| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jun 2010 08:35:48 +0200
From: "Cor Rosielle" <cor@...post24.com>
To: "'Srinivas Naik'" <naik.srinu@...il.com>,
<full-disclosure@...ts.grok.org.uk>
Subject: Re: Full-disclosure] Why the IPS product designers
I would say: an host IPS could be considered, even if there is a network
IPS. If it is a wise decision to spent your money or use your hardware for
this, depends from case to case. And I might even add: if someone tells you
different, he must be selling something.
Regards,
Cor
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-
> disclosure-bounces@...ts.grok.org.uk] On Behalf Of Srinivas Naik
> Sent: dinsdag 1 juni 2010 21:14
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] Full-disclosure] Why the IPS product
> designers
>
> Mr. Nelson has brought a good point, Host IPS should also be running
> even if
> there is Nework IPS.
>
> There are Client end Attacks which has got many Evasion techniques and
> almost the recent research presents us the proof of such Attacks.
> Apart these there exist other exploits/malware which cannot be detected
> over
> the network.
>
> Regards,
> Srinivas Naik (Certified Hacker and Forensic Investigator)
> IPS Evaluator
> http://groups.google.com/group/nforceit
>
> On Tue, Jun 1, 2010 at 9:16 PM,
> <full-disclosure-request@...ts.grok.org.uk>wrote:
>
> > Send Full-Disclosure mailing list submissions to
> > full-disclosure@...ts.grok.org.uk
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> > or, via email, send a message with subject or body 'help' to
> > full-disclosure-request@...ts.grok.org.uk
> >
> > You can reach the person managing the list at
> > full-disclosure-owner@...ts.grok.org.uk
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Full-Disclosure digest..."
> >
> >
> > Note to digest recipients - when replying to digest posts, please
> trim your
> > post appropriately. Thank you.
> >
> >
> > Today's Topics:
> >
> > 1. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (Nelson
> Brito)
> > 2. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection
> > (Valdis.Kletnieks@...edu)
> > 3. DoS vulnerability in Internet Explorer (MustLive)
> > 4. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (rajendra
> prasad)
> > 5. Re: Why the IPS product designers concentrate on server
> side
> > protection? why they are missing client protection (Cor
> Rosielle)
> > 6. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (Nelson
> Brito)
> > 7. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (Nelson
> Brito)
> > 8. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
> > 9. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
> > 10. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (Cor
> Rosielle)
> > 11. Re: DoS vulnerability in Internet Explorer (PsychoBilly)
> > 12. Re: Why the IPS product designers concentrate on server side
> > protection? why they are missing client protection (Nelson
> Brito)
> > 13. Onapsis Research Labs: Onapsis Bizploit - The opensource ERP
> > Penetration Testing framework (Onapsis Research Labs)
> > 14. Re: The_UT is repenting (T Biehn)
> >
> >
> > ---------------------------------------------------------------------
> -
> >
> > Message: 1
> > Date: Tue, 1 Jun 2010 08:50:05 -0300
> > From: Nelson Brito <nbrito@...ure.org>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: rajendra prasad <rajendra.palnaty@...il.com>
> > Cc: "full-disclosure@...ts.grok.org.uk"
> > <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <E01DF83F-4EB0-4212-8866-76DDB5C3B55B@...ure.org>
> > Content-Type: text/plain; charset=utf-8; format=flowed;
> delsp=yes
> >
> > You're missing one point: Host IPS MUST be deployed with any Network
> > Security (Firewalls os NIPSs).
> >
> > No security solution/technology is the miracle protection alone, so
> > that's the reason everybody is talking about defense in depth.
> >
> > Cheers.
> >
> > Nelson Brito
> > Security Researcher
> > http://fnstenv.blogspot.com/
> >
> > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> >
> > Sent on an ? iPhone wireless device. Please, forgive any potential
> > misspellings!
> >
> > On Jun 1, 2010, at 4:38 AM, rajendra prasad
> > <rajendra.palnaty@...il.com> wrote:
> >
> > > Hi List,
> > >
> > > I am putting my thoughts on this, please share your thoughts,
> > > comments.
> > >
> > > Request length is less than the response length.So, processing
> small
> > > amount of data is better than of processing bulk data. Response may
> > > have encrypted data. Buffering all the client-server transactions
> > > and validating signatures on them is difficult. Even though
> > > buffered, client data may not be in the plain text. Embedding all
> > > the client encryption/decryption process on the fly is not
> possible,
> > > even though ips gathered key values of clients.Most of the client
> > > protection is done by anti-virus. So, concentrating client attacks
> > > at IPS level is not so needed.
> > >
> > >
> > > Thanks
> > > Rajendra
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Tue, 01 Jun 2010 08:34:22 -0400
> > From: Valdis.Kletnieks@...edu
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: rajendra prasad <rajendra.palnaty@...il.com>
> > Cc: full-disclosure@...ts.grok.org.uk
> > Message-ID: <14206.1275395662@...alhost>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > On Tue, 01 Jun 2010 13:08:32 +0530, rajendra prasad said:
> >
> > > Request length is less than the response length.So, processing
> small
> > amount
> > > of data is better than of processing bulk data. Response may have
> > encrypted
> > > data. Buffering all the client-server transactions and validating
> > signatures
> > > on them is difficult.
