lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri Jun 23 15:08:03 2006
From: internationalhackers at googlemail.com (internationalhackers)
Subject: researchers want slice of profit and vow pull out
	of mailing list disclosures

== part one of 2

john cartwright rejected our post to the full-disclosure mailing list in
reply to the 'multiple yahoo vulnerability' advisory

don't be fooled by the unmoderated condition of the list, john cartwright
has both our e-mail accounts on moderation.

we're not mentioning our alias, so we can beat the procmail filters, which
have been setup by nasty individuals who constantly post to the list
complaining about our posts, on an 'unmoderated mailing list'.

yahoo cookies use a rot system, the cookies are not designed to have stealth
encryption. (this was a bogus claim)

yahoo url redirection web address is designed to add externally hosted url's
to the end of the rd yahoo domain address. yahoo is contantly sent e-mail
about the rd yahoo claim, and yahoo just need to shrug it off. google in
turn have an identical url redirection system, where the purpose like the
yahoo system is to gather stats on url's post on yahoo and google web
applications by its users. (this claim was a bogus)

the only justified claim was your yahoo cross site scripting claim, well
done.

i ask you now, the author, to re-publish your advisory.

we'll leave it upto the fd readers to tell everyone who this is, so you can
be procmail trapped and not our messages.

we're not really international hackers per say, we only used this address
using common keywords which users won't be able to filter without trapping
other e-mail with it.

see our googlepages site if you are a corporate user

== part two of 2

if you are a mailing list reader, see our mailing list

onecare still vulnerable

cisco systems still vulnerable

we know the technical reason why yahoo login servers were down for ten hours
during the the night of tuesday and morning of wednesday.

and lots more that you fd readers don't know about, yet john cartwright has
moderated two our our mail addresses.

this is ment to be full disclosure people, how can it be if we're having to
change e-mail just to post our intelligence on corporate security?

you can tell the ones who aren't hackers on this list, because all they do
is whinge about the content of the list, and ask for 'support on how to
setup 'thunderbird' filters.

saltzer (check spelling) from the sans handlers dairy thought he was funny
asking if our web site would be 'web 2.0' compatible', i didn't know it was
the task of on-duty sans people to troll and provoke cyber attacks, by
trolling on the mailing lists they monitor and write up on in their dairy(?)

symantec and others are making millions of dollars a year from selling
security products, hackers are aware of this, and we don't like to post our
vulnerabilities to a public mailing list, where symantec and others can cash
in. our policy is to go to the vendor direct, and then ask that vendor,
never to realease public information of our disclosure, so that sans,
symantec etc cannot report on it and as a knock on effect, make money.

our policy isn't anti-vendor, its just anti people getting rich from our own
research, where symantec become millionaires, while the hackers are left
with a hole in their pocket, driving working-class cars and struggling to
bring up a family and make a living.

do you think thats right morally? we sure don;t

thats why we're been in touch with the world's security researchers and
askign them not to post information to public mailing lists, and to
encourage others to do the same.

we have massive support from our corporate, small business and home user
contacts off this list.

in our eyes its not about compromising security, its about giving credit
where its due (on a money agenda, not just to have your name at the bottom
of an advisory anymore)

times are changing, it isn't about posting to fd and having your name
attached to your advisory anymore, its about protecing your work financially
from symantec and the other big money makers.

-- end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060623/b2380a37/attachment.html

Powered by blists - more mailing lists