Re: [Full-Disclosure] IE is just as safe as FireFox
On Wed, Nov 17, 2004 at 09:22:33PM -0500, joe wrote: Pro-Choice Let me choose if I even want a browser loaded thanks! what the fuck is this? we can chose such things on our os, who must let you choose? -- where do you want bill gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment
a couple of things/adding to the noise I am from the UK and its clear to me that you don't understand the concept of freedom of information ! i am also from the uk and we have the most complete censorship of any democracy so it's clear that **WE** don't understand freedom of information also how democratic is the first-past-the-post system (cf. going to war in Iraq with little or no public support for the concept) at least up in the land of scot we have some proportional representation which is a tiny bit better. Who am I to tell Bill Gates he is a liar and a perjurer? He and his employees, under oath, said IE is an indivisible part of the OS. So it must be so. :-) is it still a crime to perjure oneself in the US. If so then why are Bill and co not entertaining bubba we know they lied, the press do and presumably the doj do as well. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment
On Wed, 2004-11-17 at 23:19 +, n3td3v wrote: snip Imagine a child abuse site which also kept a score board of the biggest amount of child porn photo posters. Yet again we move onto malicious hacker online crimes, it seems to be different for zone-h to keep scores of the biggest malicious hacker defacement posters. Why one rule for one online crime promotion site and not the same rule for another online crime promotion site? I guess you would allow a child porn promotion site, like you think its ok for zone-h to be online promoting online malicious hacking and not closed down. snip Because child abuse is always a crime. Hacking skills and knowledge can be used for crime and can be used for the protection of a businesses assets. Same reason there are lock picking books and websites, people often need their locks picked legitimately but there are thieves that use it illegitimately. Can you give me an example of a legitimate use of child abuse and pornographic images of children ? I doubt it. Most tools can be used as effective weapons, but you can't punish the carpenter because a murderer killed someone with a hammer. Or should we start punishing the following people... Doctors - They are teach each other how people die ! CRIMINALS! Butchers - They teach each other how to chop people up ! CRIMINALS! Pilots - Remember 9/11? they can kills people with their planes ! CRIMINALS! Drivers - They know how to run people over with machinery ! CRIMINALS! I don't want to live in your totalitarian society where doctors can't treat people because their knowledge is illegal In a country with even a pretence of freedom people must be allowed to share their knowledge in order for the society to survive and grow, however morals and ethics must be taught, doctors teach their pupils to save lives, pilots teach theirs not to fly into buildings, hackers teach there's not to harm the community. Knowledge and Ethics are two entirely different things, I know how to poison someone, but it doesn't make me a poisoner it does however give me the skills necessary to recognise that someone has been poisoned and possibly help them out, which with my current standards of ethics is probably what I'd do. It was the free sharing of information that allowed the development of TCP/IP, SMTP, Ethernet and many other protocols, without these your message would never have made it to me and the other people on the other side of the world, these technologies were designed and maintained by hackers, if you prevent them from learning you prevent the world from achieving goals such as this. However since shadowcrew are in the subject line of this message, I'll address that issue. They were criminals and most of their crimes didn't actually take much hacker knowledge. Aren't you glad the US DOJ had the hacker skills to investigate and catch them, I sure am. Unless you think they were investigated entirely without the use of any computer skills. With Regards. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] signature.asc Description: This is a digitally signed message part
[Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
Hi, Nice paper. Some code examples should be great (i think). A question : what about false-disassembly into shellcode ? like : mov eax, eax [...] jmp false db 0xAA [...] false: mov eax, 1 int 0x80 [...] mv On 17 nov. 04, at 23:00, Peter Willis wrote: Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution [EMAIL PROTECTED]. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles. Berend-Jan Wever wrote: Hi all, This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops by SkyLined ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html ) The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack). Comments and questions welcome, but I can not guarantee an answer to n00b questions. Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
On Tue, 2004-11-16 at 05:08 +, Jason Coombs wrote: My flight into Midway airport, Chicago, just sat on the runway for nearly two hours tonight because of a potential security breach in the terminal, described here: http://www.nbc5.com/news/3921217/detail.html?z=dpdpswid=2265994dppid=65194 A Transportation Security Administration representative at Midway airport confirmed for me that the suspicious object displayed on the computerized x-ray machine may have been a phantom image similar to the one in Miami on November 13th: Software glitch in security scanner at Miami airport 'projected the image of a weapon' that didn't exist http://abclocal.go.com/ktrk/news/nat_world/111304_APnat_airport.html Why are we replacing perfectly good analog video displays with computer-generated displays for security-related data?? Haven't enough people learned yet that whenever you digitize something you render it unreal and vulnerable? Stupid, stupid, stupid. If the devices create phantoms by design, why would they not also obey commands to display arbitrary replacement images when some non-TEMPEST-hardened component is blasted with RF from within the x-ray scanning chamber? Do such transportation security technologies really benefit from technical obscurity? Why not publish the design, specs and source code for analysis and for all to see? He he, there's about as much chance of that as there is the voting machines getting their 'specs' published. Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) Security improvements in such devices are presently limited to those companies that have the contracts to build and deploy them, or infosec firms that audit and pen test them in secret. Like electronic voting machines, this is a misguided, unnecessary, and counter-productive innovation for the sake of change or profit and it makes no sense. But of course it isn't going to stop, and the security vendor with the best technology is as likely to win contracts in transportation security as in any other industry. (Not) If quality is the true objective, then perhaps we should adopt exceptions to intellectual property laws to force into the public domain any creative work that has the capability to impact the security of anything important... Regards, Jason Coombs [EMAIL PROTECTED] -- Joel Merrick signature.asc Description: This is a digitally signed message part
[Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:16.fetch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-04:16.fetch Security Advisory The FreeBSD Project Topic: Overflow error in fetch Category: core Module: fetch Announced: 2004-11-18 Credits:Colin Percival Affects:All FreeBSD versions. Corrected: 2004-11-18 12:02:13 UTC (RELENG_5, 5.3-STABLE) 2004-11-18 12:03:05 UTC (RELENG_5_3, 5.3-RELEASE-p1) 2004-11-18 12:04:29 UTC (RELENG_5_2, 5.2.1-RELEASE-p12) 2004-11-18 12:05:36 UTC (RELENG_5_1, 5.1-RELEASE-p18) 2004-11-18 12:05:50 UTC (RELENG_5_0, 5.0-RELEASE-p22) 2004-11-18 12:02:29 UTC (RELENG_4, 4.10-STABLE) 2004-11-18 12:06:06 UTC (RELENG_4_10, 4.10-RELEASE-p4) 2004-11-18 12:06:22 UTC (RELENG_4_9, 4.9-RELEASE-p13) 2004-11-18 12:06:36 UTC (RELENG_4_8, 4.8-RELEASE-p26) 2004-11-18 12:06:52 UTC (RELENG_4_7, 4.7-RELEASE-p28) FreeBSD only: YES For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit URL:http://www.freebsd.org/security/. I. Background The fetch(1) utility is a tool for fetching files via FTP, HTTP, and HTTPS. II. Problem Description An integer overflow condition in the processing of HTTP headers can result in a buffer overflow. III. Impact A malicious server or CGI script can respond to an HTTP or HTTPS request in such a manner as to cause arbitrary portions of the client's memory to be overwritten, allowing for arbitrary code execution. IV. Workaround There is no known workaround for the affected application, although the ftp(1) application in the FreeBSD base system, and several applications in the FreeBSD Ports collection provide similar functionality and could be used in place of fetch(1). V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.8, 4.10, 5.2, and 5.3 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch # ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc b) Execute the following commands as root: # cd /usr/src # patch /path/to/patch # cd /usr/src/usr.bin/fetch # make obj make depend make make install 3) IMPORTANT NOTE to users of FreeBSD Update: FreeBSD Update (security/freebsd-update in the FreeBSD Ports collection) is a binary security update system for the FreeBSD base system. It is not supported or endorsed by the FreeBSD Security team, but its author has requested that the following note be included in this advisory: FreeBSD Update uses the fetch(1) utility for downloading security updates to the FreeBSD base system. While these updates are cryptographically signed, and FreeBSD Update is therefore immune from most attacks, it is exposed to this vulnerability since the files must be fetched before their integrity can be verified. As a workaround, FreeBSD Update can be made to use the ftp(1) utility for downloading updates as follows: # sed -i.bak -e 's/fetch -qo/ftp -o/' /usr/local/sbin/freebsd-update # freebsd-update fetch # mv /usr/local/sbin/freebsd-update.bak /usr/local/sbin/freebsd-update # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - - RELENG_4 src/usr.bin/fetch/fetch.c 1.10.2.28 RELENG_4_10 src/UPDATING 1.73.2.90.2.5 src/sys/conf/newvers.sh 1.44.2.34.2.6 src/usr.bin/fetch/fetch.c 1.10.2.23.2.1 RELENG_4_9 src/UPDATING 1.73.2.89.2.14 src/sys/conf/newvers.sh 1.44.2.32.2.14 src/usr.bin/fetch/fetch.c 1.10.2.21.2.1 RELENG_4_8 src/UPDATING 1.73.2.80.2.29 src/sys/conf/newvers.sh 1.44.2.29.2.27 src/usr.bin/fetch/fetch.c 1.10.2.20.2.1 RELENG_4_7 src/UPDATING 1.73.2.74.2.32 src/sys/conf/newvers.sh
RE: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment
I'm sorry - I have re-read this email, trying to understand your position, however, I cannot avoid seeing this as a troll. Chld abusers, whether on- or off-line, cannot be compared to 'hackers', regardless of their hat colour preference. I do not believe there is anyone on this list who would condone Child pornography. We are interested, and employed in the field of Computer Security. This sometimes involves full disclosure - If a financial services website is repetetively hacked and defaced, due to poor security, it is a 'Good Thing'(tm) for this fact to be made public, ie published on a website. If I understand your position, you would not want this information made publicly available, as it would be 'for other hackers to get a kick over' (quote) This list is dedicated to the disclosure of Computer Security-related information, and exploits and vulnerability details are regularly posted (amidst the politics :) - would you have this list (and it's archives) closed down also? Agree with the charter or unsubscribe. Thanks PS - it is widely accepted that the type of people you are referring to are known as 'crackers' - not 'hackers' - I am a 'hacker', and I have never defaced a commercial web site. /me whistles innocently -Original Message- From: n3td3v [mailto:[EMAIL PROTECTED] Sent: 17 November 2004 23:19 To: [EMAIL PROTECTED] Subject: Re: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment On Wed, 17 Nov 2004 13:29:19 -0700 (MST), Bruce Ediger [EMAIL PROTECTED] wrote: Unfortunately, the US Government operates under the auspices of a small document called The Constitution, and a little concept called Common Law. Now, I know that you trendy kids call things like that quaint (I believe that's what our new Attorney general calls things like the Geneva Convention. See http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2004/06/13/wguan13. xmlsSheet=/news/2004/06/13/ixworld.html) but fortunately for the rest of us, presumption of innocence remains the standard of the land. If you small-minded totalitarians don't like that sacred principle, get the hell out of the US. We don't need your kind. Move to some Banana Republic where they change the rules all the time in the face of 1000 years of tradition and philosophy and the Blood of Patriots who died to protect these rights. Zero tollerence. What will these doofuses think of next? I bet they start up a cult of personality around the nation's leader, including a new salute borrowed from the Romans. I don't live in the U.S thankfully, I live in a sane country called the U.K Would you agree with closing down a site that was letting child abusers to post links to illegal child porn photographs? Would the site owner be able to say, we aren't involved with any of these links, we just provide the site for the criminals to do it, so other child abusers can get links easy to child porn photos. But no, when we move onto online malicious hacker crimes, its ok for sites, such as zone-h, which allows malicious hackers to post links for other hackers to get a kick over, just like a child abuser would by visiting a child porn photo. Imagine a child abuse site which also kept a score board of the biggest amount of child porn photo posters. Yet again we move onto malicious hacker online crimes, it seems to be different for zone-h to keep scores of the biggest malicious hacker defacement posters. Why one rule for one online crime promotion site and not the same rule for another online crime promotion site? I guess you would allow a child porn promotion site, like you think its ok for zone-h to be online promoting online malicious hacking and not closed down. Thanks,n3td3v http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
On Thu, 18 Nov 2004, rexolab wrote: VulnDiscovery: 2003/05/21 Release Date : 2004/11/17 Surely you're joking, Mr. Gangstuck. You can't seriously be telling us you sat on this for no less than 18 months, without telling anybody about it. Actually, I somewhat doubt you even discovered this yourself --- what with this very bug having been posted to cscope's bugtracker on 2004-11-09. Status : vendor has just been notified. Actually, we've been notified 11 days ago, and apparently not by you. First, the temporary directory (P_tmpdir=/tmp) is badly handled in every myfopen() internal call. [... there doesn't seem to be a second, to that first...] Anyway, you're right, the vulnerability is there. Unfortunately your patch is not quite sufficient to close it, because you overlooked that temp2, one of the two predictable filenames, is also used to construct an output redirection for a shell command run by cscope. -- Hans-Bernhard Broeker ([EMAIL PROTECTED]) Even if all the snow were burnt, ashes would remain. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Openshh 3.x remote root exploit???