> >
> > All of that is total wanking. The *real* reason why IPS product
> designers
> > concentrate on servers is because hopefully the server end is run by
> some
> > experienced people with a clue, and maybe even hardened to last more
> than
> > 35 seconds when a hacker attacks. Meanwhile, if anybody designed an
> IPS
> > for
> > the client end, it would just get installed on an end-user PC running
> > Windows,
> > where it will have all the issues and work just as well as any other
> > anti-malware software on an end-user PC.
> >
> > Oh - and there's also the little detail that a site is more likely to
> buy
> > *one* software license to run on their web server (or whatever),
> rather
> > than
> > the hassle of buying and administering 10,000 end-user licenses.
> > Especially
> > when an IPS on the client end doesn't actually tell you much about
> attacks
> > against the valuable target (the server) from machines you haven't
> > installed
> > the end-user IPS on (like the entire rest of the Internet).
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: not available
> > Type: application/pgp-signature
> > Size: 227 bytes
> > Desc: not available
> > Url :
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/0896c76b/attachment-0001.bin
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Tue, 1 Jun 2010 15:42:58 +0300
> > From: "MustLive" <mustlive@...security.com.ua>
> > Subject: [Full-disclosure] DoS vulnerability in Internet Explorer
> > To: <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <005e01cb0188$162059b0$010000c0@ml>
> > Content-Type: text/plain; format=flowed; charset="windows-1251";
> > reply-type=response
> >
> > Hello Full-Disclosure!
> >
> > I want to warn you about Denial of Service vulnerability in Internet
> > Explorer. Which I already disclosed at my site in 2008 (at
> 29.09.2008). But
> > recently I made new tests concerning this vulnerability, so I decided
> to
> > remind you about it.
> >
> > I know this vulnerability for a long time - it's well-known DoS in
> IE. It
> > works in IE6 and after release of IE7 I hoped that Microsoft fixed
> this
> > hole
> > in seventh version of the browser. But as I tested at 29.09.2008, IE7
> was
> > also vulnerable to this attack. And as I tested recently, IE8 is also
> > vulnerable to this attack.
> >
> > Also I informed Microsoft at 01.10.2008 about it, but they ignored
> and
> > didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor
> in IE8.
> >
> > That time I published about this vulnerability at SecurityVulns
> > (http://securityvulns.com/Udocument636.html).
> >
> > DoS:
> >
> > Vulnerability concerned with handling by browser of expression in
> styles,
> > which leads to blocking of work of IE.
> >
> > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> >
> > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
> > Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
> > previous versions.
> >
> > To Susan Bradley from Bugtraq:
> >
> > This is one of those cases, which I told you before, when browser
> vendors
> > ignore to fix DoS holes in their browsers for many years.
> >
> > Best wishes & regards,
> > MustLive
> > Administrator of Websecurity web site
> > http://websecurity.com.ua
> >
> >
> >
> > ------------------------------
> >
> > Message: 4
> > Date: Tue, 1 Jun 2010 18:28:03 +0530
> > From: rajendra prasad <rajendra.palnaty@...il.com>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: full-disclosure@...ts.grok.org.uk
> > Message-ID:
> > <AANLkTinFeCKoKUNI59k2citWgTJlytqjRiZ8Ze8oM1rp@...l.gmail.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hi List,
> >
> > I have started this discussion with respect to Network IPS.
> >
> > Thanks
> > Rajendra
> >
> > On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad
> > <rajendra.palnaty@...il.com>wrote:
> >
> > > Hi List,
> > >
> > > I am putting my thoughts on this, please share your thoughts,
> comments.
> > >
> > > Request length is less than the response length.So, processing
> small
> > amount
> > > of data is better than of processing bulk data. Response may have
> > encrypted
> > > data. Buffering all the client-server transactions and validating
> > signatures
> > > on them is difficult. Even though buffered, client data may not be
> in the
> > > plain text. Embedding all the client encryption/decryption process
> on the
> > > fly is not possible, even though ips gathered key values of
> clients.Most
> > of
> > > the client protection is done by anti-virus. So, concentrating
> client
> > > attacks at IPS level is not so needed.
> > >
> > >
> > > Thanks
> > > Rajendra
> > >
> > >
> > >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/0cb18940/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Tue, 1 Jun 2010 14:52:51 +0200
> > From: "Cor Rosielle" <cor@...post24.com>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are
> missing
> > client
> > protection
> > To: "'Nelson Brito'" <nbrito@...ure.org>
> > Cc: full-disclosure@...ts.grok.org.uk
> > Message-ID: <003001cb0189$5962ddf0$0c2899d0$@com>
> > Content-Type: text/plain; charset="UTF-8"
> >
> > Nelson,
> >
> > > You're missing one point: Host IPS MUST be deployed with any
> Network
> > > Security (Firewalls os NIPSs).
> > Please be aware this is a risk decision and not a fact. I don't use
> an host
> > IPS and no anti Virus either. Still I'm sure my laptop is perfectly
> safe.
> > This is because I do critical thinking about security measures and
> don't
> > copy behavior of others (who often don't think for themselves and
> just
> > copies other peoples behavior). Please note I'm not saying you're not
> > thinking. If you did some critical thinking and an host IPS is a good
> > solution for you, then that's OK> It just doesn't mean it is a good
> solution
> > for everybody else and everybody MUST deploy an host IPS.
