On 9/27/07, T Biehn [EMAIL PROTECTED] wrote:
Genius!
Billy: Wow, thats a cool 0-day.
Joe: You mean an RDV.
Billy: What?
Joe: Only the bad guys call it 0-day now, haven't you heard?
Billy: Nope.
Joe: Yeah Gadi Evron and friends didn't like the term 0-day anymore, because
it sounds too evil
Stop your stupid bullshit. If you have no work to do, create your own
mailing list and post your bullshit there. We have better things to do
than think about stupid names.
If the media thinks that hackers are always evil, it is because of
stupid people like you, who have nothing good to
I am a system administrator and I find this list full of noise due to
people like you.
--
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
Stop your stupid bullshit. If you have no work to do, create your own
mailing list and post your bullshit there. We have better things to do
than think
I am a system administrator and I find this list full of noise due to
people like you.
On 9/28/07, Daniel Marsh [EMAIL PROTECTED] wrote:
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
I am a system administrator and I find this list full of noise due to
people like you.
On 9/28/07,
Hey!
Do you have your CISSP certification too!?
Cheeky Shenanigans Exposing Aspie Driven InfoSec Stupidity = Blackhat
Disinformation Project of the Highest Order
;)
Travis
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
Stop your stupid bullshit. If you have no work to do, create your own
#!/bin/sh
#
# Secure v9.3.1b
# This is to be used on a NEW install only!
# This script will go through your box and lock the inside down.
# Copyright [EMAIL PROTECTED] | [EMAIL PROTECTED],
([EMAIL PROTECTED])
# Thanks to jericho from attrition for pointing out some issues
with it.
# This script
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1378-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
September 27th, 2007
Wouldn't UDV be more appropriate, for unpatched disclosed vulnerability? The
R in RDV means recent. I wouldn't consider a two-month old, but still
unpatched, vulnerability to be recent, so I wouldn't really be able to call
it an RDV. I would, however, be able to call it a UDV.
Another option
How about SPB - (Stupid Pointless Bullshit)
The noise level on this list is pathetic anymore
On 9/28/07, Troy [EMAIL PROTECTED] wrote:
Wouldn't UDV be more appropriate, for unpatched disclosed vulnerability?
The R in RDV means recent. I wouldn't consider a two-month old, but still
I asked you to stop your bullshit you mad man. It is crazy to see so
many anonymous IDs talking to each other and spamming the whole list.
On 9/28/07, worried security [EMAIL PROTECTED] wrote:
On 9/28/07, Troy [EMAIL PROTECTED] wrote:
Wouldn't UDV be more appropriate, for unpatched
So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was
this just a mistake?
Steven
Actually, I see 5.1005 in both browsers.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC
On Fri, 28 Sep 2007 17:29:51 BST, worried security said:
Two months is still recently. Think about In recent history we invaded
Iraq, In recent times terrorism has become more prominent.
The real problem here is that 0-day originally meant previously undisclosed
vulnerability/exploit. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Has anyone ever heard of .NET REMOTING running on port 31337? If so,
have you ever seen it legitimate?
- --
- - simon
- --
http://www.snosoft.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)
This is not only Firefox 2.0.0.7. I still have
2.0.0.5 and it still shows the
5.1005. Of course if you understand floating point and the level of accuracy needed, I don't see how this could be serious.
And I don't see a way this being exploited to give RCE.
Mukul Dharwadkar
Due to this RDV called email I suggest the following patch:
procmail || ${insert other filter here}
This work around will allow you to avoid the n3td3v RDV shenanigans.
Thank you.
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
I asked you to stop your bullshit you mad man. It is crazy to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Has anyone ever heard of .NET REMOTING running on port 31337? If so,
have you ever seen it legitimate?
- --
- - simon
- --
http://www.snosoft.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)
Actually, I see 5.1005 in both browsers.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
..perhaps one day, this will be exploitable.
Consider the possibilities for this code:
If ((4.2-0.1) != 4.1) { exploit_client(); }
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.