Title: Openshh 3.x remote root exploit??? I have been hearing rumors that there is something out for openssh 3.x, if so have any of you heard about it? Also I have this retarded kid who keeps messageing saying he is using nc netcat listening to my www boxs open ssh port for passwords. Any idea if this kid can do anything or is he just someone who found out how to use his ./ skills??? Brian - Liquid Vision Media
[Full-Disclosure] [TURBOLINUX SECURITY INFO] 18/Nov/2004
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is an announcement only email list for the x86 architecture. Turbolinux Security Announcement 18/Nov/2004 The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) apache - Multiple vulnerabilities exist in Apache === * apache - Multiple vulnerabilities exist in Apache === More information : Apache is a powerful, full-featured, efficient, and freely-available Web server. - A buffer overflow vulnerability has been found in Apache's mod_proxy module exploitable via malformed Content-Length headers. - A buffer overflow vulnerability has been found in Apache's mod_include module -- in its get_tag() function. Impact : The mod_proxy vulnerability may allow an attacker to cause a denial of service of httpd. A local user could exploit the mod_include vulnerability to gain apache user privileges. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use the turbopkg (zabom) tool to apply the necessary updates. - # turbopkg or # zabom update apache apache-devel apache-manual mod_ssl - Turbolinux Appliance Server 1.0 Hosting Edition Source Packages Size : MD5 apache-1.3.27-26.src.rpm 3107759 dca2cbcbcde45ff80d9a611da567a323 Binary Packages Size : MD5 apache-1.3.27-26.i586.rpm 501255 c01a92b78bdb6304d42af3c520ac565c apache-devel-1.3.27-26.i586.rpm 94281 2393aa5cdc3e5bf56212583470433530 mod_ssl-2.8.14-26.i586.rpm 181280 c679e28a0062cbff7460244ff51fd239 Turbolinux Appliance Server 1.0 Workgroup Edition Source Packages Size : MD5 apache-1.3.27-26.src.rpm 3107759 43506d1d374a0505ea9c65916a6fd177 Binary Packages Size : MD5 apache-1.3.27-26.i586.rpm 501454 2732c823c39c95a2a15043b40c8902a6 apache-devel-1.3.27-26.i586.rpm 94428 ac1dfc6beab6ab504d22f3b95dc595a0 mod_ssl-2.8.14-26.i586.rpm 181440 a3b4a8d050d92fda633570759f3b2353 Turbolinux 8 Server Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-26.src.rpm 3107759 fd508c9f43f4134fdeded2d30a6c0e5e Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-26.i586.rpm 501420 849a894023c4a1cf8c926d22689a7c5d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-26.i586.rpm 94414 16e16de1872458241e27bca670041ba2 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-26.i586.rpm 850317 0a66500f4a483d8464f582c3eb7b8548 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-26.i586.rpm 181339 343ca76f7bab970a1eafdf4398e12b19 Turbolinux 8 Workstation Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/apache-1.3.27-26.src.rpm 3107759 7ac11746242fc78fc9ad947485f0287a Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-1.3.27-26.i586.rpm 501457 2f1382d3830c2f6eb5d21134b543432a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-devel-1.3.27-26.i586.rpm 94438 47fb045028f3cea6c3caf48d8a6f8e28 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-manual-1.3.27-26.i586.rpm 850603 24d104b2bdf1f16c086437cd2d658236 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mod_ssl-2.8.14-26.i586.rpm 181484 addb510be59954f4409b91d68a7a83ed Turbolinux 7 Server Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/apache-1.3.27-26.src.rpm 3107759 c80c339996c32883d422131571e78c69 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-1.3.27-26.i586.rpm 488342 1fbc2d00ce603a467fd50571ba25a955 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-devel-1.3.27-26.i586.rpm 94568 357bf535d26753f92e230b4fdabff5f2
Re: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
Code examples ? Check out the Shellcode encoders source codes on my webpage. Cheers, SkyLined PS. please send any discussions on the paper in pm to [EMAIL PROTECTED] or #SkyLined on EFNet - Original Message - From: Michael Vergoz [EMAIL PROTECTED] To: Peter Willis [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Berend-Jan Wever [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 09:04 Subject: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops Hi, Nice paper. Some code examples should be great (i think). A question : what about false-disassembly into shellcode ? like : mov eax, eax [...] jmp false db 0xAA [...] false: mov eax, 1 int 0x80 [...] mv On 17 nov. 04, at 23:00, Peter Willis wrote: Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution [EMAIL PROTECTED]. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles. Berend-Jan Wever wrote: Hi all, This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops by SkyLined ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html ) The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack). Comments and questions welcome, but I can not guarantee an answer to n00b questions. Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
We are very serious in this matter as we already have discoused with you. We don't see why do you think we are joking ? We have found this vulnerability there's already eighteen month but we have find it in 15-4 release of cscope. The 15-5 version has the same problem Release date of advisory's publication is looking only at us. About the patch, sorry, we made a mistake in sending you a wrong one, and now we are sending you the right one : 8---cut--here diff -Naurp src_old/build.c src_new/build.c --- src_old/build.c 2004-11-18 16:27:04.0 +0100 +++ src_new/build.c 2004-11-18 16:27:29.0 +0100 @@ -333,7 +333,7 @@ build(void) (void) fprintf(stderr, cscope: cannot open file %s\n, reffile); myexit(1); } - if (invertedindex == YES (postings = myfopen(temp1, wb)) == NULL) { + if (invertedindex == YES (postings = myfopen(temp1, w+xb)) == NULL) { cannotwrite(temp1); cannotindex(); } diff -Naurp src_old/display.c src_new/display.c --- src_old/display.c 2004-11-18 16:27:04.0 +0100 +++ src_new/display.c 2004-11-18 16:27:29.0 +0100 @@ -431,7 +431,7 @@ search(void) findresult = (*f)(pattern); } else { - if ((nonglobalrefs = myfopen(temp2, wb)) == NULL) { + if ((nonglobalrefs = myfopen(temp2, w+xb)) == NULL) { cannotopen(temp2); return(NO); } @@ -754,13 +754,13 @@ BOOL writerefsfound(void) { if (refsfound == NULL) { - if ((refsfound = myfopen(temp1, wb)) == NULL) { + if ((refsfound = myfopen(temp1, w+xb)) == NULL) { cannotopen(temp1); return(NO); } } else { (void) fclose(refsfound); - if ( (refsfound = myfopen(temp1, wb)) == NULL) { + if ( (refsfound = myfopen(temp1, w+xb)) == NULL) { postmsg(Cannot reopen temporary file); return(NO); } 8--cut-here--- enjoy, Mr Gangstuck associates.. --- On Thu, 18 Nov 2004 12:42:33 +0100 (CET) Hans-Bernhard Broeker [EMAIL PROTECTED] wrote: On Thu, 