subject:"\[Full\-disclosure\] WTF"

Re: [Full-disclosure] WTF

2011-05-08 Thread Sagar Belure

Hi,

On Sat, May 7, 2011 at 12:19 AM, Gustavo gustavorober...@gmail.com wrote:

 WTF ?

 notebook:~$ ping www.compusa.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 
 ms

 notebook:~$ ping www.tigerdirect.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 
 ms


Hehe...This is funny.
Well, to me, *bh.georedirector.akadns.net* seems to be the culprit.

Here is what I got on my box...

$ host compusa.com
compusa.com has address 206.191.131.89
compusa.com mail is handled by 10 mail.highspeedbackbone.net.
$ host www.compusa.com
www.compusa.com is an alias for compusa.syx.com.akadns.net.
compusa.syx.com.akadns.net is an alias for bh.georedirector.akadns.net.
bh.georedirector.akadns.net has address 127.0.0.1
$ host tigerdirect.com
tigerdirect.com has address 206.191.131.89
tigerdirect.com mail is handled by 10 mail.highspeedbackbone.net.
$ host www.tigerdirect.com
www.tigerdirect.com is an alias for wwwtigerdirect.syx.com.akadns.net.
wwwtigerdirect.syx.com.akadns.net is an alias for bh.georedirector.akadns.net.
bh.georedirector.akadns.net has address 127.0.0.1

Even if you ask same questions to OpenDNS(208.67.222.222) or Google
DNS servers(8.8.8.8)
They say...

$ host bh.georedirector.akadns.net 208.67.222.222
Using domain server:
Name: 208.67.222.222
Address: 208.67.222.222#53
Aliases:

bh.georedirector.akadns.net has address 127.0.0.1
$ host bh.georedirector.akadns.net 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

bh.georedirector.akadns.net has address 127.0.0.1


OR asking same thing to some of Nameservers of akadns.net, I got...

$ host -t ns akadns.net
akadns.net name server eur1.akadns.net.
akadns.net name server zc.akadns.org.
akadns.net name server zd.akadns.org.
akadns.net name server use3.akadns.net.
akadns.net name server asia9.akadns.net.
akadns.net name server zb.akadns.org.
akadns.net name server usw2.akadns.net.
akadns.net name server za.akadns.org.
akadns.net name server use4.akadns.net.
$ host bh.georedirector.akadns.net eur1.akadns.net
Using domain server:
Name: eur1.akadns.net
Address: 195.59.44.134#53
Aliases:

bh.georedirector.akadns.net has address 127.0.0.1
$ host bh.georedirector.akadns.net asia9.akadns.net
Using domain server:
Name: asia9.akadns.net
Address: 222.122.64.133#53
Aliases:

bh.georedirector.akadns.net has address 127.0.0.1
$ host bh.georedirector.akadns.net za.akadns.org
Using domain server:
Name: za.akadns.org
Address: 96.6.112.198#53
Aliases:

bh.georedirector.akadns.net has address 127.0.0.1


Just my two cents.

BTW, if anyone has any idea, is this intentional or something?

Thanks,
Sagar Belure
Security Analyst
Secfence Technologies
www.secfence.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

2011-05-07 Thread Valdis . Kletnieks

On Fri, 06 May 2011 15:49:31 -0300, Gustavo said:
 WTF ?
 
 notebook:~$ ping www.compusa.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.

www.compusa.com and www.tigerdirect.com are Akamai'zed.  They play DNS games to
point you at the nearest Akamai cache server (technically speaking, they use
the one nearest your DNS resolver).   So for www.compusa.com, it goes something
like this:

www.compusa.com.60  IN  CNAME   compusa.syx.com.akadns.net.
compusa.syx.com.akadns.net. 300 IN  CNAME   www.compusa.com.edgekey.net.
www.compusa.com.edgekey.net. 300 IN CNAME   e3531.b.akamaiedge.net.
e3531.b.akamaiedge.net. 20  IN  A   173.223.190.102

(The final akamaiedge.net address will depend on where in the Internet you are)

The fact that bh.georedirector.akadns.net got referenced in the ping most
likely means Akamai got confused where you are and has no *clue* which cache
is closest to you.





pgpZF8R6baZzf.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

2011-05-07 Thread Gino

Guess you got nulled

On 05/06/2011 11:49 AM, Gustavo wrote:
 WTF ?
 
 notebook:~$ ping www.compusa.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 
 ms
 
 notebook:~$ ping www.tigerdirect.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 
 ms
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




0x34C1CCB7.asc
Description: application/pgp-keys
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

2011-05-07 Thread Kevin Fealey

Works fine for me on Windows.