PoC concept here:
javascript:5.2-0.1
(copy this code into address bar)
Firefox 2.0.0.7 result: 5.1005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)
___
IE7 was fine for me, showed up in FF 2.0.0.7
However, I think it's much wider-spread than initially thought. I
found the same most unsettling results using:
javascript:4.2-0.1
javascript:3.2-0.1
javascript:2.2-0.1
I did not have time to try more, but obviously all of you can see the
On 9/28/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
#!/bin/sh
#
# Secure v9.3.1b
# This is to be used on a NEW install only!
# This script will go through your box and lock the inside down.
# Copyright [EMAIL PROTECTED] | [EMAIL PROTECTED],
([EMAIL PROTECTED])
# Thanks to jericho from
Sil,
Don't let that shit out! Keep it UG!
On 9/28/07, J. Oquendo [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Two months is still recently. Think about In recent history we invaded
Iraq, In recent times terrorism has become more prominent.
The real problem here is that 0-day
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
I asked you to stop your bullshit you mad man. It is crazy to see so
many anonymous IDs talking to each other and spamming the whole list.
I haven't seen your name before, it will be added to the echelon database
now.
Great. The 2007 version of the fdiv bug.
Geoff
Sent from my BlackBerry wireless handheld.
-Original Message-
From: Steven Adair [EMAIL PROTECTED]
Date: Fri, 28 Sep 2007 13:20:51
To:Larry Seltzer [EMAIL PROTECTED]
Cc:full-disclosure@lists.grok.org.uk, carl hardwick [EMAIL PROTECTED]
YAWN!!!
On 9/28/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
The real problem here is that 0-day originally meant previously undisclosed
vulnerability/exploit. The term lost its usefulness when all the hacker
wannabe's started posting I found a 0-day, when what they really had was
a
I am a system administrator and I find this list full of noise due to
people like you.
On 9/28/07, Knud Erik Højgaard [EMAIL PROTECTED] wrote:
I am a system administrator and I find this list full of noise due to
people like you.
--
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
Stop
On 9/28/07, Jimby Sharp [EMAIL PROTECTED] wrote:
I am a system administrator and I find this list full of noise due to
people like you.
On 9/28/07, Knud Erik Højgaard [EMAIL PROTECTED] wrote:
I am a system administrator and I find this list full of noise due to
people like you.
--
On Fri, 28 Sep 2007, carl hardwick wrote:
javascript:5.2-0.1
Firefox 2.0.0.7 result: 5.1005 (WRONG!)
This is a proper behavior of IEEE 754 64-bit double float, which, IIRC, is
precisely what ECMA standard mandates.
You will get the same from any C-style 'double' arithmetics.
[EMAIL PROTECTED] wrote:
Two months is still recently. Think about In recent history we invaded
Iraq, In recent times terrorism has become more prominent.
The real problem here is that 0-day originally meant previously
undisclosed
vulnerability/exploit. The term lost its usefulness when all
Firefox 2.0.0.7 result: 5.1005 (WRONG!) Internet Explorer
7 result: 5.1 (OK)
Maybe they're using Excel 2007 for their math.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
On 9/28/07, Troy [EMAIL PROTECTED] wrote:
Wouldn't UDV be more appropriate, for unpatched disclosed vulnerability?
The R in RDV means recent. I wouldn't consider a two-month old, but still
unpatched, vulnerability to be recent, so I wouldn't really be able to call
it an RDV. I would,
How is this serious and is it related to security in any manner? If
not, please do not spam. :-(
And go and learn some floating point maths.
On 9/28/07, carl hardwick [EMAIL PROTECTED] wrote:
There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.
PoC concept here:
How is this serious and is it related to security in any manner? If
not, please do not spam. :-(
And go and learn some floating point maths.
On 9/28/07, carl hardwick [EMAIL PROTECTED] wrote:
There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.
PoC concept here:
rPath Security Advisory: 2007-0202-1
Published: 2007-09-27
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local Root Non-deterministic Information Exposure
Updated Versions:
kernel=/[EMAIL PROTECTED]:devel//1/2.6.22.9-0.1-1
rPath Issue Tracking System:
Dear Jimby,
Please read the list charter.
What if this issue has security implications that we are unaware
of? It is important to saturate this list with any and all reports
of software misbehavior (or perceived misbehavior) so that Vladis
and the other aged mailing list participants can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please stop spamming this list. This list is for the discussion of
security related matters.
Please read the list charter and adhere to the guidelines before
posting again.
