| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Nov 2007 07:49:20 +0100 From: rchrafe <rchrafe@...il.com> To: XSS Worm XSS Security Information Portal <cross-site-scripting-security@...worm.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: How to become a Computer Security Professional ? XSS Worm XSS Security Information Portal wrote: > #!/bin/sh > > # 0day exploit for Paul Schmehl > # based on information provided by Paul Schmehl > # pauls@...allas.edu <mailto:pauls@...allas.edu> > # > > echo pauls > /hack/edu/utdallas.edu/known.addresses > > googledump.pl --email-addresses --context-links > --referers --extended-links -keywords "Paul","Schmehl","utdallas.edu > <http://utdallas.edu>", "pauls@", "pauls@...allas > ","paul.schmehl@" --verbose > > socialgrab.pl --known-address "pauls@...allas.edu > <mailto:pauls@...allas.edu>" --real-name "Paul Schmehl" > --tags=security,hacking,utdallas,vulnerability > --search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress > --verbose --dump-links > > infopull.pl --pgp-search --whois --domaintools --usenet --trackers > --irclog --mirrors --listserv --known-addresses="pauls@...allas.edu > <mailto:pauls@...allas.edu>" > > echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu > > # http://xssworm.com HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA > > > > > > On 11/19/07, *Paul Schmehl* <pauls@...allas.edu > <mailto:pauls@...allas.edu>> wrote: > > --On November 19, 2007 3:34:23 AM +0000 worried security > <worriedsecurity@...glemail.com > <mailto:worriedsecurity@...glemail.com>> wrote: > > > > The forth most important rule to becoming a security professional, > > always use a throw-away e-mail account so it doesn't matter of > script > > kids hi-jack your e-mail account with the next cross-site scripting > > vulnerablity that gets posted to the public mailing lists. > > > You forgot the most important rule of all. Pay no heed to bozos > who post > anonymously and don't even have a job in security. Their advice is > usually worth just as much as their reputation. > > Paul Schmehl ( pauls@...allas.edu <mailto:pauls@...allas.edu>) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > <http://www.utdallas.edu/ir/security/> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > <http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Francesco Vaj [CISSP - GIAC] > CSS Security Researcher > mailto: vaj@...pam.xssworm.com <mailto:vaj@...pam.xssworm.com> > aim: XSS Cross Site > ------ > XSS Cross Site Scripting Attacks > Web 2.0 Application Security Information Blog (tm) 2007 > http://www.XSSworm.com/ > ------ > "Vaj, bella vaj. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists