lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070221172528.244721024F@ws1-3.us4.outblaze.com>
Date: Wed, 21 Feb 2007 12:25:28 -0500
From: "Mofo Haxsor" <m0f0p1mp1nghax0r3r@...hnologist.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Full Disclosure Advisory on Full-Disclosure
	hax0r3rz

Weakness in Full Disclosure mailing list allows morons to flourish
Vulnerable: The entire mailing list
Severity: Critic-Ill
Classification: Loser Validation
BugTraq-ID: TBA
CVE-Number: TBA
Remote Exploit: YUP
Local Exploit: YUP
Vendor URL: http://lists.grok.org.uk
Author: Mai Long Wang
Scheduled Release date: Feb 21st, 2007
Notifications: Right now retard

Problem: By keeping an unmoderated mailing list, Full Disclosure has
introduced the security community to insane amount of idiots who think
that downloading any and all PHP based software then running:

for i in `find . -name "*.php"`
do
grep phpinfo $i & echo "eye can hax0r1ze y0ur bl0g"
done

This issue has become increasingly disturbing as idiots from all over the
world have not been able to differentiate themselves between mules (aka
asses) from real hackers.

Full disclosure has also introduced other types of clowns who spam up
legitimate users' email boxes with moronic responses fired off in
desperation in attempts to boost the clown's ego.

Vendor Response: None. Vendor is also clueless

Solution: Introduce a security mailing list for professionals that is
moderated, its users have been validated, and the typical response will
not be:

"Sh4r j00 fackinG luzer. I pwned your php webserver with my lam3 ass
0day"
"Did j0o s33 how I hax0rfied their server Mustafa! Praises be due to
allah!"
"Joo facking Jews. I said so therefore it is!"
"mYe SiGnAtUrE iS r33t"
"wAiT tILL eYe sh0w mYe Netzero and AOL gaytarded buddies I can hax0r!"


Workaround: Filter luzers' email addresses

Credit:
Old schoolers who know damn well where this advisory is coming from.

Greets:
Greets go out to the dinosaurs no longer on the scene. Those on the
scene...
You know where to find me.

Copyright:
Copytheft (c) 2007 x to the p zero

This report should be copied and redistributed to the idiots on this list
whenever possible in attempts to get them to finally shut their damn
mouths in efforts to minimize the nonsense filling my email ebox.
Additional thoughts on minimizing the amount of idiocy would be taking a
stick and using some of these idiots as a party Pinata. This report is
intended to make users think before they shoot off dumb ass messages no
one gives a flying fuck about. Moderators are asked to do something
productive which is called moderate. Idiots are also asked to be
productive and swallow a gallon of Liquid Drano before bedtime. Parents
are also asked to monitor their little rejects and give the some
attention so they can stop playing hax0rs and giving security
professionals a bad rap when the word "hacker" comes into a business
conversation. It's been too long that the mention of the word hacker sets
of unwarranted paranoia.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