[<prev] [next>] [day] [month] [year] [list]
Message-ID: <MAEEKPILJDKFDGELIBECAEHICGAA.shagghie@gmx.net>
From: shagghie at gmx.net (Shagghie)
Subject: US Governement War3z Server?
yeah
http://science.nature.nps.gov/im/apps/npspp/index.htm
this is a pretty cool project, hate to see it
damaged b/c of such a silly policy.
-shag
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
full-disclosure-request@...ts.netsys.com
Sent: Friday, August 22, 2003 12:04 PM
To: full-disclosure@...ts.netsys.com
Subject: Full-Disclosure digest, Vol 1 #1058 - 26 msgs
Send Full-Disclosure mailing list submissions to
full-disclosure@...ts.netsys.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@...ts.netsys.com
You can reach the person managing the list at
full-disclosure-admin@...ts.netsys.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Today's Topics:
1. Re: US Governement War3z Server? (martin f krafft)
2. RE: US Governement War3z Server? (Ferris, Robin)
3. Re: [FD] (Nik Reiman)
4. Re: Command Injection Vulnerability in stat.qwest.net
- OFFTOPIC (Blue Boar)
5. RE: JAP back doored (Rainer Gerhards)
6. Re: Subject prefix changing! READ THIS! SURVEY!! (Gabe Arnold)
7. RE: Google Private IP is 10.7.0.73 !!!!!! (Bassett, Mark)
8. msblast -> mslaugh.exe (rom.k@...ssonline.ch)
9. RE: Command Injection Vulnerability in stat.qwest.net- OFFTOPIC
(MacDougall, Shane)
10. RE: Google Private IP is 10.7.0.73 !!!!!! (MacDougall, Shane)
11. Re: Subject prefix changing! READ THIS! SURVEY!! (ravyn)
12. Re: Subject prefix changing! READ THIS! SURVEY!! (Mathieu)
13. Sobig.F...what took so long (Robert Ahnemann)
14. Sobig has a surprise... (Steve Postma)
15. US Governement War3z Server? (Helmut Hauser)
16. Re: Subject prefix changing! READ THIS! SURVEY!! (Byron Copeland)
17. Sobig-F worm "second wave" (b9@...hmail.com)
18. Re: Popular Net anonymity service back-doored (nordi)
19. Re: Google Private IP is 10.7.0.73 !!!!!! (Gaurav Kumar)
20. Re: Sobig.F...what took so long (Florian Weimer)
21. RE: Administrivia: Testing Emergency Virus Filt
er.. (Paul Schmehl)
22. US Governement War3z Server? (Helmut Hauser)
23. === CFP -- Call For Papers for G-Con 2 -- CFP === (El Nahual)
24. RE: JAP back doored (Drew Copley)
--__--__--
Message: 1
Date: Fri, 22 Aug 2003 18:02:26 +0200
From: martin f krafft <madduck@...duck.net>
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: US Governement War3z Server?
--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
also sprach Kamal N Habayeb <k.habayeb@....net> [2003.08.22.1727 +0200]:
> A honeypot maybe?
Aren't those illegal in the liberal USofA?
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
=20
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
=20
"i love deadlines. i like the whooshing
sound they make as they fly by."
-- douglas adams
--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/Rj6SIgvIgzMMSnURAvkkAJ4qYVHfFXtU7dfmVI2WQjD2o72c8wCgiBCL
fT+az2CNSGtfmb2oCsZVB5g=
=RHNG
-----END PGP SIGNATURE-----
--UugvWAfsgieZRqgk--
--__--__--
Message: 2
From: "Ferris, Robin" <R.Ferris@...ier.ac.uk>
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] US Governement War3z Server?
Date: Fri, 22 Aug 2003 17:01:00 +0100
definately NOT!! honey pots normally apear like a normal secure machine NOT
one that gives the information out for free what information do thewy stand
to get from that? ow look there are some warez filz!! mi thinks not.
-----Original Message-----
From: Kamal N Habayeb [mailto:k.habayeb@....net]
Sent: 22 August 2003 16:28
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] US Governement War3z Server?
A honeypot maybe?
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Glen Freeman
Sent: Thursday, August 21, 2003 9:50 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] US Governement War3z Server?
Emailed government email again again again. Problem stays after much time
passed. So Here.
go to FTP.NPS.GOV logon as anonymous
want to escalate privileges?
download ~readme.now.txt
read file and you find a much better user name and password log back in and
you can upload whatever~~~ be nice.
_________________________________________________________________
MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 3
Date: Fri, 22 Aug 2003 11:12:22 -0500
Subject: Re: [Full-Disclosure] [FD]
Cc: full-disclosure@...ts.netsys.com
To: "barry jaffe" <flaterates@...mail.com>
From: Nik Reiman <nik@...leo.net>
Can we make it [FUD] instead? =)
-Nik
On Friday, August 22, 2003, at 10:45 AM, barry jaffe wrote:
> [FD] would be OK. 'Else I'll have to unsubscribe this address and
> pick up the list with a different email client.
--__--__--
Message: 4
Date: Fri, 22 Aug 2003 09:18:58 -0700
From: Blue Boar <BlueBoar@...evco.com>
To: Kurt Seifried <listuser@...fried.org>
CC: Dan Daggett <csiwebmaster@....edu>,
Full-Disclosure <full-disclosure@...ts.netsys.com>
Subject: Re: [Full-Disclosure] Command Injection Vulnerability in
stat.qwest.net
- OFFTOPIC
Kurt Seifried wrote:
> Why are you telling us this? How does it affect anyone, but qwest, who you
> notified, and who fixed it. Do we now send out a security advisory every
> time we notify sometime to disable a vulnerable service (sir, you have
> telnet enabled). This is getting ridiculous.
Couple of points: It may be nice to know the track record of a company
even though the problem has been fixed. Also, QWest isn't the only ISP
that uses Looking Glass...
BB
--__--__--
Message: 5
Subject: RE: [Full-Disclosure] JAP back doored
Date: Fri, 22 Aug 2003 18:28:26 +0200
From: "Rainer Gerhards" <rgerhards@...adiscon.com>
To: "Adam Shostack" <adam@...eport.org>
Cc: <full-disclosure@...ts.netsys.com>
> There is no exponential term in MIX traffic. That means that if you
> try to ensure that all traffic leaves the network quickly (so you can
> say, web browse), then your attacker only needs to analyze traffic
> over a few seconds, and that's easy.