> >
> > > No security solution/technology is the miracle protection alone,
> > That's true.
> >
> > > so that's the reason everybody is talking about defense in depth.
> > Defense in depth is often used for another line of a similar defense
> > mechanism as the previous already was. Different layers of defense
> works
> > best if the defense mechanism differ. So if you're using anti virus
> software
> > (which gives you an authentication control and an alarm control
> according to
> > the OSSTMM), then an host IDS is not the best additional security
> measure
> > (because this also gives you an authentication and an alarm control).
> > This would also be a risk decision, but based on facts and the rules
> > defined in the OSSTMM and not based on some marketing material. You
> should
> > give it a try.
> >
> > Regards,
> > Cor Rosielle
> >
> > w: www.lab106.com
> >
> >
> >
> > ------------------------------
> >
> > Message: 6
> > Date: Tue, 1 Jun 2010 10:27:48 -0300
> > From: Nelson Brito <nbrito@...ure.org>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: rajendra prasad <rajendra.palnaty@...il.com>
> > Cc: "full-disclosure@...ts.grok.org.uk"
> > <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <76444513-375E-472C-A3CA-8F4A9776EDD4@...ure.org>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Okay, but why did you mention AV as a client-side protection?
> >
> > It leads to a discussion about client-side protection, anyways.
> >
> > Cheers.
> >
> > Nelson Brito
> > Security Researcher
> > http://fnstenv.blogspot.com/
> >
> > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> >
> > Sent on an ? iPhone wireless device. Please, forgive any potential
> > misspellings!
> >
> > On Jun 1, 2010, at 9:58 AM, rajendra prasad
> > <rajendra.palnaty@...il.com> wrote:
> >
> > > Hi List,
> > >
> > > I have started this discussion with respect to Network IPS.
> > >
> > > Thanks
> > > Rajendra
> > >
> > > On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <
> > rajendra.palnaty@...il.com
> > > > wrote:
> > > Hi List,
> > >
> > > I am putting my thoughts on this, please share your thoughts,
> > > comments.
> > >
> > > Request length is less than the response length.So, processing
> small
> > > amount of data is better than of processing bulk data. Response may
> > > have encrypted data. Buffering all the client-server transactions
> > > and validating signatures on them is difficult. Even though
> > > buffered, client data may not be in the plain text. Embedding all
> > > the client encryption/decryption process on the fly is not
> possible,
> > > even though ips gathered key values of clients.Most of the client
> > > protection is done by anti-virus. So, concentrating client attacks
> > > at IPS level is not so needed.
> > >
> > >
> > > Thanks
> > > Rajendra
> > >
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/d583f90d/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 7
> > Date: Tue, 1 Jun 2010 10:23:31 -0300
> > From: Nelson Brito <nbrito@...ure.org>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: Cor Rosielle <cor@...post24.com>
> > Cc: "<full-disclosure@...ts.grok.org.uk>"
> > <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <6AAECC36-E447-497D-BA87-D7C5EFB18E43@...ure.org>
> > Content-Type: text/plain; charset=utf-8; format=flowed;
> delsp=yes
> >
> > Comments are inline!
> >
> > Nelson Brito
> > Security Researcher
> > http://fnstenv.blogspot.com/
> >
> > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> >
> > Sent on an ? iPhone wireless device. Please, forgive any potential
> > misspellings!
> >
> > On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor@...post24.com> wrote:
> >
> > > Nelson,
> > >
> > >> You're missing one point: Host IPS MUST be deployed with any
> Network
> > >> Security (Firewalls os NIPSs).
> > > Please be aware this is a risk decision and not a fact. I don't use
> > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > perfectly safe. This is because I do critical thinking about
> > > security measures and don't copy behavior of others (who often
> don't
> > > think for themselves and just copies other peoples behavior).
> Please
> > > note I'm not saying you're not thinking. If you did some critical
> > > thinking and an host IPS is a good solution for you, then that's
> OK>
> > > It just doesn't mean it is a good solution for everybody else and
> > > everybody MUST deploy an host IPS.
> >
> > That's so 1990! NIPS and/or Firewall just protect you if you're
> inside
> > the "borders"... But, come on. Who doesn't have a laptop nowadays?
> So,
> > multiple protection layers is better than none, anyways.
> >
> > You have choices when adopting a security posture or, if you prefer,
> > risk posture. I believe that it's quite difficult and almost
> > impossible you stay updated with all the threads, due to exponential
> > growth of them.
> >
> > >
> > >> No security solution/technology is the miracle protection alone,
> > > That's true.
> > >
> > >> so that's the reason everybody is talking about defense in depth.
> > > Defense in depth is often used for another line of a similar
> defense
> > > mechanism as the previous already was. Different layers of defense
> > > works best if the defense mechanism differ. So if you're using anti
> > > virus software (which gives you an authentication control and an
> > > alarm control according to the OSSTMM), then an host IDS is not the
> > > best additional security measure (because this also gives you an
> > > authentication and an alarm control).