C:\ping www.compusa.com

Pinging e3531.b.akamaiedge.net [96.17.206.102] with 32 bytes of data:
Reply from 96.17.206.102: bytes=32 time=15ms TTL=58
Reply from 96.17.206.102: bytes=32 time=16ms TTL=58
Reply from 96.17.206.102: bytes=32 time=16ms TTL=58
Reply from 96.17.206.102: bytes=32 time=16ms TTL=58

Ping statistics for 96.17.206.102:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms

On Sat, May 7, 2011 at 12:27 AM, ksha k...@mitm.cl wrote:


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 On 05/06/2011 11:15 PM, Nick Boyce wrote:
  On Fri, May 6, 2011 at 6:49 PM, Gustavo 
  gustavorober...@gmail.comgustavorober...@gmail.com
  wrote:
 
  WTF ?
 
  notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net
  (127.0.0.1) 56(84) bytes of data. 64 bytes from
  localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019
  ms
 
  Same here ... this time on Windows :
 
  F:\ping www.compusa.com
 
  Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of
  data:
 
  Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from
  127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32
  time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128
 
  Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4,
  Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
  Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
  F:\nslookup www.compusa.com Server:  Address: 9
 
  Non-authoritative answer: Name: bh.georedirector.akadns.net
  Address: 127.0.0.1 Aliases: www.compusa.com,
  compusa.syx.com.akadns.net
 
 
  Normally I'd say that's a DNS config screwup, which would make
  them unreachable (since their website is not on my system).
  However, Google seems to be able to reach them if you use the site
  preview option in the search results :
  http://www.google.com/search?q=www.compusa.com
 
  Curious.
 
  Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721
 
  Nick -- Leave the Olympics in Greece, where they belong.
 
  ___ Full-Disclosure -
  We believe in it. Charter:
  http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
  sponsored by Secunia - http://secunia.com/

 About dns

 ;; ADDITIONAL SECTION:
 ns01.highspeedbackbone.net. 240003 INA199.181.77.21
 ns02.highspeedbackbone.net. 240003 INA199.181.78.22
 ns03.highspeedbackbone.net. 240003 INA199.181.77.23
 ns04.highspeedbackbone.net. 240003 INA199.181.78.24

 testing one by one ...

 [ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR

 ;  DiG 9.8.0  compusa.com @199.181.77.21 AXFR
 ;; global options: +cmd
 ; Transfer failed.
 [ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR

 ;  DiG 9.8.0  compusa.com @199.181.78.22 AXFR
 ;; global options: +cmd
 ; Transfer failed.
 [ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR

 ;  DiG 9.8.0  compusa.com @199.181.77.23 AXFR
 ;; global options: +cmd
 ; Transfer failed.


 and the last allow zone transfer.

 compusa.com.86400INSOAns03.highspeedbackbone.net.
 hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600
 compusa.com.86400INTXTv=spf1 ip4:206.191.131.0/24
 mx -all
 compusa.com.86400INMX10 mail.highspeedbackbone.net.
 compusa.com.86400INNSns01.highspeedbackbone.net.
 compusa.com.86400INNSns02.highspeedbackbone.net.
 compusa.com.86400INNSns03.highspeedbackbone.net.
 compusa.com.86400INNSns04.highspeedbackbone.net.
 compusa.com.900INA206.181.131.221
 compusa.com.900INA206.181.131.220
 nap.miadk._domainkey.compusa.com. 5 INTXTt=y\;

 p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;
 nap.miadkim._domainkey.compusa.com. 5 IN TXTv=DKIM1\; t=y:s\;

 p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;
 _sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com.
 answers.compusa.com.86400INCNAME
 web220.highspeedbackbone.net.
 autodiscover.compusa.com. 300INA10.100.100.108
 community.compusa.com.86400INCNAME
 web220.highspeedbackbone.net.
 comp.compusa.com.900INA206.181.131.89
 comp.compusa.com.900INA206.181.131.49
 dubdubdub.compusa.com.60INCNAME
 www.compusa.com.edgekey.net.
 forums.compusa.com.86400INCNAME
 web220.highspeedbackbone.net.
 help.compusa.com.86400INNSns02.highspeedbackbone.net.
 help.compusa.com.86400INNSns01.highspeedbackbone.net.

