Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!

[dramacrat]

why you gotta say shit like that

my spamfilter is crying now

2010/1/22 Rohit Patnaik 

> Heh.  I agree, but only because this month has been a fairly quiet one
> regarding n3td3v drama.
>
> --Rohit Patnaik
>
>
> On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras 
> wrote:
>
>> Vote +1 for "message of the month" award.
>>
>>
>>
>>
>>
>>
>> On Thu, Jan 21, 2010 at 2:22 PM,  wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> peep game nigga, peep game, feel us !
>>>
>>>
>>>
>>> - --Phrack High Council
>>> -BEGIN PGP SIGNATURE-
>>> Charset: UTF8
>>> Note: This signature can be verified at https://www.hushtools.com/verify
>>> Version: Hush 3.0
>>>
>>> wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz+
>>> yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R/
>>> fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uhY
>>> VpjBPQ4=
>>> =AsaL
>>> -END PGP SIGNATURE-
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs

[dramacrat]

inb4 front page news

2010/1/21 

> > Well, that's exactly what I'm saying.  Pretending that this is some kind
> new
> > exploit class simply because Google Wave is used is stupid.  This is the
> > logical extension of e-mail and instant message and social network
> attacks
> > to the next potential platform.
>
> Following in the history of the security community, we should coin a
> buzzword on this old issue with a new spin.
> WaveJacking sounds like a perfect fit.
> 
>
>
> > On Tue, Jan 19, 2010 at 8:10 PM,  wrote:
> >
> > > On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said:
> > > > Yeah, no kidding.  Surprise! Untrusted files can be malicious.  If
> you
> > > > accept files from those whom you do not trust, whether its via
> e-mail,
> > > > instant message, Google Wave, or physical media, you well and truly
> > > deserve
> > > > the virus that'll eventually infect your machine.
> > >
> > > Let's see.. *HOW* many years ago did we first see e-mail based viruses
> that
> > > depended on people opening them because they came from people they
> already
> > > knew?  'CHRISTMA EXEC' in 1984 comes to mind.
> > >
> > > The problem here is that Google Wave is for *collaboration* - which
> means
> > > that you're communicating with people you already know, and presumably
> > > trust to some degree or other. "Hey Joe, look at this PDF and tell me
> > > what you think" is something reasonable when the request comes from
> > > somebody
> > > who Joe knows and who has sent Joe PDF's in the past.
> > >
> > > I guarantee that if every time you receive a document that appears to
> be
> > > from
> > > your boss, you call back and ask if they really intended to send a
> document
> > > or
> > > if it's a virus, your boss will get very cranky with you very fast.
> > >
> > > Let's look at that original advisory again:
> > >
> > > >> An attacker could upload his malware to a wave and share it to his
> > > >> Google Wave contacts.
> > >
> > > Now change that to "An attacker could trick/pwn some poor victim into
> > > uploading
> > > the malware to a wave"  Hilarity ensues.
> > >
> > >
> > >
> > >
> >
> > --000e0cd2e002580025047da0b22e
> > Content-Type: text/html; charset=ISO-8859-1
> > Content-Transfer-Encoding: quoted-printable
> >
> > Well, that's exactly what I'm saying.=A0 Pretending that this is
> so=
> > me kind new exploit class simply because Google Wave is used is
> stupid.=A0 =
> > This is the logical extension of e-mail and instant message and social
> netw=
> > ork attacks to the next potential platform.
> > -- Rohit PatnaikOn Tue, Jan 19,
> 2010=
> >  at 8:10 PM,  < valdis.kletni...@vt.e=
> > du">valdis.kletni...@vt.edu> wrote: class=3D"g=
> > mail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin:
> 0pt=
> >  0pt 0pt 0.8ex; padding-left: 1ex;">
> > On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik
> said:
> > > Yeah, no kidding. =A0Surprise! Untrusted files can be malicious.
> =A0If=
> >  you
> > > accept files from those whom you do not trust, whether its via
> e-mail,=
> > 
> > > instant message, Google Wave, or physical media, you well and truly
> de=
> > serve
> > > the virus that'll eventually infect your machine.
> > 
> > Let's see.. *HOW* many years ago did we first see e-mail based
> vi=
> > ruses that
> > depended on people opening them because they came from people they
> already<=
> > br>
> > knew? =A0'CHRISTMA EXEC' in 1984 comes to mind.
> > 
> > The problem here is that Google Wave is for *collaboration* - which
> means > r>
> > that you're communicating with people you already know, and
> presumably<=
> > br>
> > trust to some degree or other. "Hey Joe, look at this PDF and tell
> me<=
> > br>
> > what you think" is something reasonable when the request comes from
> so=
> > mebody
> > who Joe knows and who has sent Joe PDF's in the past.
> > 
> > I guarantee that if every time you receive a document that appears to be
> fr=
> > om
> > your boss, you call back and ask if they really intended to send a
> document=
> >  or
> > if it's a virus, your boss will get very cranky with you very
> fast.
> > 
> > Let's look at that original advisory again:
> > 
> > >> An attacker could upload his malware to a wave and share it to
> his=
> > 
> > >> Google Wave contacts.
> > 
> > Now change that to "An attacker could trick/pwn some poor
> victim=
> >  into uploading
> > the malware to a wave" =A0Hilarity ensues.
> > 
> > 
> > 
> > 
> >
> > --000e0cd2e002580025047da0b22e--
> >
> >
> > --===1022691582==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> > --===1022691582==--
> >
> >
> http://www.cgisecurity.com/
>
> _

Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes

[dramacrat]

Fuck yeah.

Mozilla would be able to hire a few more developers, excellent! I've always
felt that they're held back by an overly small development team - while this
results in a clean, stable, fast browser, it means they can't support enough
other stuff :(

Oh... wait...

2010/1/21 James Matthews 

> Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
> forever. It doesn't suit their image.
>
> On Wed, Jan 20, 2010 at 6:30 AM, Christian Sciberras wrote:
>
>> On my IE6 this doesn't work (crash), but it does on IE7. I'm on WinXP Pro
>> SP3 DEP+.
>>
>>
>>
>>
>>
>> On Wed, Jan 20, 2010 at 11:57 AM, Berend-Jan Wever <
>> berendjanwe...@gmail.com> wrote:
>>
>>> Two NULL pointer crashes, they do not affect MSIE 8.0. Repros can be
>>> found here:
>>>
>>> http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/
>>>
>>> Cheers,
>>> SkyLined
>>>
>>> 
>>> Berend-Jan Wever 
>>> http://skypher.com/SkyLined
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> http://www.astorandblack.com
>
> --
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] NSOADV-2010-002: Google Wave Design Bugs

[dramacrat]

This is the stupidest advisory I have read on this list in at least two
months.

2010/1/19 NSO Research 

> _
> Security Advisory NSOADV-2010-002
> _
> _
>
>
>  Title:  Google Wave Design Bugs
>  Severity:   Low
>  Advisory ID:NSOADV-2010-002
>  Found Date: 16.11.2009
>  Date Reported:  18.11.2009
>  Release Date:   19.01.2010
>  Author: Nikolas Sotiriu (lofi)
>  Mail:   nso-research at sotiriu.de
>  URL:http://sotiriu.de/adv/NSOADV-2010-002.txt
>  Vendor: Google (http://www.google.com/)
>  Affected Products:  Google Wave Preview (Date: =< 14.01.2010)
>  Not Affected Component: Google Wave Preview (Date: >= 14.01.2010)
>  Remote Exploitable: Yes
>  Local Exploitable:  No
>  Patch Status:   partially patched
>  Discovered by:  Nikolas Sotiriu
>  Disclosure Policy:  http://sotiriu.de/policy.html
>  Thanks to:  Thierry Zoller: For the permission to use his
>  Policy
>
>
>
> Background:
> ===
>
> Google Wave is an online tool for real-time communication and
> collaboration. A wave can be both a conversation and a document where
> people can discuss and work together using richly formatted text,
> photos, videos, maps, and more.
>
> (Product description from Google Website)
>
>
>
> Description:
> 
>
> All this possible attacks are the result of playing 4 hours with Google
> Wave. I didn't check all the funny stuff, which is possible with the Wave.
>
>
>
> 1. Gadget phishing attack:
> --
>
> The Google Wave Gadget API can be used for phishing attacks.
>
> An attacker can build his own phishing Gadget, share it with his Google
> Wave contacts an hopefully get the login credentials from a user.
>
> This behavior is normal. The Problem is, that this "bug" makes it easier
> to steal logins.
>
>
> 2. Virus spreading attack:
> --
>
> Uploads Files are not scanned for malicious code.
>
> An attacker could upload his malware to a wave and share it to his
> Google Wave contacts.
>
>
>
> Proof of Concept :
> ==
>
> A proof of concept gadget can be found here:
> http://sotiriu.de/demos/phgadget.xml
>
>
>
> Solution:
> =
>
> 1. No changes made here.
>   Workaround: Don't trust Waves.
>
> 2. Google builds in AV scanning.
>
>
>
> Disclosure Timeline (/MM/DD):
> =
>
> 2009.11.16: Vulnerability found
> 2009.11.17: Sent PoC, Advisory, Disclosure policy and planned disclosure
>date (2009.12.03) to Vendor
> 2009.11.23: Vendor response
> 2009.12.01: Ask for a status update, because the planned release date is
>2009.12.03.
> 2009.12.03: Google Security Team asks for 2 more week to patch.
> 2009.12.03: Changed release date to 2009.12.17.
> 2009.12.15: Ask for a status update, because the planned release date is
>2009.12.17. => No Response
> 2009.12.21: Ask for a status update.
> 2009.12.29: Google Security Team informs me, that there are no changes
>made before 2010.01.03.
> 2010.01.14: Google Security Team informs me, that uploaded files will be
>now scanned for malware. Google Gadgets will be not updated.
> 2010.01.19: Release of this Advisory
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Maps XSS (currently unpatched)

[dramacrat]

ah, Google...

the only company in IT that can have an unpatched vulnerability
released to the world and get good publicity out of it.