> >
> > Woowoo.. I cannot agree with you, because AV has nothing to do
> > protecting end-point against network attacks. AV will alert and
> > protect only when the thread already reached your end-point. Besides,
> > there are other layers, such as: buffer overflow protection inside
> > HIPS. Look that I am not talking abous IDS. 8)
> >
> > > This would also be a risk decision, but based on facts and the
> rules
> > > defined in the OSSTMM and not based on some marketing material. You
> > > should give it a try.
> >
> > It always is a risk decision, and I not basing MHO on any "standard",
> > that's based on my background... And, AFAIK, nodoby can expect that
> > users and/or server systems will be able to apply all or any update
> in
> > a huge environment.
> >
> > >
> > > Regards,
> > > Cor Rosielle
> > >
> > > w: www.lab106.com
> > >
> >
> >
> >
> > ------------------------------
> >
> > Message: 8
> > Date: Tue, 01 Jun 2010 23:54:33 +1000
> > From: Laurent Gaffie <laurent.gaffie@...il.com>
> > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > To: full-disclosure@...ts.grok.org.uk
> > Message-ID: <4C051119.1010702@...il.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello Full-Disclosure!
> >
> > I want to warn you about a Denial of Service in every browser finaly
> !!!
> >
> > It actually affect every browser with a javascript engine build in
> !!!
> >
> > Adobe may be vulnerable to !!!!
> >
> > PoC :
> >
> > <html>
> > <head><title>0n0z</title></head>
> > <body>
> > <DEFANGED_script type="text/javascript">
> > for (i=0;i<65535;i++) {
> > alert('0n0z mustlive got you, now you're fucked, the only solution
> > is to restart your browser or be faster than JS !!!');
> > }
> > </DEFANGED_script>
> > </body>
> > </html>
> >
> > Greetz to Mustlive@...ap.com.ua
> >
> >
> > On 01/06/10 22:42, MustLive wrote:
> > > Hello Full-Disclosure!
> > >
> > > I want to warn you about Denial of Service vulnerability in
> > > Internet Explorer. Which I already disclosed at my site in 2008 (at
> > > 29.09.2008). But recently I made new tests concerning this
> > > vulnerability, so I decided to remind you about it.
> > >
> > > I know this vulnerability for a long time - it's well-known DoS in
> > > IE. It works in IE6 and after release of IE7 I hoped that Microsoft
> > > fixed this
> > hole
> > > in seventh version of the browser. But as I tested at 29.09.2008,
> > > IE7 was also vulnerable to this attack. And as I tested recently,
> > > IE8 is also vulnerable to this attack.
> > >
> > > Also I informed Microsoft at 01.10.2008 about it, but they ignored
> > > and didn't fix it. They didn't fix the hole not in IE6, nor in IE7,
> > > nor in IE8.
> > >
> > > That time I published about this vulnerability at SecurityVulns
> > > (http://securityvulns.com/Udocument636.html).
> > >
> > > DoS:
> > >
> > > Vulnerability concerned with handling by browser of expression in
> > > styles, which leads to blocking of work of IE.
> > >
> > > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> > >
> > > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180),
> > > Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8
> > > (8.0.7600.16385) and previous versions.
> > >
> > > To Susan Bradley from Bugtraq:
> > >
> > > This is one of those cases, which I told you before, when browser
> > > vendors ignore to fix DoS holes in their browsers for many years.
> > >
> > > Best wishes & regards, MustLive Administrator of Websecurity web
> > > site http://websecurity.com.ua
> > >
> > > _______________________________________________ Full-Disclosure -
> > > We believe in it. Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > > sponsored by Secunia - http://secunia.com/
> > >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE
> > 7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp
> > AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB
> > JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi
> > A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp
> > KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd
> > XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0
> > l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z
> > H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK
> > kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO
> > llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv
> > mpMV1kIb911r6Ps4UhGp
> > =n3v/
> > -----END PGP SIGNATURE-----
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/6908f1f7/attachment-0001.html
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: 0x09D391F0.asc
> > Type: application/pgp-keys
> > Size: 3130 bytes
> > Desc: not available
> > Url :
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/6908f1f7/attachment-0003.bin
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: 0x09D391F0.asc
> > Type: application/pgp-keys
> > Size: 3130 bytes
> > Desc: not available
> > Url :
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/6908f1f7/attachment-0004.bin
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: 0x09D391F0.asc
> > Type: application/pgp-keys
> > Size: 3129 bytes
> > Desc: not available
> > Url :
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/6908f1f7/attachment-0005.bin
> >
> > ------------------------------
> >
> > Message: 9
> > Date: Wed, 02 Jun 2010 00:00:05 +1000
> > From: Laurent Gaffie <laurent.gaffie@...il.com>
> > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > To: MustLive <mustlive@...security.com.ua>,
> > full-disclosure@...ts.grok.org.uk
> > Message-ID: <4C051265.1050207@...il.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Sorry Mustlive,
> > i understand you need to see this in clear text finaly.
> > I guess ascii is the best to communicate with you;
> >
> >
> > Hello Full-Disclosure!
> >
> > I want to warn you about a Denial of Service in every browser finaly
> !!!
> >
> > It actually affect every browser with a javascript engine build in
> !!!
> >
> > Adobe may be vulnerable to !!!!
> >
> > PoC :
> >
> > <html>
> > <head><title>0n0z</title></head>
> > <body>
> > <DEFANGED_script type="text/javascript">
> > for (i=0;i<65535;i++) {
> > alert('0n0z mustlive got you, now you're fucked, the only solution is
> > to restart your browser or be faster than JS !!!');
> > }
> > </DEFANGED_script>
> > </body>
> > </html>
> >
> >
> > Greetz to Mustlive@...ap.com.ua
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> > 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> > weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> > 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> > i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> > OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> > Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> > gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> > nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> > vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> > 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> > g+1w9Kvgr12i+aEmD2Me
> > =v3oL
> > -----END PGP SIGNATURE-----
> >
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: 0x09D391F0.asc
> > Type: application/pgp-keys
> > Size: 3129 bytes
> > Desc: not available
> > Url :
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100602/47b07336/attachment-0001.bin
> >
> > ------------------------------
> >
> > Message: 10
> > Date: Tue, 1 Jun 2010 16:20:10 +0200
> > From: "Cor Rosielle" <cor@...post24.com>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: "'Nelson Brito'" <nbrito@...ure.org>
> > Cc: full-disclosure@...ts.grok.org.uk
> > Message-ID: <001b01cb0195$8c21a080$a464e180$@com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Nelson,
> >
> > I put my comments inline as well
> >
> > Regards, Cor
> >
> > ...snip...
> > > > Nelson,
> > > >
> > > >> You're missing one point: Host IPS MUST be deployed with any
> Network
> > > >> Security (Firewalls os NIPSs).
> > > > Please be aware this is a risk decision and not a fact. I don't
> use
> > > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > > perfectly safe. This is because I do critical thinking about
> > > > security measures and don't copy behavior of others (who often
> don't
> > > > think for themselves and just copies other peoples behavior).
> Please
> > > > note I'm not saying you're not thinking. If you did some critical
> > > > thinking and an host IPS is a good solution for you, then that's
> OK>
> > > > It just doesn't mean it is a good solution for everybody else and
> > > > everybody MUST deploy an host IPS.
> > >
> > > That's so 1990! NIPS and/or Firewall just protect you if you're
> inside
> > > the "borders"... But, come on. Who doesn't have a laptop nowadays?
> So,
> > > multiple protection layers is better than none, anyways.
> > >
> > Even one layer is better than none :-). Multiple layers are even
> better,
> > especially when they are different types of protection. But applying
> > security without thinking is bad. Even if you have enough money and
> hardware
> > to spent, you should at least think about the balance between the
> amount
> > security you get and the amount of risk you run when installing
> another
> > piece of software. Then you can decide if it is worth the money or
> hardware
> > you need to spend.
> >
> > > You have choices when adopting a security posture or, if you
> prefer,
> > > risk posture. I believe that it's quite difficult and almost
> > > impossible you stay updated with all the threads, due to
> exponential
> > > growth of them.
> > You have a point here. That's why it is better not to base security
> on
> > defenses to known and existing threats alone, but use defense
> mechanisms
> > that protect you both against known and existing threats and against
> unknown
> > and future threats as well. I can't help to mention the OSSTMM again,
> > because this is pretty much what it is about.
> >
> > > >> No security solution/technology is the miracle protection alone,
> > > > That's true.
> > > >
> > > >> so that's the reason everybody is talking about defense in
> depth.
> > > > Defense in depth is often used for another line of a similar
> defense
> > > > mechanism as the previous already was. Different layers of
> defense
> > > > works best if the defense mechanism differ. So if you're using
> anti
> > > > virus software (which gives you an authentication control and an
> > > > alarm control according to the OSSTMM), then an host IDS is not
> the
> > > > best additional security measure (because this also gives you an
> > > > authentication and an alarm control).
> > >
> > > Woowoo.. I cannot agree with you, because AV has nothing to do
> > > protecting end-point against network attacks. AV will alert and
> > > protect only when the thread already reached your end-point.
> Besides,
> > > there are other layers, such as: buffer overflow protection inside
> > > HIPS. Look that I am not talking abous IDS. 8)
> > Sure you're right about that. There is a lot of other threats AV
> doesn't
> > protect you to. Just like an IPS doesn't protect you against all
> threats.
> > But that doesn't mean it is a wise decision to install each and every
> part
> > of security software you can get, because software comes with costs
> and
> > risks too. This is true for IPS's too.
> >
> > >
> > > > This would also be a risk decision, but based on facts and the
> rules
> > > > defined in the OSSTMM and not based on some marketing material.
> You
> > > > should give it a try.
> > >
> > > It always is a risk decision, and I not basing MHO on any
> "standard",
> > > that's based on my background... And, AFAIK, nodoby can expect that
> > > users and/or server systems will be able to apply all or any update
> in
> > > a huge environment.
> > >
> >
> > Of course you don't have to agree, but I think it is better to be
> critical
> > about the software you install. And if you don't agree and rather
> spend your
> > money on things that were useful for someone else at another time and
> under
> > different circumstances, then just do that. But I wish you wouldn't
> write
> > that others must (you wrote it even in capitals) deploy an IPS.