>
> Simple attacks work really well on real time mix chains of any length
> that TCP timeouts are likely to allow.
I haven't looked at the actual protocol used by JAP, just followed the
postings here. But if they re-route traffic through the mixes *quickly*
it may be hard to trace who is an actual user, but it is definitely
possible. In the Dresden-Dresden case it is really so easy that it is
(again) laughable at what the Germany police is trying over here. They
could obtain what the want by "just" running some traffic analysis.
Sure, that would be more expensive, but it would have had the benefit of
not beeing publically discussed.
Bottom line: a real analyzer must randomly *delay* in- and outgoing
traffic. In high-volume environments a few (milli) seconds may do. If
JAP does this, then it (was) fine. If it didn't, it wasn't any secure in
the first place...
As another example (being shut down externally), that famous anonymous
remailer (pennet.fi or so) introduced random delays by design to
circumvent this issue.
My (technical;)) 2 cts...
Rainer
PS: If you would like to run a rant on German gouvernment, its technical
incompetence may be a much better target ;)
--__--__--
Message: 6
Date: Fri, 22 Aug 2003 12:34:22 -0400
From: Gabe Arnold <f0x@...irrelsoup.net>
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
I do.... ;-p mutt is the best mail client out there, and you know it!
* Glenn_Everhart@...kone.com (Glenn_Everhart@...kone.com) wrote:
> #3. Easy to filter. Nobody uses 40 character text terminals these days.
>
> -----Original Message-----
> From: Chris Cappuccio [mailto:chris@...dia.net]
> Sent: Thursday, August 21, 2003 3:21 PM
> To: John Cartwright
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS!
> SURVEY!!
>
>
> Len said there needed to be a consensus on the list before he would make
> a change, but that it would be nice to change!
>
> John Cartwright [johnc@...k.org.uk] wrote:
> > oN tHU, Aug 21, 2003 at 10:43:02AM -0700, Chris Cappuccio wrote:
> > > ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO HOW
> > > THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING.
> >
> > This has been covered several times... and we certainly *don't*
> > want this mail coming to the list. Feel free to mail myself or
> > Len on the subject. Discussions about subject line prefixes are
> > off-topic for a security list.
> >
> > > The subject header is going to change.
> >
> > Speaking as a maintainer of this list, I can assure you that this
> > is currently not the case :)
> >
> > Comments off-list, please.
> >
> > Cheers
> > - John
>
> --
> Nullum magnum ingenium sine mixtura dementiae fuit -- Seneca
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> **********************************************************************
> This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you
> **********************************************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--__--__--
Message: 7
Subject: RE: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
Date: Fri, 22 Aug 2003 11:40:29 -0500
From: "Bassett, Mark" <mbassett@...ha.com>
To: <full-disclosure@...ts.netsys.com>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C368CC.18DA2AA1
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I show 10.5.0.74 (I'm sure they have more than one server)
=20
=20
-----Original Message-----
From: Gaurav Kumar [mailto:gaurav@...labs.com]=20
Sent: Thursday, August 21, 2003 2:11 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=20
Hello friends!
=20
I have found private ip address used by google servers. here are the
details.
=20
make sure you have google toolbar installed.
=20
1. go to www.showmyip.com
2. it will show your ip address.
3. now right click and select Translate Page
4. it will now show your ip address in this format 1.2.3.4, unknown
5. Now again right click and select Translate Page
6. this time you will get google private ip address. the format is
10.7.0.73,1.2.3.4,unknown
=20
This 10.7.0.73 is google private ip address.
=20
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
Gaurav Kumar
Chief Information Security Analyst
=20
E2 Labs Information Security Pvt. Ltd.
Road no. 3 , Banjara Hills
Hyderbad-34
AP
India
=20
gaurav@...labs.com
www.e2-labs.com
=20
PGP public key at-
http://mycgiserver.com/~ethicalhackers/pgp.txt
=20
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
=20
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
=20
iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB
noQh/WR3ZZz2L2CR0ZxzbNls
=3DiryU
-----END PGP SIGNATURE-----
************************************************************
Omaha World-Herald Company computer systems are for business use only.
This e-mail was scanned by MailSweeper
************************************************************
------_=_NextPart_001_01C368CC.18DA2AA1
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@...368A2.2FE6EE80">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"country-region"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>I show 10.5.0.74<span
style=3D'mso-spacerun:yes'> </span>(I’m sure =
they have more than one
server)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Gaurav Kumar
[mailto:gaurav@...labs.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"8" Day=3D"21" Year=3D"2003"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>Thursday, August 21, =
2003</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"14" Minute=3D"11"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>2:11 PM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b>
full-disclosure@...ts.netsys.com<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> =
[Full-Disclosure] Google
Private IP is 10.7.0.73 !!!!!!</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP SIGNED =
MESSAGE-----<br>
Hash: SHA1</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Hello =
friends!</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I have found private ip =
address used
by google servers. here are the<br>
details.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>make sure you have google =
toolbar
installed.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>1. go to <a
href=3D"http://www.showmyip.com">www.showmyip.com</a><br>
2. it will show your ip address.<br>
3. now right click and select Translate Page<br>
4. it will now show your ip address in this format 1.2.3.4, unknown<br>
5. Now again right click and select Translate Page<br>
6. this time you will get google private ip address. the format is<br>
10.7.0.73,1.2.3.4,unknown</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>This 10.7.0.73 is google =
private ip
address.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br>
Gaurav Kumar<br>
Chief Information Security Analyst</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>E2 Labs Information =
Security Pvt.