18 Nov 2004, rexolab wrote: VulnDiscovery: 2003/05/21 Release Date : 2004/11/17 Surely you're joking, Mr. Gangstuck. You can't seriously be telling us you sat on this for no less than 18 months, without telling anybody about it. Actually, I somewhat doubt you even discovered this yourself --- what with this very bug having been posted to cscope's bugtracker on 2004-11-09. Status : vendor has just been notified. Actually, we've been notified 11 days ago, and apparently not by you. First, the temporary directory (P_tmpdir=/tmp) is badly handled in every myfopen() internal call. [... there doesn't seem to be a second, to that first...] Anyway, you're right, the vulnerability is there. Unfortunately your patch is not quite sufficient to close it, because you overlooked that temp2, one of the two predictable filenames, is also used to construct an output redirection for a shell command run by cscope. -- Hans-Bernhard Broeker ([EMAIL PROTECTED]) Even if all the snow were burnt, ashes would remain. -- Ce message ne contient pas de virus connu. neoDomaine Postmaster - http://www.neodomaine.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] IE is just as safe as FireFox
Hello, Stuart Fox (DSL AK)! Can the Firefox settings be controlled centrally? Yes, and more flexible than IE versions zoo at user computers. Download a Firefox ZIP (not Firefox_Setup_1.0.exe but Firefox 1.0.zip), unpack it to R/O share on file server, edit JS configuration files in .\defaults\pref and .\greprefs, then create a shortcut to firefox.exe on user desktops. To change FF settings, edit JS configs again. Voila! Can the executable reside on the workstation with the settings stored on the network? In my case, executable doesn't recide on workstation, it's placed on network file server. There are only shortcut to \\server\firefox\firefox.exe and user profile data on workstations. -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
[EMAIL PROTECTED] wrote on 11/17/2004 02:55:08 PM: Hello list, Mission Impossible theme sounded weird (too weird) and so on... Tell me: why should these link be active after the UNITED STATES SECRET SERVICE Operation ? http://www.shadowcrew.com/phpBB2/login.php http://archive.shadowcrew.com/Archive/ Matteo Giannone Matteo...you don't suppose maybe law enforcement might leave the site and logins up to perhaps generate a list of who is going there, do you? Nah, that's way too sneaky and underhanded for our government-types, of course. /sarcasm off CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent.
[Full-Disclosure] [USN-29-1] samba vulnerability
=== Ubuntu Security Notice USN-29-1 November 18, 2004 samba vulnerability CAN-2004-0882 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: samba The problem can be corrected by upgrading the affected package to version 3.0.7-1ubuntu6.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: During an audit of the Samba 3.x code base Stefan Esser discovered a Unicode file name buffer overflow within the handling of TRANSACT2_QFILEPATHINFO replies. A malicious samba user with write access to a share could exploit this by creating specially crafted path names (files with very long names containing Unicode characters) that would overflow an internal buffer and could lead to remote execution of arbitrary code with the privileges of the samba server. Since the samba server usually (by default) runs as root, this flaw can lead to privilege escalation and unbounded system compromise. Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.2.diff.gz Size/MD5: 287793 5fe703b1046fd5243fa69b6fa6d07294 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.2.dsc Size/MD5: 937 eab645e2ffeb3ffeda2938989f483c48 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7.orig.tar.gz Size/MD5: 15012667 5906341429e64214909865a4be92e4ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.7-1ubuntu6.2_all.deb Size/MD5: 11604214 141fc27096df90fb5f26b7166a3c9d6c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 370230 99101e2e61e368dc01179cb7dc2c0133 http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 761668 e741cc9ab62203deb7280c7433f69706 http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 574786 89ae7e66ce905ace97188609e440bde5 http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.3-samba_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 5013524 52f73085749169d113930486f59cbfaf http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 2089114 f1e43445204746bf37edf2ec41e4295b http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 2664486 eb3e05dcc644fb38bc73b0b9d8e0881a http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 2708734 184bf98f0408a4697850aa6919ebe4ef http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 360962 7efd7e60f4932c7274a9dca4c6bfff7c http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 4026780 ddce360a66fd3e0caf65fccb007b0d18 http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.7-1ubuntu6.2_amd64.deb Size/MD5: 1526042 f828ee46913e27507bab3886d82435c3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 326852 c9629245ccda89fb9b1dda883879d54b http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 686568 e42aa1a2af130297903b93f9e3e8ca2c http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 509556 7d8076adf8c3eaac60b09ff27bacd911 http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.3-samba_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 4414116 c04dabf99c10f32a3e9b799e52eda22b http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 1835048 ce3604ef73e2d5fb4e7914cdd9050d8f http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 2297606 b7e572d19fd4049bf320afdc77c3a6c9 http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 2300214 5383d4fee5aa87876ac5051593955873 http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 308746 1b624b3e4f6e19c3282bd5ac6696d646 http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 3938366 46e2ae30a1e9dd7dbbdca463bcb9dd1f http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.7-1ubuntu6.2_i386.deb Size/MD5: 1298980 bf1f086f3baacf18e1def88b2de59c37 powerpc architecture (Apple Macintosh
Re: [Full-Disclosure] IE is just as safe as FireFox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why is it that Microsoft's code has less quality even though all code that's written is instantly audited? (Each line of code is checked before it's 'passed' in to the code tree.) Design, design and design. Also, design. Writing programs isn't a simple matter of writing code and auditing it for buffer overflows. What about the lousy MIME-type handling in IE, detecting intelligently (but after declaring it harmless in the security check) that a program disguised as an audio file could actually be an executable, and happily running it? It is bad design. The same as ActiveX. Why are many IE security problems avoided by disabling Active Scripting? There seems to be an obsession with code these days. And people affected by such disease forget that the code should come after a good design, and a bad design can only be fixed scaping it and starting over. Borja. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBnLX5ULpVo4XWgJ8RAlTJAJ92yXv8C5ArhrGzsHCNXBQHyECqhQCcDoL9 LGLighoTQw5rSwV2/mMp72k= =TDnR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