[Full-disclosure] WTF

2011-05-06 Thread Gustavo

WTF ?

notebook:~$ ping www.compusa.com
PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms

notebook:~$ ping www.tigerdirect.com
PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 ms

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

2011-05-06 Thread Nick Boyce

On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com wrote:

 WTF ?

 notebook:~$ ping www.compusa.com
 PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1
 ttl=64 time=0.019 ms

Same here ... this time on Windows :

F:\ping www.compusa.com

Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time1ms TTL=128
Reply from 127.0.0.1: bytes=32 time1ms TTL=128
Reply from 127.0.0.1: bytes=32 time1ms TTL=128
Reply from 127.0.0.1: bytes=32 time1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

F:\nslookup www.compusa.com
Server:  
Address:  9

Non-authoritative answer:
Name:bh.georedirector.akadns.net
Address:  127.0.0.1
Aliases:  www.compusa.com, compusa.syx.com.akadns.net


Normally I'd say that's a DNS config screwup, which would make them
unreachable (since their website is not on my system).  However,
Google seems to be able to reach them if you use the site preview
option in the search results :
http://www.google.com/search?q=www.compusa.com

Curious.

Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721

Nick
--
Leave the Olympics in Greece, where they belong.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

2011-05-06 Thread ksha


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/06/2011 11:15 PM, Nick Boyce wrote:
 On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com
 wrote:

 WTF ?

 notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net
 (127.0.0.1) 56(84) bytes of data. 64 bytes from
 localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019
 ms

 Same here ... this time on Windows :

 F:\ping www.compusa.com

 Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of
 data:

 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from
 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32
 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128

 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4,
 Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms

 F:\nslookup www.compusa.com Server:  Address: 9

 Non-authoritative answer: Name: bh.georedirector.akadns.net
 Address: 127.0.0.1 Aliases: www.compusa.com,
 compusa.syx.com.akadns.net


 Normally I'd say that's a DNS config screwup, which would make
 them unreachable (since their website is not on my system).
 However, Google seems to be able to reach them if you use the site
 preview option in the search results :
 http://www.google.com/search?q=www.compusa.com

 Curious.

 Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721

 Nick -- Leave the Olympics in Greece, where they belong.

 ___ Full-Disclosure -
 We believe in it. Charter:
 http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
 sponsored by Secunia - http://secunia.com/

About dns

;; ADDITIONAL SECTION:
ns01.highspeedbackbone.net. 240003 INA199.181.77.21
ns02.highspeedbackbone.net. 240003 INA199.181.78.22
ns03.highspeedbackbone.net. 240003 INA199.181.77.23
ns04.highspeedbackbone.net. 240003 INA199.181.78.24

testing one by one ...

[ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR

;  DiG 9.8.0  compusa.com @199.181.77.21 AXFR
;; global options: +cmd
; Transfer failed.
[ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR

;  DiG 9.8.0  compusa.com @199.181.78.22 AXFR
;; global options: +cmd
; Transfer failed.
[ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR

;  DiG 9.8.0  compusa.com @199.181.77.23 AXFR
;; global options: +cmd
; Transfer failed.


and the last allow zone transfer.