Don't get me wrong, I'm not in the GoogleSucksAndIsEvil crowd... I
have friends that work for them, and I like to see a company like them
doing well.

Still, I can't help but suspect that one day in 50 years, Larry Page
is going to be lying on his deathbed when out of a puff of smoke
appears the Devil, who raises his trident and says "So, Mr Page, about
that soul you signed away..."

On 13/01/2010, Robin Sage  wrote:
> Google was quick on that one! It worked an hour and a half ago.
>
> - Robin
>
>
>
>
> 
> From: gaurav baruah 
> To: full-disclosure@lists.grok.org.uk
> Sent: Tue, January 12, 2010 6:20:32 AM
> Subject: [Full-disclosure] Google Maps XSS (currently unpatched)
>
> Google Maps XSS (currently unpatched)
>
> Discovered By -
> Pratul Agrawal (pratu...@gmail.com)
> Gaurav Baruah  (baruah.gau...@gmail.com)
>
>
> PoC -
> http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Surge in Skype Spam activity

[dramacrat]

h, shall I click a tinyurl coming from a f-d poster?

n/n, pick one

this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.

2010/1/11 Chen Levkovich 

> Surge in Skype Spam activity. http://tinyurl.com/yc38trm
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Chrome 3.0.195.33 leaks DNS data queries outsitde of proxy if dns pre-fetching is enabled

[dramacrat]

Oops, Milan - you did it again.

You remind me of those IRC users that feel the need to publicly announce
that they're placing someone on IGNORE... and then never actually do it,
because then the ignored user might say something mean about them and the
IGNORing user wouldn't be able to make their awesome comeback.

If your grammar and syntax are as bad in programming languages as in
English, you must be a real liability to employ.

2009/12/16 Milan Berger 

> On Wed, 16 Dec 2009 00:54:44 +1100
> dramacrat  wrote:
>
> > *first at all, send to the list please not to me personally and list
> > in cc.*
> > *
> > *
> > *Ignoring the grammar, that's exactly what you just did. And what I
> > just did, because that's default client behavior on a Reply-To-All.
> > *
>
> my junk filter feels happy to get more morons.
>
> --
> Kind Regards
>
> Milan Berger
> Project-Mindstorm Technical Engineer
>
> --
> project-mindstorm.net
> Humboldtstrasse 69
> 90459 Nuremberg
> Germany
>
> Tel.: +49 911 27 56 381
> Mob.: +49 176 22 98 76 02
>
>
> http://www.project-mindstorm.net
> http://www.digital-bit.ch
>
> twitter: http://twitter.com/twit4c
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Chrome 3.0.195.33 leaks DNS data queries outsitde of proxy if dns pre-fetching is enabled

[dramacrat]

*first at all, send to the list please not to me personally and list in
cc.*
*
*
*Ignoring the grammar, that's exactly what you just did. And what I just
did, because that's default client behavior on a Reply-To-All.
*
2009/12/16 Milan Berger 

> Hi Vlad,
>
> first at all, send to the list please not to me personally and list in
> cc.
>
> > (a) If you have a better way than a Tor proxy to avoid DNS leaks from
> > programs that don't DNS-proxy themselves, feel free to actually *tell*
> > us what it is, rather than just babble "they aren't the best way".
> > Given you got the *other* point totally wrong, we have no reason to
> > believe a content-free 'not the best way' unless you actually have an
> > evaluatable statement like 'XYZ is better'.
>
> I think there are better ways than TOR this is what I actually said.
> 'not the best way' meant TOR. Hope this explains it much better.
>
>
> --
> Kind Regards
>
> Milan Berger
> Project-Mindstorm Technical Engineer
>
> --
> project-mindstorm.net
> Humboldtstrasse 69
> 90459 Nuremberg
> Germany
>
> Tel.: +49 911 27 56 381
> Mob.: +49 176 22 98 76 02
>
>
> http://www.project-mindstorm.net
> http://www.digital-bit.ch
>
> twitter: http://twitter.com/twit4c
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft: ‘Piracy no longe r poses a threat to us’

[dramacrat]

Hahaha.

How many legit copies of Windows 7 Ultimate have they sold? Three? Or was it
four?