That is like asking...why docops pick up the phone atthe homeof a drug dealer? What do you think? They are getting the word out that if you were a part of this site..that you have not been forgotten. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, November 18, 2004 8:17 AMCc: full-disclosure; [EMAIL PROTECTED]Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? [EMAIL PROTECTED] wrote on 11/17/2004 02:55:08 PM: Hello list, Mission Impossible theme sounded weird (too weird) and so on... Tell me: why should these link be active after the "UNITED STATES SECRET SERVICE Operation" ? http://www.shadowcrew.com/phpBB2/login.php http://archive.shadowcrew.com/Archive/ Matteo GiannoneMatteo...you don't suppose maybe law enforcement might leave the site and logins up to perhaps generate a list of who is going there, do you? Nah, that's way too sneaky and underhanded for our government-types, of course. /sarcasm off CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc.and may contain information which is confidential and proprietary.If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.CAUTION:Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any timewithout any further consent.
Re: [Full-Disclosure] IE is just as safe as FireFox
Hello, Danny! So when you run the Firefox setup/installer, do you direct the installation to \\server\firefox, and then once installed, you modify only the two files Stuart Fox mentions? Read my first message in this topic. I don't run Firefox installer at all, on both workstation and server. I download a zipped Firefox and unpack it to server share, edit a configuration JS files, then create a shortcut to firefox.exe on user's desktop/quicklaunch. -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 However Mozilla in Linux is integrated at some level...so they are just the same as I.E. Could you please define integrated? English isn't my primary language... Borja. - --- Borja Marcos* [EMAIL PROTECTED] Responsable de seguridad* Tel: +34 944209470 SARENET S.A. - AS3262 * Fax: +34 944209465 Parque Tecnologico, 103 * PGP KeyID: 0x85D6809F 48170 - Zamudio (Bizkaia) SPAIN * -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBnLb+ULpVo4XWgJ8RAhYvAJwNBa5JZhmbQqeAdYb5Uk+ymvHJkACglb6X gFhwQrMhlSTPPIPqixWHhnQ= =pAqV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] For your pleasure
Here is the English version via babelfish and tinyurl. In other words, the employee of Microsoft author of these sound files would have used a pirated version of the software SoundForge. http://tinyurl.com/5849c -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laurent LEVIER Sent: Wednesday, November 17, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] For your pleasure Guys, For your pleasure: http://www.materiel.be/n/7685/Des-fichiers-pirates-dans-XP.php I know, it is in French, but here is my translation, it deserves to be known. Digging into Windows XP Operating Systems, the journalists of PC Welt discovered the following text at the end of the files presents into the C:/Windows/Help/Tours/WindowsMediaPlayer/Audio/Wav directory: [see the picture at the link] You have to know that DeepzOne is the nickname of a founding member of the Radium cracking group created in 1997 and especialized into the craking of sound oriented software. To say it another way, the Microsoft guy who created these files used a cracked version of the SoundForce program. Even if it is probable the Redmond giant has a license of this program (400$), it looks bad to see this when we are hearing everywhere about the Microsoft anti-piracy policy... Laurent LEVIER Systems Networks Security Expert, CISSP CISM ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] WiFi question
--On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark [EMAIL PROTECTED] wrote: Could also be RF interference. One of my coworkers tracked down a particularly interesting problem with motion sensor lights. Turns out the motion sensors worked at the 240mhz range, which has resonance at 2.4ghz, or something like that. Hence every time the motion sensor worked, it would spew what the wardriving (site survey) apps thought was a zillion different access points with widely varying MAC addresses. I would have though it was a FAKEAP program also. I would assume the same could happen with other interference. Having a common SSID would seem to indicate this is not the problem, but just thought I'd mention it. Thanks for a particularly interesting and potentially useful bit of information, Mark. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] WiFi question
Okay, enough people commented on this that I had to dig out my documentation. FWIW, this is what my co-worked documented. My previous summary was not totally accurate. This was discovered by one of my co-workers, not myself. -snip From: [EMAIL PROTECTED] (name withheld to protect against spam) Subject: Some Occupancy Sensors May Cause WiFi Interference So what interferes with 802.11b/g wireless? So far the list seems to be short; microwaves, 2.4 GHz cordless telephones, existing WiFi or Bluetooth equipment.. nuclear reactors!? Now add some occupancy sensors to the list. Specifically, Hubbell MyTech 24KHz ceiling mount sensors, manufactured about ten years ago. I've attached a picture of a newer model; the one that I had problems with is shaped more like a square. They're used to turn lights on and off when people enter large rooms and to regulate heating and air conditioning. 24KHz doesn't sound like WiFi right? Most wireless devices have emissions at some multiple of their operating frequency, in this case 10x. This is called a harmonic frequency and normally these emissions are filtered out. Ten years ago there wasn't much going on with the unlicensed ISM band so my best guess is that the 2.4 GHz harmonic was not filtered out to save costs. I first observed the interference using our Surveyor software although Surveyor did not detect any wireless devices. Curiously, NetStumbler detected an infinitely increasing number of wireless MAC address on an invisible SSID, all operating on channel 10. If I place the NetStumbler tool next to one of the sensors, the SNR goes off the charts every time I wave my hand in front of the sensor. A new random MAC address often times pops up. The MAC addresses aren't registered with any specific manufacturer. They start out with 02:00 and are random for the remaining characters. It might be that NetStumbler is attempting to treat the interference as an actual WiFi device. Anyways, it's something to look out for! -snip Mark Lachniet ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