On Fri, 28 Sep 2007 13:12:44 -0400 Jimby Sharp
[EMAIL PROTECTED] wrote:
I
On 9/28/07, Simon Smith [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Right,
It set off alarms with all of my penetration testers hence why
we're
researching it. The question I have is, has anyone seen port 31337
respond with the .NET REMOTING banner? Our
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Got output... and it was... no idea what it was... can't paste it due to
confidentiality though.
Fabrizio wrote:
.NET Remoting is a generic system for different applications to use to
communicate with one another. It's part of the .NET framework,
Let's take this C code.
#include stdio.h
int main(int argc, char **argv) {
float a = 0.7;
if(a == 0.7) {
printf(%f is equal to %f\n, a, 0.7);
} else {
printf(%f is not equal to %f\n, a, 0.7);
}
}
On many implementations (not necessarily all implementations) we will
get the
The *REAL* questions should be:
is it oh day or is it zero day?
What is proper syntax?
0spaceday
0dashday
0underscoreday
0day
Should you capitalize the D?
how about the Z if you choose to go with Zero?
-KF
On Sep 28, 2007, at 1:24 PM, [EMAIL PROTECTED] wrote:
On Fri, 28 Sep 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Right,
It set off alarms with all of my penetration testers hence why we're
researching it. The question I have is, has anyone seen port 31337
respond with the .NET REMOTING banner? Our nmap -A claims that it is
.NET REMOTING... just seems
The last time I saw anything on port 31337 (ELEET) it was during a
vulnerability assessment. We shut it down and stopped the assessment.
Management wouldn't let us investigate, then blew the cover on the
assessment a week or two later.
It's almost always bad, but you may just have an admin with
On 9/28/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Fri, 28 Sep 2007 17:29:51 BST, worried security said:
Two months is still recently. Think about In recent history we invaded
Iraq, In recent times terrorism has become more prominent.
The real problem here is that 0-day originally
If you think it's that critical, (i think it's that critical) start by
blocking any connections from anywhere to that machine/port. See if anyone
complains. Check any old firewall logs for that port while you're at it.
Then continue your investigation!!
Fabrizio
On 9/28/07, Simon Smith [EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How is your post related to security in any way? Please stop
spamming this list with non-security related material.
I am a system administrator and I find this list full of noise due
to
people like you.
Thanks.
On Fri, 28 Sep 2007 14:10:21 -0400
Don't hate just cuz I got a big black dick, and try talking shit from
a legit email account next time.
-KF
On Sep 28, 2007, at 2:33 PM, [EMAIL PROTECTED] full-
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No the real question is kerosene or noose, motherfucker.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Unfortunately I do not have the control or authority to dig into it
further... but your input has been helpful...
Fabrizio wrote:
If you think it's that critical, (i think it's that critical) start by
blocking any connections from anywhere to that
Yes, I have seen similar hacks that have come primarily from French hackers.
They utilize legitimate network administration tools to remotely
administer your network for you. GO to that box and run the fport.exe util
and handle.exe, or use sysinternals tools to find the app and its stack that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I assure you this is a real email account and I am not just using
email spoofing and interception technologies.
On Fri, 28 Sep 2007 14:40:37 -0400 Kevin Finisterre (lists)
[EMAIL PROTECTED] wrote:
Don't hate just cuz I got a big black dick, and try
carl hardwick wrote:
PoC concept here:
javascript:5.2-0.1
(copy this code into address bar)
Firefox 2.0.0.7 result: 5.1005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)
In IE7 and Opera I get the same thing you do for Firefox. This is not
surprising because the ECMAScript
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No the real question is kerosene or noose, motherfucker.
On Fri, 28 Sep 2007 14:00:25 -0400 Kevin Finisterre (lists)
[EMAIL PROTECTED] wrote:
The *REAL* questions should be:
is it oh day or is it zero day?
What is proper syntax?
0spaceday
On 9/28/07, Susam Pal [EMAIL PROTECTED] wrote:
Let's take this C code.
#include stdio.h
int main(int argc, char **argv) {
float a = 0.7;
if(a == 0.7) {
printf(%f is equal to %f\n, a, 0.7);
} else {
printf(%f is not equal to %f\n, a, 0.7);
}
}
On many implementations
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sounds like you will need to learn how to use debugging and other
reverse engineering tools dude. Security gets a little more
complicated post-nmap.
On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith [EMAIL PROTECTED]
wrote:
Got output... and it
Yeah! Stand there and risk come confidential data being compromised! Monitor
and Capture them stealing our customer info! Then try and get it back!