I guess this is their way of competing with free software... making
*their* software
free (yes, yes, money-free vs freedom-free, i know) except to those thick
enough (or lawsuit vulnerable enough, ie governments and corporations) to
pay.

2009/12/3 S/U/N 

>  Sure, dude, " please just STEAL my soft, that's gonna kill competitors"
> IE: what happend to PaintShopPro vs Photoshop?
>
>   Cluster #[[   Ivan .   ]] possibly emitted, @Time
> [[   03/12/2009 06:24   ]] The Following #String  **
>
> In a recent interview, managing director of Microsoft Philippines Inc.,
> John Bessey, has claimed that piracy no longer poses a threat to the
> software giant.
>
> http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] more on that

[dramacrat]

well, all that really depends on the theory that the OP actually read it
prior to executing it.

2009/11/26 Andrew Farmer 

> On 24 Nov 2009, at 13:41, Tyler Durten wrote:
> > And this is what I'm talking about:
> > http://seclists.org/fulldisclosure/2005/Apr/412
>
>
> ... which reads, in part:
> > main()
> > {
> >
> > //Section Initialises designs implemented by mexicans
> > //Imigrate
> > system(launcher);
> > system(netcat_shell);
> > system(shellcode);
>
> I can understand possibly overlooking something clever (like a fake exploit
> that buffer-overflows itself), but this isn't even marginally subtle.
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Remote DoS condition in harbour.pl

[dramacrat]

Versions of harbour.pl (up to and including build 1941) are vulnerable to a
remote Denial of Service attack.

Spamming "zeroes" (null packets) to port 1207 results in a large portion of
system resources being tied up.

Please update to build 1945 as soon as possible.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

[dramacrat]

They're ORs, unfortunately. The language is unclear but it seems to be one
of those infernal boilerplate pieces of shit that basically invalidate the
assurances as to privacy.

You could still probably press the suit. "Unauthorised use" has recently
been defined and redefined, it's an evolving piece of law and if you have
the resources to get a jury trial they'll *want* to find in favor of the
plaintiff, which is more important than you might expect.

2009/11/20 mrx 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Michael Holstein wrote:
> >> What Greenbaum did was against the privacy policy of the site:
> >>
> >
> > You seem to be missing the part where the comment was removed (several
> > times) and re-posted.
> >
> >  From : http://www.stltoday.com/help/privacy-policy
> >
> > "..to protect against misuse or unauthorized use of our web sites"
> >
> >
> > Cheers,
> >
> > Michael Holstein
> > Cleveland State University
>
>
> So what? Ban the IP address. Admittedly a childish comment but the site is
> hardly one that is frequented by children.
> imho Mr K. Greenbaum should be fired and sued.
>
> And Mr Holstein you seem to be using your quote above out of context...
>
> Compliance with Legal Process
> We may disclose personal information if we or one of our affiliated
> companies is required by law to disclose personal information, or if we
> believe in good faith that such action is necessary to comply with a law or
> some legal process, to protect or defend our rights and property, to
> protect against misuse or unauthorized use of our web sites or to protect
> the personal safety or property of our users or the public.
>
> INAL, however I ask where is the legal process in this matter?
>
>
> regards
> mrx
>
> - --
> I am not an expert, I have much to learn, I make mistakes.
> My words are just opinions which may or may not reflect the truth.
> Be kind to others, yet trust no one.
>
> http://www.propergander.org.uk
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEVAwUBSwXFRrIvn8UFHWSmAQIwtwf/VNGjwG1wW7wd2BlUYf1XiQyG+DnjUGwQ
> GLrHcda/hGBw912diOjSGfVEe3jZSgfrK3SAH2lIrRfMK/I+n6IJxzKOks41Ojmo
> 14DsWiuc/58aAF1Y0heK94Wm1jfzIqMx9GjR7iKLKKAW94YULyCh90xRgwIToNeO
> WsxT0wP+f5XvZubCpXPVRGQV42XW1kg84t5dzPZXkjiii5dL6hSF7XBOLOrBejry
> EMw+Eh3RUy1Jm4pjlzOwOUhm0BlHdYwzf+GPNs7X+wCE975gZ6K5P8T+UdvJP7nT
> qL/jC7S8qNyVi2SBlURKLRaJm50GYv/dY9QDFLwWklcflymw67fMkw==
> =tE1f
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How Prosecutors Wiretap Wall Street

[dramacrat]

The only "property" in a tweet or email is intellectual property, and that
remains the property of the sender... in my jurisdiction, at least, which
isn't even a US one.

Also, this is the most pathetic nerd-fight I have seen for many a year.