compusa.com.86400INSOAns03.highspeedbackbone.net.
hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600
compusa.com.86400INTXTv=spf1 ip4:206.191.131.0/24
mx -all
compusa.com.86400INMX10 mail.highspeedbackbone.net.
compusa.com.86400INNSns01.highspeedbackbone.net.
compusa.com.86400INNSns02.highspeedbackbone.net.
compusa.com.86400INNSns03.highspeedbackbone.net.
compusa.com.86400INNSns04.highspeedbackbone.net.
compusa.com.900INA206.181.131.221
compusa.com.900INA206.181.131.220
nap.miadk._domainkey.compusa.com. 5 INTXTt=y\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;
nap.miadkim._domainkey.compusa.com. 5 IN TXTv=DKIM1\; t=y:s\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;
_sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com.
answers.compusa.com.86400INCNAME
web220.highspeedbackbone.net.
autodiscover.compusa.com. 300INA10.100.100.108
community.compusa.com.86400INCNAME
web220.highspeedbackbone.net.
comp.compusa.com.900INA206.181.131.89
comp.compusa.com.900INA206.181.131.49
dubdubdub.compusa.com.60INCNAME
www.compusa.com.edgekey.net.
forums.compusa.com.86400INCNAME
web220.highspeedbackbone.net.
help.compusa.com.86400INNSns02.highspeedbackbone.net.
help.compusa.com.86400INNSns01.highspeedbackbone.net.
images.compusa.com.86400INCNAME
images.compusa.com.edgesuite.net.
m.compusa.com.300INCNAMEcompusa.com.velocitude.mobi.
media.compusa.com.900INA206.181.131.89
media.compusa.com.900INA206.181.131.49
news.compusa.com.86400INA74.81.68.187
origin-images.compusa.com. 900INA206.181.131.89
origin-images.compusa.com. 900INA206.181.131.49
origin-www.compusa.com.60INA206.191.131.54
origin-www.compusa.com.60INA206.191.131.14
retail.compusa.com.600INA10.101.132.194
reviews.compusa.com.86400INCNAME
web220.highspeedbackbone.net.
sip.compusa.com.300INA

Re: [Full-disclosure] WTF eEye Really?

2010-05-05 Thread Sébastien Duquette

Looks to me more like the unqualified person doing testing argument
is used as an escape from their faux-pas. When you read the initial
article, the author is clearly interested in the issue of crime being
perpetrated by using these tools :

Penetration tools clearly allow the breaking and entering of systems
to prove that vulnerabilities are real, but clearly could be used
maliciously to break the law.

There was tons of security around these systems and even possession
of tools to penetrate a system was a crime too.

In the new text, the author tells us that what I hoped to convey was
the importance of well-managed testing under the watch of a user who
knows what they’re doing.

This looks like a lame PR attempt at stopping the shitstorm they
started by using the good old excuse this-is-not-what-I-meant.

And if the author is sincere and it was really his original intent, he
should refrain from blogging from now on...

On Tue, May 4, 2010 at 11:48 AM, Mike Hale eyeronic.des...@gmail.com wrote:
Looks like he rewrote it and clarified what he meant to say.

I think this is a lesson on why you really should proofread stuff and
ask someone else to go over your writings before you publish
something.

On Mon, May 3, 2010 at 5:44 PM, Sec News secn...@gmail.com wrote:
Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look at
penetration testing almost as a kind of crime, or at least a misdemeanor.

We enjoy freedom of speech, even if it breaks the law or license agreements.
Websites cover techniques for jailbreaking iPhones even though it clearly
violates the EULA for Apples devices. Penetration tools clearly allow the
breaking and entering of systems to prove that vulnerabilities are real, but
clearly could be used maliciously to break the law.

Making these tools readily available is like encouraging people to play with
fireworks. Too bold of a statement? I think not. Fireworks can make a
spectacular show, but they can also be abused and cause serious damage. In
most states, only people licensed and trained are permitted to set off
fireworks.

Now consider a pen test tool. In its open form, on the Internet, everyone
and anyone can use it to test their systems, but in the wrong hands, for
free, it can be used to break into systems and cause disruption, steal
information, or cause even more permanent types of harm.

How many people remember the 80’s TV show Max Headroom? Next to murder, the
most severe crime was if users illegally used information technology systems
to steal information or make money. There was tons of security around these
systems and even possession of tools to penetrate a system was a crime too.
So what’s the difference?

Yes, it is just a TV show but in reality today we are in effect putting
weapons in people’s hands, not tracking them, and allowing them to use them
near anonymously to perform crimes or learn how to perform more
sophisticated attacks. It all comes back to the first amendment and Freedom
of Speech. I can write a blog of this nature, state my opinion about how I
feel about free penetration testing tools, and assure everyone that they
need defenses to protect their systems, since free weapons are available
that can break into your systems – easily.

WOW - am i the only one to go WTF to this? Talk about alienating your
customers and shitting where you eat.
And to think i used to be a fan...
- Some anonymous ex-eEye fan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-05 Thread J Roger

And if the author is sincere and it was really his original intent, he
should refrain from blogging from now on...

I have a feeling his employer will see to that for the foreseeable future.
At least in a professional context representing them as a company.