Come on man. It's a pen-test, and there are NDA's in order. Don't take the
chance.
On 9/28/07, Joel R. Helgeson [EMAIL PROTECTED] wrote:
I
Yes. If one operand of a binary operator is of double type and the other
is of float type, then it is converted to double before the operator
operates. In this case when float type 0.7 is converted to double type,
the converted value is not exactly equal to double type 0.7. It can
never be on
How is this post of yours related to security in any way? I want you
to shut up. I am a system administrator and I find this list full of
noise due to people like you.
XSS is a thing about input validation as well as output validation.
On 9/29/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No way...
are you serious?
;P
[EMAIL PROTECTED] wrote:
Sounds like you will need to learn how to use debugging and other
reverse engineering tools dude. Security gets a little more
complicated post-nmap.
On Fri, 28 Sep 2007 14:21:52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No just kidding lol a lot of people here seem to make money in this
business.
On Fri, 28 Sep 2007 15:01:01 -0400 Simon Smith [EMAIL PROTECTED]
wrote:
No way...
are you serious?
;P
[EMAIL PROTECTED] wrote:
Sounds like you will need to learn how to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I do... but I don't have time to explain it to you... its complicated...
post-nmap stuff...
[EMAIL PROTECTED] wrote:
dunno how do you plan on figuring out what is running there
On Fri, 28 Sep 2007 15:07:34 -0400 Simon Smith [EMAIL PROTECTED]
Michal
I don't get the same from C-style double arithmetics. Could you
provide a sample code that you believe should show the same behavior?
On 9/28/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Fri, 28 Sep 2007, carl hardwick wrote:
javascript:5.2-0.1
Firefox 2.0.0.7 result:
On Sat, 29 Sep 2007, Jimby Sharp wrote:
I don't get the same from C-style double arithmetics. Could you provide
a sample code that you believe should show the same behavior?
If you don't, it's presumably because the subtraction is optimized out by
the compiler, or because you printf() with an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phew... thought you were serious for a moment...
I mean... what more could there be aside from nmap. ;]
[EMAIL PROTECTED] wrote:
No just kidding lol a lot of people here seem to make money in this
business.
On Fri, 28 Sep 2007 15:01:01 -0400
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
educate me dude i bet i'll win this one.
are your techniques more advanced than the anvil ids suite?
On Fri, 28 Sep 2007 15:22:23 -0400 Simon Smith [EMAIL PROTECTED]
wrote:
I do... but I don't have time to explain it to you... its
complicated...
I disagree, don't block access to the port. Monitor and capture it.
Joel's First rule of forensics: Don't just do something, stand there!
Watch it, monitor it. If it is a crafty backdoor, there are dozens of others
to enable bad guys to regain entry.
Blocking lets the hacker know you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry,
Bad Troll... no more food...
[EMAIL PROTECTED] wrote:
fascinating tell me more
On Fri, 28 Sep 2007 15:36:07 -0400 Simon Smith [EMAIL PROTECTED]
wrote:
I don't have any techniques...
[EMAIL PROTECTED] wrote:
educate me dude i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Sep 28, 2007 at 09:09:02PM +0200, Michal Zalewski wrote:
On Sat, 29 Sep 2007, Jimby Sharp wrote:
I don't get the same from C-style double arithmetics. Could you provide
a sample code that you believe should show the same behavior?
If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
was this thread billable time to your customer? i hope they use
the internet to research you and your inability to deduce this port
three one three three seven nonsense and your associates talk of
his shit stained penis
On Fri, 28 Sep 2007 15:40:26
Thanks.
On 9/29/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Sat, 29 Sep 2007, Jimby Sharp wrote:
I don't get the same from C-style double arithmetics. Could you provide
a sample code that you believe should show the same behavior?
If you don't, it's presumably because the subtraction
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Sep 28, 2007 at 09:09:02PM +0200, Michal Zalewski wrote:
On Sat, 29 Sep 2007, Jimby Sharp wrote:
I don't get the same from C-style double arithmetics. Could you provide
a sample code that you believe should show the same behavior?
If
So the precision of an IEEE single precision float is about 7 digits
and of a double is about 15. If you try to exhibit the result to more
digits of precision what makes anyone think you would get a more
precise result? What makes you think that such exhibiting is even guaranteed
to be accurate?
70 matches
Mail list logo