > is my way of helping you out and contributing to your so-called > “home front”. I believe the following dissertation generally reflects the > current stance of my community in regard to your troubles. When I say > community I am referring to hackers, the modern alchemists, wizards, and > artists whose fore-bearers built this great nation of technology you now > stand and rely upon. > > You make everything we are interested in illegal. As a result we are forced > to be criminals if we want to learn the particular set of survival traits, > commonly known as hacking. Sure there are “white hats” out there who possess > the knowledge and skill to stop the types of attacks they, themselves, can > come up with. They will happily work for you and do whatever you tell them. > However, while you are sheltered within your own personal paradigmal bubble > where all the children play nicely, the real world, 2.0 perhaps, awaits you > outside. Out here in the real world you have been giving us the shaft in > every way shape and form possible to discourage others from becoming like > us. > > You didn’t want more of us. You didn’t want us to do what we know is right. > You wanted to use us as a resource or a munition. You make the things we are > interested in illegal so those of us who chose to learn any way are under > your theoretical control. We’re legally criminals so we must comply with you > and do as you like or we will go to jail. > > Now that you have exhausted your arsenal of fear, uncertainty, and doubt, > you’ve come to realize you have some very troubling issues, the least of > which is that your aging titanic, system of information exchange is at once > your greatest strength and most needed crutch. > > I know you like the *bottom line*, so I’ll state it here in a language you > can understand: We are pretty angry about how you have treated us over the > last few decades, especially since September 11 of 2001. You have made our > culture illegal. Now you want us to help you. You want us to conform to your > standards and ways of living, thinking, and acting so we can protect you > from the machinations of foreign minds. > > Do you really feel that we have any obligation or incentive to do such a > thing? It benefits us in no tangible way to help you solve your mess. The > more time goes on, the less and less we actually need or have any use for > you. > > Is it so hard to approach us with the same respect and dignity you would > any other nation? After all, while we may not technically own land or have > an army, we are a force you know must be reckoned with. If you would > approach us as you do other nations when you are in need perhaps we would > feel better about exporting our natural resources: the knowledge necessary > to correctly and securely provide and maintain the infrastructure you use > for… well, just about everything. > > I shall let this writ float along the aether, and perhaps some day, some > way, it will reach some one who can do simple math. > > In parting, I must give you a brief history lesson; a reminder really: This > war will be no different than every other war waged with wizards. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We must work harder on cloud, says Microsoft
As the amount of regulation over personal data storage and transmission grows, individual businesses are going to have a harder and harder time keeping up with all the security certifications and requirements that are necessary to hold that data. At that point, there will be strong pressure to outsource this responsibility to a specialist. The moment Microsoft, Amazon, Google, or someone else comes up with a remote storage and virtualization system that meets HIPPA, PCI, or some other auditing requirement, they will own the market. Businesses do not want to be responsible for their customers' data. The moment they are able to offload that responsibility onto a third party, they will do so. -- Rohit Patnaik On 4/21/2010 7:06 PM, Ivan . wrote: > The question is who would trust any of these orgs to maintain the > integrity of their data? > > On Thu, Apr 22, 2010 at 9:43 AM, Jason Nada wrote: > >> The funny thing about the cloud is that eventually there is going to be a >> monopoly of one company that dominates in it. Just as Microsoft has done >> with software, I can see Microsoft "CloudSoft" coming soon. >> >> >>> Date: Thu, 22 Apr 2010 09:03:26 +1000 >>> From: ivan...@gmail.com >>> To: full-disclosure@lists.grok.org.uk; security-bas...@securityfocus.com >>> Subject: [Full-disclosure] We must work harder on cloud, says Microsoft >>> >>> Funny stuff... >>> >>> Nirvana in a cloud context would be for customers to trust Microsoft >>> just as they trust their bank or utility company. >>> >>> "Building that mentality will take time. It's going to be incumbent >>> upon us to establish that confidence with our customers,” he said >>> during a visit to Sydney. >>> >>> >>> http://www.theaustralian.com.au/australian-it/we-must-work-harder-on-cloud-says-microsoft/story-e6frgakx-1225856537669 >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> The New Busy is not the old busy. Search, chat and e-mail from your inbox. >> Get started. >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We must work harder on cloud, says Microsoft
Monopolies in "cloud" (e.g. remote storage and computing services) may develop, but I don't think its quite foreordained that such monopolies will develop. I think that there is a strong chance that we'll end up with an oligopoly (just like with gas stations, or airlines) where a few dominant providers (like Google, Amazon, Microsoft) control prices. While its not as good as a genuinely competitive market, I do not think oligopolies are as bad as monopolies, if only because each individual participant has an incentive to break with the cartel for increased short-term gains. -- Rohit Patnaik On 4/21/2010 6:43 PM, Jason Nada wrote: The funny thing about the cloud is that eventually there is going to be a monopoly of one company that dominates in it. Just as Microsoft has done with software, I can see Microsoft "CloudSoft" coming soon. > Date: Thu, 22 Apr 2010 09:03:26 +1000 > From: ivan...@gmail.com > To: full-disclosure@lists.grok.org.uk; security-bas...@securityfocus.com > Subject: [Full-disclosure] We must work harder on cloud, says Microsoft > > Funny stuff... > > Nirvana in a cloud context would be for customers to trust Microsoft > just as they trust their bank or utility company. > > "Building that mentality will take time. It's going to be incumbent > upon us to establish that confidence with our customers,” he said > during a visit to Sydney. > > http://www.theaustralian.com.au/australian-it/we-must-work-harder-on-cloud-says-microsoft/story-e6frgakx-1225856537669 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get started. <http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3> ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RFID DOS, DDOS
Another thing that works on the tag is a microwave oven. Nothing kills a RFID chip than a few seconds of massive induced current from a microwave magnetron. -- Rohit Patnaik On Tue, 2010-03-30 at 14:22 -0400, Michael Holstein wrote: > > Do you know about RFID DOS? > > > > I’m looking for documentation about RFID DOS or source code. > > For the reader : RF "noise" (or better yet, protocol-appropriate noise) > on the correct secondary frequency (135khz, 13.56mhz, etc) > For the tag : extremely high power on the primary frequency or a hammer. > > The readers I've worked with (HID) are so picky they won't work if two > valid cards are presented simultaneously. > > Cheers, > > Michael Holstein > Cleveland State University > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Victorinox Launches Super-Secure USB Stick
So does that mean that if one of us can crack the USB stick we can claim the prize? -- Rohit Patnaik On Wed, 2010-03-31 at 15:49 +1100, Ivan . wrote: > Victorinox says that during the Secure's launch event in London, the > company offered a team of professional hackers close to $150,000 if > they could get past the Secure's security measures. The prize money > went unclaimed, Victorinox says, and the company did not identify the > hackers. > > http://www.pcworld.com/article/192738/victorinox_launches_supersecure_usb_stick.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
That's so vacuous, it underflows the buffer and becomes profound. --Rohit Patnaik On Mon, 15 Mar 2010, Cassidy MacFarlane wrote: > He said this to me: > > "Youre playing with fire. Fire that cannot be put out with words but > only inflame the situation of which you are misinformed." > - n3td3v > > :) > > http://seclists.org/fulldisclosure/2005/Dec/328 > > > -Original Message- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Anders > Klixbull > Sent: 15 March 2010 13:54 > To: valdis.kletni...@vt.edu; james o' hare > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] SecurityFocus to partially shut down > Importance: High > > He never said anything profound > 140 characters or not > > > > -Original Message- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of > valdis.kletni...@vt.edu > Sent: 15. marts 2010 12:26 > To: james o' hare > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] SecurityFocus to partially shut down > > On Sat, 13 Mar 2010 22:30:37 GMT, "james o' hare" said: >> People can post code and messages on blogs and post the link to >> Twitter, thats how the threat landscape of the future will look, we >> don't really need mailing lists now for straight forward vulnerability > >> disclosure. > > That's OK, it's been years since you said anything so profound that it > took more than 140 characters anyhow. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > www.grantmanagement.co.uk > > www.gmhelp.co.uk > > Please consider the environment before printing this email and any > attachments. > This message and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you are not the intended recipient please disregard and delete this message. > Please note that any views or opinions presented in this email do not > necessarily represent those of the company. Whilst this email and any > attachment(s) have been scanned for the presence of viruses, the company > accepts no liability for any damage caused by any virus transmitted by this > email. > > Company Registration: SC187301 > 14 Coates Edinburgh EH3 7AF > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubisoft DDoS
Well, we don't know exactly how the servers were configured. There might have been some kind of issue with the coding or the configuration of the DRM servers that wasn't noticed during testing. After all, these sorts of big-budget games sell millions of copies in the opening weekend. Even simulating that kind of load is an expensive proposition. There might have been some issue with the server that only became visible when there were millions of simultaneous clients all trying to authenticate themselves simultaneously. Remember what happened with AT&T's iPhone activation fiasco? Who's to say that something similar didn't happen here? -- Rohit Patnaik On Tue, Mar 9, 2010 at 3:59 PM, Jan Schejbal < jan.mailinglis...@googlemail.com> wrote: > Am 09.03.2010 21:11, schrieb James Matthews: > > I don't see why they didn't just block the attack. It must be more then > > this. > > If the attack behaved like LOTS of legitimate clients, it might have > been hard to lock out the bots while not locking out players. > > The option that the attack is just made up as an excuse for too few > resources to support all the players should also not be forgotten, > although I consider that improbable. > > Sincerely, > Jan > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
You checked this code on a 64-bit computer? I just tested it on Ubuntu 9.10 amd-64 edition (running from a LiveCD, no less). The result was the same as the one described above - Firefox chugged for a few seconds and then displayed a very wide web page. -- Rohit Patnaik On Thu, Mar 4, 2010 at 4:15 AM, information security < informationhacke...@gmail.com> wrote: > i had check this code in 64 bit computer it works > but why this code only work for Mozilla browser not in Internet Explorer > and > also thanks Jeff for all your comment :) > In India a famous Poet kabir says "keep your critic next to you he is your > best friend!" :) > > Asheesh kumar Mani Tripathi > > > > > > > > > On Wed, Mar 3, 2010 at 4:19 PM, Jeff Williams wrote: > >> Sure; >> >> Mozilla by default recover any "lost" tabs by itself, then no worry for >> your "users" considerations. >> >> Now sparky, who will be stupid enough to launch a botnet that sets a web >> page containing a document.write "A" * 200 on them >> compromised hosts ? >> >> You tell me. >> >> >> >> 2010/3/3 information security >> >>> Thanks Valdis .Jeff for all your comment >>> yes my small-penis machine running out of RAM and swap space ...: .. >>> :)and i believe that Mozilla get crash ...:( >>> can you tell me how to fix that people don't become victim from this >>> attack people with having 34 bit Computer >>> or people having small -penis machine change into big-penis machine :) >>> >>> >>> >>> On Wed, Mar 3, 2010 at 12:37 AM, wrote: >>> >>>> On Tue, 02 Mar 2010 20:02:37 PST, information security said: >>>> >>>> > open in Mozilla Firefox and wait for 15 sec .. :) and say Good Bye >>>> >>>> Sorry, your exploit doesn't do squat on a 64-bit Firefox 3.7a3 with >>>> plenty of >>>> RAM. It chugs for about 7-8 seconds and displays a *very* wide page. It >>>> must >>>> be your small-penis machine running out of RAM and swap space. :) >>>> >>>> Hint - this issue was well understood back in 1964. Literally. IBM's >>>> OS/360 had >>>> a GETMAIN macro that allocated storage that could encounter this same >>>> basic >>>> "out of memory" issue. So not only is this a non-bug that was known >>>> when you >>>> were still being toilet-trained, this may be the first recorded case of >>>> somebody reporting a non-bug that was known when their *parents* were >>>> still >>>> being toilet-trained. >>>> >>>> >>> >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Going "underground", living out of backpack, etc?
If its not, it should be. On Mon, Mar 1, 2010 at 1:05 PM, NOC wrote: > On 3/1/10 8:30 AM, "valdis.kletni...@vt.edu" > wrote: > > ... Giardia out in the woods is a horrid > > way to die a slow death. > > Giardia, isn't that the new shopping mall restaurant chain? > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I have been threatened.