If he really meant it as everyone that read the original post seemed to take
it, then he should have the balls to stand by what he said or admit he meant
it at the time but was wrong and has since learned different. Either one of
those options would be a mature way of handling the situation. Trying to
spin it as what I said isn't what I really meant. What I really meant is
something so benign that no one could have a strong opinion about it and it
was really pointless to even blog about. comes across as insincere.

What do I know though, Mr. Haber is the one with the lifetime in the
vulnerability assessment field.

JRoger

2010/5/5 Sébastien Duquette ekse...@gmail.com

Penetration tools clearly allow the breaking and entering of systems
to prove that vulnerabilities are real, but clearly could be used
maliciously to break the law.

There was tons of security around these systems and even possession
of tools to penetrate a system was a crime too.

In the new text, the author tells us that what I hoped to convey was
the importance of well-managed testing under the watch of a user who
knows what they’re doing.

This looks like a lame PR attempt at stopping the shitstorm they
started by using the good old excuse this-is-not-what-I-meant.

And if the author is sincere and it was really his original intent, he
should refrain from blogging from now on...

On Tue, May 4, 2010 at 11:48 AM, Mike Hale eyeronic.des...@gmail.com
wrote:
Looks like he rewrote it and clarified what he meant to say.

I think this is a lesson on why you really should proofread stuff and
ask someone else to go over your writings before you publish
something.

On Mon, May 3, 2010 at 5:44 PM, Sec News secn...@gmail.com wrote:
Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to
look at
penetration testing almost as a kind of crime, or at least a
misdemeanor.

We enjoy freedom of speech, even if it breaks the law or license
agreements.
Websites cover techniques for jailbreaking iPhones even though it
clearly
violates the EULA for Apples devices. Penetration tools clearly allow
the
breaking and entering of systems to prove that vulnerabilities are real,
but
clearly could be used maliciously to break the law.

Making these tools readily available is like encouraging people to play
with
fireworks. Too bold of a statement? I think not. Fireworks can make a
spectacular show, but they can also be abused and cause serious damage.
In
most states, only people licensed and trained are permitted to set off
fireworks.

Now consider a pen test tool. In its open form, on the Internet,
everyone
and anyone can use it to test their systems, but in the wrong hands, for
free, it can be used to break into systems and cause disruption, steal
information, or cause even more permanent types of harm.

How many people remember the 80’s TV show Max Headroom? Next to murder,
the
most severe crime was if users illegally used information technology
systems
to steal information or make money. There was tons of security around
these
systems and even possession of tools to penetrate a system was a crime
too.
So what’s the difference?

Yes, it is just a TV show but in reality today we are in effect putting
weapons in people’s hands, not tracking them, and allowing them to use
them
near anonymously to perform crimes or learn how to perform more
sophisticated attacks. It all comes back to the first amendment and
Freedom
of Speech. I can write a blog of this nature, state my opinion about how
I
feel about free penetration testing tools, and assure everyone that they
need defenses to protect their systems, since free weapons are available
that can break into your systems – easily.

[Full-disclosure] WTF eEye Really?

2010-05-04 Thread Sec News

Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look at
penetration testing almost as a kind of crime, or at least a misdemeanor.

WOW - am i the only one to go WTF to this? Talk about alienating your
customers and shitting where you eat.

And to think i used to be a fan...

- Some anonymous ex-eEye fan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Christian Sciberras

Load o' bull.

On Tue, May 4, 2010 at 2:44 AM, Sec News secn...@gmail.com wrote:

Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look
at penetration testing almost as a kind of crime, or at least a misdemeanor.

We enjoy freedom of speech, even if it breaks the law or license
agreements. Websites cover techniques for jailbreaking iPhones even though
it clearly violates the EULA for Apples devices. Penetration tools clearly
allow the breaking and entering of systems to prove that vulnerabilities are
real, but clearly could be used maliciously to break the law.

Making these tools readily available is like encouraging people to play
with fireworks. Too bold of a statement? I think not. Fireworks can make a
spectacular show, but they can also be abused and cause serious damage. In
most states, only people licensed and trained are permitted to set off
fireworks.

WOW - am i the only one to go WTF to this? Talk about alienating your
customers and shitting where you eat.

And to think i used to be a fan...