W theres sand in my vagina... I think I'll unsubscribe myself. STFU and subscribe to the moderated version. http://lists.seifried.org/mailman/listinfo/security As Skylined put it... if ya can't take the heat... get the fark out of the kitchen. And while you are at it cook something up already. -KF raza wrote: Guys you know what ? This mailing list and the dribble some people chat on it is p*SSing me off big time. This used to be a good list and some arse holes are bring the bullshit uprightness , politics and US government rules the world .. view to this otherwise excellent Security Info's. I had enough of it. either take your politics else where back to the People who give a fu** or get back to the posts that are relevant. I reckon many will leave this list. R -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 18 November 2004 16:03 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] RE: For your pleasure
Original (source of) story in German at http://www.pcwelt.de/news/software/104785/ and their own English translation at http://www.pcwelt.de/know-how/sicherheit/104830/index.html : Gotcha: Did Microsoft use Warez for Windows XP? We examined some WAV files ... ... the files were generated with the cracked version of Sound Forge 4.5. Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
Guys you know what ? This mailing list and the dribble some people chat on it is p*SSing me off big time. This used to be a good list and some arse holes are bring the bullshit uprightness , politics and US government rules the world .. view to this otherwise excellent Security Info's. I had enough of it. either take your politics else where back to the People who give a fu** or get back to the posts that are relevant. I reckon many will leave this list. R -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 18 November 2004 16:03 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
But they do own them..lol Seriously.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Thursday, November 18, 2004 10:03 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment
n3td3v: go troll somewhere else, there are probably more idiots like you who love bullshit like that -- Rob klein Gunnewiek ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
The only thing you shud be served is a big...fu** off...lame person -Original Message- From: KF_lists [mailto:[EMAIL PROTECTED] Sent: 18 November 2004 20:00 To: raza Cc: 'n3td3v'; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? W theres sand in my vagina... I think I'll unsubscribe myself. STFU and subscribe to the moderated version. http://lists.seifried.org/mailman/listinfo/security As Skylined put it... if ya can't take the heat... get the fark out of the kitchen. And while you are at it cook something up already. -KF raza wrote: Guys you know what ? This mailing list and the dribble some people chat on it is p*SSing me off big time. This used to be a good list and some arse holes are bring the bullshit uprightness , politics and US government rules the world .. view to this otherwise excellent Security Info's. I had enough of it. either take your politics else where back to the People who give a fu** or get back to the posts that are relevant. I reckon many will leave this list. R -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 18 November 2004 16:03 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
Frank Knobbe wrote: Which leads to the question, which is a safe graphics file format? BMP perhaps? No: http://lists.netsys.com/pipermail/full-disclosure/2004-September/026187.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
all your graphic files are belong to us. -KF [EMAIL PROTECTED] wrote: Frank Knobbe wrote: Which leads to the question, which is a safe graphics file format? BMP perhaps? No: http://lists.netsys.com/pipermail/full-disclosure/2004-September/026187.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] You have sent the attached unsolicited e-mail to an otherwise GOOD security email list.
Michael Evanchik wrote: I have no problem with this list. I use a tool to passively filter this list the same that I do for the spam problem that has taken over planet earth In your email client there is a button that will take care of this for you. Look for something in the respects of DELETE Anyone who can not decipher what is good and what is bad should be unsubscribed instead. Agreed. But some people, of course, the first thing they think of when they read something they don't like/agree with is lock it down, control everything, and remove the offender! When you're talking about networks and crime scenes, yeah - that works. When you're talking about open mailing lists, it should only be used in extreme circumstances (moderated mailing lists are a different story)... We're not there yet... the delete key is still quite functional for weeding out the noise. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Fcron: Multiple vulnerabilities Date: November 18, 2004 Bugs: #71311 ID: 200411-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service. Background == Fcron is a command scheduler with extended capabilities over cron and anacron. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-apps/fcron = 2.9.5*= 2.0.2 = 2.9.5.1 Description === Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact == A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround == Make sure the fcronsighup and fcrontab binaries are only executable by trusted users. Resolution == All Fcron users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose quot;gt;=sys-apps/fcron-2.0.2quot; References == [ 1 ] CAN-2004-1030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1030 [ 2 ] CAN-2004-1031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1031 [ 3 ] CAN-2004-1032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1032 [ 4 ] CAN-2004-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1033 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: This is a digitally signed message part