Valdis, Man, why do you even bother responding to this troll? I mean, I find your response amusing (as always), but doesn't it eat up a fair amount of your time to keep responding to this guy? On Mon, Mar 1, 2010 at 5:07 PM, wrote: > On Mon, 01 Mar 2010 22:39:56 GMT, intel unit said: > > > SOMEONE HELP. > > Take your meds and call us in the morning. Seriously. > > > Yahoo probably hired assassins to take me out. This is probably > > going to end up on valleywag or something. > > (a) Apply Occam's Razor - which is simpler and more likely, that your sorry > ass is in fact being targeted by Yahoo assassins because you know Important > Stuff, or you're just having another paranoid episode that manifests as > thinking assassins are after you because you know Important Stuff? (Hint 1: > what in the cited text implies assassins? Zero. Hint 2: What are the > chances > that you're valuable enough to be worth a bullet plus the plane ticket for > the assassin, and you're still unable to get a job in the field?) > > (b) Why do you rate a mention on valleywag if it actually happens? > > > Sorry guys. I won't be coming back. > > ... Yeah, we've heard THAT > before. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nmap5 cheatsheet
Well, the Spanish translation is nice, but what does the English version have that the NMap man page does not? Thanks, Rohit Patnaik On Sun, Feb 21, 2010 at 7:44 AM, A. Ramos wrote: > Hi everyone, > > Here i attached a quick reference (also known as cheatsheet) for NMAP, > incorporating in addition to common parameters, some commands which > are specific of the last branch released. I've also incorporated on > the lower section some examples with typical scans which can be > performed with this tool. > > It includes a spanish translated version, so this information could > reach the entire spanish-speaking community. > > English: > http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf > > Spanish: > http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20esp%20v1.pdf > > > Regards, > > -- > Alejandro Ramos -- aka dab > http://www.securitybydefault.com > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] win7x64 Direct General
Well, given that the accent in the American South derives from the Essex accent, its not surprising. --Rohit Patnaik 2010/2/4 Michal > On 04/02/2010 15:45, Thor (Hammer of God) wrote: > > What’s with everyone calling out “son” all of a sudden? As a southern > > bred boy, I’m used to it, but have found most other people find it very > > condescending and disrespectful. And Mr. Seltzer of all people should > > not be referred to as “son” in any case. > > southern English or yank? In English it's quite a common essex/cockeny > term...not sure I've heard it much of north, however > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] win7x64 Direct General
Poetry? Or a security advisory? You decide! -- Rohit Patnaik 2010/2/3 yuange > > win7x64 Direct General > 2010-02-03 23:38 2010-02-03 23:38 > > > 破机器花一天时间才好不容易装好win7x64,结果还是通用通杀,我对我自己都无言了。 Spend a day breaking the > machine a good time to finally install win7x64, the result was universal > pass to kill, I myself have had silently. > microsoft不花千万年薪挖我,简直都对不起我的这程序的通用性了。 microsoft does not pay to spend > millions of years digging me, I'm sorry I really have the versatility of > this procedure. > > > > > > http://translate.googleusercontent.com/translate_c?hl=zh-CN&sl=zh-CN&tl=en&u=http://hi.baidu.com/yuange1975/blog/item/022dec59443c4d212834f041.html&rurl=translate.google.cn&usg=ALkJrhg-C-arlz2AxJEkRSQznuAAoSqdNg#comment > > -- > 更多热辣资讯尽在新版MSN首页! 立刻访问! <http://cn.msn.com/> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
I think you're confusing legal theory with legal practice. Yes, in theory, you're presumed innocent, and therefore the jury is required to consider whether your box could have been infected with a virus or worm, leading to the incriminating evidence planted on your system. In practice, most such theories fail Occam's razor. What's less complex: incriminating words or phrases are evidence of incriminating activity, or incriminating words and phrases are planted as a way to cover up activity that wasn't incriminating. Even after reading this discussion, I'd have a hard time believing that the latter was the case. Its true that the legal system (in the USA) should find you not guilty if there's any reasonable doubt about your guilt. In practice, however, people tend to think not guilty == innocent, and will convict you unless you can make a case that is equally as strong as the prosecutor's. Planting large amounts of other evidence that may be incriminating, in an effort to cover up the small amount of actually incriminating evidence does not strengthen your case, and in fact weakens it in many ways. -- Rohit Patnaik On Tue, Jan 26, 2010 at 10:08 PM, Bipin Gautam wrote: > Enough noise, Lets wrap up: > > Someone said: "Forensics requires more than merely finding a phrase or > file on a hard drive - it requires establishing the context. If a > court accepts evidence without that context, then the defendant should > appeal on the basis of having an incompetent lawyer." > > So, any evidence/broken-text/suspicious phrases etc found in a > computer "without meta-data" maybe USELESS... REMEMBER. > > > Having a normal OS with forensic signature ZERO would be a simple yet > powerful project. Programmers??? it isnt difficult work. few > months, 1 person project. > > Worm defense is smart as well as deadlock at times, the prospective i > presented can be used as a FALLBACK at times. > > > Maybe something like Alice/chatterbox run through the > free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS! > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?
Rafael, Well, either Windows will no longer exist, or Windows will be the only thing that will exist. Remember, very few people in the government have the necessary technical knowledge to evaluate operating systems accurately. Therefore, they will rely on private industry for input. In practice, this will mean that Microsoft will get to dictate the standards that every operating system must meet in order to be approved. -- Rohit Patnaik On Tue, Jan 26, 2010 at 4:07 AM, Rafael Moraes wrote: > Valdis, > > That's the way The government must have a kind of protocol to allow OS > to be released. > I believe that Windows will no longer exist after that. LOL. > > 2010/1/25 > > On Mon, 25 Jan 2010 20:03:03 -0200, Rafael Moraes said: >> > This is a subject that need to be discussed very carefully. I agree, It >> > should be "controlled", but, how far? >> >> In particular, one must be *very* careful to not create unintended >> consequences. For instance, in general the more regulated an industry is, >> the >> more risk-adverse the companies get - both because regulation implies >> "don't >> rock the boat" and the second-order effects of compliance paperwork and >> similar >> issues. Look at the mountains of paperwork needed to get the FAA to >> type-certify a new airplane as airworthy - what if Microsoft had to do >> that >> level of detail for Windows 8, the next release of Exchange, and the next >> release of Office? >> >> How do you make Microsoft "regulated" in any meaningful sense, and still >> allow >> them the ability to ship an out-of-cycle patch? >> >> > > > -- > Att, > Rafael Moraes > Linux Professional Institute Certified - Level 1 > ITIL Foundations Certified > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Yep, that's precisely what I was trying to get across. If the data is on your machine, its presumed to be yours unless you can prove that there's cause to believe that someone else put it there. This dovetails nicely with what I was saying above, i.e. the prosecutor is out to convict you. He or she is going to whatever data he or she can find in order to do that. The solution do this is not to plant more incriminating data, but to wipe out as much data as possible, giving the prosecutor no hooks to hang a case on. --Rohit Patnaik On Mon, Jan 25, 2010 at 10:27 PM, Thor (Hammer of God) wrote: > It depends on what you define "plausible deniability" as. Sometimes it > just doesn't matter. At an industry event here in Seattle, a guy working > for the state prosecutors office was speaking on this very subject - that of > forensic collection of data on a system and the "presumption" of guilt. > > I posed the question of "how do you know that the data actually originated > from actions of the user as opposed to someone who could have been using the > system for their own means, or someone trying to plant false data? How do > you prevent one from impugning your findings?" > > He said, "Well, we're not stupid." I'm serious. I was extremely > disappointed in that answer, and it basically said, "it doesn't really > matter what we find on the system- we're not stupid, and if the data is > there, it means you did it." I was appalled. > > All you have is "deniability." This method doesn't make it "plausible" to > anyone but you, which doesn't matter. If you want any level of meaningful > "plausible deniability" then leave your wireless open and have your system > riddled with bots. > > t > > > -Original Message- > > From: full-disclosure-boun...@lists.grok.org.uk [mailto:full- > > disclosure-boun...@lists.grok.org.uk] On Behalf Of Bipin Gautam > > Sent: Monday, January 25, 2010 7:42 PM > > To: E. Prom > > Cc: full-disclosure > > Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach? > > > > ok, this all adds nothing but another layer of plausible deniability > > to ANY data found in your computer > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Well, if its not yours, Bipin, how did it get onto your drive? Was your computer hacked? -- Rohit Patnaik On Mon, Jan 25, 2010 at 10:25 PM, Bipin Gautam wrote: > Rohitji, > > Before: "From the prosecutor's perspective, everything your hard drive is > yours" > > I just proved : everything your hard drive is NOT NECESSARILY YOURS. > > > DOES THAT CHANGE ANYTHING? LOGIC MAYBE??? > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
Sorry for the double post, but I forgot to add this to my last message: >From the prosecutor's perspective, everything your hard drive is yours. It doesn't matter whether it was part of the original data that was on the drive or whether it came from a data set used to overwrite the original data. You possess it, so its yours. --Rohit Patnaik On Mon, Jan 25, 2010 at 9:31 PM, Bipin Gautam wrote: > So to the point, the techniques of forensic examiners were flawed from > day one given that any text/evidence found on your computer is NOT > NECESSARILY yours! Does that break digital forensics? > oops. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
It depends entirely on how you define "flawed". As I stated earlier, the goal of the prosecutor is not some abstract ideal of justice. It is a conviction. Anything they can do within the law to convict you is fair game. Using statements that you put on your hard drive certainly falls under those rules, regardless of what the original intent was. -- Rohit Patnaik On Mon, Jan 25, 2010 at 9:31 PM, Bipin Gautam wrote: > So to the point, the techniques of forensic examiners were flawed from > day one given that any text/evidence found on your computer is NOT > NECESSARILY yours! Does that break digital forensics? > oops. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disk wiping -- An alternate approach?
A few phrases and "surprising" patterns are a lot more suspicious than a hard drive full of zeroes, especially if there's evidence that other data has been overwritten or erased. If you present a hard drive full of zeroes or random numbers, there's nothing to charge you with. If most of your data is random gibberish but there are a few telling phrases here and there, then there might be enough for the prosecution to bring charges, even if they aren't able to get a conviction. Remember, "innocent until proven guilty" is nice in theory, but not so nice in practice. While you're under investigation, the prosecution can do many things to disrupt your business and personal life. The best thing to do if there's any question is to simply clam up and sit still until you get to speak with a lawyer. Remember, prosecutors are judged on their conviction rate, not on their accuracy rate. They have no incentive to look for exonerating evidence - that's your responsibility. They'll only look for evidence that'll prove you guilty. As such, its best to leave nothing at all that would arouse suspicion, especially if you've done nothing wrong in the first place. --Rohit Patnaik On Mon, Jan 25, 2010 at 11:22 AM, Bipin Gautam wrote: > Ok, i extract wikipedia in my computer... then latter delete the > html... @hdd level the place is marked freespace. then i copy a few > videos, write a few emails and by then if most of the things gets > deleted and by bad luck if any such content is left unoverwritten > partially producing "questionable" and "surprising" patterns > UNKNOWINGLY of just a few phrases, then basically someone is screwed > just like that, even without GUILT ?! > > So, copying dictionary, webpages, encyclopaedia, research paper etc in > your computer can really be harmful sometimes !!!? > > Anything on the internet if its a webpage can land on anyones computer > while browsing, searching online, following links and with a lot of > coincidences etc AND NOT NECESSARILY whatever text chunks found in > your hdd is content OF YOUR OWN. YOU READ TO BLOGS OF PEOPLE, VISIT > FORUMS, joke around in FD etc... (get the idea) and it can be > saved in disk cache and IF be leftover in disk as broken chunks of > texts you are screwed ? How does law see all that. > > So, if a "questionable" content is found it doesnt mean the laptop > owner is responsible for it. We even keep on skipping text while > reading in forums online and anyone can say anything online and it can > land in your hdd as TROJAN HORSE of OPINIONS to screw you latter in > life !!!? > > Think about it? > > > Maybe then Alice/chatterbox run through the free/slack/etc... space of > your harddisk idea is better? > > It would be intellectual uphill challenge for the EXAMINERS given that > someone may have to shift 1 terabyte of data (how many bytes?:) mostly > by HUMAN RESOURCE in hope for a ___ in the haystack.. > > bty, how many BOOKS is that? :P > -bipin > > [1] http://alice.pandorabots.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?
The problem with regulating Microsoft as critical infrastructure is that it simply entrenches the existing monoculture and all the problems that it entails. To really improve our position regarding security, the government ought to encourage greater diversity and openness in the OS market. Placing operating systems under formal regulation would have the opposite effect. It would increase the barriers to entry, discouraging diversity. In effect, this proposal will formalize Windows as the official OS of the federal government. Second, unless the government extends its regulation to cover all consumers, there will be little to no improvement in security. The vast majority of exploited bugs are not 0-day vulnerabilities. They are bugs that have been discovered and patched. The problem is that the consumer has not applied the patch. If the government really wanted to improve computer security, they'd mandate that citizens keep up with patches to their operating system and applications. Such a mandate would have a far greater immediate impact than any regulation of Microsoft or any other OS vendor. -- Rohit Patnaik On Sat, Jan 23, 2010 at 12:57 AM, Gadi Evron wrote: > [I have given this some thought, edited my argument, and am moving this > message to its own thread.] > > Microsoft has put a lot into securing its code, and is very good at > doing so. However, is it doing enough? > > My main argument is about the policy of handling vulnerabilities for 6 > months without patching (such as the Google attacks 0day apparently was) > and the policy of waiting a whole month before patching this very same > vulnerability when it first became an in-the-wild 0day exploit (it has > now been patched, ahead of schedule). > > Microsoft is the main proponent of responsible disclosure, and has shown > it is a responsible vendor. Also, patching vulnerabilities is far from > easy, and Microsoft has done a tremendous job at getting it done. I > simply call on it to stay responsible and amend its faulty and dangerous > policies. A whole month as the default response to patching a 0day? Really? > > With their practical monopoly, and the resulting monoculture, perhaps > their policies ought to be examined for regulation as critical > infrastructure, if they can't bring themselves to be more responsible on > their own. > > This is the first time in a long while that I find it fit to criticize > Microsoft on security. Perhaps they have grown complacent with the PR > nightmare of full disclosure a decade behind them, with most > vulnerabilities now "sold" to them directly or indirectly by the > security industry. > >Gadi. > > > -- > Gadi Evron, > g...@linuxbox.org. > > Blog: http://gevron.livejournal.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FREE STEPHEN WATT !!!
