lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <47428370.6050500@gmail.com>
Date: Tue, 20 Nov 2007 07:49:20 +0100
From: rchrafe <rchrafe@...il.com>
To: XSS Worm XSS Security Information Portal
	<cross-site-scripting-security@...worm.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: How to become a Computer
 Security	Professional ?

XSS Worm XSS Security Information Portal wrote:
> #!/bin/sh
>
> # 0day exploit for Paul Schmehl
> # based on information provided by Paul Schmehl
> # pauls@...allas.edu <mailto:pauls@...allas.edu>
> #
>
> echo pauls > /hack/edu/utdallas.edu/known.addresses
>
> googledump.pl --email-addresses --context-links 
>  --referers --extended-links -keywords "Paul","Schmehl","utdallas.edu 
> <http://utdallas.edu>", "pauls@", "pauls@...allas 
> ","paul.schmehl@" --verbose 
>
> socialgrab.pl --known-address "pauls@...allas.edu 
> <mailto:pauls@...allas.edu>" --real-name "Paul Schmehl" 
> --tags=security,hacking,utdallas,vulnerability 
> --search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress 
> --verbose --dump-links
>
> infopull.pl --pgp-search --whois --domaintools --usenet --trackers 
> --irclog --mirrors --listserv --known-addresses="pauls@...allas.edu 
> <mailto:pauls@...allas.edu>"
>
> echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu
>
> # http://xssworm.com
HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA 

>
>
>
>
>
> On 11/19/07, *Paul Schmehl* <pauls@...allas.edu 
> <mailto:pauls@...allas.edu>> wrote:
>
>     --On November 19, 2007 3:34:23 AM +0000 worried security
>     <worriedsecurity@...glemail.com
>     <mailto:worriedsecurity@...glemail.com>> wrote:
>     >
>     > The forth most important rule to becoming a security professional,
>     > always use a throw-away e-mail account so it doesn't matter of
>     script
>     > kids hi-jack your e-mail account with the next cross-site scripting
>     > vulnerablity that gets posted to the public mailing lists.
>     >
>     You forgot the most important rule of all.  Pay no heed to bozos
>     who post
>     anonymously and don't even have a job in security.  Their advice is
>     usually worth just as much as their reputation.
>
>     Paul Schmehl ( pauls@...allas.edu <mailto:pauls@...allas.edu>)
>     Senior Information Security Analyst
>     The University of Texas at Dallas
>     http://www.utdallas.edu/ir/security/
>     <http://www.utdallas.edu/ir/security/>
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     <http://lists.grok.org.uk/full-disclosure-charter.html>
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> -- 
> Francesco Vaj [CISSP - GIAC]
> CSS Security Researcher
> mailto: vaj@...pam.xssworm.com <mailto:vaj@...pam.xssworm.com>
> aim: XSS Cross Site
> ------
> XSS Cross Site Scripting Attacks
> Web 2.0 Application Security Information Blog (tm) 2007
> http://www.XSSworm.com/
> ------
> "Vaj, bella vaj.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