2009/11/10 Paul Schmehl 

> I fail to see how that applies.  The law of bailment basically means that
> you continue to own a possession, the physical possession of which you
> *temporarily* grant to another party.  (Allowing someone to drive your car,
> for example, but expecting them to return it when they're done.)
>
> When you send a twitter or email, etc., you don't have any intention of
> continuing to possess the "property".  The reason you sent the
> communication is so that someone else could *receive* it from you, not so
> they could "watch" it for you temporarily.  When you send a letter to
> someone you don't continue to possess the letter.  The recipient does.
>
> --On Monday, November 09, 2009 10:40 AM -0500 glenn.everh...@chase.com
> wrote:
>
> > The law of bailment applies, I would submit, to information sent on
> > wires. The act of sending something out is not handing it to the public
> > domain (though it may arrive in the public domain, depending on intent).
> > However the law of bailments seems to have been ignored by many, even
> > though it has been around for hundreds of years.
> >
> > (mind: I am not a lawyer - have just read some books - and speak for
> > myself.)
> >
> >
> > -Original Message-
> > From: full-disclosure-boun...@lists.grok.org.uk
> > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Paul
> > Schmehl
> > Sent: Saturday, November 07, 2009 8:53 PM
> > To: full-disclosure@lists.grok.org.uk
> > Subject: Re: [Full-disclosure] How Prosecutors Wiretap Wall Street
> >
> > --On November 7, 2009 4:06:42 PM -0600 mikelito...@hushmail.com wrote:
> >
> >>
> >>> But to gather intelligence about what terrorists are up to, even
> >> if a US citizen is involved, should not require a warrant.
> >>
> >> This is all well and good, until the definition of terrorist is
> >> changed and you become labeled a "terrorist" because your "reason"
> >> is suddenly counterproductive to someone else's "opinion".  You
> >> must apply the warrant requirement consistently.  Otherwise, when
> >> interpretation of the word "terrorist" changes, it affects the
> >> meaning of the law.
> >
> > Sure.  I agree with that.  I think it's also important that law
> > enforcement activities have much more stringent requirements than
> > military
> > intelligence has.  The former is directed toward citizens, the latter
> > toward enemies the military has to deal with.
> >
> >> And call me crazy, but I'm just not willing to
> >> assume that someone won't abuse the power of being able to surveil
> >> US citizens and do exactly what Nixon did, spy on their
> >> competition/detractors.  Surely you can admit that some people do
> >> things that they wouldn't normally do when big money and big power
> >> are involved.  After all, "Those who cannot learn from history are
> >> doomed to repeat it."  Don't be so naive to think it can't happen
> >> again.
> >>
> >
> > Of course.  I've never said they didn't.  In fact I've stated that
> > people
> > in government have the same range of motives that people not in
> > government
> > have, including the seven deadly sins, if you will.  But I've also
> > pointed
> > out that they are not totally evil either, as some seem to think.  There
> >
> > are also good people in government just as there are in every other walk
> >
> > of life.
> >
> >>> Intelligence works best in a world of secrecy.
> >>
> >> So does deception.  Significantly more so, in fact.
> >>
> >>> As I've pointed out now several times, it's analogous to people
> >> that get all hot and bothered by the fact that admins have access
> >> to the data on their computers.
> >>
> >> Yes, but that computer probably doesn't belong to me but instead to
> >> my employer.  If it belongs to me, you better have a policy that
> >> prevents me from using it at work, and/or a login disclaimer
> >> informing me of your right to monitor what I do if I connect to
> >> your network.  If not, you better damn well have a warrant if you
> >> want to take a look at my property.
> >
> > Therein lies the rub.  Whose property are the bits on the wire?  Once
> > you've clicked on send, be it email or im or twitter or whatever, does
> > that transmission still belong to you?  I would submit that it does not,
> >
> > and that the privacy laws that protect you and your house and belongings
> >
> > can no longer be sensibly applied.
> >
> > Even you send a "private" email, to whom does it belong while it's in
> > the
> > process of transmission?
> >
> >> And as far as I know, there's
> >> no login disclaimer on the interwebs that allows the government to
> >> monitor what I do on that network, nor on the telephone, or my
> >> mobile phone contract.
> >>
> >
> > Really?  To whom does yo

Re: [Full-disclosure] How to receive SPAM mail

[dramacrat]

If you want to be spammed, join full-disclosure.