Ltd.<br>
Road no. 3 , Banjara Hills<br>
Hyderbad-34<br>
AP<br>
</span></font><st1:country-region><st1:place><font size=3D2 =
face=3DArial><span
=
style=3D'font-size:10.0pt;font-family:Arial'>India</span></font></st1:pla=
ce></st1:country-region><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><a =
href=3D"mailto:gaurav@...labs.com">gaurav@...labs.com</a><br>
<a =
href=3D"http://www.e2-labs.com">www.e2-labs.com</a></span></font><o:p></o=
:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>PGP public key at-<br>
<a =
href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve=
r.com/~ethicalhackers/pgp.txt</a></span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Phone(s)-<br>
Mobile +91 40 31068650<br>
Tele/Fax +91 40 23555942 (ext-24)<br>
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP =
SIGNATURE-----<br>
Version: PGPfreeware 7.0.3 for non-commercial use <<a
href=3D"http://www.pgp.com">http://www.pgp.com</a>></span></font><o:p>=
</o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>iQA/AwUBP0UZKP7pOx+pP+hiEQK3=
mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB<br>
noQh/WR3ZZz2L2CR0ZxzbNls<br>
=3DiryU<br>
-----END PGP SIGNATURE-----</span></font><o:p></o:p></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><br>
<br>
************************************************************<br>
Omaha World-Herald Company computer systems are for business use =
only.<br>
This e-mail was scanned by MailSweeper<br>
************************************************************<o:p></o:p></=
span></font></p>
</div>
</body>
</html>
=00
------_=_NextPart_001_01C368CC.18DA2AA1--
--__--__--
Message: 8
Date: Fri, 22 Aug 2003 18:38:25 +0200
From: rom.k@...ssonline.ch
To: se_cur_ity@...mail.com
Cc: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] msblast -> mslaugh.exe
just in case no one has mailed this already.
i am on a friends computer in italy and i noticed, that he is infected with
the msblast virus, but a newer version located in
c:\windows\system32\mslaugh.exe. trendmicro was able to detect the virus
trough online-scan.
cheers
roman
PS: i normaly send from roman.kunz@...iusbaer.com
PPS: wood, if my mail doesn't find it's way to FD could you please forward
it... thx
--__--__--
Message: 9
Subject: RE: [Full-Disclosure] Command Injection Vulnerability in
stat.qwest.net- OFFTOPIC
Date: Fri, 22 Aug 2003 10:20:07 -0700
From: "MacDougall, Shane" <smacdougall@...nalytics.com>
To: "Full-Disclosure" <full-disclosure@...ts.netsys.com>
IIRC Level 3 also uses looking glass...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Shane MacDougall
Lead Security Officer
ID Analytics
San Diego, California USA
Direct: (858) 427-2860
Toll Free: 866-240-4484 x 2860
Fax: 858-427-2899
-----Original Message-----
From: Blue Boar [mailto:BlueBoar@...evco.com]
Sent: Friday, August 22, 2003 9:19 AM
To: Kurt Seifried
Cc: Dan Daggett; Full-Disclosure
Subject: Re: [Full-Disclosure] Command Injection Vulnerability in
stat.qwest.net- OFFTOPIC
Kurt Seifried wrote:
> Why are you telling us this? How does it affect anyone, but qwest, who
you
> notified, and who fixed it. Do we now send out a security advisory
every
> time we notify sometime to disable a vulnerable service (sir, you have
> telnet enabled). This is getting ridiculous.
Couple of points: It may be nice to know the track record of a company
even though the problem has been fixed. Also, QWest isn't the only ISP
that uses Looking Glass...
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 10
Subject: RE: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
Date: Fri, 22 Aug 2003 10:23:37 -0700
From: "MacDougall, Shane" <smacdougall@...nalytics.com>
To: "Bassett, Mark" <mbassett@...ha.com>, <full-disclosure@...ts.netsys.com>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C368D2.1F563EE1
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Yeah I'm a top poster - deal with it...
=20
While people are piling on Gaurav, we should consider that the issue
here is that an attacker could map out Google's internal network.
Not earth shattering but not a completely useless finding.=20
=20
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
Shane MacDougall
Lead Security Officer
ID Analytics
San Diego, California USA
Direct: (858) 427-2860
Toll Free: 866-240-4484 x 2860
Fax: 858-427-2899
=20
=20
-----Original Message-----
From: Gaurav Kumar [mailto:gaurav@...labs.com]=20
Sent: Thursday, August 21, 2003 2:11 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=20
Hello friends!
=20
I have found private ip address used by google servers. here are the
details.
=20
make sure you have google toolbar installed.
=20
1. go to www.showmyip.com
2. it will show your ip address.
3. now right click and select Translate Page
4. it will now show your ip address in this format 1.2.3.4, unknown
5. Now again right click and select Translate Page
6. this time you will get google private ip address. the format is
10.7.0.73,1.2.3.4,unknown
=20
This 10.7.0.73 is google private ip address.
=20
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
Gaurav Kumar
Chief Information Security Analyst
=20
E2 Labs Information Security Pvt. Ltd.
Road no. 3 , Banjara Hills
Hyderbad-34
AP
India
=20
gaurav@...labs.com
www.e2-labs.com
=20
PGP public key at-
http://mycgiserver.com/~ethicalhackers/pgp.txt
=20
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
=20
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
=20
iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB
noQh/WR3ZZz2L2CR0ZxzbNls
=3DiryU
-----END PGP SIGNATURE-----
************************************************************
Omaha World-Herald Company computer systems are for business use only.