s/beer/hookers/g s/coffee/blow/g and then we'll see :) On Thu, Jan 21, 2010 at 3:55 PM, Christian Sciberras wrote: > Who cares about Tibet. > > Free beer and coffee! That's what we need!! > > > > > > > On Thu, Jan 21, 2010 at 10:53 PM, netinfinity < > netinfinity.security...@gmail.com> wrote: > >> A country. And I meant Tibet. :D >> >> Obvious I need to get some sleep... >> >> On Thu, Jan 21, 2010 at 10:51 PM, Christian Sciberras >> wrote: >> > Nepal? Who's Nepal? >> > >> > >> > >> > >> > >> > On Thu, Jan 21, 2010 at 10:48 PM, netinfinity >> > wrote: >> >> >> >> Free nepal? >> >> >> >> On Thu, Jan 21, 2010 at 10:46 PM, Christian Sciberras < >> uuf6...@gmail.com> >> >> wrote: >> >> > JAIL OSAMA? >> >> > >> >> > ... >> >> > >> >> > >> >> > >> >> > >> >> > On Thu, Jan 21, 2010 at 10:45 PM, netinfinity >> >> > wrote: >> >> >> >> >> >> FREE WILLY! >> >> >> >> >> >> On Thu, Jan 21, 2010 at 10:39 PM, Christian Sciberras >> >> >> >> >> >> wrote: >> >> >> > I think throwing "and fuck you" in a mailing list pretty much >> affects >> >> >> > all >> >> >> > >> >> >> > Just sayin' >> >> >> > >> >> >> > Cheers. >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Thu, Jan 21, 2010 at 8:33 PM, Thor (Hammer of God) >> >> >> > >> >> >> > wrote: >> >> >> >> >> >> >> >> Well, if you are going to say “Fuck Kaminsky,” then throw me in >> with >> >> >> >> him. >> >> >> >> I’ll be at Defcon for anyone who would like to say it to my >> face. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> t >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> From: full-disclosure-boun...@lists.grok.org.uk >> >> >> >> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of >> Jeff >> >> >> >> Williams >> >> >> >> Sent: Thursday, January 21, 2010 10:12 AM >> >> >> >> To: p...@hushmail.com; full-disclosure@lists.grok.org.uk >> >> >> >> Subject: Re: [Full-disclosure] FREE STEPHEN WATT !!! >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> You just forgot kaminsky, >> >> >> >> >> >> >> >> 2010/1/21 >> >> >> >> >> >> >> >> -BEGIN PGP SIGNED MESSAGE- >> >> >> >> Hash: SHA1 >> >> >> >> >> >> >> >> Fuck Gadi Evron, Fuck #phr...@efnet, Fuck anti-sec.com kiddiotz, >> >> >> >> Fuck romeo, Fuck Fedz, Fuck Ratz and Fuck U >> >> >> >> >> >> >> >> >> >> >> >> FREE STEPHEN WATT !!! >> >> >> >> -BEGIN PGP SIGNATURE- >> >> >> >> Charset: UTF8 >> >> >> >> Version: Hush 3.0 >> >> >> >> Note: This signature can be verified at >> >> >> >> https://www.hushtools.com/verify >> >> >> >> >> >> >> >> >> wpwEAQMCAAYFAktYi4gACgkQPBffzoCVnAMzwAP+JyFb0s/aVmr2bGbzLxll2+h956B0 >> >> >> >> >> 4IVuQiuFnEHgC6U8KnRVa36RdhIDsNZLQe9SoDvzYEfMZEvBF/Y71f8VyGC+133Uh9Be >> >> >> >> >> OVkAjRnkHKYBsmk1PGCbZ+5VdAtDl2K8Ke0EEmkyeIU//+VijDwx6JkyIn6H2KTQ9CzC >> >> >> >> ZgWJoJo= >> >> >> >> =ftdb >> >> >> >> -END PGP SIGNATURE- >> >> >> >> >> >> >> >> ___ >> >> >> >> Full-Disclosure - We believe in it. >> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ___ >> >> >> >> Full-Disclosure - We believe in it. >> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > >> >> >> > >> >> >> > ___ >> >> >> > Full-Disclosure - We believe in it. >> >> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> http://netinfinity-sec.blogspot.com >> >> >> >> >> >> http://www.ubuntu-pe.tk >> >> >> >> >> >> ___ >> >> >> Full-Disclosure - We believe in it. >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> http://netinfinity-sec.blogspot.com >> >> >> >> http://www.ubuntu-pe.tk >> >> >> >> ___ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >> > >> >> >> >> -- >> http://netinfinity-sec.blogspot.com >> >> http://www.ubuntu-pe.tk >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe
Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!
Heh. I agree, but only because this month has been a fairly quiet one regarding n3td3v drama. --Rohit Patnaik On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras wrote: > Vote +1 for "message of the month" award. > > > > > > > On Thu, Jan 21, 2010 at 2:22 PM, wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> peep game nigga, peep game, feel us ! >> >> >> >> - --Phrack High Council >> -BEGIN PGP SIGNATURE- >> Charset: UTF8 >> Note: This signature can be verified at https://www.hushtools.com/verify >> Version: Hush 3.0 >> >> wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz+ >> yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R/ >> fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uhY >> VpjBPQ4= >> =AsaL >> -END PGP SIGNATURE- >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
Given Microsoft's already poor reputation regarding security, I'm not sure how it'd be possible for them to degrade their reputation any more. Very few people use Microsoft software because of its security reputation. The main reasons for using Microsoft are ease of use and compatibility with other users. Given that, I'm not sure that Microsoft's perception will be affected very much in the user community. -- Rohit Patnaik On Wed, Jan 20, 2010 at 6:17 PM, ☣ frank^2 wrote: > On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky wrote: > > Seriously. I mean, just look at Linux, Firefox, and OpenOffice. > > Pristine code, not a single security vulnerability between them :) > > > > That's a red herring. His point was the public perception of the > software company-- true or not-- would be hindered because Microsoft > is all-encompassing. Compared to the world of open-source, the risk is > distributed by the sheer virtue of software engineering being > distributed amongst thousands of entities. This means that the > vulnerabilities are spread across different parties, rather than > having all vulnerabilities encompassed by a single party-- in this > case, Microsoft. > > His argument was irrelevant to corporations vs. open-source being more > vulnerable than one another-- it was simply a commentary on > distributed risk in software engineering. > > -- > "Did you and them get your degree from the same university of trolls? > I have mistaken nothing for nothing. Fuck you." > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs
Well, that's exactly what I'm saying. Pretending that this is some kind new exploit class simply because Google Wave is used is stupid. This is the logical extension of e-mail and instant message and social network attacks to the next potential platform. -- Rohit Patnaik On Tue, Jan 19, 2010 at 8:10 PM, wrote: > On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said: > > Yeah, no kidding. Surprise! Untrusted files can be malicious. If you > > accept files from those whom you do not trust, whether its via e-mail, > > instant message, Google Wave, or physical media, you well and truly > deserve > > the virus that'll eventually infect your machine. > > Let's see.. *HOW* many years ago did we first see e-mail based viruses that > depended on people opening them because they came from people they already > knew? 'CHRISTMA EXEC' in 1984 comes to mind. > > The problem here is that Google Wave is for *collaboration* - which means > that you're communicating with people you already know, and presumably > trust to some degree or other. "Hey Joe, look at this PDF and tell me > what you think" is something reasonable when the request comes from > somebody > who Joe knows and who has sent Joe PDF's in the past. > > I guarantee that if every time you receive a document that appears to be > from > your boss, you call back and ask if they really intended to send a document > or > if it's a virus, your boss will get very cranky with you very fast. > > Let's look at that original advisory again: > > >> An attacker could upload his malware to a wave and share it to his > >> Google Wave contacts. > > Now change that to "An attacker could trick/pwn some poor victim into > uploading > the malware to a wave" Hilarity ensues. > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs
Yeah, no kidding. Surprise! Untrusted files can be malicious. If you accept files from those whom you do not trust, whether its via e-mail, instant message, Google Wave, or physical media, you well and truly deserve the virus that'll eventually infect your machine. -- Rohit Patnaik On Tue, Jan 19, 2010 at 7:11 AM, dramacrat wrote: > This is the stupidest advisory I have read on this list in at least two > months. > > 2010/1/19 NSO Research > > _ >> Security Advisory NSOADV-2010-002 >> _ >> _ >> >> >> Title: Google Wave Design Bugs >> Severity: Low >> Advisory ID:NSOADV-2010-002 >> Found Date: 16.11.2009 >> Date Reported: 18.11.2009 >> Release Date: 19.01.2010 >> Author: Nikolas Sotiriu (lofi) >> Mail: nso-research at sotiriu.de >> URL:http://sotiriu.de/adv/NSOADV-2010-002.txt >> Vendor: Google (http://www.google.com/) >> Affected Products: Google Wave Preview (Date: =< 14.01.2010) >> Not Affected Component: Google Wave Preview (Date: >= 14.01.2010) >> Remote Exploitable: Yes >> Local Exploitable: No >> Patch Status: partially patched >> Discovered by: Nikolas Sotiriu >> Disclosure Policy: http://sotiriu.de/policy.html >> Thanks to: Thierry Zoller: For the permission to use his >> Policy >> >> >> >> Background: >> === >> >> Google Wave is an online tool for real-time communication and >> collaboration. A wave can be both a conversation and a document where >> people can discuss and work together using richly formatted text, >> photos, videos, maps, and more. >> >> (Product description from Google Website) >> >> >> >> Description: >> >> >> All this possible attacks are the result of playing 4 hours with Google >> Wave. I didn't check all the funny stuff, which is possible with the Wave. >> >> >> >> 1. Gadget phishing attack: >> -- >> >> The Google Wave Gadget API can be used for phishing attacks. >> >> An attacker can build his own phishing Gadget, share it with his Google >> Wave contacts an hopefully get the login credentials from a user. >> >> This behavior is normal. The Problem is, that this "bug" makes it easier >> to steal logins. >> >> >> 2. Virus spreading attack: >> -- >> >> Uploads Files are not scanned for malicious code. >> >> An attacker could upload his malware to a wave and share it to his >> Google Wave contacts. >> >> >> >> Proof of Concept : >> == >> >> A proof of concept gadget can be found here: >> http://sotiriu.de/demos/phgadget.xml >> >> >> >> Solution: >> = >> >> 1. No changes made here. >> Workaround: Don't trust Waves. >> >> 2. Google builds in AV scanning. >> >> >> >> Disclosure Timeline (/MM/DD): >> = >> >> 2009.11.16: Vulnerability found >> 2009.11.17: Sent PoC, Advisory, Disclosure policy and planned disclosure >>date (2009.12.03) to Vendor >> 2009.11.23: Vendor response >> 2009.12.01: Ask for a status update, because the planned release date is >>2009.12.03. >> 2009.12.03: Google Security Team asks for 2 more week to patch. >> 2009.12.03: Changed release date to 2009.12.17. >> 2009.12.15: Ask for a status update, because the planned release date is >>2009.12.17. => No Response >> 2009.12.21: Ask for a status update. >> 2009.12.29: Google Security Team informs me, that there are no changes >>made before 2010.01.03. >> 2010.01.14: Google Security Team informs me, that uploaded files will be >>now scanned for malware. Google Gadgets will be not updated. >> 2010.01.19: Release of this Advisory >> >> >> >> >> >> >> >> >> >> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Game
Its difficult for me to lose at something that I'm not playing. :) On Wed, Dec 30, 2009 at 7:35 AM, Will McAfee < sec-commun...@thegoodhacker.com> wrote: > I just lost it. And so did all of you. > > Sent from my iPhone > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server
Wow. Very nice find. One question: all the cited tools are Windows executables. Has there been any attempt to run the database viewer in Linux via Wine? I'm wondering if I'm going to have to set up a VM to try to confirm this, or if I can try to do this via Wine. Although the n3td3v drama is entertaining, its finds like this which keep me subscribed to this list. Thanks again, Rohit Patnaik On Tue, Dec 15, 2009 at 6:16 PM, Thor (Hammer of God) wrote: > File Access Vulnerability in Easy File Sharing Web Server > > Discovered by: > Timothy "Thor" Mullen > > > Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs > > Product:Easy File Sharing Web Server, current versions, default > installation > Vendor: http://www.sharing-file.com/ > > Vendor Notification and Disclosure: > 08/22/09: EFSW support notified of issue. > 08/22/09: EFSW said it is not an issue because you can turn off direct file > access. > 08/23/09: EFSW support notified that FILES.SDB file can be directly > accessed. > 08/24/09: EFSW replied, saying 'no, you can't access the file,' even though > you can. > 12/15/09: Hammer of God released full details after waiting 4 months for > vendor to fix. > > About: > Easy File Sharing Web Server is an extremely popular web-based file sharing > application that has been in use for years. > It is a fast, easy to use commercial, standalone "all-in-one" file-sharing > web server. > > Customers use a built-in interface to point to files they wish to publish > via a menu-driven web application (typically full drives or directories). > Files can be shared anonymously, or via EFSWS's built-in user management. > EFSWS has built-in SSL encryption to prevent logons from being sent in the > clear (as well as all other access).Users log in, and are presented with > a menu of files that have been published and that are made available for > download. > > EFSWS uses the MGH Software "myDB" database plug-in to store db information > such as file location, user information (password in the clear), files, > forum information, etc. A free db parser is available at: > http://www.mghsoft.com/ > > Please see vendor site and db engine site for more details. > > Vulnerability details: > By default, EFSWS allows a user to download a file directly via a URL if > the file name is known. For example, if the file name posted is > MyFileName1234.exe, then one could go directly to: > https://www.SiteRunningEFSWS.com/MyFileName1234.exe and immediately begin > downloading the file. > > In itself, this is not a big issue as one would have to guess any given > filename. However, EFSWS always uses the common file name "FILES.SDB" to > store all the files being published. This file is stored in the root > program directory. While the EFSWS product engine filters out many file > types, it does NOT filter out FILES.SDB. If you know someone is running > EFSWS, one simply has to access the following URL to anonymously download > the FILES.SDB file without authentication: > https://www.SiteRunningEFSWS.com/files.sdb > > This will download the FILES.SDB file and will allow an attacker to see > every published file via the free viewer record by record. (You can of > course view the db as a text file). Entries look like this: > > "V:\rootDirForFiles\applications\Acronis Disk Director Suite > 10.2160\ioware-w32-x86-30.exe" > "D:\anotherdir\music\crystalmethod\boom.mp3" > > One can now access files directly by removing the drive letter and top > directory as follows: > https://www.SiteRunningEFSWS.com/music/crystalmethod/boom.mp3 > > With the ease of database access to filenames, it is trivial to script up a > client app to download all published files on the server without > authentication over SSL. > > Further, it is trivial to determine if someone is running EFSWS, even on an > alternate port, by using the following Googledork: inurl:vfolder.ghp. > There are other more accurate Googledorks, but I'll leave that up to the > researcher. > > This will show the (typically) unique file "vfolder.gph" results, where you > can retrieve the full company URL from, including portnumber. This too can > be scripted. > > I am still trying different methods to access the USERS.SDB file, also in > the root application directory, which contains all users (even > administrative) and passwords (in the clear) in an effort to bypass any > mandatory authentication applied, but have not found a way to gain access to > this file externally yet. > > Vulnerable Versions: > The current version is 5.0, released in August of this year
Re: [Full-disclosure] Climate-Gate:A SysAdmin’s Perspective
That certainly is a long way to express what a lot of us had suspected all along - that the leak of the CRU emails wasn't the result of a bold and heroic hacker, but was like the vast majority of other leaks in business and government. Someone thought the leadership's position regarding the climate e-mails was wrong and took independent action. --Rohit Patnaik On Mon, Dec 7, 2009 at 4:45 PM, Ivan . wrote: > http://www.smalldeadanimals.com/FOIA_Leaked/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Software developer looks at CRU code
Right, but you said that the global warming folks are asking for unnecessary spending of *trillions*. Where would those trillions go? I don't see Al Gore becoming richer than Bill Gates off carbon credits. Neither do I see the UN gaining any more power via the IPCC. If anything, the existing climate treaty (i.e. the Kyoto protocol) has completely sidestepped the UN. I guess what I'm troubled by is the fact that you seem to be stating that there's some kind of deliberate malice on the part of those stating that anthropogenic climate change is real. I don't see malice. I see a fair amount of incompetence, but incompetence exists in every discipline. --Rohit Patnaik On Mon, Nov 30, 2009 at 6:06 PM, Paul Schmehl wrote: > I'm going to assume this is a serious question. > > You could start with the people enriching themselves off of carbon credits. > Al Gore, for one obvious example. You could continue with the people that > think the entire world should be ruled by a bureaucracy called the UN. You > could go on with the "scientists" who get millions of dollars worth of > grants to "study" the problem and propose solutions. > > Are there people on the opposing side who benefit from what you call > scaremongering? Of course there are. But the claims of the global warming > crowd are unsupported by the data (not *their* data, because they have > clearly skewed it to support their claims, as is proven both by their emails > and their program code) but by the real data, unmassaged. > > > --On Monday, November 30, 2009 16:00:05 -0600 Rohit Patnaik < > quanti...@gmail.com> wrote: > > There's a question I ask whenever I hear a theory like this. Cui bono? >> Who benefits? Who is benefiting from the "climate change >> scaremongering"? >> You claim that trillions of dollars will need to be spent. If its such a >> scam, then who is scamming us? The UN IPCC? A mysterious cabal of >> alternative energy companies? The Trilateral Commission? >> >> > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > *** > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Software developer looks at CRU code
There's a question I ask whenever I hear a theory like this. Cui bono? Who benefits? Who is benefiting from the "climate change scaremongering"? You claim that trillions of dollars will need to be spent. If its such a scam, then who is scamming us? The UN IPCC? A mysterious cabal of alternative energy companies? The Trilateral Commission? -- Rohit Patnaik On Mon, Nov 30, 2009 at 3:06 PM, Paul Schmehl wrote: > No ever stated that the climate wasn't changing. It always is. And > there's > nothing man can do to change that. One major volcanic eruption does more > damage to the climate than billions of people driving cars worldwide and in > much less time. > > That would should be good stewards of the earth goes without question. > That we > should do everything reasonable to reduce or eliminate pollution goes > without > question. > > But the scam that the global climate is changing so dramatically that we > need > to take urgent action and spend trillions of dollars worldwide to address > the > problem has been repeatedly exposed to be just that - a scam. Since these > particular "scientists" are the leading proponents of the man-made global > warming theory and the driving force behind the UN's IPCC reports, that > particular theory is called into serious question if not damaged > irretrievably. > > Recent evidence shows that the globe is again cooling, a natural process > that > these fakers want to hide, because it runs counter to their claims, > threatens > their income stream and makes a mockery of their demands for immediate > action > to prevent the supposed coming disaster. > > --On Monday, November 30, 2009 06:35:50 -0600 Ali Raheem > wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Simply because a few scientist have found to be fraudulent it doesn't > > mean the concept of Climate change is. Even if this was found to be > > faked it is far from the only evidence. > > > > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > *** > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Police
Actually, I'm not sure what the issue is here. Facebook is a public forum. Underage drinking is an illegal act. If you post evidence of yourself committing an illegal act to a public forum, the police are free to come and arrest you, and use the pictures that you posted as evidence against you. The only complaint here seems to be that the police violated Facebook's Terms of Service in "friending" these underage drinkers and gathering evidence against them. However, I'm not sure how that's illegal in any way. If it were, undercover investigations and sting operations of all sorts would be illegal. As I see it, these are kids who were caught out in their own stupidity, for doing something that they know to be illegal, and then posting pictures. Now these same kids are whining because the police were marginally more tech-savvy than they assumed. --Rohit Patnaik On Fri, Nov 27, 2009 at 10:32:53AM +0100, netinfinity wrote: > "Facebook policy requires the use of one’s real name to sign up, but > they let the police use fake names.." > > Sure the policy says that but a lot of people are changing their names > on a daily basis (ok maybe not daily). And majority of those changes > are > just for fun, but never the less they are against the policy. What > about those people? Only way to verify or check someone's name is > through IP (ISP). And that can't be done > by will.. It must have some legal grounds... > > Let me get to the point, I'm sure that police is violating some some > kind of human rights or even law's (?) > > -- > netinfinity > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Good thing we have EFF...