> >
> > Regards,
> > Cor
> >
> >
> >
> > ------------------------------
> >
> > Message: 11
> > Date: Tue, 01 Jun 2010 16:26:37 +0200
> > From: PsychoBilly <zpamh0l3@...il.com>
> > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > To: fdisclo <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <4C05189D.7050200@...il.com>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > This had already been published
> > http://www.pewy.fr/hamster.html
> >
> > ************************ Cluster #[[ Laurent Gaffie ]] possibly
> > emitted, @Time [[ 01/06/2010 16:00 ]] The Following #String
> > **********************
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Sorry Mustlive,
> > > i understand you need to see this in clear text finaly.
> > > I guess ascii is the best to communicate with you;
> > >
> > >
> > > Hello Full-Disclosure!
> > >
> > > I want to warn you about a Denial of Service in every browser
> finaly !!!
> > >
> > > It actually affect every browser with a javascript engine build in
> !!!
> > >
> > > Adobe may be vulnerable to !!!!
> > >
> > > PoC :
> > >
> > > <html>
> > > <head><title>0n0z</title></head>
> > > <body>
> > > <DEFANGED_script type="text/javascript">
> > > for (i=0;i<65535;i++) {
> > > alert('0n0z mustlive got you, now you're fucked, the only solution
> is
> > > to restart your browser or be faster than JS !!!');
> > > }
> > > </DEFANGED_script>
> > > </body>
> > > </html>
> > >
> > >
> > > Greetz to Mustlive@...ap.com.ua
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > >
> > > iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> > > 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> > > weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> > > 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> > > i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> > > OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> > > Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> > > gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> > > nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> > > vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> > > 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> > > g+1w9Kvgr12i+aEmD2Me
> > > =v3oL
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > ------------------------------
> >
> > Message: 12
> > Date: Tue, 1 Jun 2010 11:49:28 -0300
> > From: Nelson Brito <nbrito@...ure.org>
> > Subject: Re: [Full-disclosure] Why the IPS product designers
> > concentrate on server side protection? why they are missing
> client
> > protection
> > To: Cor Rosielle <cor@...post24.com>
> > Cc: "<full-disclosure@...ts.grok.org.uk>"
> > <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <ABDDB41B-4F4E-4A6D-8E75-09DC9ACCFB8E@...ure.org>
> > Content-Type: text/plain; charset=utf-8; format=flowed;
> delsp=yes
> >
> > I still keep in capital: anyone MUST deploy Host IPS when adopting
> > Network IPS. If you don't do so you MUST keep in mind that you are
> > just approaching some threads, even because Host and Network IPS have
> > different approaches.
> >
> > Otherwise you will THINK you're protected... But nobody can guarantee
> > that.
> >
> > Regarding the aquisition of those solutions, of course it cannot be
> > done without a deep looking inside the corporate, but it doesn't mean
> > you don't have to...
> >
> > When you decided to aquire a security solution you have to be careful
> > and have well designed criterias to do so, but, again, it doesn't
> mean
> > you don't have to aquire them.
> >
> > About the known and unknown threads, I will not enter into this,
> > because it is kind of a phylosofical discussion.
> >
> > Cheers.
> >
> > Nelson Brito
> > Security Researcher
> > http://fnstenv.blogspot.com/
> >
> > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> >
> > Sent on an ? iPhone wireless device. Please, forgive any potential
> > misspellings!
> >
> > On Jun 1, 2010, at 11:20 AM, "Cor Rosielle" <cor@...post24.com>
> wrote:
> >
> > > Nelson,
> > >
> > > I put my comments inline as well
> > >
> > > Regards, Cor
> > >
> > > ...snip...
> > >>> Nelson,
> > >>>
> > >>>> You're missing one point: Host IPS MUST be deployed with any
> > >>>> Network
> > >>>> Security (Firewalls os NIPSs).
> > >>> Please be aware this is a risk decision and not a fact. I don't
> use
> > >>> an host IPS and no anti Virus either. Still I'm sure my laptop is
> > >>> perfectly safe. This is because I do critical thinking about
> > >>> security measures and don't copy behavior of others (who often
> don't
> > >>> think for themselves and just copies other peoples behavior).
> Please
> > >>> note I'm not saying you're not thinking. If you did some critical
> > >>> thinking and an host IPS is a good solution for you, then that's
> OK>
> > >>> It just doesn't mean it is a good solution for everybody else and
> > >>> everybody MUST deploy an host IPS.
> > >>
> > >> That's so 1990! NIPS and/or Firewall just protect you if you're
> > >> inside
> > >> the "borders"... But, come on. Who doesn't have a laptop nowadays?
> > >> So,
> > >> multiple protection layers is better than none, anyways.
> > >>
> > > Even one layer is better than none :-). Multiple layers are even
> > > better, especially when they are different types of protection. But
> > > applying security without thinking is bad. Even if you have enough
> > > money and hardware to spent, you should at least think about the
> > > balance between the amount security you get and the amount of risk
> > > you run when installing another piece of software. Then you can
> > > decide if it is worth the money or hardware you need to spend.
> > >
> > >> You have choices when adopting a security posture or, if you
> prefer,
> > >> risk posture. I believe that it's quite difficult and almost
> > >> impossible you stay updated with all the threads, due to
> exponential
> > >> growth of them.
> > > You have a point here. That's why it is better not to base security
> > > on defenses to known and existing threats alone, but use defense
> > > mechanisms that protect you both against known and existing threats
> > > and against unknown and future threats as well. I can't help to
> > > mention the OSSTMM again, because this is pretty much what it is
> > > about.