This e-mail was scanned by MailSweeper
************************************************************
------_=_NextPart_001_01C368D2.1F563EE1
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@...36897.7231E9D0">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"country-region"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"State"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;
text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle17
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Yeah I’m a top poster – =
deal with
it…<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>While people are piling on <span
class=3DSpellE>Gaurav</span>, we should consider that the issue here is =
that an
attacker could map out <span class=3DSpellE>Google’s</span> =
internal
network.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Not earth shattering but not a =
completely
useless finding. <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoAutoSig><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy;mso-no-proof:yes'>=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D</span></font><font
color=3Dnavy><span =
style=3D'color:navy;mso-no-proof:yes'><o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Shane =
MacDougall<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Lead Security =
Officer<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>ID =
Analytics<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><st1:place><st1:City><font size=3D3 color=3Dnavy
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:navy;mso-no-proof:
yes'>San Diego</span></font></st1:City><font color=3Dnavy><span
style=3D'color:navy;mso-no-proof:yes'>, </span></font><st1:State><font
color=3Dnavy><span =
style=3D'color:navy;mso-no-proof:yes'>California</span></font></st1:State=
><font
color=3Dnavy><span style=3D'color:navy;mso-no-proof:yes'> =
</span></font><st1:country-region><font
color=3Dnavy><span =
style=3D'color:navy;mso-no-proof:yes'>USA</span></font></st1:country-regi=
on></st1:place><font
color=3Dnavy><span =
style=3D'color:navy;mso-no-proof:yes'><o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Direct: (858) =
427-2860<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Toll Free: =
866-240-4484 x
2860<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Fax: =
858-427-2899<o:p></o:p></span></font></p>
</div>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p>=
</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Gaurav Kumar
[mailto:gaurav@...labs.com<span class=3DGramE>] <br>
<b><span style=3D'font-weight:bold'>Sent</span></b></span><b><span
style=3D'font-weight:bold'>:</span></b> </span></font><st1:date =
Month=3D"8" Day=3D"21"
Year=3D"2003"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:
Tahoma'>Thursday, August 21, 2003</span></font></st1:date><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> =
</span></font><st1:time
Hour=3D"14" Minute=3D"11"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>2:11 PM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b>
full-disclosure@...ts.netsys.com<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> =
[Full-Disclosure] Google
Private IP is <span class=3DGramE>10.7.0.73 =
!!!!!!</span></span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP SIGNED =
MESSAGE-----<br>
Hash: SHA1</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Hello =
friends!</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I have found private ip =
address used
by google servers. here are the<br>
details.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>make sure you have google =
toolbar
installed.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>1. go to <a
href=3D"http://www.showmyip.com">www.showmyip.com</a><br>
2. it will show your ip address.<br>
3. now right click and select Translate Page<br>
4. it will now show your ip address in this format 1.2.3.4, unknown<br>
5. Now again right click and select Translate Page<br>
6. this time you will get google private ip address. the format is<br>
10.7.0.73,1.2.3.4,unknown</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>This 10.7.0.73 is google =
private ip
address.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br>
Gaurav Kumar<br>
Chief Information Security Analyst</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>E2 Labs Information =
Security Pvt.
Ltd.<br>
Road no. 3 , Banjara Hills<br>
Hyderbad-34<br>
AP<br>
</span></font><st1:country-region><st1:place><font size=3D2 =
face=3DArial><span
=
style=3D'font-size:10.0pt;font-family:Arial'>India</span></font></st1:pla=
ce></st1:country-region><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><a =
href=3D"mailto:gaurav@...labs.com">gaurav@...labs.com</a><br>
<a =
href=3D"http://www.e2-labs.com">www.e2-labs.com</a></span></font><o:p></o=
:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>PGP public key at-<br>
<a =
href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve=
r.com/~ethicalhackers/pgp.txt</a></span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Phone(s)-<br>
Mobile +91 40 31068650<br>
Tele/Fax +91 40 23555942 (ext-24)<br>
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP =
SIGNATURE-----<br>
Version: PGPfreeware 7.0.3 for non-commercial use <<a
href=3D"http://www.pgp.com">http://www.pgp.com</a>></span></font><o:p>=
</o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>iQA/AwUBP0UZKP7pOx+pP+hiEQK3=
mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB<br>
noQh/WR3ZZz2L2CR0ZxzbNls<br>
=3DiryU<br>
-----END PGP SIGNATURE-----</span></font><o:p></o:p></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><br>
<br>
************************************************************<br>
Omaha World-Herald Company computer systems are for business use =
only.<br>
This e-mail was scanned by MailSweeper<br>
************************************************************<o:p></o:p></=
span></font></p>
</div>
</body>
</html>
=00
------_=_NextPart_001_01C368D2.1F563EE1--
--__--__--
Message: 11
Date: Fri, 22 Aug 2003 10:24:52 -0700 (MST)
From: ravyn <ravyn@...ga2.com>
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
On Thu, 21 Aug 2003, Chris Cappuccio wrote:
> The subject header is going to change.
i vote for #2, second choice being #1.
--ravyn
--__--__--
Message: 12
Date: Fri, 22 Aug 2003 19:31:45 +0200
From: Mathieu <mathieu@...gle.net>
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 22, 2003 at 11:15:07AM -0400, Damian Gerow wrote:
> Thus spake Daniele Muscetta (daniele@...cetta.com) [22/08/03 10:59]:
> > >> ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE
> > >> AS TO HOW THEY WANT THIS BASIC FUNCTION OF THE LIST TO
> > >> CONTINUE OPERATING.
> >=20
> > > [FD] would be fine.
> >=20
> > If it has to be short for those who use text based MUA, at least leave
> > this short one. It should not be such a deal to pass from extra 18 chars
> > in the subject to just 5, should it?
>=20
> I used a text-based MUA. And I find that I get a few words of the subjec=
t,
> after I see '[Full-Disclosure]'.
>=20
> Personally, I /like/ subject tags, but short ones. So something like [fd]
> or [fud] would be fine with me. But I think that the bulk of this decisi=
on
^^^^^ i don't think it's a _really_ good idea to tag the subject like
that :)
> [...]
imho, i think [FD] Tag is really nice... i do procmail filtering on the
List-Id criteria ... =20
-=20
--
Mathieu <mathieu@...gle.net>
BOFH excuse #137:
User was distributing pornography on server; system seized by FBI.
--fUYQa+Pmc3FrFX/N
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/RlOABQx8URTbH9QRAoFkAJwPbSGMwbrwHvbWQ9AXRy8T2fFpaACeL5H4
6AWPQ5XH1osdD+yBb8usmR0=
=/eOq
-----END PGP SIGNATURE-----
--fUYQa+Pmc3FrFX/N--
--__--__--
Message: 13
Date: Fri, 22 Aug 2003 12:50:19 -0500
From: "Robert Ahnemann" <rahnemann@...inity-mortgage.com>
To: <full-disclosure@...ts.netsys.com>
Subject: [Full-Disclosure] Sobig.F...what took so long
This is a multi-part message in MIME format.
------_=_NextPart_001_01C368D5.DA7707E4
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
So its 4 days after the virus was found, and they just discover that its
got a list of 20 machines that it will pull from to create a massive
DDoS across the net? What took them so long to find it?
------_=_NextPart_001_01C368D5.DA7707E4
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So its 4 days after the virus was found, and they =
just
discover that its got a list of 20 machines that it will pull from to =
create a
massive DDoS across the net? What took them so long to find =
it?</span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C368D5.DA7707E4--
--__--__--
Message: 14
From: Steve Postma <spostma@...vizon.com>
To: "'full-disclosure@...ts.netsys.com'" <full-disclosure@...ts.netsys.com>
Date: Fri, 22 Aug 2003 14:27:38 -0400
Subject: [Full-Disclosure] Sobig has a surprise...
