lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 19 Nov 2007 18:43:37 +1100
From: "XSS Worm XSS Security Information Portal"
	<cross-site-scripting-security@...worm.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: How to become a Computer Security
	Professional ?

#!/bin/sh

# 0day exploit for Paul Schmehl
# based on information provided by Paul Schmehl
# pauls@...allas.edu
#

echo pauls > /hack/edu/utdallas.edu/known.addresses

googledump.pl --email-addresses --context-links  --referers --extended-links
-keywords "Paul","Schmehl","utdallas.edu", "pauls@", "pauls@...allas","
paul.schmehl@" --verbose

socialgrab.pl --known-address "pauls@...allas.edu" --real-name "Paul
Schmehl" --tags=security,hacking,utdallas,vulnerability
--search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress
--verbose --dump-links

infopull.pl --pgp-search --whois --domaintools --usenet --trackers --irclog
--mirrors --listserv --known-addresses="pauls@...allas.edu"

echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu

# http://xssworm.com





On 11/19/07, Paul Schmehl <pauls@...allas.edu> wrote:
>
> --On November 19, 2007 3:34:23 AM +0000 worried security
> <worriedsecurity@...glemail.com> wrote:
> >
> > The forth most important rule to becoming a security professional,
> > always use a throw-away e-mail account so it doesn't matter of script
> > kids hi-jack your e-mail account with the next cross-site scripting
> > vulnerablity that gets posted to the public mailing lists.
> >
> You forgot the most important rule of all.  Pay no heed to bozos who post
> anonymously and don't even have a job in security.  Their advice is
> usually worth just as much as their reputation.
>
> Paul Schmehl (pauls@...allas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher
mailto:vaj@...pam.xssworm.com
aim: XSS Cross Site
------
XSS Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog (tm) 2007
http://www.XSSworm.com/
------
"Vaj, bella vaj."

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