> > >
> > >>>> No security solution/technology is the miracle protection alone,
> > >>> That's true.
> > >>>
> > >>>> so that's the reason everybody is talking about defense in
> depth.
> > >>> Defense in depth is often used for another line of a similar
> defense
> > >>> mechanism as the previous already was. Different layers of
> defense
> > >>> works best if the defense mechanism differ. So if you're using
> anti
> > >>> virus software (which gives you an authentication control and an
> > >>> alarm control according to the OSSTMM), then an host IDS is not
> the
> > >>> best additional security measure (because this also gives you an
> > >>> authentication and an alarm control).
> > >>
> > >> Woowoo.. I cannot agree with you, because AV has nothing to do
> > >> protecting end-point against network attacks. AV will alert and
> > >> protect only when the thread already reached your end-point.
> Besides,
> > >> there are other layers, such as: buffer overflow protection inside
> > >> HIPS. Look that I am not talking abous IDS. 8)
> > > Sure you're right about that. There is a lot of other threats AV
> > > doesn't protect you to. Just like an IPS doesn't protect you
> against
> > > all threats. But that doesn't mean it is a wise decision to install
> > > each and every part of security software you can get, because
> > > software comes with costs and risks too. This is true for IPS's
> too.
> > >
> > >>
> > >>> This would also be a risk decision, but based on facts and the
> rules
> > >>> defined in the OSSTMM and not based on some marketing material.
> You
> > >>> should give it a try.
> > >>
> > >> It always is a risk decision, and I not basing MHO on any
> "standard",
> > >> that's based on my background... And, AFAIK, nodoby can expect
> that
> > >> users and/or server systems will be able to apply all or any
> update
> > >> in
> > >> a huge environment.
> > >>
> > >
> > > Of course you don't have to agree, but I think it is better to be
> > > critical about the software you install. And if you don't agree and
> > > rather spend your money on things that were useful for someone else
> > > at another time and under different circumstances, then just do
> > > that. But I wish you wouldn't write that others must (you wrote it
> > > even in capitals) deploy an IPS.
> > >
> > > Regards,
> > > Cor
> > >
> >
> >
> >
> > ------------------------------
> >
> > Message: 13
> > Date: Tue, 01 Jun 2010 11:31:19 -0300
> > From: Onapsis Research Labs <research@...psis.com>
> > Subject: [Full-disclosure] Onapsis Research Labs: Onapsis Bizploit -
> > The opensource ERP Penetration Testing framework
> > To: full-disclosure@...ts.grok.org.uk
> > Message-ID: <4C0519B7.8050403@...psis.com>
> > Content-Type: text/plain; charset=UTF-8
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Dear colleague,
> >
> > We are proud to announce the release of Onapsis Bizploit, the first
> > opensource ERP Penetration Testing framework.
> >
> > Presented at the renowned HITB Dubai security conference, Bizploit is
> > expected to provide the security community with a basic framework to
> support
> > the
> > discovery, exploration, vulnerability assessment and exploitation of
> ERP
> > systems.
> >
> > The term "ERP Security" has been so far understood by most of the IT
> > Security and Auditing industries as a synonym of ?Segregation of
> Duties?.
> > While
> > this aspect is absolutely important for the overall security of the
> > Organization's core business platforms, there are many other threats
> that
> > are
> > still overlooked and imply much higher levels of risk. Onapsis
> Bizploit is
> > designed as an academic proof-of-concept that will help the general
> > community to illustrate and understand this kind of risks.
> >
> > Currently Onapsis Bizploit provides all the features available in the
> > sapyto GPL project, plus several new plugins and connectors focused
> in the
> > security of SAP business platforms. Updates for other popular ERPs
> are to
> > be released in the short term.
> >
> > Your can download the software freely from http://www.onapsis.com
> >
> > Best regards,
> >
> > - --------------------------------------------
> > The Onapsis Research Labs Team
> >
> > Onapsis S.R.L
> > Email: research@...psis.com
> > Web: www.onapsis.com
> > PGP: http://www.onapsis.com/pgp/research.asc
> > - --------------------------------------------
> >
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> >
> > iEYEARECAAYFAkwFGLQACgkQz3i6WNVBcDVp7wCgktzu7vYVXTBnE9DM5GPYAnGx
> > OjAAn0uVawK36FZMP9DFYye3XX56CN1v
> > =80ir
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------
> >
> > Message: 14
> > Date: Tue, 1 Jun 2010 11:46:26 -0400
> > From: T Biehn <tbiehn@...il.com>
> > Subject: Re: [Full-disclosure] The_UT is repenting
> > To: Anders Klixbull <akl@...erian.dk>
> > Cc: full-disclosure@...ts.grok.org.uk
> > Message-ID:
> > <AANLkTimnEwv9Zy-QYvJ2qn5UxYBEFh3cI0_6tv4TgUX7@...l.gmail.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > I don't think UT is anyone's 'boy toy.' The guy is massive.
> >
> > I'm sure he'll meet all kinds of experienced scam artists and
> criminals and
> > learn all sorts of neat things for use when he gets out.
> >
> > -Travis
> >
> > On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull <akl@...erian.dk>
> wrote:
> >
> > > I'm so sorry that your friend was retarded enough to get busted.