2009/11/7 Michael Holstein 

>
> > I have a SPAM filter and virus firewall testing.
> > So, I want to get the real SPAM is sent to a specific email address.
> > What better way is there anything?
> >
>
> I had to do a similar thing when doing a spam-appliance "vendor
> shakedown" .. what I did was setup a subdomain
>
> eg: test.mycompany.com
>
> and then create email IDs within that subdomain that had valid mailboxes
>
> eg: b...@test.mycompany.com, su...@test.mycompany.com, etc.
>
> and then I used Google to search for "free offers" and "work from home",
> etc. and entered those IDs on about 100 different sites. There's tons of
> sites out there that you can sign-up for "hundreds of free offers" and
> whatnot.
>
> Within days I was getting hundreds of messages per day for each ID.
>
> Note .. they have to be valid mailboxes because you frequently need to
> reply to the "activation" email to make them work. You could setup a
> little script to wget any links in emails received and do "-O /dev/null"
> with the results .. but I just had all the accounts configured on a test
> machine in thunderbird so I could view what came through and the
> resulting "junk summary" emails.
>
> The advantage of doing it as a subdomain (or just register another test
> domain) is that you can make the traffic go away entirely by deleting
> the DNS record.
>
> Regards,
>
> Michael Holstein
> Cleveland State University
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]

[dramacrat]

So if I'm to understand you correctly, "gobbles 1337", Weev's mother or a
family member was searching the family name randomly on Google, came across
these threads, did *not* email the list but instead emailed you with a long
list of abuse about Weev, within which she did not disclose any information
about her own son that you did not know already; despite the fact that as
his mother she would surely be privy to such information. She also, if I am
to believe your emails, did not disagree with you on any point. You then
kindly stripped the email formatting and rather than forwarding the email to
the list, pasted it into your own email so that it would seem almost as
though *you* wrote these emails!

How strange.

2009/10/5 GOBBLES 

> Mr. Auernheimer,
>
> That's true. I'm not a hacker.
>
> Also, sorry for not clarifying that I use mrxisaplant too.
>
> Here is more correspondance received from your mom (added paragraph
> breaks):
>
> Actually, Andrew has no relationship to designadventures or sealpac. Years
> ago before sealpac came the US market, Andrew grabbed the domain name
> (before we knew anything about his mental issues). We want it back. We
> didn't even remember until this week that his name was on it as we paid for
> several years in advance and the recent renewal was paid by credit card.
> Design Adventures is my little interior design business-never had a thing
> to
> do with Andrew. Design Adventures and Sealpac have nothing to do with
> Andrew
> and have never done business with Andrew. In fact, even as parents we have
> never financially supported him since he left home. Years ago our
> communication with him was come home, get help, go to school and we will
> then and only then support you. He refused.
>
>  Andrew was never abused or neglected. When he lived with us he was a
> totally different person, prior to his substance abuse issues. He became a
> different person in Cal. He had to get as far away from us as he could to
> participate in this kind of behavior because we would have called the cops
> and kicked his ass to the curb.
>
>  From his postings he is deranged and a drug addict. We are not asking for
> sympathy for him. Andrew has been detained by the FBI twice this year? They
> didn't do anythin...@#!!! I don't know what the strategy should be for you
> or I if the FBI won't do anything to stop him and we can't find him.
> You don't want to call the FBI and we don't care if you do, if they need to
> they will contact you. Andrew's name has been available online for years so
> it never even occurred to me to disclose his name but I also spoke to law
> enforcement a year ago so even they knew.
>
> There are so many crazies on the
> web just like Andrew and we simply stopped trying with him when he went to
> California years ago. He would not give us his address or location.
> Truthfully, until about a year ago we didn't even know about this ugly,
> racist rhetoric because we weren't wasting our days looking.
>
> Many years ago
> he was online railing against Bill O'Reilly and the far right and saying
> anything to inflame. He used to be a radical liberal. I think he is so
> crazy
> now that he might be convinced that martians are ruining his life, not
> Jews.
> He's nuts. Sadly he is not alone. I could not believe, when I finally got
> wind of his livejournal, how many people were posting horrible things in
> agreement. I felt physically sick. All of those people are also a danger
> and
> who knows who those people are. They were smart enough to not post their
> own
> photos and link their real names to their ugly words. They may be more of a
> danger because we don't know who they are.
>
>
>  Original Message 
> From: Andrew A 
> To: GOBBLES 
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo
> Doc(TM) revision #1]
> Date: Sun, 4 Oct 2009 12:33:13 -0500
>
>
> Mr. Learner,
>
> You really are hilarious. I can infer one thing from your posts: you aren't
> a hacker, and you find this really awkward and aren't sure how this whole
> ruin thing works.
>
> You have no access to data that I have not made public. Once again, the
> only thing you found out was my name, which I put on my livejournal. Big
> deal. The rest was google-able. You really don't have anything. You also
> don't understand how to make this whole doxdrop deal effective and dramatic.
> You save up everything you can until you find a piece of data which is
> psychologically damaging to the target. You have to essentially find them
> guilty of wrongdoing, like using a nonprofit to defraud people, or sucking
> dicks for money. This whole thing where you post somebody's parents address,
> big deal. Everybody's got parents unless they're orphaned. Those parents
> inevitably live somewhere. If I were a basement dwelling loser, this tactic
> might be effective. Unfortunately I live on 60 acres in the sticks and have
> hungry dogs and guns. Not much you

Re: [Full-disclosure] So weev...

[dramacrat]

I wouldn't be too concerned if I was weev.