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C368DB.10CE2DE0
Content-Type: text/plain
Taken from f-secure web site
"A potentially massive Internet attack starts today
F-Secure Corporation is warning about a new level of attack to be unleashed
by the Sobig.F worm today.
Helsinki, Finland - August 22, 2003
Windows e-mail worm Sobig.F, which is currently the most widespread worm in
the world, has created massive e-mail outages globally since it was found on
Tuesday the 18th of August - four days ago. The worm spreads itself via
infected e-mail attachments in e-mails with a spoofed sender address. Total
amount of infected e-mails seen in the Internet since this attack started is
close to 100 million.
However, the Sobig.F worm has a surprise attack in its sleeve."
http://www.f-secure.com/news/items/news_2003082200.shtml
------_=_NextPart_001_01C368DB.10CE2DE0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@...368B9.AC5B7820">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"country-region"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
h1
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
mso-pagination:widow-orphan;
mso-outline-level:1;
font-size:14.0pt;
font-family:Arial;
color:#000040;
font-weight:bold;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;
text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.EmailStyle19
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.EmailStyle20
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>Taken from f-secure web =
site<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>"A potentially massive Internet
attack starts today<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><span =
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>F-Secure Corporation is warning =
about a new
level of attack to be unleashed by the <span =
class=3DSpellE>Sobig.F</span> worm
today. <o:p></o:p></span></font></p>
<p class=3DMsoNormal><st1:place><st1:City><font size=3D3 color=3Dnavy
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:navy'>Helsinki</span></font></st1:City><=
font
color=3Dnavy><span style=3D'color:navy'>, =
</span></font><st1:country-region><font
color=3Dnavy><span =
style=3D'color:navy'>Finland</span></font></st1:country-region></st1:pla=
ce><font
color=3Dnavy><span style=3D'color:navy'> - </span></font><st1:date =
Month=3D"8"
Day=3D"22" Year=3D"2003"><font color=3Dnavy><span =
style=3D'color:navy'>August 22, 2003</span></font></st1:date><font
color=3Dnavy><span style=3D'color:navy'><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>Windows e-mail worm <span =
class=3DSpellE>Sobig.F</span>,
which is currently the most widespread worm in the world, has created =
massive
e-mail outages globally since it was found on Tuesday the 18th of =
August
- four days ago. The worm spreads itself via infected e-mail =
attachments
in e-mails with a spoofed sender address. <span class=3DGramE>Total =
amount of
infected e-mails seen in the Internet since this attack started is =
close to 100
million.</span> <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>However, the <span =
class=3DSpellE>Sobig.F</span>
worm has a surprise attack in its sleeve." =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
>
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt;color:navy'>http://www.f-secure.com/news/items=
/news_2003082200.shtml<o:p></o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C368DB.10CE2DE0--
--__--__--
Message: 15
From: "Helmut Hauser" <helmut.hauser@...raplan.de>
To: <full-disclosure@...ts.netsys.com>
Reply-To: "Helmut Hauser" <helmut.hauser@...raplan.de>
Date: Fri, 22 Aug 2003 19:59:46 +0200
Subject: [Full-Disclosure] US Governement War3z Server?
I informed the National Park Service per phone
(it was hard to get through)
and i had a nice converence with the admins.
So NPS is informed and ´ll take action right now so this ftp compromise will
be stopped.
For the Sobig.F worm - the IP Adresses for the malicious code download are
decrypted:
http://www.heise.de/newsticker/data/pab-22.08.03-000/
Helmut Hauser
Systemadministration EDV
Intraplan Consult GmbH
Orleansplatz 5a
81667 München
(089) 45911-123
http://www.intraplan.de
--__--__--
Message: 16
Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
From: Byron Copeland <nodialtone@...cast.net>
To: Gabe Arnold <f0x@...irrelsoup.net>
Cc: full-disclosure@...ts.netsys.com
Date: 22 Aug 2003 13:12:55 -0400
I dunno. I am partial to Ximian Revolution myself.
On Fri, 2003-08-22 at 12:34, Gabe Arnold wrote:
> I do.... ;-p mutt is the best mail client out there, and you know it!
> * Glenn_Everhart@...kone.com (Glenn_Everhart@...kone.com) wrote:
> > #3. Easy to filter. Nobody uses 40 character text terminals these days.
> >
> > -----Original Message-----
> > From: Chris Cappuccio [mailto:chris@...dia.net]
> > Sent: Thursday, August 21, 2003 3:21 PM
> > To: John Cartwright
> > Cc: full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] Subject prefix changing! READ THIS!
> > SURVEY!!
> >
> >
> > Len said there needed to be a consensus on the list before he would make
> > a change, but that it would be nice to change!
> >
> > John Cartwright [johnc@...k.org.uk] wrote:
> > > oN tHU, Aug 21, 2003 at 10:43:02AM -0700, Chris Cappuccio wrote:
> > > > ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO
HOW
> > > > THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING.
> > >
> > > This has been covered several times... and we certainly *don't*
> > > want this mail coming to the list. Feel free to mail myself or
> > > Len on the subject. Discussions about subject line prefixes are
> > > off-topic for a security list.
> > >
> > > > The subject header is going to change.
> > >
> > > Speaking as a maintainer of this list, I can assure you that this
> > > is currently not the case :)
> > >
> > > Comments off-list, please.
> > >
> > > Cheers
> > > - John
> >
> > --
> > Nullum magnum ingenium sine mixtura dementiae fuit -- Seneca
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> > **********************************************************************
> > This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you are
not the intended recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information contained herein (including
any reliance thereon) is STRICTLY PROHIBITED. If you received this
transmission in error, please immediately contact the sender and destroy the
material in its entirety, whether in electronic or hard copy format. Thank
you
> > **********************************************************************
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 17
Date: Fri, 22 Aug 2003 10:28:13 -0700
To: full-disclosure@...ts.netsys.com
Cc:
From: <b9@...hmail.com>
Subject: [Full-Disclosure] Sobig-F worm "second wave"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sobig-F worm has twist in tail - Sophos warns of possible "Trojan horse"
download
Sophos has today warned that the mass-mailing W32/Sobig-F worm, which
has flooded computer users this week, could attempt to download a Trojan
horse between 8pm and 11pm BST today.