I think you forgot to attach the actual article... --Rohit Patnaik On Wed, Nov 25, 2009 at 10:29:12PM -0800, Thor (Hammer of God) wrote: > Interesting article about SF police seizing laptops from parties without > citing people for a crime or making arrests... > > full-disclosure@lists.grok.org.uk<mailto:full-disclosure@lists.grok.org.uk> > > t > > > Timothy Mullen > t...@hammerofgod.com<mailto:t...@hammerofgod.com> > www.hammerofgod.com<http://www.hammerofgod.com> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] need advice on adtmt cookie
As far as I can tell, admt is a name of an ad-delivery network, and the admt that McAfee is detecting is the name of the tracking cookie that it uses. As far as risk goes, I'd say it is no more risky than any other tracking cookie. Delete it if you want, but it hasn't really caused any issues for me. --Rohit Patnaik On Wed, Nov 25, 2009 at 3:18 PM, RandallM wrote: > Since using the virtual software McAfee web and email scanner I have > noticed a lot of blocks of the adtmt cookie (seen as an unwanted > program) but see alot of these blocks on FaceBook. I have googled but > only seem to find "bad", "how to get rid of adtmt.exe" ect. Could > someone shed light on the security risk of this? If I am blocking it > because I am surfing through the McAfee web scanner what is happening > or what are folks open to who see this or click it? > > > > -- > been great, thanks > a.k.a System > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How Prosecutors Wiretap Wall Street
The direction of the association doesn't matter. It doesn't matter if the "terrorist" is contacting me, or if I'm contacting the terrorist. In either case, the US government should get a warrant before they spy on me. Also, this executive opinion doesn't just apply to the CIA and the NSA. It applies to the entire executive branch, including law enforcement. Secondly, we seem to have a general disagreement about the intent of the laws regulating the intelligence and law enforcement apparatus of the state. My opinion is that the restrictions placed on these agencies were intentional. They were created by a Congress that was disgusted by the rampant abuse of executive power that occurred during the Nixon administration. They were strengthened when Reagan found loopholes in those restrictions. As such, I don't think its Constitutionally valid for the President to unilaterally ignore those restrictions. Yes, I'm aware of the use of force resolution that was passed shortly following the Sept. 11th attack. However, I don't think the language contained therein represented a rollback of over 30 years of legislative history. If it is really necessary for the intelligence agencies to have these unprecedented powers, then they shouldn't be hesitant in presenting their case before Congress. --Rohit Patnaik On Fri, Nov 6, 2009 at 11:42 PM, Paul Schmehl wrote: > --On November 6, 2009 10:10:56 PM -0600 Rohit Patnaik > wrote: > > > If it is so clear that a US citizen is involved in terrorism and is > > communicating with terrorists beyond our borders, then why is it so hard > > for the NSA, CIA, FBI or Homeland Security to get a warrant? > > First of all, the NSA and CIA don't pursue criminal cases against US > persons. That's the job of law enforcement. The NSA is a military > agency. Their job is to protect the US against its enemies by providing > the military with intelligence that helps in planning and the conduct of > operations. The CIA is a civilian agency tasked with the job of gathering > information about what other countries are doing, both friends and > enemies. Homeland Security's job is, well, who the hell knows? It's a > huge ponderous agency that, in my view, represents a much greater threat > to us than the NSA or CIA. > > But your question reveals a view of the issue that doesn't align with the > facts. The NSA isn't listening to US citizens' communications to detect > any communications with terrorists. They're listening to terrorists' > communications which sometimes are to US citizens. When that happens, of > course the NSA is going to intercept to determine if it's an innocent call > or something more. > > > After > > all, its not like they can claim that there wasn't time to get a warrant > > - the pre-existing law allowed them to put in expedited requests for > > warrants after the actual wiretap started, in addition to allowing > > continued use of wiretaps while the warrant is being considered by the > > FISA court. Secrecy isn't a concern either - all proceedings of the > > FISA court are classified. By what reasoning do these security > > agencies wish to further expand their already considerable powers? > > > > The claim that is being made is that the existing law, written in 1978 > (before the IBM pc was even born), is unable to cope with the speed and > variability of internet communications today. If a terrorist whose > communications are being intercepted "speaks" to someone (email, im, > twitter, blog, forum, whatever) and tells them to contact a third party to > conduct an operation, the NSA would want to intercept the third party's > communications as well. Under existing law (if you believe that FISA > applies) they would have 72 hours maximum to submit the necessary > paperwork and obtain the necessary approvals to go before the FISA court > and obtain a warrant. Otherwise they would have to cease all > surveillance. Meanwhile the terrorists aren't going to sit around waiting > for the warrant to be issued to continue their plans. > > > It seems to me that it is already far too easy for our national security > > apparatus to spy on us without our permission or knowledge. The last > > thing I want is to make such spying even easier for them. > > > > They're not spying on us. Intelligence agencies don't spy on us. Law > enforcement does. > > I was involved in (signals) intelligence years ago. I can assure you we > could have cared less what US citizens were doing *unless* what they were > doing involved working for a foreign power to steal secrets or undermine > the US government or simil
Re: [Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands
I don't really see this as a bad thing. Metasploit's new hybrid license seems to force contributions to be open-sourced so Rapid7's contributions should flow back to the community. --Rohit Patnaik On Thu, Oct 22, 2009 at 6:14 PM, Ivan . wrote: > http://risky.biz/metasploit_sold > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event
Yeah, I saw the outcry over this at reddit. To be fair though, "booth babes" are a fairly common part of culture over there. Even street vendors use them. --Rohit Patnaik On Tue, Oct 20, 2009 at 10:14 PM, Stack Smasher wrote: > Why should they apologize? > > Hackers love lap dances! > > > > > On Tue, Oct 20, 2009 at 9:01 PM, Ivan . wrote: > >> yahoo rocks! >> >> >> http://www.brisbanetimes.com.au/technology/technology-news/yahoo-apologises-for-lap-dance-at-hack-event-20091021-h7sr.html >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > "If you see me laughing, you better have backups" > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
This really increases my faith in the continuing push towards electronic medical records. /sarcasm --Rohit Patnaik On Mon, Oct 19, 2009 at 10:33 AM, Shawn Merdinger wrote: > Great find! > > And should we _really be surprised_ at the following bounce? > > > > Delivery to the following recipient failed permanently: > >secur...@mckesson.com > > Technical details of permanent failure: > Google tried to deliver your message, but it was rejected by the > recipient domain. We recommend contacting the other email provider for > further information about the cause of this error. The error that the > other server returned was: 550 550 Mailbox unavailable or access > denied - (state 17). > > > > Cheers, > --scm > > > On Sun, Oct 18, 2009 at 1:39 AM, Derek Lewis wrote: > > Subject: McKesson Horizon Clinical Infrastructure (HCI) version > > 7.6/7.8/10.0/10.1 hardcoded passwords > > > > McKesson Horizon Clinical Infrastructure, also known as McKesson HCI, > > utilizes hardcoded passwords > > for Oracle database access. HCI serves as the patient record datastore > for > > the majority of McKesson applications. There are two components to an HCI > > implementation: the Infrastructure (or Master) server > > and the database back-end. The HCI Infrastructure Server has an Oracle > > client installed that initializes > > OCI/sqlplus connections to the Oracle database back-end. A file on each > HCI > > Infrastructure server > > contains the database account usernames and their respective passwords, > > /usr/local/bin/password. Content from /usr/local/bin/password is shown: > > > > # cat /usr/local/bin/password > > AMBU:hacschema > > QUEUE_USER:qmanager > > SYS:alLp0ver2 > > SYSTEM:urA7mvP > > CHANGEMGR:datacontrol > > CCDEV:ccdev > > CCDBA:ccnulls*HAS ORACLE SYSDBA PRIVS* > > CCDATA:ccdata > > CCFORMS:ccforms > > CCINTERFACE:ccinterface > > MCKHEO:mckheo > > CCREL:ccrel > > CCQUERY:ccquery > > CDXWEB:winplu5 > > DRUG1:fdb3schema > > DRUG2:fdb3schema > > enc_ent:encent > > ENT:entpazz > > ENT_CONFIG:ent_configpazz > > ADF:adfpazz > > INF:infpazz > > INF_CONFIG:inf_configpazz > > SDM:sdmpazz > > STRMADM:pazzw0rd > > ENT_AUD:pazzw0rd > > ENT_ARCH:pazzw0rd > > POC_ARCH:pazzw0rd > > POC_AQ:qmanager > > INF_AQ:qmanager > > DATAMGR:datamgr > > CCUSER:bueno > > ALERTS:monitorhca > > HCALERTS:alertsuser > > AM:ampazz > > AM_AUD:pazzw0rd > > AUD:audpazz > > TMF:tmfpazz > > MN:mnpazz > > EH:ehpazz > > NG:ngpazz > > DM:dmpazz > > DMTOOL:dmtoolpazz > > STG_DMT:stg_dmtpazz > > WRL:wrlpazz > > NOTES:notespazz > > REPORTS:reportspazz > > ICONS:iconspazz > > BS:bspazz > > QZ:qzpazz > > RM:rmpazz > > RM_AUD:pazzw0rd > > COMMGR:commgrpazz > > OPSERVICE:opservicepazz > > SEC_CONFIG:sec_configpazz > > CTXSYS:ctxsyspazz > > OLOGY:ologypazz > > OLOGY_CONFIG:ology_configpazz > > DOC:docpazz > > DOC_CONFIG:doc_configpazz > > PORTAL:portal > > PORTAL_INSTALL:portal_install > > EBIDBADMIN:ebidbadmin > > DESIGN_OWNER:owb > > OWB_RUNTIME_REPOSITORY:owb > > RUNTIME_A_USER:owb > > > > Despite having a "central" password file that contains the credential > > information, much of the credentials > > are hardcoded throughout binaries and scripts that are shipped as part of > > the HCI Infrastructure server. > > > > # cd /u/live > > # find . -type f -print | xargs grep ccnull | wc -l > > 85 > > > > Here is some context of how the credentials are used throughout the HCI > > code: > > > > # find . -type f -print | xargs grep ccnull > > ./RUN_dmArchive:remote_db=`sqlplus -s ccdba/ccnulls$DB_SPEC_IF_REMOTE << > EOF > > ./all_ord:LOGIN=ccdba/ccnulls > > ./bin/BatchDischarge:ora_user="ccdba/ccnulls$DB_SPEC_IF_REMOTE" > > ./bin/CheckDischargeRpts:ora_user="ccdba/ccnulls$DB_SPEC_IF_REMOTE" > > ./bin/Make_iv_template:sqlldr ccdba/ccnulls iv_bottle >> $LOG > > ./bin/Make_iv_template:ORD_SEQ=`sqlplus -S > ccdba/ccnulls$DB_SPEC_IF_REMOTE > > <<- ENDSQL > > > > McKesson supports HCI on the AIX, HP-UX, and Linux. The nature of > hardcoded > > passwords implies > > that for every customer that has purchased HCI, the credentials for all > of > > these role accounts are the same across the installations. > > > > According to the fol
[Full-disclosure] Fwd: milw0rm
-- Forwarded message -- From: Josh Wheeler Date: Fri, Oct 16, 2009 at 5:38 PM Subject: Re: [Full-disclosure] milw0rm To: Rohit Patnaik Yes, Some of us actually leech valuable information (Blood); while others are just epic trolls (along for the ride) On Fri, Oct 16, 2009 at 12:57 PM, Rohit Patnaik wrote: > Wait, so some of us suck blood, but others just hitch ourselves along for a > ride? > > --Rohit Patnaik > > On Fri, Oct 16, 2009 at 12:53 PM, wrote: > >> On Fri, 16 Oct 2009 13:16:02 EDT, "KF (lists)" said: >> > I heard you guys are all leeches... no ROI. >> >> They're not *all* leeches. Some are lampreys. :) >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] milw0rm
Wait, so some of us suck blood, but others just hitch ourselves along for a ride? --Rohit Patnaik On Fri, Oct 16, 2009 at 12:53 PM, wrote: > On Fri, 16 Oct 2009 13:16:02 EDT, "KF (lists)" said: > > I heard you guys are all leeches... no ROI. > > They're not *all* leeches. Some are lampreys. :) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Memory corruption when loading/unloading Adobe objects through EMBED tag in Firefox
Ah, okay. I do that anyway, because I've had bad experiences with Firefox crashing when displaying embedded PDFs in the past. Sounds like I should be okay until Foxit updates its reader. Thanks, Rohit Patnaik On Tue, Oct 13, 2009 at 8:15 PM, mrx wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Adobe has fixed this issue > > http://www.adobe.com/support/security/bulletins/apsb09-15.html > > And as this bug relates to Firefox rendering embedded COM objects > (PDF) inside a browser window. It should be safe to view PDF's inside > both Adobe and Foxit readers whilst offline. > > MrX > > Rohit Patnaik wrote: > > Are there any available workarounds that would mitigate the threat? I > > suppose I could just upload all my PDFs to Google Docs in the meantime, > but > > I'm looking for something that I could use while offline... > > > > --Rohit Patnaik > > > > On Tue, Oct 13, 2009 at 7:35 PM, mrx wrote: > > > > > > No, I installed latest updates prior to testing. > > They should be aware of this however considering what appear to be > > striking similarities in the code base between Foxit and Adobe > > readers, at least as far as shared bugs go. > > If not they will be aware of this after they read the email I sent them. > > > > MrX > > > > Rohit Patnaik wrote: > > >>> Has Foxit released an update for this? > > >>> > > >>> --Rohit Patnaik > > >>> > > >>> On Tue, Oct 13, 2009 at 6:40 PM, mrx > > wrote: > > >>> > > >>> > > >>> It would appear that Foxit reader version 3.1.1.0928 is also > > >>> vulnerable to this memory corruption flaw. > > >>> Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug. > > >>> > > >>> Makes me wonder how much code is common to both Adobes and > > Foxits PDF > > >>> readers > > >>> > > >>> MrX > > >>> > > >>> > > >>> Berend-Jan Wever wrote: > > >>>>>> Adobe bulletin: > > >>>>>> http://www.adobe.com/support/security/bulletins/apsb09-15.html > > >>>>>> > > >>>>>> Short description and repro case: > > >>>>>> > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>>>>> Cheers, > > >>>>>> > > >>>>>> SkyLined > > >>>>>> < > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>>>>> Berend-Jan Wever > > >>>>>> http://skypher.com/SkyLined > > >>>>>> > > >>>>>> > > >>>>>> > > >>> > > -- > > >>>>>> ___ > > >>>>>> Full-Disclosure - We believe in it. > > >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >>>>>> Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > >> > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > -- > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBStUmKrIvn8UFHWSmAQLvGgf/ZUENmHdfks44uiGTreeEAMkAtcJ0DmYB > /CyHB6omJWnSWIyxUrClcIU62eK1Oue698BjIG1hiyquqFSbnLqzivhB4OSvneYH > 8aQodO4gdCO8vwSaQenxO9hk1HPE8RJN9Ds5QqvPZ7qDdhEvdVeaCDyBgn4kERz/ > jrgIJKTCYR67EJPuUu31QFWWpp/qIBBAN3ragqXhq5lQxpOxnWohZ0E1kCB9BdIH > BIqZW8Laa62IkGH4ZVDhwwek883m7QzJCGUVOrWt5e02QaZoX9D2ompW2Od6FwJJ > Ro1wlm1bgVPXNhCPJ+Ohq41F96X8S0a9OHlnUwV88EicFwV0Fu9c6Q== > =H/jn > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Memory corruption when loading/unloading Adobe objects through EMBED tag in Firefox
Are there any available workarounds that would mitigate the threat? I suppose I could just upload all my PDFs to Google Docs in the meantime, but I'm looking for something that I could use while offline... --Rohit Patnaik On Tue, Oct 13, 2009 at 7:35 PM, mrx wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > No, I installed latest updates prior to testing. > They should be aware of this however considering what appear to be > striking similarities in the code base between Foxit and Adobe > readers, at least as far as shared bugs go. > If not they will be aware of this after they read the email I sent them. > > MrX > > Rohit Patnaik wrote: > > Has Foxit released an update for this? > > > > --Rohit Patnaik > > > > On Tue, Oct 13, 2009 at 6:40 PM, mrx wrote: > > > > > > It would appear that Foxit reader version 3.1.1.0928 is also > > vulnerable to this memory corruption flaw. > > Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug. > > > > Makes me wonder how much code is common to both Adobes and Foxits PDF > > readers > > > > MrX > > > > > > Berend-Jan Wever wrote: > > >>> Adobe bulletin: > > >>> http://www.adobe.com/support/security/bulletins/apsb09-15.html > > >>> > > >>> Short description and repro case: > > >>> > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>> Cheers, > > >>> > > >>> SkyLined > > >>> < > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>> Berend-Jan Wever > > >>> http://skypher.com/SkyLined > > >>> > > >>> > > >>> > > -- > > >>> > > >>> ___ > > >>> Full-Disclosure - We believe in it. > > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBStUc0LIvn8UFHWSmAQIITggAxL/oV6LGNuqfXj59xbV3fLAdh/6aeE7I > hna0TysRDSi/bN+lE/JLyh+F8WDdr/uNb4Kzc+mTEd5vVqTp2Qlw5ctkQu9AcCxn > Gk9khwhgRkxYfE/DF9RsFluRMacEaYMUNuectMz+ViCiLhYiLSBrcN9N6khSBIHZ > o8ttvZBlt9ovlIu08dmuexcIVpIax8SHJj+lPWtuuRYNw/PB02hu3Pnm839nP0cD > o8ZQPXkG7zvVgBVdMoVCGLWkMgw1T9P73+32TqTC7aAuY9mwRWhG3o2LZo+/Iicl > Z/uIBT74SWzWZOdhzwdQdlXpmKXad1A8W7XxqfFLhea6WYmbj/MzHg== > =bPXc > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Memory corruption when loading/unloading Adobe objects through EMBED tag in Firefox
Has Foxit released an update for this? --Rohit Patnaik On Tue, Oct 13, 2009 at 6:40 PM, mrx wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > It would appear that Foxit reader version 3.1.1.0928 is also > vulnerable to this memory corruption flaw. > Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug. > > Makes me wonder how much code is common to both Adobes and Foxits PDF > readers > > MrX > > > Berend-Jan Wever wrote: > > Adobe bulletin: > > http://www.adobe.com/support/security/bulletins/apsb09-15.html > > > > Short description and repro case: > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > Cheers, > > > > SkyLined > > < > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > > > Berend-Jan Wever > > http://skypher.com/SkyLined > > > > > > -- > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBStUQArIvn8UFHWSmAQJ1TwgAqfyfut/IWpj22P88P1oM91vN101X6VbN > qF+I8cNuqfBhEExjayeiQwd6MZmBWUF7CrtyTYw62ZPNtOhEyyfG522oBRQmDoky > fsnHThIQ/Nyp6SCobV/vv8TmQZZ5XRnw+JeuxP1Bgqwz8hcMpLt1I196wSqu4ELE > WMSrOYy84VNDoAcbCQsaXg0Kuno10yyAmpixQOCwPk/YwNuQHvow1wFDE9zbhIjI > +nldlXLUR1yPOGFZSut9vB6gBN5gOranrgV5NR4cXTqjBzj/o88ElMw+GTGhVD/p > EfeUCQYJ7UncvaSIMRxyqcEeKYYKjec9bpuqvNUTczvm/AKhg2torw== > =pG9N > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?
Well, why are you relying on Thierry's clock to date your message? Your e-mail client should use your local clock/mail server clock to timestamp messages. --Rohit Patnaik On Sat, Oct 10, 2009 at 10:25 PM, Chris wrote: > >> - Original Message - >> From: "Thierry Zoller" >> To: full-disclosure@lists.grok.org.uk >> Cc: valdis.kletni...@vt.edu, "Jonathan Leffler" >> Subject: Re: [Full-disclosure] When is it valid to claim that a >> vulnerability leads to a remote attack? >> Date: Wed, 14 Oct 2009 14:11:50 +0200 > > > Thierry, please fix your clock. > > > -- > ___ > Surf the Web in a faster, safer and easier way: > Download Opera 9 at http://www.opera.com > > Powered by Outblaze > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Attack pattern selection criteria for IPS products
Why would Cisco, Juniper, etc. maintain the signature sets?
Presumably, each company maintains its own set of allow/deny rules.
--Rohit Patnaik
2009/10/9 srujan :
> I agree with your word let "customer network admin selects it". But Tipping
> Point, Juniper, Cisco and Snort will have a wide range of customers, and
> maintaining different signature set for different Orgs is a big headache.
>
> All these guys are maintaining 95% to 99% detection coverage at NSS testing.
> That's why i asked about the selection criteria.
>
> On Fri, Oct 9, 2009 at 1:36 AM, wrote:
>>
>> On Fri, 09 Oct 2009 00:47:24 +0530, srujan said:
>>
>> > What is the vulnerability selection criteria of Tipping Point, Juniper IPS
>> > products.
>> >
>> > Is it covering each and every CVE ID or is it selecting particular kind of
>> > attacks. If so what is selection criteria (cvss score or severity level or
>> > most publicly exploited)
>>
>> If the answer isn't "customer network admin selects it", the products are
>> broken and brain damaged. Different sites have different security stances,
>> and different opinions regarding the trade-off between the added security
>> benefit and the throughput and latency hits you take.
>>
>> Even within a site, the trade-offs may vary. I have some machines that
>> are actually air-gapped, some that are heavily firewalled, and some that
>> are lightly firewalled - and there's probably some Snort sensors and
>> honeypots
>> too.. ;)
>>
>> If you're asking for "what pre-canned detection rules they come with", it's
>> probably "all the known vulns that we can figure out how to write a Snort
>> rule that doesn't suck resources". :)
>>
>> OK, maybe they don't use Snort - but the same problems of filter
>> expressiveness, whether/how to do a regexp, and so on, are faced by all
>> IDS/IPS
>> systems. If you need to do a regexp backref, it's going to either not be
>> part
>> of the available toolset, or it's going to suck at line rate on high speed
>> interfaces. Matching '\((134|934){3,5})\(foo|bar)(more ugly)(\1|\2)' is
>> going
>> to suck whether it's Snort or silicon.
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Riorey "RIOS" Hardcoded Password Vulnerability
The really ironic thing is that this product is designed to improve the security of your site (by mitigating DDoS attacks). Instead, it degrades security by having a security hole large enough to drive a bus through. --Rohit Patnaik On Wed, Oct 7, 2009 at 6:03 PM, wrote: > Title: Riorey "RIOS" Hardcoded Password Vulnerability > > Severity: High (Full root access to the device) > Date: 07 October 2009 > Versions Affected: RIOS 4.6.6 , 4.7.0 possibly others > Discovered on: 25 July 2009 > Vendor URL: www.riorey.com > Author: Marek Kroemeke > > Overview: > > Riorey DDoS mitigation appliences (www.riorey.com) are vulnerable to > taking a full control > over affected devices via a hardcoded username and password used to create > a SSH tunnel between the RView application and the device itself. > > > Details: > > Riorey devices running affected "RIOS" versions have a hardcoded username > and password > that is then used by the RView software to connect on port 8022 in order to > create > a SSH tunnel. This allows the attacker to login as user 'dbuser' using > the hardcoded password, and due to an old Linux kernel version used - > escalate privilages > through several vulnerabilities and eventually take the full control over > the device. > > Additionally - the web interface advices the user to reset the admin > password for security reasons, > but the RView application still uses the hardcoded password in order to > create the SSH tunnel which > may result in a false sense of security. > > Proof of Concept: > > Open your favorite SSH client and use the following detials in order to > login: > > port: 8022 > username: dbadmin > password: sq!us3r > > -- cut -- > r...@rioreyxxx dbuser # id > uid=0(root) gid=0(root) groups=0(root) > r...@rioreyxxx dbuser # uname -a > Linux rioreyXXX 2.6.16.6 #23 SMP Fri Oct 24 19:29:08 EDT 2008 x86_64 > Dual-Core AMD Opteron(tm) Processor 1210 HE AuthenticAMD GNU/Linux > -- cut -- > > > Mitigation: > > Login to the device via SSH using the above details, and reset the password > using the 'passwd' command. > > > Vendor Contact: > 30 July 2009 - Initial vendor contact > 31 July 2009 - Vendor replies advising to use a firewall in front of the > device > 01 August 2009 - Vendor replies that next software release will address > this problem, work in progress > 09 August 2009 - Vendor sends an email confirming that it's not ready yet > but will be by the end of the month > 16 August 2009 - Confirmation about realease day of a patched version - 05 > October 2009 > 07 October 2009 - Releasing the vulnerability report. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
I'm pretty sure that Microsoft has already released a fix for this. I know they've patched Vista and Windows 7, and they've decided publicly not to backport the fix to Windows XP. --Rohit Patnaik On Wed, Sep 30, 2009 at 8:34 PM, Nick wrote: > A new exploit for the _Smb2ValidateProviderCallback() function has been > released by the same person who created the Denial of Service exploit, > except this one is able to execute code remotely. It seems that ms is sort > of delaying the quick fix for this exploit. Whats even sadder is that they > knew about it when they developed windows 7 but didn't care to patch windows > vista. If they dont release a patch soon, viruses will be all over the > internet... > > Exploit code: > http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dumb question: Is Windows box behind a router safe ?