- Some anonymous ex-eEye fan

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Justin C. Klein Keane

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

For an interesting take on this see page xxxix in Ross Anderson's
Security Engineering (the Legal Notice). Apparently the debate over
whether or not to publish tools/techniques that could be used for evil
(specifically with respects to crypto) dates back to 1641.

Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey

On 05/04/2010 01:32 PM, Marsh Ray wrote:

On 5/3/2010 7:44 PM, Sec News wrote:
Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look at
penetration testing almost as a kind of crime, or at least a misdemeanor.

Is this for real?

We enjoy freedom of speech, even if it breaks the law or license agreements.

No, there are laws and contracts that can restrict speech.

Websites cover techniques for jailbreaking iPhones even though it clearly
violates the EULA for Apples devices.

Since when did devices have an EULA? I haven't bought an Apple in modern
times, do they make you sign something before buying it?

Penetration tools clearly allow the
breaking and entering of systems to prove that vulnerabilities are real, but
clearly could be used maliciously to break the law.

It took you a lifetime in the vulnerability assessment field to figure
this out?

Fireworks are macroscopic physical objects the transportation which can
reasonably be regulated.

Yep.

Your mistake is assuming that there is some jurisdiction of law that
encompasses the Internet. Indeed, it appears that often the adversary is
a state entity itself.

Those who accept this argument that testing tools should be somehow
restricted are only tying their own hands. You can bet that your
adversary will not feel so restricted (if you have anything actually
worth protecting that is.)

It is even more foolish to assume that your adversary doesn't already
have it.

How many people remember the 80’s TV show Max Headroom?

I stop reading now.

- Marsh

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAkvgW0EACgkQkSlsbLsN1gBw8QcAra1aONNBorzhlwi4kNoRlw9G
rm5FlvMw3Sv7m9tzqrqGIn9lIho/somrbl4jQ8T/woJK+gS4gccS4UqV1XkvW9aR
W7ROz2eTezsUgTwyHU3tW9VuwsinFvO5n6XowCFG1pAO/O/7y+eN1usYYdz3W9Wm
ORtmxcRNyb/cYmSMuTq+3dktOG7s+XWA47FaGkfdjzTefA7dGYyUx/zysCnFKLbX
eLVA7GL79KSr6SB37uOi4vgyN0hze/p1vMw9POTo0Bhq4nT1Y1/5oyYhd29+aH9M
h3fQ/V96SFCAy1Cqq9U=
=oDqa
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Marsh Ray

On 5/4/2010 12:37 PM, Justin C. Klein Keane wrote:
 For an interesting take on this see page xxxix in Ross Anderson's
 Security Engineering (the Legal Notice).  Apparently the debate over
 whether or not to publish tools/techniques that could be used for evil
 (specifically with respects to crypto) dates back to 1641.

Yep, perhaps another example of why you should never assume that your
issue is new?

- Marsh

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Georgi Guninski

On Mon, May 03, 2010 at 05:44:55PM -0700, Sec News wrote:
 Did anyone else see this?
 
 http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands


are there any reliable caches for this url?

search for the shit you quoted returns basically this thread and ATM
the url says we fucked up.

-- 
joro

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Michal Zalewski

 are there any reliable caches for this url?

Attrition has an annotated, but otherwise verbatim copy:

http://attrition.org/errata/sec-co/eeye-01.html

/mz

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF eEye Really?

2010-05-04 Thread Mike Hale

Looks like he rewrote it and clarified what he meant to say.

I think this is a lesson on why you really should proofread stuff and
ask someone else to go over your writings before you publish
something.

On Mon, May 3, 2010 at 5:44 PM, Sec News secn...@gmail.com wrote:
Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look at
penetration testing almost as a kind of crime, or at least a misdemeanor.

--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] WTF people?

2009-01-11 Thread Will McAfee

I have lurked for some time, and really, this list has become pathetic  
due to it's hiijacking by two or three trolls with nothing better to  
do than destroy the relevant signal to noise ratio.  This list is not  
about MI5, the NSA, or Mossad unless there is something practical to  
be learned from them.  I do not care about the information war between  
Russia and Georgia unless it is about the systems used.  Think of this  
list as like a trade correspondence journal, not a public tackboard.

Sent from my iPhone

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread sexyazngrl69

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

i find the surname mcafee to be a turn-on here on the security
mailing list, mister good hacker:)))

a/s/l?


On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee sec-
commun...@thegoodhacker.com wrote:
I have lurked for some time, and really, this list has become
pathetic
due to it's hiijacking by two or three trolls with nothing better
to
do than destroy the relevant signal to noise ratio.  This list is
not
about MI5, the NSA, or Mossad unless there is something practical
to
be learned from them.  I do not care about the information war
between
Russia and Georgia unless it is about the systems used.  Think of
this
list as like a trade correspondence journal, not a public
tackboard.

Sent from my iPhone

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW0
QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfko
rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ/
9Zzisvg=
=cJJ3
-END PGP SIGNATURE-

--
Click for free info on online doctorate degrees and make up to $250k/ year.
 
http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88ZzhzE4rU3tdHkjzM8yso/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread Rants nRaves

If you want to solve the problem, then you and people like you need to:

Step 1: Filter out n3td3v, urleet, etc so you never see their posts or
replies to them. ie: filter the noise Step 2: Post something that you think
is relevant to the list. ie: add to the signal
Step 3: Profit!

Notice there is no step which reads: Whine and complain about the noise on
the list like a little girl.-  because clearly that's proven not to be
effective.

-Rants

On Sun, Jan 11, 2009 at 1:49 PM, Will McAfee 
sec-commun...@thegoodhacker.com wrote:

 I have lurked for some time, and really, this list has become pathetic
 due to it's hiijacking by two or three trolls with nothing better to
 do than destroy the relevant signal to noise ratio.  This list is not
 about MI5, the NSA, or Mossad unless there is something practical to
 be learned from them.  I do not care about the information war between
 Russia and Georgia unless it is about the systems used.  Think of this
 list as like a trade correspondence journal, not a public tackboard.

 Sent from my iPhone

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
- Rants
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread Pete Licoln

sexyazngrl69 is a n3td3v alias, no doubt about it.

Regards Pete
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread sr.

amazing how every message becomes tainted with bullshit.

On Sun, Jan 11, 2009 at 6:01 PM,  sexyazngr...@mac.hush.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 pics?

 On Sun, 11 Jan 2009 17:48:53 -0500 waveroad waveroad
 waver...@gmail.com wrote:
N3td3v other alias spotted.



2009/1/11 sexyazngr...@mac.hush.com

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 i find the surname mcafee to be a turn-on here on the security
 mailing list, mister good hacker:)))

 a/s/l?


 On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee sec-
 commun...@thegoodhacker.com wrote:
 I have lurked for some time, and really, this list has become
 pathetic
 due to it's hiijacking by two or three trolls with nothing
better
 to
 do than destroy the relevant signal to noise ratio.  This list
is
 not
 about MI5, the NSA, or Mossad unless there is something
practical
 to
 be learned from them.  I do not care about the information war
 between
 Russia and Georgia unless it is about the systems used.  Think
of
 this
 list as like a trade correspondence journal, not a public
 tackboard.
 
 Sent from my iPhone
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 -BEGIN PGP SIGNATURE-
 Charset: UTF8
 Version: Hush 3.0
 Note: This signature can be verified at
https://www.hushtools.com/verify


wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW
0

QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfk
o

rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ
/
 9Zzisvg=
 =cJJ3
 -END PGP SIGNATURE-

 --
 Click for free info on online doctorate degrees and make up to
$250k/ year.


http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88Zzh
zE4rU3tdHkjzM8yso/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 -BEGIN PGP SIGNATURE-
 Charset: UTF8
 Version: Hush 3.0
 Note: This signature can be verified at https://www.hushtools.com/verify

 wpwEAQMCAAYFAklqek0ACgkQynWwk3/AtyPcEgP8ClWXNKSO2PiPEUGhalNNnQD3LORX
 LxkxnMgYlCPb06v4unM1RSC4ohJZdX7T+bRrvNQdO9b0RsP34pkdCbCZavLMsxaZChbJ
 /ApjICH6vsajaRdu0ZEH5HjnfAwnYcVpAFKamfnP7h8Zyzgp9ZfHZv4ZEOYL9oHxh2NN
 CdQCXww=
 =Hgbn
 -END PGP SIGNATURE-

 --
 Click for free info on business schools, $150K/ year potential.
  
 http://tagline.hushmail.com/fc/PnY6qxsZgJoEzGwoSheR0lZiwV2oU7O92zSQHsC8LzPC3isaZnbmg/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread sexyazngrl69

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

naive to think mi5 is gender biased:)))

On Sun, 11 Jan 2009 18:36:56 -0500 Pete Licoln
pete.lic...@gmail.com wrote:
sexyazngrl69 is a n3td3v alias, no doubt about it.

