lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20090622193659.63DC110612@ws1-3.us4.outblaze.com>
Date: Mon, 22 Jun 2009 14:36:59 -0500
From: "Gaydriel Desautels" <nutregard@....scientist.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [NUTREGARD SECURITY ADVISORY] [ WINDOWS GETS PWND
 + HACKERS ARE MAD ][NUTREGARD-20090622]


************************** GloSOFT **************************
SoopaDoopa HaxR Team - Professional Vulnerability Assessments

                            GLOsoft Research Team
              ------------------------------------------------
              Gay Lesbian Ogres Secretly Oogling Fagot Trannies

[POSTING NOTICE]
--------------------------------------------------------------------------
If you intend on pimping this advisory on your Geocities web page please
create a clickable link back to our uberhawtness security page and include
annoying use of the <blink> tag

For more information about Hacking finger condor well.com

[CAPS LOCK INFORMATIONAL]
--------------------------------------------------------------------------
BY TYPING IN CAPS WE CERTIFY THIS ADVISORY TO BE RELEVANT AND VALIDATED
WITH GLAAD - NAMBLA AND MY ALTER EGO SIMON SMITH I UNLEASH WHEN OTHER
REAL HACKERS HURT MY FEELINGS.

[Advisory Information]
--------------------------------------------------------------------------
Contact : Gaydriel Desautels
Advisory ID : GLOSOFT-20090622
Product Name : Windows
Product Version : All versions
Vendor Name : Microsoft
Type of Vulnerability : Multiple
Impact : Extremely Critical, like wtf critical
Vendor Notified : 200900622

[Product Description]
--------------------------------------------------------------------------
Microsoft Windows is the mostest used operating system in this universe.
Whilst some may take humour in this statement the odds of you not using
Windows are almost the equivalent of Kevin Finnestere complaining that
you haven't acknowledged his blackness.


[Technical Summary]
--------------------------------------------------------------------------
Windows (all versions) are vulnerable to the following attacks:

Administrator logins

While performing our advanced superwowzer hackerfying analysis it was
noticed that if we booted using NT Recovery disks, we were able to reset
the administrator passwords giving us soopayewser access. LOMFG!


[Impact]
--------------------------------------------------------------------------
[Impact varies from installation to installation]

- r00t

[Proof Of Concept]
--------------------------------------------------------------------------
We do not offer proofs of concept. We solely do this using aliases after
we have tried to blackmail companies into paying us to not disclose their
vulnerabilities.

http://www.copyright.gov/1201/2003/comments/019.pdf

Based on information provided by Gil Novak to HP concerning aliases
utilized by SnoSoft, we understand that this action was taken by an
agent of SnoSoft despite SnoSoft's representations that it intended to
comply with the industry standard practice of reporting its findings to
CERT and despite the ongoing discussions between Gil Novak and Rich Boren
on this issue.



[Vendor Status and Chronology]
--------------------------------------------------------------------------

Current Vendor Status: Sleeping at the helm.

Chronology:
06/22/2009 07:11:57 AM EST - Vulnerabilities Discovered
06/22/2009 07:11:59 AM EST - Vendor Notified
06/22/2009 07:12:18 AM EST - Requested vendor feedback via email
06/22/2009 07:13:23 AM EST - No response from vendor
06/22/2009 07:13:28 AM EST - Began advisory release process

 
[Solution]
--------------------------------------------------------------------------
When my alter ego Simone DéFaveur possesse me, I shall disclose a solution
until then I will stay with a dildo in my arse pretending to have a kloo

[Disclaimer]
--------------------------------------------------------------------------
GloSOFT assumes no liability for the use of the information provider in
this disclosure. This advisory was released in an effort to prove our
worthiness to the I.T. community. Although we may at times attempt to
extort or blackmail companies in order to comply with our view of how
security should be, we make no intelligent assumptions or decisions in
releasing our security advisories.

[Advertisement]
--------------------------------------------------------------------------
GloSOFT is focused on the core commitment to provide the whole wide world
with security designs and solutions that fit. Our team consists of expert
level engineers with an array of experience ranging from eggdrop shells,
running nmap, re-hashing advisories and securitizing maximized potential
designs with actionable digital intelligence catering to the professional
hackers. Should you wish to place us at the top of "security review" by
using an alias please do so. Although we might not be as elite as other
companies like Netragard, bear in mind, even ImmunitySec isn't as elite
or as talented as Netragard.

http://secreview.blogspot.com/

[Greets]
--------------------------------------------------------------------------
Simon Smith - Adriel's gay alter-ego! (Is it considered homosexual to fuck
yourself?)
Kevin Finisterre - w0rd t0 th4 h to tha izzo!
GAydriel T. Desautels - I know you didn't blackmail HP! 
Marilynn Desautels - Hi!
Brigitte L Desautels - Hi!
5 Oak Ridge Dr, Unit 2 - Hi!
Shame on a nuh -- who tryde to run gayme on a nuh^^##

-- 
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