At 19:00-22:00 GMT (which is 8-11pm in the UK) on Fridays and Sundays,
the worm has been programmed to automatically direct infected PCs to
a server controlled by the virus writer from which a malicious program
could be downloaded. At the moment, it is not known what the download
material will do, but possibilities include launching another virus or
spam attack, collecting sensitive information, a denial of service attack,
or deleting files stored on an infected computer or network.
"The main effect of Sobig-F to date has been to slow down the internet
with the sheer quantity of emails it has generated," said Graham Cluley,
senior technology consultant at Sophos Anti-Virus. "At 8pm tonight,
most British companies will have left the office for the bank holiday
weekend, but any infected computers that are left on have the potential
to become zombies, doing whatever the virus writer wants. If the writer
of Sobig succeeds in installing a Trojan on infected PCs, users could
be in for a nasty shock when they return to work next week. The message
is simple: ensure your anti-virus is up-to-date, run your anti-virus
to check for infection, disinfect if necessary and ensure your computer's
firewall is properly configured."
"What the worm downloads will not be known until this evening - it could
display an offensive but largely harmless message or launch a malicious
attack. But the download is timed to coincide with the regular business
afternoon in the United States, so users should be concerned about
unauthorised
code running on their computers. On Monday morning businesses in the
Far East and Australia will be beginning their working day when the worm
tries a second time to download unknown code from the net," continued
Cluley.
Sophos advises that the download can be avoided by configuring firewalls
to block outgoing connection attempts to UDP port 8998. In addition,
anti-virus software should be updated, and any infected PCs disinfected.
Sophos has published information about how to disinfect computers and
prevent the Trojan download.
See also:
F-Secure: http://www.f-secure.com/news/items/news_2003082200.shtml
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj9GUlwACgkQp0G6PzWyWD/cegCgg6u46owckZanaj9K/WcmFdwVq9gA
n1nKi7UAPzpZ0ljHzj59VnCzCpSf
=/8SL
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
--__--__--
Message: 18
From: nordi <nordi@...com.de>
Reply-To: nordi@...com.de
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Date: Fri, 22 Aug 2003 09:34:27 +0200
Subject: [Full-Disclosure] Re: Popular Net anonymity service back-doored
On Thursday, 21. August 2003 14:05, Thomas C. Greene wrote:
> It's not secure, and claiming that it is taints anything else they may be
> doing on behalf of users. They're *still* saying it's impossible for
anyone
> to intercept users' traffic or identify them.
Actually, this is absolutely not what they are saying. When you visit the
website of the JAP project http://anon.inf.tu-dresden.de/ it says in big,
red
letters:
"Aus aktuellem Anlass weisen wir noch einmal ausdrücklich daraufhin, dass
sich die JAP Software in Entwicklung befindet und noch nicht maximale
Sicherheit bietet. (siehe unten ... )"
In English this means something like
"Due to recent events we explicitly inform you of the fact that the JAP
software is still being developed and does not yet provide maximum security.
(see below ...)"
As I said: big, red letters at the top of their main page. And when you
click
that "see below" link it says there "Attention! [...] This version does NOT
yet implement the security features described above and desired by us. But
it
does alread protect you against atackers that control the net only locally
at
one place such as [...] the owner of a mix."
So by the time you download that software you should have already read _two_
statements telling you that JAP is not as secure as it could be. It also
tells you that in the current configuration, the JAP people can see all your
traffic if they want to: Note that it says it will protect you against "the
owner of _A_ mix". But if you take the Dresden-Dresden cascade, the JAP
people obviously control _all_ of them. And the above statement already
implies that in this case, JAP cannot protect you.
If you still want to use JAP,
http://www.heise.de/newsticker/data/uma-20.08.03-000/ (in German) tells you
how to do it securely: simply use just a single mix that is not controlled
by
the JAP project and you'll be fine. The court order is only valid for the
JAP
people, so everybody else in Germany (and elsewhere of course) can offer a
non-backdoored mix which will make the cascade secure. This actually means
that all cascades but the Dresden-Dresden one are secure.
MfG
nordi
--
Denn der Menschheit drohen Kriege, gegen welche die vergangenen wie
armselige
Versuche sind, und sie werden kommen ohne jeden Zweifel, wenn denen, die sie
in aller Öffentlichkeit vorbereiten, nicht die Hände zerschlagen werden.
Bertolt Brecht, 1952
--__--__--
Message: 19
From: "Gaurav Kumar" <gaurav@...labs.com>
To: <full-disclosure@...ts.netsys.com>
Date: Sat, 23 Aug 2003 00:18:15 +0530
Subject: [Full-Disclosure] Re: Google Private IP is 10.7.0.73 !!!!!!
This is a multi-part message in MIME format.
------=_NextPart_000_00D1_01C3690C.0C090E70
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I never said its a great finding. i just found it interesting and
posted it.=20
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello friends!
I have found private ip address used by google servers. here are the
details.
make sure you have google toolbar installed.
1. go to www.showmyip.com
2. it will show your ip address.
3. now right click and select Translate Page
4. it will now show your ip address in this format 1.2.3.4, unknown
5. Now again right click and select Translate Page
6. this time you will get google private ip address. the format is
10.7.0.73,1.2.3.4,unknown
This 10.7.0.73 is google private ip address.
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
Gaurav Kumar
Chief Information Security Analyst
E2 Labs Information Security Pvt. Ltd.