Regards Pete
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAklqjccACgkQynWwk3/AtyMqRwQAiOCfp9PC1o0g7CP8X8gr1psnpijR
NVIHQqkbjl1L4uAa55qBUElskX7n5DTzLflFIoT1u9zfCV9KTz8kPpdPZjMnXBpXzFmA
N7+lDieYQvJn+0PZVhH7zkzJX3aXcgmcNoIRoVSjazJlHKK76lNXrhQ2vqAPeSCA01NR
wtKWVj4=
=WSQG
-END PGP SIGNATURE-

--
Stuck in a dead end job?? Click to start living your dreams by earning an 
online degree.
 
http://tagline.hushmail.com/fc/PnY6qxtpfWguKXIbuKy0wc53HbV7MyFTUOqm2btdhhgyTGOJRdfcM/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread Pete Licoln

What's the point with MI5 n3td3v ?

Regards Pete
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread sexyazngrl69

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

You tell me.

On Sun, 11 Jan 2009 19:30:17 -0500 Pete Licoln
pete.lic...@gmail.com wrote:
What's the point with MI5 n3td3v ?

Regards Pete
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAklqm4cACgkQynWwk3/AtyOg/gP+KWIstvs71K7K+cvK/9bo/tRsYBC9
iCu8diF/TpkXYvnEPXoV+IRH06bJxqhGkkuvE4zBhj0HtTlKMO5MmYPuY2j9GiBWIM3M
vfYvbxBaZS8pZGJuoU8nbCYag8pXzf1FaEeNZhTT2J8Lhpy4JD12Duxnq2nnEtJL+Oz/
UCQxaPk=
=fsii
-END PGP SIGNATURE-

--
Click for free info on online masters degrees and make up to $150K/ year
 
http://tagline.hushmail.com/fc/PnY6qxtpjZXJLh7RrSDxAfzH8U8VbYeKiNKjN2pvOBEY7XUQCex7a/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF people?

2009-01-11 Thread waveroad waveroad

Why dont you post under your real nick aka n3tcr4p ?

you think it make n3tcr4p kid more credible in some ways ?

0r m4yb3 5h4|| 1 5p34k |1k3 7h15 7o m4k3 you und3r574nd my p01n7 ?

1 don7 know wh3n 1 |ook 47 your w3b5173 1 wond3r .

2009/1/11 sexyazngr...@mac.hush.com

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 You tell me.

 On Sun, 11 Jan 2009 19:30:17 -0500 Pete Licoln
 pete.lic...@gmail.com wrote:
 What's the point with MI5 n3td3v ?
 
 Regards Pete
 -BEGIN PGP SIGNATURE-
 Charset: UTF8
 Note: This signature can be verified at https://www.hushtools.com/verify
 Version: Hush 3.0

 wpwEAQMCAAYFAklqm4cACgkQynWwk3/AtyOg/gP+KWIstvs71K7K+cvK/9bo/tRsYBC9
 iCu8diF/TpkXYvnEPXoV+IRH06bJxqhGkkuvE4zBhj0HtTlKMO5MmYPuY2j9GiBWIM3M
 vfYvbxBaZS8pZGJuoU8nbCYag8pXzf1FaEeNZhTT2J8Lhpy4JD12Duxnq2nnEtJL+Oz/
 UCQxaPk=
 =fsii
 -END PGP SIGNATURE-

 --
 Click for free info on online masters degrees and make up to $150K/ year

 http://tagline.hushmail.com/fc/PnY6qxtpjZXJLh7RrSDxAfzH8U8VbYeKiNKjN2pvOBEY7XUQCex7a/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WTF

Re: [Full-disclosure] WTF

Re: [Full-disclosure] WTF

Re: [Full-disclosure] WTF

[Full-disclosure] WTF

Re: [Full-disclosure] WTF

Re: [Full-disclosure] WTF

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

[Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

Re: [Full-disclosure] WTF eEye Really?

[Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

Re: [Full-disclosure] WTF people?

25 matches

Site Navigation

Mail list logo

Footer information