[Full-Disclosure] MDKSA-2004:136 - Updated samba packages fix remote vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandrakelinux Security Update Advisory ___ Package name: samba Advisory ID:MDKSA-2004:136 Date: November 18th, 2004 Affected versions: 10.0, 10.1 __ Problem Description: Steffan Esser discovered that invalid bounds checking in reply to certain trans2 requests could result in a buffer overrun in smbd. This can only be exploited by a malicious user able to create files with very specific Unicode filenames on a samba share. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 __ Updated Packages: Mandrakelinux 10.0: 9b1cbb94f9b6a29f4db47d6362c7dc59 10.0/RPMS/libsmbclient0-3.0.6-4.3.100mdk.i586.rpm 13d208678296f156851550d2fa6be003 10.0/RPMS/libsmbclient0-devel-3.0.6-4.3.100mdk.i586.rpm 41ed3906b38c216647f0b4abb2b0e148 10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.3.100mdk.i586.rpm 2949c6f12e1ae592d7d25cdd418cf3ab 10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.i586.rpm 81851b7b52e2db6271af33820b0d9e7f 10.0/RPMS/samba-client-3.0.6-4.3.100mdk.i586.rpm efde2c032fb6f83a1d8c4628790b9946 10.0/RPMS/samba-common-3.0.6-4.3.100mdk.i586.rpm 714bb9e00bf4452854c90caced2551a4 10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.i586.rpm 1b31b3fe682ecd29d089e9128647cc77 10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.i586.rpm 48ba46d5f50b50dcfb8f38fd6bd719e5 10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.i586.rpm 4e0e3b905b2fe0127ecfc08e1da3796e 10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.i586.rpm 888317c3b5fa0c9463e163b7c73075b7 10.0/RPMS/samba-server-3.0.6-4.3.100mdk.i586.rpm 109efb2384cda0e3016c0b288f710e87 10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.i586.rpm cef9d2b07f8355c02d69986d2afddb33 10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.i586.rpm 10c369789d118dab97c86f28e4207ce5 10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 8d810908b095dc8672eb7819bd15f0b2 amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.3.100mdk.amd64.rpm 27a93b3cf869598fa23a37392c69d339 amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.3.100mdk.amd64.rpm 557e63312a94f1bdc42982f240d140ca amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.3.100mdk.amd64.rpm 8e7cd945f7d406a049d7d8e79afc97b4 amd64/10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.amd64.rpm 06873271e882b5f00b72b7733664cb0a amd64/10.0/RPMS/samba-client-3.0.6-4.3.100mdk.amd64.rpm fff4d9c9aa1d33a2b5c9c9a60e87a145 amd64/10.0/RPMS/samba-common-3.0.6-4.3.100mdk.amd64.rpm 83404ba5b9b0a65ecdd820fc6fa4423c amd64/10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.amd64.rpm efdd9b19800f9f076a7e4e0c1314fd35 amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.amd64.rpm 436ec72f9ad76315e37906f6d5699a17 amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.amd64.rpm 415491ad3ade4577113d240ad98a88f2 amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.amd64.rpm 6ae1e74ad89e997b9caf15b4a65a78ea amd64/10.0/RPMS/samba-server-3.0.6-4.3.100mdk.amd64.rpm 623364413e9634f06e0e0cbf990535ce amd64/10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.amd64.rpm 809e3c4b6faca289d76e23438df4bf07 amd64/10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.amd64.rpm 10c369789d118dab97c86f28e4207ce5 amd64/10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm Mandrakelinux 10.1: 7701679643c47d6123b6552e46c22919 10.1/RPMS/libsmbclient0-3.0.7-2.2.101mdk.i586.rpm 90cdd7197c880c093bbcd02633f06e04 10.1/RPMS/libsmbclient0-devel-3.0.7-2.2.101mdk.i586.rpm eef0fdf0c63aaf7ea38040f08a44c0ff 10.1/RPMS/libsmbclient0-static-devel-3.0.7-2.2.101mdk.i586.rpm 2303f39d131fdc6e85c4e7b3d29eab30 10.1/RPMS/nss_wins-3.0.7-2.2.101mdk.i586.rpm 0171975fe323cf1d7ac036087a7e967e 10.1/RPMS/samba-client-3.0.7-2.2.101mdk.i586.rpm 8aabb86ac1d0235d5f95353a52f2ee62 10.1/RPMS/samba-common-3.0.7-2.2.101mdk.i586.rpm 7a2537f0534ae7e643e21671b5a77cba 10.1/RPMS/samba-doc-3.0.7-2.2.101mdk.i586.rpm 5efc2a327a946a7266daabe64ebf6ed8 10.1/RPMS/samba-passdb-mysql-3.0.7-2.2.101mdk.i586.rpm f48c3bc088a21e71eba00e7d18dc3538 10.1/RPMS/samba-passdb-pgsql-3.0.7-2.2.101mdk.i586.rpm 3a5483ec112532ffb1e7bc8d7ab3722d 10.1/RPMS/samba-passdb-xml-3.0.7-2.2.101mdk.i586.rpm 42c0de84041d35a6608a4434c3f0aee1 10.1/RPMS/samba-server-3.0.7-2.2.101mdk.i586.rpm 16a096aaf7504e4462828f171d42e924 10.1/RPMS/samba-swat-3.0.7-2.2.101mdk.i586.rpm 7f173153c61f02902aaf3290e964fdd9 10.1/RPMS/samba-vscan-clamav-3.0.7-2.2.101mdk.i586.rpm 4b91a38b17f12fd70b4cc394a239a170 10.1/RPMS/samba-vscan-icap-3.0.7-2.2.101mdk.i586.rpm 4cd663bc68e60bb769730526d0f0a3d5 10.1/RPMS/samba-winbind-3.0.7-2.2.101mdk.i586.rpm
[Full-Disclosure] University Researchers Challenge Bush Win In Florida
University Researchers Challenge Bush Win In Florida According to researchers at the University of California, Berkeley, counties with electronic voting machines were significantly more likely to show increased support for President Bush compared to counties with paper ballots or optical scan equipment. http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,97614,00.html?nas=PM-97614 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Gmail anomaly
This is not a security risk but a weirdness worth noting. I reported it as a bug to gmail but im not sure if its a bug on their part it may be firefox not doing something right. If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [USN-30-1] Linux kernel vulnerabilities
=== Ubuntu Security Notice USN-30-1 November 18, 2004 linux-source-2.6.8.1 vulnerabilities CAN-2004-0883, CAN-2004-0949, and others === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-3-386 linux-image-2.6.8.1-3-686 linux-image-2.6.8.1-3-686-smp linux-image-2.6.8.1-3-amd64-generic linux-image-2.6.8.1-3-amd64-k8 linux-image-2.6.8.1-3-amd64-k8-smp linux-image-2.6.8.1-3-amd64-xeon linux-image-2.6.8.1-3-k7 linux-image-2.6.8.1-3-k7-smp linux-image-2.6.8.1-3-power3 linux-image-2.6.8.1-3-power3-smp linux-image-2.6.8.1-3-power4 linux-image-2.6.8.1-3-power4-smp linux-image-2.6.8.1-3-powerpc linux-image-2.6.8.1-3-powerpc-smp The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.1. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. Details follow: CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers of the connected Samba server. This could be achieved by man-in-the-middle attacks or by taking over the Samba server with e. g. the recently disclosed vulnerability in Samba 3.x (see CAN-2004-0882). While any of these vulnerabilities can be easily used as remote denial of service exploits against Linux systems, it is unclear if it is possible for a skilled local or remote attacker to use any of the possible buffer overflows for arbitrary code execution in kernel space. So these bugs may theoretically lead to privilege escalation and total compromise of the whole system. http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt: Several flaws have been found in the Linux ELF binary loader's handling of setuid binaries. Nowadays ELF is the standard format for Linux executables and libraries. setuid binaries are programs that have the setuid file permission bit set; they allow to execute a program under a user id different from the calling user and are mostly used to allow executing a program with root privileges to normal users. The vulnerabilities that were fixed in these updated kernel packages could lead Denial of Service attacks. They also might lead to execution of arbitrary code and privilege escalation on some platforms if an attacker is able to run setuid programs under some special system conditions (like very little remaining memory). Another flaw could allow an attacker to read supposedly unreadable, but executable suid binaries. The attacker can then use this to seek faults within the executable. http://marc.theaimsgroup.com/?l=linux-kernelm=109776571411003w=2: Bernard Gagnon discovered a memory leak in the mmap raw packet socket implementation. When a client application (in ELF format) core dumps, a region of memory stays allocated as a ring buffer. This could be exploited by a malicious user who repeatedly crashes certain types of applications until the memory is exhausted, thus causing a Denial of Service. Reverted 486 emulation patch: Ubuntu kernels for the i386 platforms are compiled using the i486 instruction set for performance reasons. Former Ubuntu kernels contained code which emulated the missing instructions on real 386 processors. However, several actual and potential security flaws have been discovered in the code, and it was found to be unsupportable. It might be possible to exploit these vulnerabilities also on i486 and higher processors. Therefore support for real i386 processors has ceased. This updated kernel will only run on i486 and newer processors. Other architectures supported by Ubuntu (amd64, powerpc) are not affected. Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.diff.gz Size/MD5: 3083854 6c6205802319f9774bacae96e0215e9b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.dsc Size/MD5: 2119 bd3ecefdb8236a927ca0af02b575dc2d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 6158782 88fdd5612e0c91ea71e97640a0fb7b9a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 1438690 7a1c68e4b85dd8b00faaf559a343d925
[Full-Disclosure] Compressed files overflow
Microsoft Windows Vulnerability in Compressed (zipped) Folders (MS04-034) attached is a POC of this vulnerability.. How to get new offsets: 1) attach debugger (i.e ollydbg) to explorer.exe 2) open the zip file as a folder and add or move some files to it 3) search in the explorer.exe memory the shellcode and get the addresses ZipMe!.cpp Description: Binary data
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
In case no one else helped you with this, allow me to try. =) Could you please define integrated? English isn't my primary language... Integrated is similar to saying is part of or united. For future reference (and more info), Google can also be extremely handy in such a case. Doing a Google search for: define:WORD_TO_DEFINE will likely reveal the answer to you. (You can also translate it into your own language if Google supports your language, or possible doing such a query from the Google home page of your country would save a step.) For example, here is the Google search for Integrated: - http://www.google.com/search?q=define%3Aintegrated Hope that helps. =) -- Peace. ~G On Thu, 18 Nov 2004 15:51:42 +0100, Borja Marcos [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 However Mozilla in Linux is integrated at some level...so they are just the same as I.E. Could you please define integrated? English isn't my primary language... Borja. - --- Borja Marcos* [EMAIL PROTECTED] Responsable de seguridad* Tel: +34 944209470 SARENET S.A. - AS3262 * Fax: +34 944209465 Parque Tecnologico, 103 * PGP KeyID: 0x85D6809F 48170 - Zamudio (Bizkaia) SPAIN * -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBnLb+ULpVo4XWgJ8RAhYvAJwNBa5JZhmbQqeAdYb5Uk+ymvHJkACglb6X gFhwQrMhlSTPPIPqixWHhnQ= =pAqV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. The Maxthon add-on for IE does the same thing Its annoying as hell when you are testing web apps. On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 [EMAIL PROTECTED] wrote: This is not a security risk but a weirdness worth noting. I reported it as a bug to gmail but im not sure if its a bug on their part it may be firefox not doing something right. If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service?
I'm not trying to take sides, although KF has made a very good point. I see a handful of people complaining about the list. Face the facts: it's unmoderated. That was a known fact when we all signed up and shouldn't be overlooked now. Allow me to elaborate a bit. Obviously it's your choice to continue to subscribe or not. I think the point KF was trying to make (eloquently or not =) was that you (or anyone else complaining) are very welcome to unsubscribe (and subscribe the a moderated version instead if you choose). Either way, complaints sent to the list do nothing but waste MORE bandwidth/time and cause the same effect the person is complaining about. I have setup a handful of filters that sort out what I prefer not to read about. Personally, I like the freedom of knowing I get to choose what I see, not what a moderator thinks I should see. It's actually one of the reasons I have stayed on the list even through the obvious BS that has been posted at times. Instead of complaining, do something constructive about it. Setup filters. Unsubscribe. Move to a moderated mirror instead. (KF was even nice enough to include a link for you so you wouldn't have to go hunting.) My 2 cents. Spend it how you wish. -- Peace. ~G On Tue, 23 Nov 2004 20:17:29 -, raza [EMAIL PROTECTED] wrote: The only thing you shud be served is a big...fu** off...lame person -Original Message- From: KF_lists [mailto:[EMAIL PROTECTED] Sent: 18 November 2004 20:00 To: raza Cc: 'n3td3v'; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? W theres sand in my vagina... I think I'll unsubscribe myself. STFU and subscribe to the moderated version. http://lists.seifried.org/mailman/listinfo/security As Skylined put it... if ya can't take the heat... get the fark out of the kitchen. And while you are at it cook something up already. -KF raza wrote: Guys you know what ? This mailing list and the dribble some people chat on it is p*SSing me off big time. This used to be a good list and some arse holes are bring the bullshit uprightness , politics and US government rules the world .. view to this otherwise excellent Security Info's. I had enough of it. either take your politics else where back to the People who give a fu** or get back to the posts that are relevant. I reckon many will leave this list. R -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 18 November 2004 16:03 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: controversial shadowcrew site hacked by secret service? Ok, so it was the secret service who put a new homepage up, but have the secret service done this before with other sites, or is this the first time? I wish they wouldn't do it in future, its looks too we own you kid behaviour. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html