Road no. 3 , Banjara Hills
Hyderbad-34
AP
India
gaurav@...labs.com
www.e2-labs.com
PGP public key at-
http://mycgiserver.com/~ethicalhackers/pgp.txt
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D
- -----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use
<http://www.pgp.com>
iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB
noQh/WR3ZZz2L2CR0ZxzbNls
=3DiryU
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBP0ZlbP7pOx+pP+hiEQJIDACg9l7YTL2ll1/S49CArORRThMwfjsAn3jU
Ub9XloVez86WquD1xrNb/G4T
=3D384f
-----END PGP SIGNATURE-----
------=_NextPart_000_00D1_01C3690C.0C090E70
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I never said its a great finding. i =
just found it=20
interesting and<BR>posted it. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>- -----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Hello friends!</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I have found private ip address used by =
google=20
servers. here are the<BR>details.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>make sure you have google toolbar=20
installed.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>1. go to <A=20
href=3D"http://www.showmyip.com">www.showmyip.com</A><BR>2. it will show =
your ip=20
address.<BR>3. now right click and select Translate Page<BR>4. it will =
now show=20
your ip address in this format 1.2.3.4, unknown<BR>5. Now again right =
click and=20
select Translate Page<BR>6. this time you will get google private ip =
address.=20
the format is<BR>10.7.0.73,1.2.3.4,unknown</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>This 10.7.0.73 is google private ip=20
address.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D<BR>Gaurav Kumar<BR>Chief=20
Information Security Analyst</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>E2 Labs Information Security Pvt. =
Ltd.<BR>Road no.=20
3 , Banjara Hills<BR>Hyderbad-34<BR>AP<BR>India</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"mailto:gaurav@...labs.com">gaurav@...labs.com</A><BR><A=20
href=3D"http://www.e2-labs.com">www.e2-labs.com</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>PGP public key at-<BR><A=20
href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve=
r.com/~ethicalhackers/pgp.txt</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Phone(s)-<BR>Mobile =
+91 40=20
31068650<BR>Tele/Fax +91 40 23555942=20
(ext-24)<BR>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>- -----BEGIN PGP =
SIGNATURE-----<BR>Version:=20
PGPfreeware 7.0.3 for non-commercial use<BR><<A=20
href=3D"http://www.pgp.com">http://www.pgp.com</A>></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB=
<BR>noQh/WR3ZZz2L2CR0ZxzbNls<BR>=3DiryU<BR>-=20
-----END PGP SIGNATURE-----</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP =
SIGNATURE-----<BR>Version:=20
PGPfreeware 7.0.3 for non-commercial use <<A=20
href=3D"http://www.pgp.com">http://www.pgp.com</A>></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>iQA/AwUBP0ZlbP7pOx+pP+hiEQJIDACg9l7YTL2ll1/S49CArORRThMwfjsAn3jU=
<BR>Ub9XloVez86WquD1xrNb/G4T<BR>=3D384f<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_00D1_01C3690C.0C090E70--
--__--__--
Message: 20
To: "Robert Ahnemann" <rahnemann@...inity-mortgage.com>
Cc: <full-disclosure@...ts.netsys.com>
Subject: Re: [Full-Disclosure] Sobig.F...what took so long
From: Florian Weimer <fw@...eb.enyo.de>
Date: Fri, 22 Aug 2003 20:48:44 +0200
"Robert Ahnemann" <rahnemann@...inity-mortgage.com> writes:
> So its 4 days after the virus was found, and they just discover that its
> got a list of 20 machines that it will pull from to create a massive
> DDoS across the net? What took them so long to find it?
The AV vendors deliberately held back this information.
--__--__--
Message: 21
From: Paul Schmehl <pauls@...allas.edu>
Reply-To: Paul Schmehl <pauls@...allas.edu>
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filt
er..
Date: Wed, 20 Aug 2003 20:41:25 -0500
--On Thursday, August 21, 2003 11:56:15 +1200 Nick FitzGerald
<nick@...us-l.demon.co.uk> wrote:
>
> 2. I suspect that Mr Turing and a his halting problem will intervene
> in any attempt to devise a foolproof "this message contains an
> attachment" mechanism. The obvious choice to break any such system is
> steganographic encoding of a binary stream into a text message. It may
> be grossly inefficient, but do you think that really matters?
>
Dammit, Nick, you just *had* to interrupt my reverie, didn't you? :-)
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
--__--__--
Message: 22
From: "Helmut Hauser" <helmut_hauser@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Date: Fri, 22 Aug 2003 20:35:25 +0200
Organization: Intraplan Consult GmbH
Subject: [Full-Disclosure] US Governement War3z Server?
I informed the National Park Service per phone
(it was hard to get through)
and i had a nice converence with the admins.
So NPS is informed and they ´ll take action right now so this ftp compromise
will
be stopped.
New Infos about Sobig.F worm - the IP Adresses for the malicious trojan (or
whatever) code download are
decrypted (block these ip´s):
http://www.heise.de/newsticker/data/pab-22.08.03-000/
PS Try to send Messages in ASCII only, i hate to read HTML tags ;)
Helmut Hauser
Systemadministrator
--__--__--
Message: 23
From: "El Nahual" <nahual@...on.org>
To: <full-disclosure@...ts.netsys.com>
Date: Fri, 22 Aug 2003 13:43:09 -0500
Subject: [Full-Disclosure] === CFP -- Call For Papers for G-Con 2 -- CFP ===
=== CFP -- Call For Papers for G-Con 2 -- CFP ===
[ + ] General Information:
Kelsi Siler / G-Con Security is proud to invite you participate in G-Con 2:
Nothing is safe.
This con will have workshops and conferences. The main focus is security in
general, and the techniques used to break current security technology.
Papers for talk proposals should be written with technical content in mind
and must have examples of the techniques shown.
[ + ] Timeline:
- Online proposals are the only ones that can be submited.
- Proposals are due October 1st.
- Confirmation of accepted proposals will be on October 5th.
[ + ] Presentations:
- All presentations are 60 minutes long
- Workshops can be up to 3 hours long
In the case that you believe more time would be valuable, please specify
that in your proposal along with how many computers, projectors and
microphones you will need for the presentation.
Slides and presentation with notes should be included in the proposal (They
can change up to October 10th).
[ + ] Topics to submit:
- Exploit generation
- Artificial Inteligence
- IDS Bypassing techniques
- Telephone security
- Advanced Hacking techniques on any Operating System
- Virii
- Encryption and Steganography
Any other speech can be added but please let us know the topic you would
categorize it.
[ + ] Help to the speakers (AkA What you get out of this)
- For speakers we can pay the hotel for up to a week and round trip plane
ticket. We will also have someone available to help you travel around the
city or into another nearby areas (the local pyramids, etc.).
[ + ] Requirements
- We ask the submitters to check the passport and VISA requirements to enter
Mexico. We can help by sending you a letter of invitation in case you need
it for a VISA but we would prefer that the speaker already has a VISA to
enter Mexico on their own.