A guy who uses phrases like *alleged suspect* and* likelihood chance* is
after him! Oh dear, he must be going to accuse weev of being an *illegal
criminal*!

2009/10/3 GOBBLES 

> This is about fighting crime. Not about putting your stuff into the alleged
> suspect's mother.
>
> Please have some sense of courtesy and professionalism.
>
> *ISRAEL*
> Internet Sleuth, Richard Anderson,
> Electronic Lawyer
>
>
>  Original Message 
> From: BMF 
> To: GOBBLES 
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] So weev...
> Date: Fri, 2 Oct 2009 17:08:40 -0700
>
>
> On Fri, Oct 2, 2009 at 4:57 PM, GOBBLES  wrote:
>
>> There is a strong likelihood chance we can get Andrew into prison for his
>> criminal activity.
>>
>
> Sweet! I love to send people to Federal "Pound me in the ass" Prison! While
> Bubba is fudgin' this "weev" character I can be fudgin' his momma!
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] So weev...

[dramacrat]

Man, you guys are real elite hackers. You can get into *#ed* and read the
chat. Holy fuck, you penetrated the public channel of Encyclopedia
Dramatica, which as we all know is the world's most elite hacker crew.

2009/10/2 Wintermute 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> We are glad this is being taken well:
>
> 02:23  i read what the kikes did to you
> 02:23  i raged :(
> 02:24  lol
> 02:24  i dont mind
> 02:24  theyre doin me a favor
>
> ...because as a 5'4", 130-pound guy, there is not much that you can
> do *but* take this sort of thing well. We would not want to see
> little Andrew overexert himself.
>
> WINTERMUTE
>
> On Thu, 01 Oct 2009 22:43:12 -0500 GOBBLES  wrote:
> >I posted on here earlier as netdev.doctor questioning weev on how
> >he feels psychologically.
> >
> >*spins weev around*
> >*grins*
> >
> >I feel such invigorating justice seeing your real identity
> >mirrored. Redundancy. Freedom of information.
> >
> >I hypothesize weev may possibly kill himself, unfortunately. I'm
> >unsure how to approach it because I hear he may have left the
> >United States. If not, he'll cling on like a Michael Crook kinda
> >guy (which he is closely emulating nowadays).
> >
> >These kids are like mean infants.
> >
> >If I were in your shoes, I would intellectually be considering
> >ending my life. However that's just me.
> >
> >I don't think you should. However, if it were me, it would stop
> >the
> >pain, and my life path that I really couldn't ever fix now.
> >
> >This is purity. This is what happens when you become arrogant,
> >come down here with orders from God. You get crucified bitch.
> >Just like Jesus. Your hung on a cross the same place you ruined
> >people's lives.
> >
> >plz advz
> >hep
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQMCAAYFAkrFoLgACgkQAN7xmh8YPB3xOwP/YUfwdfS+i/towpDsMKZVZPYOOfmB
> HcKiqGAKoA0pZzbBZmwtDL8AtoP3O4rY7/SuDEDmukGBv2cJ25JSWqtlB7xqF1Xm0HsL
> BPCwhO5/2bBk4UCYHAKlbM1DpzauqYQBFcoRk6peWZV0TNdSWV2d+VK5HX6JX15FNzxO
> 8sZ4Wdk=
> =J2Jd
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers

[dramacrat]

yes yes, the local root shouldn't know the passwords of the users just like
the users shouldn't reuse passwords.

But we're meant to be dealing with the real world, right?

2009/9/30 

> >> All standard users have read access to /var/log/auth, so if root
> >
> > they shouldn't, at least on my default debian they don't ...
> >
> > b
> >
>
> Even the (local) root shouldn't know the passwords of the users. They
> often uses it on other systems
>
> JFCh
>
>
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd

[dramacrat]

yes. who the fuck is this weev guy, anyway?

2009/9/17 zewb 

>  Same here. I wanted to learn about security flaws and instead it's just
> all these dumb fags pretending they've doxed some big important person. What
> the fuck is this, 4chan or something? It's full disclosure of security
> holes, not full disclosure of the full names of people because they trolled
> the ux designer you have a crush on or something.
>
> Stop trying to impress everyone by saying you found some guy's dox. Even if
> you really did find them, I still don't really care. Apparently you think
> this weev guy is some kind of celebrity or something, but I've never heard
> of him and I don't care about the little grudge you have against him, so
> stop filling my inbox with you're dumb autistic retardery. Seriously, just
> get a fucking blogspot account or something and post all the shit there so I
> can go to my fucking inbox and not have to sift through all this shit.
>
> - Original Message -
> *From:* BMF 
> *To:* full-disclosure@lists.grok.org.uk
> *Sent:* Wednesday, September 16, 2009 11:27 PM
> *Subject:* Re: [Full-disclosure] Andrew Auerenheimer aka weev gets tree'd
>
> WTF is up with this mailing list? I signed up a few weeks ago expecting
> "full disclosure" of security exploits or at least good security discussion.
> Instead what I got was full disclosure of how idiotic skr1p7 k1dd13z can be.
>
> BMF
>
>  --
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hack-Mail.net or similar site

[dramacrat]

How could you question them? They "Are Completely annonymous"!