Yeah, but the original poster made it clear that the box was running Windows XP Service Pack 2, so both your comments are largely irrelevant. :) --Rohit Patnaik yersinia wrote: > On Tue, Sep 22, 2009 at 9:11 PM, Abhijeet Jain > mailto:abhijeet.ecsta...@gmail.com>> wrote: > > Myth No. 2- Using Firefox does not make you safe! In fact, IE 7/8 > is the safest browser when used with Windows Vista because it runs > on lower privileges. > > Not on Linux(Fedora) with Selinux Enabled, better if you run with the > guest_u selinux usr. > > > On Tue, Sep 22, 2009 at 1:57 PM, Kos <mailto:kpo.mail.l...@gmail.com>> wrote: > > Ancompuger behind a router/firewall does not make it safe. > Vulnerabilities and exploits are not limited to a network > level, which > is generally what a firewall is used for. Vulnerabilities sent > via any > protocol used (http, imap, pop, other protocols that may be in > use) > are not suddenly secure. > > An example, there are PDFs that will trigger adobe to run, > whcih can > be exploited easily. > Someone can send your father an email with a malicious > attatchment, > and a firewall isn't going to preven him from clicking and > running it. > Anti-virus is a good start, but will only go so far. > There are phishing sites too. > The ways to get owned are countless, regardless of a firewall > or not. > > You should keep the system maintained and up to date (run system > updates and applications undated regularly). > > So no, a firewall will not prevent a computer from being > compromised. > > Other opinions? > > Kos > > On Sep 22, 2009, at 11:29 AM, Steven Anders > mailto:anders...@gmail.com>> wrote: > > > I received great responses and am very grateful to the help from > > community of this list. Thank you. > > > > > > I have a dumb question: Is a Windows box behind a router safe ? > > > > It is my father's PC and the Windows OS was not updated > regularly. > > The Windows box was connected through wire (RJ45) to the > router. The > > router is then connected to the DSL modem. > > The Windows Box has SP2 installed and the default Windows > firewall > > enabled - and I think was last updated from Windows Update on in > > 2008. It has AVG anti virus. > > The PC was never moved anywhere and is always behind the > router. The > > router has default settings, which I believe has no ports open. > > > > He never installed any applications or downloads anything > off the > > net - mainly it is used for emails and general web browsing > (using > > Firefox, not IE). I informed him to use Firefox, since IE has so > > many security issues. > > > > > > My questions are: > > > > 1. There are many exploits and vulnerabilities of Windows, > but I > > was wondering if outdated Windows box behind router generally > > safe ? Since, the Windows box was not updated with the latest > > updates. > > > > I have always thought that having a computer behind the router > > (since router has firewall) is generally safe, but I would > love to > > hear insights or thoughts. > > > > > > 2. If a Windows box is behind a router, could a botnet be > installed > > to it ? Assuming, the end user does not install/download any > > applications from the Internet and always use Firefox. > > > > > > Thank you all in advance. > > steve > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > 1q4!7EEf71!u > >
Re: [Full-disclosure] Dumb question: Is Windows box behind a router safe ?
No, I would not consider your father's box to be safe. There are enough drive-by-download attacks and e-mail scams to make infection a very real possibility even if the automated worm route is blocked by a NAT router. However, if you installed SP2 with default settings, it probably enabled the auto-update functionality in Windows. Similarly, recent versions of Firefox have a similar auto-update feature. So, even if you don't think the box is being updated, it might still be receiving security patches. --Rohit Patnaik Steven Anders wrote: > I received great responses and am very grateful to the help from > community of this list. Thank you. > > > I have a dumb question: Is a Windows box behind a router safe ? > > It is my father's PC and the Windows OS was not updated regularly. The > Windows box was connected through wire (RJ45) to the router. The > router is then connected to the DSL modem. > The Windows Box has SP2 installed and the default Windows firewall > enabled - and I think was last updated from Windows Update on in 2008. > It has AVG anti virus. > The PC was never moved anywhere and is always behind the router. The > router has default settings, which I believe has no ports open. > > He never installed any applications or downloads anything off the net > - mainly it is used for emails and general web browsing (using > Firefox, not IE). I informed him to use Firefox, since IE has so many > security issues. > > > My questions are: > > 1. There are many exploits and vulnerabilities of Windows, but I was > wondering if outdated Windows box behind router generally safe ? > Since, the Windows box was not updated with the latest updates. > > I have always thought that having a computer behind the router (since > router has firewall) is generally safe, but I would love to hear > insights or thoughts. > > > 2. If a Windows box is behind a router, could a botnet be installed to > it ? Assuming, the end user does not install/download any applications > from the Internet and always use Firefox. > > > Thank you all in advance. > steve > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
How feasible is it for a user to gain network access to the network device? Is it just a matter of gaining access via SSH? Or is there something more that a malicious user has to do? --Rohit Patnaik Marc Heuse wrote: > > > Title: Crypto backdoor in Qnap storage devices > Date: 18 September 2009 > URL: > http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt > > > > Vendor:QNAP Systems > Products (verified): TS-239 Pro, TS-639 Pro > Products (unverified): SS-439 Pro, TS-439 Pro, TS-439U-SP/RP, >TS-509 Pro, SS-839 Pro, TS-809 Pro, TS-809U-RP > Vulnerability: hard disk encryption bypass due recovery key > Affected Releases: 3.1.1 0815, 3.1.0 0627, 2.1.7 0613, >and presumably all other > Severity: Moderate/High > CVE: CVE-2009-3200 > > > > Overview: > > The premium and new line of QNAP network storage solutions allow > for full hard disk encryption. When rebooting, the user has to > unlock the hard disk by supplying the encryption passphrase via > the web GUI. > > However, when the hard disk is encrypted, a secondary key is > created, added to the keyring, and stored in the flash with minor > obfuscation. > > > Impact: > > The encrypted hard disk can be unlocked and potential sensitive > contents access by attackers who obtain physical or network > access to the hard disk and flash. > > > Description: > > When a user selects in the web GUI to encrypt a hard drive, he > has to supply a passphrase of 8-16 length. > The Qnap solution is to use the underlying Linux standard > mechanisms of LUKS to create the encrypted partition. > The user supplied passphrase is crypt(3)'ed with the MD5 salt > of $1$YCCaQNAP$ and used as the initial key to access the LUKS > master key for the drive. > > Additionally, the system creates a second key, which is 32 > characters long and contains all low case characters and the > numbers 0-9, and adds it to the LUKS keyring: > /sbin/cryptsetup luksAddKey /dev/md0 /tmp/temp.wLbZNp \ > --key-file=/tmp/temp.rUBxFo > > Before writing the second key to the flash, the key is then > obfuscated in the following way: > the first six characters are reversed and written to the end > of the string. > The obfuscated string is then written to the flash (/dev/sdx6 > on current Qnap storage devices) in the ENCK variable. > > > Exploit: > > An attacker - or user who has lost his passphrase - just needs > to do the following: > > 1. Obtain the backdoor key from the flash: ># strings /dev/sdx6 | grep ENCK >ENCK=ghijklmnopqrstuvwxyz012345fedcba > It is possible that several ENCK keys show up. > > 2. The key has then to be deobfuscated. The last 6 characters have > to be taken, reversed, and put in front of the string: > > ENCK key before: ghijklmnopqrstuvwxyz012345fedcba > ENCK key after: abcdefghijklmnopqrstuvwxyz012345 > > 3. The key file has to be created: ># echo -n "abcdefghijklmnopqrstuvwxyz012345" > /tmp/key > > 4. The encrypted volume is unlocked and mounted. The device is > usually /dev/md0 or /dev/sda3. ># /sbin/cryptsetup luksOpen /dev/md0 md0 --key-file=/tmp/key >key slot 0 unlocked. >Command successful. ># mount /dev/mapper/md0 /share/MD0_DATA > Full access to the encrypted volume has been obtained. > > > Additional Weaknesses: > > The backdoor key is generated by rand() calls. As the rand() > function produces random numbers unsuitable for cryptographic > keys. The cryptographic strength of this generated key is > approx 2^32, hence feasible for breaking. This would make > access to the flash unnecessary. > > The LUKS partition is created in AES-256 in plain CBC mode. This > mode is susceptible to watermark attacks. > > > Solution: > > No fix is available from the vendor yet and scheduled for the > following month. > > The official company statement is: > "The security notice from Baseline Security was received by Qnap > on the 16th September 2009 and rated as important. > Currently, a new and enhanced firmware version is already in > testing. An update is planned for the following month" > > As this was implemented on purpose by the vendor, and feedback > from the taiwane
Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
Perhaps, perhaps not. Microsoft _is_ pushing pretty hard to get Windows 7 into the netbook market. --Rohit Patnaik Peter Besenbruch wrote: > On Wednesday 16 September 2009 05:15:23 Thor (Hammer of God) wrote: > >> P.S. >> > > >> I get the whole "XP code to too old to care" bit, but it seems odd to take >> that "old code" and re-market it around compatibility and re-distribute it >> with free downloads for Win7 while saying "we won't patch old code." >> > > Let's not forget that the majority of netbooks come with Windows XP Home, and > are likely to for a while. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PakBugs.Com Report
We know that the FBI and the CIA can't even catch Osama bin Laden in Pakistan. Do you really think they're going to bother with small-time credit card skimmers? --Rohit Patnaik TheLearner wrote: > I wanna be the very best > Like no one ever was > To catch them is my real test > My criminal justice training is my cause > > I will travel across the lands > searching far and wide > with pokemon to understand > THE POWER THAT'S INSIDE > > POKEMON gotta catch em all (it's you and me) > YOU KNOW ITS MY TEST IN ME > Ohh I have no friends > In a world I must defend > > tips.fbi.gov <= Send the tip and make stuff happen! > > Send it in ASCII style yo > > And take a bite out of cybercrime > > On Sat, 12 Sep 2009 16:30:12 + Catch Them > wrote: > >> As you may know these are mostly based in Pakistan involved in >> illegal activities which include carding, hacking, cracking etc. >> >> I am including this list of their users for law enforcement >> agencies to investigate and take action where neccessary. >> Currently their site is hosted in pacificrack.com's server. >> >> WAR Against Cyber Crime >> Catch Them If you can. >> >> _ >> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. >> http://clk.atdmt.com/GBL/go/171222985/direct/01/ >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet Explorer 8 Crash @ Sourceforge
It works just fine for me. I'm testing with IE8 on Windows Vista Business (32-bit) with latest patches. --Rohit Patnaik Jeremy Brown wrote: > http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download > > Anybody else get a access violation when viewing this page with IE8? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet Explorer 8 Crash @ Sourceforge
It works just fine for me. I'm testing with IE8 on Windows Vista Business (32-bit) with latest patches. --Rohit Patnaik Jeremy Brown wrote: > http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download > > Anybody else get a access violation when viewing this page with IE8? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
full-censors...@hushmail.com wrote: > On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote: > >> On Fri, 11 Sep 2009 21:49:00 BST, you said: >> >> >>> would one not rather hire someone *not* well-known and *doesn't* >>> >>> get owned? >>> >> Feel free to hire that guy flipping burgers at McD's to do your >> security >> assessment. >> > > the burger flipper would be the obvious choice, young and eager to > learn. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > The choice is obvious only as long as you ignore the fact that eager to learn also means eager to make mistakes. After all, isn't trying (and failing) the most effective method of learning? --Rohit Patnaik ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0xHACK - Oxford Info-Sec Group
Apparently they didn't tell him that 'h' wasn't a valid hex symbol either. --Rohit Patnaik Lolek of TK53 wrote: > On Fri, Sep 11, 2009 at 2:40 PM, James Whayman wrote: > >> http://0xhack.org >> > > didn't your profs tell you that K is no valid hexadecimal character? > scnr > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Web-monitoring software gathers data on kid chats
Yeah, I saw that on Slashdot the other day, and I thought it was pretty hilarious. Ironic isn't it, that the very company one hires to protect their kids from exploitation is the one that is exploiting the kids? --Rohit Patnaik dramacrat wrote: > hahahaha oh man, that's grand. > > 2009/9/9 Ivan . mailto:ivan...@gmail.com>> > > Parents who install a leading brand of software to monitor their kids' > online activities may be unwittingly allowing the company to read > their children's chat messages — and sell the marketing data gathered. > > Software sold under the Sentry and FamilySafe brands can read private > chats conducted through Yahoo, MSN, AOL and other services, and send > back data on what kids are saying about such things as movies, music > or video games. The information is then offered to businesses seeking > ways to tailor their marketing messages to kids. > > > http://www.google.com/hostednews/ap/article/ALeqM5i5CjgMEdrwRm3JxeglUykMAHAYmAD9AGNVM00 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] why not a sandbox
Doesn't Vista already run Internet Explorer in a sort of sandbox? -- Rohit Patnaik On Fri, Sep 4, 2009 at 3:12 PM, Kurth Bemis wrote: > Check out: > > http://www.sandboxie.com/ > http://www.xenocode.com/Browsers/ > > ~k > > On Fri, 2009-09-04 at 13:05 -0500, RandallM wrote: > > how come we just can't sandbox the browser in away from the system. > > its the users that just get gmail and click links, watch youtube vids > > and check FaceBook and Mypace that infect the network! > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