[ + ] Where to submit
- Submit to info@...on.org or cfp@...on.org.
--__--__--
Message: 24
From: "Drew Copley" <dcopley@...e.com>
To: <full-disclosure@...ts.netsys.com>
Subject: RE: [Full-Disclosure] JAP back doored
Date: Fri, 22 Aug 2003 11:47:05 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The US really has absolutely nothing to do with this... Anymore than Sudan
does, or Indonesia.
If the US forces developers to trojanize their applications, and then be
silent about it... Then, yes, let's condemn that. But, they don't.
> -----Original Message-----
> From: gml [mailto:gml@...ick.net]
> Sent: Thursday, August 21, 2003 6:27 PM
> To: 'Drew Copley'; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] JAP back doored
>
>
> Except the US, we have jurisdiction over the world apparently.
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Drew Copley
> Sent: Thursday, August 21, 2003 3:50 PM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] JAP back doored
>
>
>
> > -----Original Message-----
> > From: Florian Weimer [mailto:fw@...eb.enyo.de]
> > Sent: Thursday, August 21, 2003 12:23 PM
> > To: Drew Copley
> > Cc: full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] JAP back doored
> >
> >
> > "Drew Copley" <dcopley@...e.com> writes:
> >
> > > Why is the state of Germany trojanizing applications which
> > may be run
> > > by anyone on the planet?
> >
> > Why is the U.S. government interfering with the publication
> > of security advisories if the corresponding software is being
> > run throughout the world?
>
> I haven't had any problem issuing security advisories. What
> is this in reference to?
>
> Pointing the finger elsewhere does not excuse the fact that
> the German State has trojanized a popular application which
> was open to the world to download. And, indeed, the world did
> download.
>
> Here are some things I do not care if Germany does:
>
> - I don't care if they listen to their own wires
> - I don't care if they hack into their own criminals systems
> - I do not care if they use zero day to do this
> - I do not even care if they hack into criminals systems in
> other countries if they have some jurisdiction in this and
> are working with other authorities. For instance, if they
> were hacking into terrorist networks which spanned across the
> world and were sharing this information, I would not care.
>
> A German cop has no jurisdiction over me. He has no
> jurisdiction over anyone outside of Germany.
>
> This is the same for every country.
>
>
>
>
> >
> > The German government funds the AN.ON project, but allowed
> > for a great deal of independence. Naturally, this
> > independence does not extend to the law, thanks to separation
> > of powers. Now a judge has forced the operators to implement
> > a surveillance interface, which is possible because of a
> > design weakness. But that's just the beginning of the legal
> > process. The project has announced that it plans to fight,
> > but within the legal system.
>
> This does not absolve them, nothing you can say absolves
> them. I realize you have some patriotism here and are
> speaking from this... But, I also know you do not want the US
> government to backdoor US applications from US companies
> without telling you.
>
> I know this to be true.
>
>
>
> >
> > > How is it they believe they have a right to trojanize
> > someone outside
> > > of Germany?
> >
> > Nobody forces you to use the German service if you don't
> > trust the operators or (thanks to recent events) German law
> > enforcement.
>
> That is an empty argument not worth going into.
>
> >
> > > This is blatantly illegal in just about every country outside of
> > > Germany. Literally.
> >
> > No, it isn't. Most countries with communication
> > infrastructure have laws that regulate law enforcement
> > access. This is not a "stupid local law" issue.
> >
>
> This also is an empty argument.
>
> Basically, you are saying if it is discovered the NSA has a
> backdoor in
> Windows, that this is okay and no one has a right to complain, even if
> they are outside of the US.
>
> I doubt this would be your case in this situation.
>
> I am sure many could say, "Well, this situation is different".
>
> No, it is not. Let's be honest here.
>
> > Your country is eavesdropping foreign communication as well.
>
> My country has not installed a trojan on my system, to my own
> knowledge,
> all rumors and speculation aside.
>
> They have not hacked into my system.
>
> As to what wires they listen to, if they listen to their own, that is
> their business. We have encyption software. If they listen to other
> people's wires, that is outside of their domain, then yes, this should
> be illegal. But, is it proven? Does it remove the fact that
> there are a
> host of privacy and anonymity tools which we can use?
>
> But, Germany has decided that people don't have a right to use these
> tools. They have not tried to do even the honorable thing and break
> these things - which is illegal - but they have secretly
> trojanized the
> code.
>
> You want me to applaud this?
>
> Maybe your nation has just given my own nation some new ideas.
>
> Did you help stop this trend?
>
> >
> > > Or, do they believe they are superior to other countries,
> > and they may
> > > invade at will?
> >
> > Please check the facts. Germany doesn't an operate
> > eavesdropping base in the U.S., but the U.S. do in Germany.
>
> I won't even go into that. I do not know what they do there, but their
> rights have been worked out with the German government. If you have an
> issue with that, you need to take that up with their government.
>
> If my government allowed German police to trojanize an
> application I ran
> and my government covered this up... I would be furious at my
> government
> first, and at Germany second.
>
> But, none of this is dealing with the matter at hand. These arguments
> are all a distraction.
>
> I have not intended to offend your patriotic sensibilities.
> My apologies
> in this regard.
>
> My statements stand for whatever country might do such a thing, my own
> included.
>
> ...
>
> With some reflection, I realize this was done out of
> incompetence rather
> than out of understanding. I know this. I know it was ignorance, not
> maliciousness, which inspired this.
>
> That, is, I guess it is.
>
> It is true, someone that does wrong knowingly is much more guilty then
> someone that does wrong in ignorance. But, it is also true
> that they are
> both still guilty.
>
> I hope that you may bring yourself to condemn this action of your
> government. I hope that you may see it is not something to excuse. For
> by excusing this, surely, you excuse the same from countries
> you do not
> hold allegiance to.
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP0ZlKQkWkugjEnC3EQLjCQCfRA97DWS5+aX4aMmKnMZqLzHaifUAoKgW
trf4iCdRUFogdsMRwXm0r9oN
=2gHj
-----END PGP SIGNATURE-----
--__--__--
_______________________________________________
Full-Disclosure mailing list
Full-Disclosure@...ts.netsys.com
http://lists.netsys.com/mailman/listinfo/full-disclosure
End of Full-Disclosure Digest
Powered by blists - more mailing lists