lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 20 Sep 2007 12:43:12 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>, 
	Aditya K Sood <zeroknock@...niche.org>
Subject: Re: [Mlabs] Scrutinising SIP Payloads - Someone
 break his e-kneecaps please

First of all you should credit ALL the individuals, companies and sites
you rip your information from else its called plagiarism

On Page 12. Word for word you simply copied:
http://www.cisco.com/en/US/docs/voice_ip_comm/sip/proxies/2.0/release/notes/stnSolRn.html

"Temper the contents and make it work according to attackers usage."
What the hell are you talking about...

You stated "The Cisco proxy server does not accept calls after 150 cps"
I don't know what the hell you were using but Netra's can easily push in
upwards of CPS, IBM X's 1000 via udp, 200+ via tcp...

On Page 19 you stated "Wiretapping Attacks: These are the generic class
of attacks which take place when modification of communication channel
is done by an attacker between two parties." ... Really? So when I'm
running VoIPong and "nothing" is getting modified yet I'm steady
recording a conversation what is this called. An unmodified wiretapping
attack.

That paper was yet another waste of time for me to read. Instead of
copying and pasting to your hearts content and putting together
something that makes sense only to you, why don't you first try to
understand 1) what the hell you're talking about 2) what the hell you're
writing about 3) what the protocol truly does and then - what attacks
are possible based on something you truly know - as opposed to something
you may think sounds logical.

Page 28: "It can be exploited by the attackers to have Denial of service
attacks. The mechanism starts from the payload designing. The actual
infection starts or is mainly coded in the payload itself by the
attackers." What kind of high potent hashish are you smoking?

Outside of these ignorant assumptions you make based on what I infer as
an overall lack of knowledge on the subject, I could barely skim through
the rest of your document since it was mainly terrible english with huge
chunks of copied RFC material and ramblings that made zero sense.
Nothing worth noting - other than me repeating in my head "this jackass
should STFU and learn what he's talking about instead of making an idiot
out of himself"

And I don't mean to sound harsh - well yea I do, but that's irrelevant.
What you're doing is flooding the industry with bullshit documents that
those without a clue might read and become even more clueless. Please
stop your ramblings.

====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