As for businesses, any business of even medium size is going to have a backup and recovery plan these days. Businesses will be less affected than individuals because they'll have backups, and can restore from them if an infection hits. In any case, this still doesn't address my contention - that the actual number of threats doesn't matter, because the vast majority of them are not viable, in the sense that they attack vulnerabilities that have been patched. As long as users keep up with vendor patches (whether they're on Windows or Linux) the number of threats that will affect them will remain fairly constant over time. -- Rohit Patnaik On Fri, Sep 4, 2009 at 12:44 PM, lsi wrote: > > > - approximate date when number of NEW threats will reach 1 Billion: > 2015 > > > This is assuming an exponential growth model, when there's no realistic > > reason to believe it to be so. > > The reason to believe the exponential model will remain valid, is > that it is the model that is currently valid. A different model will > need to explain how the existing exponential curve is derailed. > > > There are however good reasons to expect > > that the correct model is the "logistics curve" (slow growth at first, > > a steep middle section, then flattening out asymptotic to a horizontal > line). > > > For starters, new threats have to come from *somewhere* [...] From > > whence will the 1 billion new threats in the 2015-16 span come from? > > Who will create these, > > Did you see the link I posted to the "Evolvable Malware" PPT? > Mutation will be automated. Resistance is useless... ;) > > > and who will make money from them? > > Presumably, the same gangs who do so now. They won't need to recruit > billions of new coders to make their billions of new variants. It'll > all be generated overnight, by their botnet, which, when it's not > sending spam, etc, will be "revectoring" itself, using the GP > algorithms previously noted. > > > At what point will some of the marginal players leave > > the game and find other avenues of making money? > > I answered this one already as well... they will leave soon after the > number of vulnerable hosts starts to fall, which will happen either > though mass extinction (due to malware overload) or due to re- > deployment with a Real OS. > > > [...] A bigger danger here is if we start seeing *single* threats > > that include a really good real-time polymorphism/obfuscator - *that* > > could really suck. > > But Valdis old chap, that is exactly what the GP algorithms do, the > proof-of-concept is already out there (see the GP PPT). > > > Interesting statistic - year before last, around 10% of all new computer > > purchases were replacements for malware-infested boxes. Just buying a > new > > one was easier/cheaper than trying to fix the old one for a lot of > people. > > These numbers are probably skewed by some kind of newbie effect. > Once you have had your machine for a while, as I'm sure you know, > simply dumping it is not always an option. Businesses, for example, > may simply be unable to dump an old system, as it runs some legacy > something, which just happens to be mission-critical. > > > Second interesting statistic - the vast majority of that 10% ended up > using > > the exact same operating system. > > > > So even when it's well past the 20% mark and the box is basically > unusable, > > they *still* don't run for the exit. > > They're newbies. You wait till they've done that 5 times. Then ask > them, are you a happy bunny... and how much money have you spent, in > total... > > - I have already decommissioned one server, due to malware growth - > it was an old 486 machine, whose sole purpose was to serve AV updates > for a client's LAN. All went well for a few years, however the hard > drive started to fill with signature updates. So, I upgraded the > drive, however due to a BIOS limitation (or was that NT4? FAT16?), > the maximum size I could use was 2Gb. That would have filled as > well, except I moved the AV server software onto their main server > (and proceeded to fill its disk instead, but that's another story) - > and sent the old 486 to recycling... > > So this old server, you might think of course, it's a mere 486, to > which I reply, and a canary is also a weakling. That is why people > put them in mines, because they are very sensitive to carbon monoxide > levels, and drop dead well before humans do. So when the canary > dies, the mine is evacuated. > > This old server was a canary. Its tight resource
Re: [Full-disclosure] windows future
And that's also ignoring the fact that you don't have to scan for things that you know you're not exposed/vulnerable to. For example, I don't take precautions against Feline Immunodeficiency Virus, because I know it can't infect humans. I also don't take precautions against Ebola or Smallpox because the chance I'd be exposed to them is vanishingly small. In the same way, I don't worry about IIS threats - I'm not running an IIS server. I'm not worried about threats to Outlook - its not my mail client. I don't worry about boot sector virii from the late 80s/early 90s - they're far too rare to spend time on. Likewise, I don't care about threats against which I've already applied vendor patches or service packs. The total number of threats may be growing exponentially, but once you factor in the growing immunity of my computer system to said threats, the number of outstanding threats (things for which I don't have immunity, and are capable of infecting my machine) drops to a much more manageable level. --Rohit Patnaik valdis.kletni...@vt.edu wrote: > On Fri, 04 Sep 2009 15:46:19 BST, lsi said: > > >> - approximate date when number of NEW threats reached 1 Million: 2008 >> >> - approximate date when number of NEW threats will reach 1 Billion: 2015 >> >> - approximate date when number of NEW threats will reach 2 Billion: 2016 >> > > This is assuming an exponential growth model, when there's no realistic > reason to believe it to be so. There are however good reasons to expect > that the correct model is the "logistics curve" (slow growth at first, > a steep middle section, then flattening out asymptotic to a horizontal line). > > For starters, new threats have to come from *somewhere*, and there's only > a limited supply of dark-side code hackers, and a limited supply of people > worth fleecing (sure, OLPC may distribute 100M laptops - but those are going > to > people who can't be monetized easily). From whence will the 1 billion > new threats in the 2015-16 span come from? Who will create these, and who will > make money from them? At what point will some of the marginal players leave > the game and find other avenues of making money? Remember - if the threat > pool is 100,000, and you have 1,000 threats, you have 1% of the market, and > can probably live well off that 1% if monetized. But if you have 1,000 > threats > in a pool of a billion, you're a marginal player and not likely to get rich > fast doing that. > > >> - charts showing this: >> http://www.cyberdelix.net/files/malware_mutation_projection.pdf >> >> - will the AV companies be able to classify 1 billion new threats per >> year? that is 2.739 MILLION new threats per DAY (over 1900 new >> threats per minute). >> >> - will your computer cope with scanning every EXE, DLL, PIF etc 1 >> billion times, every time you use them? >> > > You don't have to scan it a billion times. You need to scan it *once* for > one billion attacks. And proper pattern-matching should help a lot here - > quite > often, you'll have 2,934 exploit codes in the wild, all using the same attack > code lifted from Metasploit or milw0rm or whatever. So only one check is > needed. A bigger danger here is if we start seeing *single* threats that > include a really good real-time polymorphism/obfuscator - *that* could really > suck. > > >> - aside from the theoretical limits imposed by hardware and software, >> there is one extra limit, imposed by users. Users will not tolerate >> machines operating slowly, and will seek alternative platforms well >> before 100% CPU utilisation (either as a direct result of the size of >> the blacklist, or indirectly caused by swapping due to low RAM). >> This user limit might be lower than 20% CPU utilisation. If users >> figure out that 20% of their time is being wasted, and rising fast, >> they will run for the exit. >> > > Interesting statistic - year before last, around 10% of all new computer > purchases were replacements for malware-infested boxes. Just buying a new > one was easier/cheaper than trying to fix the old one for a lot of people. > > Second interesting statistic - the vast majority of that 10% ended up using > the exact same operating system. > > So even when it's well past the 20% mark and the box is basically unusable, > they *still* don't run for the exit. > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
All this shows is that there's exponential growth in the number of *threats*. It doesn't give any data about the number of actual *infections*. I mean, its quite possible that all these bits of malware are just targeting the same group of vulnerable Windows boxen, and they're just competing to conquer the same fixed base. After all, if you extrapolated from the exponential growth of maggots on a rotting carcass, you'd be predicting that the entire world would be covered in maggots not too far from the future. --Rohit Patnaik lsi wrote: > Hi All, > > Sorry for the delay, I had some urgent migration planning to attend > to ... ;) Stats below. Short version: evacuate. Long version: > > - stats are in, exponential curve is real, see it for yourself here: > > http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf > > (page 10) > > - I also added up the numbers at > http://www.virusbtn.com/resources/malwareDirectory/prevalence/index.xml?year=2009 > ... exponential curve also visible, though I think their stats are > dodgy, their website is already suffering from math limits - it is > reporting current yearly stats as NaN% (Not A Number). > > - average rate of change per year (annual growth rate), calculated > from Symantec's chart: 243% > > - approximate date when number of NEW threats reached 1 Million: 2008 > > - approximate date when number of NEW threats will reach 1 Billion: > 2015 > > - approximate date when number of NEW threats will reach 2 Billion: > 2016 > > - charts showing this: > http://www.cyberdelix.net/files/malware_mutation_projection.pdf > > - will the AV companies be able to classify 1 billion new threats per > year? that is 2.739 MILLION new threats per DAY (over 1900 new > threats per minute). > > - will your computer cope with scanning every EXE, DLL, PIF etc 1 > billion times, every time you use them? > > - aside from the theoretical limits imposed by hardware and software, > there is one extra limit, imposed by users. Users will not tolerate > machines operating slowly, and will seek alternative platforms well > before 100% CPU utilisation (either as a direct result of the size of > the blacklist, or indirectly caused by swapping due to low RAM). > This user limit might be lower than 20% CPU utilisation. If users > figure out that 20% of their time is being wasted, and rising fast, > they will run for the exit. > > - will you tolerate your machine constantly processing a list a > billion items long? > > - do you plan to, and can you afford to, upgrade your compute power > by 243%, every year? > > - will you do this, even though you know viable alternative platforms > exist, at less total cost to yourself? > > - if you're already irritated that AV is slowing down your machine, > consider that malware levels will be 500 times higher in approx 5 > years (assuming growth rates continue at 243%). That means your AV > will be running 500 times slower. Unless you upgrade your machine by > 500 x current (eg. to an effective speed of approx 1000 GHz), your > machine is going to slow down even more. Given that chipmakers don't > seem to be able to get much past 5GHz, without melting the die, that > means you'll need 200 of today's processors, just for malware > filtering, by 2015. > > - Moore's Law says compute power doubles (200%) every 24 months. > However, malware is growing at 243% every 12 months. Thus it is > already exceeding Moore's Law, by a massive margin. I suspect this > means this race is unwinnable, and we should give up now, and devote > our resources to something sustainable. > > - how AV writers will generate 2.7 million new threats/day: > > "Evolvable Malware": > http://www.genetic-programming.org/hc2009/3-Noreen/Noreen-Presentation.ppt > > "A Field Guide to Genetic Programming": > http://www.gp-field-guide.org.uk/ > > Wiki: > http://en.wikipedia.org/wiki/Genetic_programming > > - the insecurity of Windows creates a public space, of sorts, an area > of common ground, with shared ownership - and this is thus > susceptible to the tragedy of the commons ... > http://en.wikipedia.org/wiki/Tragedy_of_the_commons ... so no, I > don't think malware authors will slow down the mutation rate, so as > to prolong the life of the platform, they do not work together. As > Messagelabs puts it, "there's no honour amongst thieves" ... > http://www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf > > - the greenhouse emissions caused by billions of computers checking > billions of items f
Re: [Full-disclosure] Global Technocracy - Part 1
The real problem is both sides in this "discussion". We've got one side presenting a "CIA did 9/11" style of conspiracy theory, and the other side presenting a flawed, ad-hominem response. I always find it ridiculous whenever someone says that there's a grand conspiracy of technocrats ruling the world. The world is waaay too irrational for that to be the case. --Rohit Patnaik th3tr...@hush.com wrote: > Look, not everyone is a native English speaker. Not everyone has > ideas that you agree with, and to be honest I thought that this > post was kind of a bunch of mumbo jumbo that no one really cares > about. > > However, before trying to get all "leeter-than-thou," why don't you > try considering the concepts being presented to you and acting like > a normal human being. > > The annoying part of this thread isn't the barely-legible writing > about security, it's the fool that thinks he knows everything > posting lyrics to some stupid Chamillionaire song as a sig on EVERY > POST. > > / truth > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PPStream PPSMediaList Activex 0day exploit
There isn't exactly a whole lot of detail here. All you've got posted on
your blog are two screenshots of the PPStream call stack after a crash.
There's no detail about what input causes the crash, nor any other
details about how to make it exploitable. At present, it's not even
clear (beyond your word, of course) that vulnerability even *is*
exploitable. With more detail, it'd be easier to analyze this
vulnerability and propose a fix to the developers of this application.
Thanks,
Rohit Patnaik
expose 0day wrote:
> **
> PPStream is the most huge p2p media player in the world.
> There are two hundred million ppstream users in the world.
> The vulnerability is exploitable,but I have no time to make it,you
> could visit my blog for detai...@^
> welcome to http://0dayexpose.blogspot.com/
>
>
> COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control
> COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx
> RegKey Safe for Script: True
> RegkeySafe for Init: True
> KillBitSet: False
> Company Name: PPStream Inc.
