lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <002101c39c93$880c0300$050010ac@Estila> From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro) Subject: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Mortis, is true , the owrd stupid comes but comes from you you are wrong at all , do you read the link text to nessus ? Miscelaneous Info about nasa.gov and the whole report made by me ( not nessus ) ? i think not i think its too dificult for youabother thing you said, yo said cell , stay in cell, ok , you definately don't know nothing about laws of Spain i didn't make illegal things but if i did them , a 14 boy in prison ?? hahahahaha you are reaaallly strange... i'm not living in your world i think , i'm not living in wonder world i think too xD and how many perssonalities you hyave ? you said Mortis about one hundred times.... Mortis , Mortis , Mortis , Mortis , Mortis , Mortis. Mortis ! hahahaha please don't make this type of insulting spam , this type of messages is better to be mailed private if you want something... but you want only appear trying to anoid me so you are a little bit stupid you are not the fantastic people of full-disclosure , you are another boy that wants to fuck others time and waste it if you want to try to disturb me , send private mails and don't use the super-leim mail bomber of the day xD and of course , try to say real , tru and correct things ! best regards ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->\x74\x72\x75\x6c\x75\x78 0x02->The truth is out there, 0x03-> outside your mind . __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** \x6e\x73\x72\x67 \x73\x65\x63\x75\x72\x69\x74\x79 \x72\x65\x73\x65\x61\x72\x63\x68 http://www.nsrg-security.com ______________________, ----- Original Message ----- From: "Mortis" <m0rtis@...lphia.net> To: "Full-Disclosure" <full-disclosure@...ts.netsys.com> Sent: Monday, October 27, 2003 8:20 AM Subject: RE: [Full-Disclosure] NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) > > I'm happy and sad in the same time. > > The NASA websites are patched but they didn't > > contacted me after i sent the > > access instructions to advisories, so, > > Poor Lorenzo. You're sad about how NASA treated you? > You'll be more depressed when you're sitting in a cell next > to Lame-o. I should start a colander pool for long it will > take you to get into trouble with your new hacking hobby. > > Did anyone ever tell you it is rude to run a nessus scan > against someone else's machine and publish it to the whole > wide world? It is. Trust Mortis. The word stupid comes to > mind, although I'm sure immature is more proper this time. > Would you like it if I started probing you like that? I > think not. > > I don't see a national emergency in the faults you > published, either. Maybe I'm just being a mormon^h^h^hon > again. It happens. Did you think up something valuable you > could do with these vulnerabilities? Please tell us. Scare > us good - here's your chance. > > No one seemed to point out that you're playing with an > informational site hosted by Speedera networks. That's > about how Mortis sees it. Almost nothing at all to do with > NASA except the bill at the end of the month. > > You could rmfr the site and they would restore it from a > backup. No one would care too much if it was down. You > could mess with my home page settings and the first/last > name that I entered. Ouch. > > You could break into the weak ssh daemon and 0wn Speedera. > That's a whole different story. You didn't point that out, > but it was more interesting than the rest of the discussion. > Thanks for the tip. > > I guess with the xss and db issues you could cause a > national media frenzy by announcing a shuttle crash or > something. Mortis sees this as being entertaining. Not > scary. The media needs a wake-up call once in a while. > Right, Dick? > > I wish you injected a fake article on the site telling us > about your trip to Saturn. Complete with nudie pictures of > the aliens. And DING-DING. That would have been elite. > Well, maybe not elite, but at least funny. > > Were you trying to impress me because you found fault with > NASA? I would be a lot more impressed if you published a > sploit for the recent openssh bugs or a new IIS remote > control hook. Not only is it more respectable work, but you > can do it in the lab without getting yourself in trouble. > > ObFD: > > NASA facts from a vendor perspective: > * Some of the people are really bright. Some of them are > not. Just like where you work. > * Any intelligent dumpster diver could figure his way past > the main gate. I wouldn't recommend it - but you could. > * Vendors could get more access than is appropriate (left > alone, root on boxen). > * Was able to bypass security procedures to get the job done > (ip/network restrictions...) > * I'm surprised they updated the site without a month of > code review. > -- > As a mad man who casteth firebrands, arrows, and death, > Mortis > > P.S. Since you gave us hints for your game, here's a hint > for you. People would never use the same password in more > than one place, would they? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > >
Powered by blists - more mailing lists