2009/9/12 TheLearner 

> Sounds like a sting operation.
>
> I mean, can you read this? They're talking to you like putting
> hacked password in white text on white paper makes it less illegal
> and somehow legit.
>
> A shakespear script?
>
> Those sites are set up to find people who want to break federal
> law. I'm 100% if you go through the process and buy it you'll be
> indicted.
>
> TheLearner
> aka
> mrx
>
> On Fri, 11 Sep 2009 09:46:27 + mamo  wrote:
> >Hello,
> >
> >What do you think of web site like Hack-Mail.net or similar one?
> >Do they really work and how?
> >
> >Thank you,
> > Mamo
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail

[dramacrat]

fuck.kaminsky

2009/9/11 Dan Kaminsky 

> Beyond that, most web applications that do use SSL, still forget to set
> their cookies to secure (see
> http://fscked.org/blog/incomplete-list-alleged-vulnerable-sites ).  Not to
> mention the hordes of sites that have SSL logins off HTTP pages.  Even the
> oft-repeated "well, the attacker won't get the plaintext password" claim
> falls to the attacker who inserts some screen or keyboard sniffing JS into
> the login page.
>
> That being said, there probably is some class of attacker that can only do
> passive monitoring as opposed to active interception.  But it's not exactly
> a quantization to hang one's hat on.
>
>
>  On Thu, Sep 10, 2009 at 5:36 PM, awf awf  wrote:
>
>>  And?  Every web application sends passwords as plain text unless they
>> are using SSL.  Pretty much any "encryption" that they may do client side
>> that isn't SSL is meaningless.  I hardly see how being able to sniff
>> passwords from a site that isn't using SSL is big news.
>>
>> --
>> Windows Live: Make it easier for your friends to see what you’re up to on
>> Facebook. Find out 
>> more.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Web-monitoring software gathers data on kid chats

[dramacrat]

hahahaha oh man, that's grand.

2009/9/9 Ivan . 

> Parents who install a leading brand of software to monitor their kids'
> online activities may be unwittingly allowing the company to read
> their children's chat messages — and sell the marketing data gathered.
>
> Software sold under the Sentry and FamilySafe brands can read private
> chats conducted through Yahoo, MSN, AOL and other services, and send
> back data on what kids are saying about such things as movies, music
> or video games. The information is then offered to businesses seeking
> ways to tailor their marketing messages to kids.
>
>
> http://www.google.com/hostednews/ap/article/ALeqM5i5CjgMEdrwRm3JxeglUykMAHAYmAD9AGNVM00
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

[dramacrat]

He's a friendless loser with no skills nor intelligence. There's probably
twenty million of them on the internet; the only difference between this one
and the others is that Michael hasn't discovered /b/ yet.

2009/8/25 Michael Crook 

> "Some kid died. I want someone caring liberal to hug me, but no!"
>
> You may remember me from such films as the EFF DMCA apology. I'm
> afraid he may take the next step and become a risk to himself or
> others.
>
> He spends his spare time proselytizing extremist and radical
> viewpoints on my blog in order to gain attention for himself. He
> celebrates the death of others in schadenfreude ways.
>
> Because of his acting like he has nothing to lose, I believe he's a
> lonewolf and a definite potential terrorist.
>
> Psychologically, I think he fantasizes for woman to reach out to
> him.. To be the mother he never had. I think he wants a liberal,
> surrogate mother. But in reality, he would merely exhaust the
> caring of her. He's not fixable.
>
> "I want someone to mother me. But it can't help. I cursed with this
> hate. This is my nature now. My scars."
>
> I wanted to give a heads up to the federal authorities. This guy
> looks like a nutter. He should be placed under surveillance 24-7 to
> make sure he doesn't do anything funny.
>
> I'm guessing in his loneliness he gets pretty dejected and
> depressed at times. "Why don't people know me for who I *really*
> am." But all they see is his attention-gaining shocks. He's a sure
> thing.
>
> http://tips.fbi.gov - Send in everything you know, paste them this
> tip.
>
> Federal authorities (SS, FBI, HLS) You can visit his blog at
> www.michaelcrook.org, or googling "Michael Crook". Study him good.
>
> ~ John Doe / n3td3v (http://www.twitter.com/n3td3v)
>
> P.S. This is an anonymous, however, he's genuinely a threat. You
> can clearly see by googling his name he means business and fits the
> profile of a lone wolf.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/