> Version: V2.6.86.8900
> Web Site: http://www.ppstream.com
> ***
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
To be fair, Linux has come a very long way in that regard. I purchased an Asus Eee 900 with Linux preinstalled, and everything worked right out of the box. Flash, Java, OpenOffice, the works. It was a vindication of my view that the real obstacle to Linux on the desktop isn't the user, but rather the OEM. With low-cost, low-power netbooks becoming more prevalent, OEMs are finding that the cost of the Windows license begins to take up a rather high percentage of the overall cost. Therefore, many are preinstalling and preconfiguring Linux. At the same time, consumers are finding that application incompatibilities don't really matter for them, since the Linux equivalents are able to handle data coming from a Windows box with a minimum of fuss. --Rohit Patnaik Paul Schmehl wrote: > --On Friday, August 28, 2009 09:32:45 -0500 lsi wrote: > >> The world will awaken from the 20+ year nightmare that was Windows, >> made possible only by manipulative market practices, driven by greed, >> and discover the only reason it was wracked with malware, was because >> it had all its eggs in one basket. >> >> > > That's crazy talk. I hate Windows as much as the next guy, but there's a > reason they have such a large market share and it's not *just* manipulative > market practices. Most people outside the insular geek world use computers > to > perform tasks for them. They think of the computer as a tool, and they > expect > it to do the job they want without getting in the way or requiring them to > learn to count in hex. > > When someone else comes up with a system that has excellent graphics, runs > Flash and other things without complaint, and "just works" without expecting > them to lift the hood and diagnose problems, doesn't require them to install > all sorts of "extras" to have a working system *and* is priced competitively > with Windows, they will buy it. > > Macs are competitive with Windows in every category except one; price. And > by > price I mean the cost of walking into a store and walking out with a working > system. Apple's biggest mistake has always been trying to "hoard" the > hardware > market for their OS - the same mistake Sun makes - which drives up the price > and makes them less competitive. Unix (really Linux mostly) is getting there > but still has a ways to go. > > I say these things as a hard core Unix user who loves FreeBSD. There are > many > reasons that I love FreeBSD and use it exclusively when I can, but things > like > making Flash work are not for the faint of heart. > > It won't be the malware that will drive people *away* from Windows (if it was > they would have been driven away long ago), it will be the (dare I say it?) > user friendliness of a system *and* price competitiveness that will *attract* > buyers to it. > > BTW, your comments about crackers and ecosystems are several years behind. > The > current "technology" crackers are using to great success is social > engineering. > Actually breaking into systems is almost passe these days. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the "immunity" of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: > Thanks for the comments, indeed, the exponential issue arises due to > use the of blacklisting by current AV technologies, and a switch to > whitelisting could theoretically mitigate that, however, I'm not sure > that would work in practice, there are so many little bits of code > that execute, right down to tiny javascripts that check you've filled > in an online form correctly, and the user might be bombarded with > prompts. Falling back on tweaks to user privileges and UAC prompts > is hardly fixing the problem. The core problem is the platform is > inherently insecure, due to its development, licensing and marketing > models, and nothing is going to fix that. Even if fixing it became > somehow possible, the same effort could be spent improving a > competing system, rather than fixing a broken one. > > Just to complete the extrapolation, the below. > > Assuming that mutation rates continue to increase exponentially, > infection rates will reach a maximum when the average computer > reaches 100% utilisation due to malware filtering. Infection rates > will then decline as vulnerable hosts "die off" due to their > inability to filter. These hosts will either be replaced with new, > more powerful Windows machines (before these themselves surcumb to > the exponential curve), OR, they will be re-deployed, running a > different, non-Windows platform. > > Eventually, the majority of computer owners will get the idea that > they don't need to buy ever-more powerful gear, just to do the same > job they did yesterday (there may come a time when the fastest > machine available is unable to cope, there is every possibility that > mutation rates will exceed Moore's Law). The number of vulnerable > hosts will then fall sharply, as the platform is abandoned en-masse. > > At this time, crackers who have been depending upon a certain amount > of cracks per week for income, will find themselves short. They will > then, if they have not already, refocus their activities on more > profitable revenue streams. > > If every computer is running a diverse ecosystem, crackers will have > no choice but to resort to small-scale, targetted attacks, and the > days of mass-market malware will be over, just as the days of the > mass-market platform it depends on, will also be over. > > And then, crackers will need to be very good crackers, to generate > enough income from their small-scale attacks. If they aren't very > good, they might find it easier and more profitable to get a 9-to-5 > job. The number of malware authors will then fall sharply. > > The world will awaken from the 20+ year nightmare that was Windows, > made possible only by manipulative market practices, driven by greed, > and discover the only reason it was wracked with malware, was because > it had all its eggs in one basket. > > Certainly, vulnerabilities will persist, and skilled cracking groups > may well find new niches from which to operate. But diversifying the > ecosystem raises the barrier to entry, to a level most garden-variety > crackers will find unprofitable, and that will be all that is > required, to encourage most of them to do something else with their > lives, and significantly reduce the incidence of cybercrime. > > (now I phrase it like that, it might be said, that by buying > Microsoft, you are indirectly channelling money to organised crime > gangs, who most likely engage in other
Re: [Full-disclosure] [Fwd: Re: windows future]
While running as a user (as opposed to root) does help, it doesn't obviate the need for education and good computer hygiene. After all, all of the information and most of the programs your users are running manage to go just fine without root access. Unless you've really strictly locked down the workstations, its still quite possible for malware to gain access to data or computing resources (e.g. CPU time, network bandwidth) without completely "owning" the computer. The one big advantage of non-privileged accounts is that they're easier to clean up if they do get infected with malware. After all, its a lot easier to backup and wipe a single account than it is to wipe and restore an entire system. However, I'm not sure how much of an advantage that is to someone whose goal is to *prevent* infection, rather than mitigate them after they occur. --Rohit Patnaik Peter Besenbruch wrote: >>> I'm not sure this is a solution. Most of the people I work with will >>> unquestioningly click every UAC prompt. Knowing what to whitelist requires >>> a fair degree of technical skill beyond most users' ability. >>> > > On Thursday 27 August 2009 08:34:54 Thor (Hammer of God) wrote: > >> If they can just "unquestionably click" the UAC prompt, then they are >> already running as administrators, or your DA has changed the default >> setting for UAC, which requires "normal users" to enter the admin username >> and password to run code with escalated permissions. >> >> In either case, it's not Vista's fault. >> > > It is somewhat Vista's (or Windows') fault if the default user is also the > administrator by default. Yes, knowledgeable people will know to set up a > separate user account, but in a home environment such people are few and far > between. > > In my own "business" situation, I am the computer goto guy. Our equipment > isn't capable of Vista. When I arrived it ran XP Home. It took about a year, > but we migrated to something more open source, and to an OS that insists on > regular user accounts by default. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
I definitely agree, vis a vis the doctor analogy. I haven't run anti-virus software for quite a while now, because viruses spread so quickly even daily definitions updates aren't enough to stop them. A properly locked down firewall, along with good browsing, installation, and patching habits are what I rely on to stop infections. To go with a third biological analogy - antivirus is like an antibiotic. It stops the infection once the bacteria has already taken root in your system. Well, these days, most of malware is resistant to antivirus software. So, we have to rely on good computer hygiene to keep us safe. --Rohit Patnaik Peter Besenbruch wrote: > On Thursday 27 August 2009 05:04:16 Rohit Patnaik wrote: > >> Of course, all this is based on an extrapolation of the current strategy >> of blacklisting. My feeling is that, once malware levels grow beyond >> this threshold, we'll see a mass switch to whitelists. In other words, >> apps will go from being innocent until proven guilty, to being guilty >> until proven innocent. We're already seeing some if this with Vista's >> UAC pestering when one wants to install a new application. Given that, >> I'm not sure how the rest of your scenario plays out. >> > > I'm not sure this is a solution. Most of the people I work with will > unquestioningly click every UAC prompt. Knowing what to whitelist requires a > fair degree of technical skill beyond most users' ability. > > A few thoughts on the previous post: In biology, most parasites do not kill > their host. If the analogy fits, it is possible for Windows to stumble along, > rather infected, but still functional. > > In a business setting, malware scanning is often done at the periphery of the > LAN, not by each individual computer. > > In another biological analogy, doctors see lots of sick patients, but don't > get sick themselves. They wash their hands a lot. In the computer world, > people who don't install that fake codec, and who do keep their systems up to > date, may not need anti-virus. > > Given the proliferation of malware over the last few years, I have my doubts > about the effectiveness of anti-virus software today. In other words, > anti-virus software will stop being effective before it consumes all > available computer resources trying to protect the computer. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Fwd: Re: windows future]
--- Begin Message --- Of course, all this is based on an extrapolation of the current strategy of blacklisting. My feeling is that, once malware levels grow beyond this threshold, we'll see a mass switch to whitelists. In other words, apps will go from being innocent until proven guilty, to being guilty until proven innocent. We're already seeing some if this with Vista's UAC pestering when one wants to install a new application. Given that, I'm not sure how the rest of your scenario plays out. --Rohit Patnaik lsi wrote: [Some more extrapolations, this time taken from the fact that malware mutation rates are increasing exponentially. - Stu] (actually, this wasn't written for an FD audience, please excuse the bit where it urges you to consider your migration strategy, I know you're all ultra-l33t and don't have a single M$ box on your LAN) http://www.theregister.co.uk/2009/08/13/malware_arms_race/ If this trend continues, there will come a time when the amount of malware is so large, that anti-malware filters will need more power than the systems they are protecting are able to provide. At this time, those systems will become essentially worthless, and unusable. You can choose to leave now, or later. But you cannot choose to stay... (I mean, that the Windows platform seems destined to fill, completely, with malware, such that your computer will spend ALL its time on security matters, and will have no CPU, RAM etc left for actual work. At the end of the day, the ability of malware to infect Windows machines is due to the fact that Windows is a monoculture, a monolith, built by a single company, with many interconnections and hidden alleyways. It's hard to imagine a platform LESS vulnerable - compare with open-source efforts, which are diverse, homogenous and connect via open protocols. Malware finds life hard in the sterile, purified world of RFCs, where one of many different programs may process your malicious payload, all of which have been peer-reviewed. In Windows, malware knows that a specific Microsoft EXE will process its data, knows that the code has not been thoroughly checked, and can make use of undocumented mechanisms. So basically Microsoft, by hoarding their source, by tightly integrating functionality, and by seeking to monopolise the various markets created by the platform (browser, media player, office software), have doomed Windows, and everything that runs on it. The lack of diversity in the Windows ecosystem means that it is highly vulnerable to attack by predators. The fact that malware mutation rates are accelerating is a clear indicator that the foxes are circling. This is the beginning of a death spiral; the malware numbers we've seen in the past 20 years were the low end of an exponential curve, and we're now getting to the steep part. The problem is that any given computer is only capable of so much processing. It has an upper limit to the amount of malware it can filter, those limits being related to CPU speed, RAM, diskspace, network bandwidth. This upper limit looks like a horizontal line, on the chart that shows the exponential curve mentioned above. So my point, is that eventually, the exponential curve is going to cross that horizontal line, for any given computer, and when that happens, that computer will no longer be able to filter malware. It will only be able to filter a subset, and thus be vulnerable to the rest. Consequently it will not be usable, for instance, on the web, and will essentially become a doorstop... The only escape from this inevitability is to ditch the platform that is permitting the malware - that is, the only escape is to ditch Windows. It is being eaten alive, by predators that only have a foothold because there are weaknesses in the platform. Given that it can take years to migrate to a new operating system, I do recommend, if you have not already done so, that you commence planning to ditch Windows. I might be wrong about the exponential curve, but if I'm not, then there may not be a lot of time in between when malware levels seem managable, and the time when they are not. If your business depends on Windows machines and they all become unusable, you will have no business. What you definitely must NOT do, is assume that Windows is going to be around for a long time. It is a dead man walking. - Of course, there might be a few years yet. You can spend those years running up your IT bill, with lots of new computers that are required to filter all that malware while still performing at a useful speed. Or, you can ditch Windows, and keep your existing hardware - it runs perfectly well, when it's not weighed down defending the indefensible. [If Microsoft dooming Windows isn't ironic enough, consider that every time malware authors pump out another set of mutations, they are nailing
Re: [Full-disclosure] НА: WPA attack improved t o 1min, MITM
Hello M. B., Symmetric ciphers are much less computationally intensive than asymmetric ciphers. So, in a situation where one has to encrypt and decrypt a lot of data quickly (as in the WPA setting) its better to use a symmetric cipher. -- Rohit Patnaik M.B.Jr. wrote: > Dear dr, > please, let me try to share and elucidate (with you and the list) one > specific and conceptual point about "802.11i" and AES that intrigues > me. > > I don't know if you can answer this, but it is worthy for reflection. > > So, > Rijndael (AES) is a symmetric block cipher. Why WPA2 uses symmetric > cryptography in a communication (which is an asymmetric situation)? > > > Regards, > > > > > On Wed, Aug 26, 2009 at 1:01 PM, Dragos Ruiu wrote: > >> On 26-Aug-09, at 7:35 AM, Rohit Patnaik wrote: >> >>> Do you have a link to the entire paper by any chance? The abstract >>> interests me, and I'd really like to read the whole thing. >>> >> Should have put this in as someone else already correctly pointed out: >> http://bit.ly/8qwQt >> >> The research team is scheduled to present an implementation of the >> attack at a conference on Sept. 25. >> >> cheers, >> --dr >> >> -- >> World Security Pros. Cutting Edge Training, Tools, and Techniques >> Tokyo, Japan November 4/5 2009 http://pacsec.jp >> Vancouver, Canada March 22-26 http://cansecwest.com >> Amsterdam, Netherlands June http://eusecwest.com >> pgpkey http://dragos.com/ kyxpgp >> >> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] НА: WPA attack improved to 1min, MITM
Hello, Do you have a link to the entire paper by any chance? The abstract interests me, and I'd really like to read the whole thing. Thanks, Rohit Patnaik Найденко Александр wrote: > - Исходное сообщение - > От: Dragos Ruiu > Отправлено: 26 августа 2009 г. 6:13 > Кому: Full-Disclosure mailing list > Тема: [Full-disclosure] WPA attack improved to 1min, MITM > > The Beck/Tews WiFi WPA attack presented at PacSec has been improved > (down to 1 min, MITM) by 2 .jp researchers (Ohigashi, Morii) > http://bit.ly/clCpm > Remember: avoid WPA/TKIP and force AES only encryption in WPA2 - > don't let your access point automatically fall back automatically to > the insecure TKIP/WPA mode, to be safe. (At least until any WPA2 > attacks are published ;-P) > > cheers, > --dr > > P.S. CanSecWest registration is now up, and a new Japanese PacSec > registration is live. June has been picked as the time for EUSecWest > in Amsterdam. > (hat tip: T Harada) > > > [Включен не весь текст исходного сообщения] > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (USA) Fighting the tyranny of fusion centers / JTTF harassment and profiling
ask...@hushmail.com wrote: > Was wondering what FD's opinions were on fusion centers. > > www.aclu.org/fusion > > They are essentially COINTELPRO survellience techniques employed by > the FBI-State-Local police to "gather intelligence" on people. > > And yeah, you guys fall into the scope. I was wondering what your > opinions were on this government surveillance stuff. > > Do you have local police (turned domestic intelligence agents) have > the sophistication and complexity to understand what you do? Or do > you think you'll end up like Ricardo Calixte, and get raided for > using Linux. http://www.eff.org/deeplinks/2009/04/boston-college- > prompt-commands-are-suspicious > > I was wondering what you thought abuse of power by the government. > And how to stop it. > > I think that cryptome and wikileaks is the way to go. If you see > the government doing something illegal, do you have the right to > break into their system and uncover the evidence? Google "plain > sight rule". Sure, if it's not that you'll probably go to jail, but > if you hit the gold mine of their corruption, you're set. > > Freedom of information? > > COINTELPRO was owned by citizen's investigation into the FBI. It > was illegal to search the FBI office. However, it offered a > sweeping change in legislative policy after, since the evidence > could be shown in congress. > > Where are all the upset feds? Blow the whistle. You can get your > info out 100% safe, Get TOR (http://www.torproject.org/). Post your > stories on this list, Wikileaks or Cryptome. > > This post was sponsored heavily by n3td3v intelligence > > ~~ n3td3v is not antisec. the metasploit method is ineffective. > ~~ you need to get "the intelligence feed" at > www.twitter.com/n3td3v. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > I'm not quite sure what you mean by the "plain sight rule". As I understand it, it means that evidence that a police officer sees "in plain sight" may be acted upon without prior authorization. How does that apply to me, an ordinary citizen of the USA? -- Rohit Patnaik ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
