| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro) Subject: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Hi Jody ( and all ), I'm completely sane ;-) Please look at the mail-log in th advisory page , you can see that NASA staff was conected a week ago and they have the systems patched , i sent an email to NASA staff telling that i will publish the report so they know ehat i was doing everytime. My behavior and treatment with NASA staff was fine and their treatment and comm. were fine too. So , don't panic. I'm responding in public because you said things that are wrong. REMEMBER: NASA staff patched the websites and they were contected a week ago and they had 2 dyas of private access to the advisory, it was a really good job between me and NASA staff. Don't worry , and think that when i was little i loved NASA and now i'm really interested in NASA campaigns, so , it's stupid to think that i can do damage aganist them, they are working fine at the momment. Again , read carefully the mail-action-advisory log at: http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt you will be better and fine reading it. NOTE: this is for everybody that thinks that i didn't contacted NASA staff , it is not true ! check the log please and....no important information is disclosed in the advisory , like mail addresses and others. the disclaimer is simple: i will not provide exploiting information nor important info that can be used against NASA websites the information of the advisory is only for educational purpouses and NASA staff knows the existence of the advisory and its contents ( they know the advisory before anybody except me , they know it since 15 of october , 003 ) Thanks to everybody of this Fantastic-Disclosure list ;-) Thanks to John ( NASA Staff ) , the Root of nasa.gov and others of their fantastic communication with me, Best regards, ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ ----- Original Message ----- From: "MELBOURNE,Jody" <Jody.MELBOURNE@...r.gov.au> To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com> Sent: Friday, October 24, 2003 8:25 AM Subject: RE: [Full-Disclosure] NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) > Are you insane? > > Why are you hacking into NASA webservers and making your findings > public? > > Do you think the NASA admins will thank you? I am sure they are thinking > of ways to prosecute you right now. > > Are you just trying to get some publicity for your company (I think so, > considering all of your recents XSS posts to full disclosure). > > Please respond in private. I'm impressed by your work but I worry that > you have not considered the actions that NASA might take. The US > government is very unfriendly towards hackers at the moment. > > Cheers > .jm > > > -----Original Message----- > From: Lorenzo Hernandez Garcia-Hierro > [mailto:lorenzohgh@...g-security.com] > Sent: Friday, October 24, 2003 6:53 AM > To: Full-Disclosure > Cc: BUGTRAQ > Subject: [Full-Disclosure] NASA WebSites Multiple Vulnerabilities > ADVISORY opened to public access ( NASA websites Patched ) > > > Hello friends, > I'm happy and sad in the same time. > The NASA websites are patched but they didn't contacted me after i sent > the access instructions to advisories, so, i have now the advisory open > and a complete action-mail/advisory log for probe and provide the > communication between NASA staff and me. __ ACCESS INFORMATION __ > Advisory access: > > http://advisories.nsrg-security.com/Nasa.gov-MV/ > > Mail & Action & Advisory Log : > > http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt > > ScreenShots: > > http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/ > > __ <<<EOF __ > > That's all , about one week of work and a very short and strange > communication between NASA staff and me. > NOTE: not all the things are patched but i think that the most important > , it's very possible that the NASA staff will ignore some security > holes.... Best regards to all people of Full-Disclosure , Nasa staff ( > John ! ) ;-) , every body... > ------------------------------- > 0x00->Lorenzo Hernandez Garcia-Hierro > 0x01->/* not csh but sh */ > 0x02->$ PATH=pretending!/usr/ucb/which sense > 0x03-> no sense in pretending! > __________________________________ > PGP: Keyfingerprint > 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B > ID: 0x91805F5B > ********************************** > No Secure Root Group Security Research Team http://www.nsrg-security.com > ______________________ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > Notice: > The information contained in this e-mail message and any attached files may > be confidential information, and may also be the subject of legal > professional privilege. If you are not the intended recipient any use, > disclosure or copying of this e-mail is unauthorised. If you have received > this e-mail in error, please notify the sender immediately by reply e-mail > and delete all copies of this transmission together with any attachments. > > > >
Powered by blists - more mailing lists