> > > And thank you for the archive!
> > > It's always nice to have a personal librarian :)
> > > You may be sorry for the repeat material, but please go suck a
> lemon.
> > > Thanks.
> > >
> > > -----Oprindelig meddelelse-----
> > > Fra: ghost [mailto:ghosts@...il.com]
> > > Sendt: 1. juni 2010 11:35
> > > Til: Anders Klixbull
> > > Cc: full-disclosure@...ts.grok.org.uk
> > > Emne: Re: [Full-disclosure] The_UT is repenting
> > >
> > > Anders - i'm very sorry, you must of confused this mailing list
> with
> > > astalavista forums. Please go away... or kill yourself, whichever
> you
> > > prefer...... and in the interest of full-disclosure, I have my
> fingers
> > > crossed for the latter :)
> > >
> > > Thanks.
> > >
> > >
> > >
> > ---------------------------------------------------------------------
> --------------------
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Please stop stating the obvious. Keep in mind that to us your
> useless
> > > replies are of no importance.
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > But their website graphics is super cool!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > we care we really do From fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > take a chill pill wigger
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > shut the fuck up From fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > then you gadi and n3td3v should jump off a cliff
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Apology not accepted! Alcohol is required!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > ) If im ever near there i will look you up! Cheers
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Thinking a little highly of yourself arent you? Saving the world
> lol
> > > lol lol Keep your moronic comics to yourself please
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > 0day pictures of Mark's mom for sale From
> fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Keep your talentless tripe to yourself
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > You're obviously retarded
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > You forgot to include MiniMySqlat0r01.jar in your zip file..
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > ???? ????????!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Free 0day for all!!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Fuck the vendors put them on FD
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Go suck a lemon bitch
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > The hardcore cockgobbler scene of scotland
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > TEH TXT FIEL FORMATTING SI TEH FUCKED From
> fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Religion is nothing more than mental crutches for weakminded people
> > >
> > > Message Results
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > But isnt that where you feel most at home brother n3td3v?
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Because we are drawn to you like moths to a flame
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > It's safe to assume that it covers the both of you ignorant turds
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Nice teenspeak maybe your mother can invite n3td3v over to hot
> cocoa
> > > and cookies?
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > removing anyone is pointless From fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Project chroma project? Welcome to the redundancy department of
> > > redundancy.. Mike c aka n3td3v shut the fuck up
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > retardo
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Are you smoking crack?
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Helol n3td3v
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > go suck a lemon From fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > OH MY GOD I DONT KNOW BUT DO WE REALLY CARE???? their site was
> always
> > > a crappy piece of shit
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > He's too busy living the good life in a cardboard box in hobotown
> to
> > > answer ) Vi hj?lper dig til at tr?ffe bedre beslutninger. Vi
> tilbyder
> > > analyse og informationsservices der ?ger salget m?lretter
> > > markedsf?ringen og reducerer risikoen for ta...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > GO SUCK A LEMON
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > And pigs eat bananas with their ears
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > he's the wino on the corner sucking your lemon
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > I heard he ch0ked on a lemon
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Taunting other people's english skills work better when your own
> > > english isn't broken )
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > So youre whining about a 4 year old post? lol and who uses an
> exploit
> > > without changing the shellcode anyway
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Wow such depth! Such insight! WOW
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > you need to get a job you no good for nothing lazy bum From
> > > fulldisclosurebounces@...t...
> > >
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > seems to be cropping in? as far as know rainbow tables has been
> around
> > > for years...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > lol they have been useful for years son just because YOU never
> found a
> > > use for them doesn't mean noone else has
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > you'd like to gobble that sausage wouldn't you From
> > > fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > callate la boca carajo. que la chupes y que la sigas chupando From
> > > Rosa Maria Gonzalez Pereira
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > yes the correct answer is 'cheese' From
> fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > you obviously misunderstood since every geek on the planet knows
> that
> > > the answer in numeric form is 42!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Shut up weev Take your fake panama bank accounts and put them where
> > > the sun don't shine If you can fit it in while you have that
> aircraft
> > > carrier up there
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Andrew/weev is an amateur troll He has ridden other peoples fame
> more
> > than
> > > once
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Nobody cares about a homeless bum Move along
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Learn how to blow old men and live on their couches
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > Thank you shawarma! From fulldisclosurebounces@...t...
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > He never said anything profound 140 characters or not
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > bohooo stop crying he can disclose bugs when he feels like it if
> you
> > > dont like that then go suck a lemon
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > lol look who's talking about being professional yeah sure because
> > > klixbull is such a russian name right? and oh yeah my email address
> > > also ends in .ua julian its time to stop gobbling that cock and
> shut
> > > the fuck up
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > why does it hurt when you suck lemons? does your teeth gets fucked
> up
> > > when you smoke cock all day?
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > yeah sure.. you junkies are alle the same you suck dicks for
> > > cheeseburgers and crack
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > dad? is that you? mom says to stop blowing off strangers for free
> and
> > > bring home some money!
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > But aren't gnaa retired anyway?
> > >
> > > Re:
> > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> messages)
> > > lol seems to be? you should know better than "seems" since your
> email
> > > is in the gnaa ascii
> > >
> > >
> > > On Tue, Jun 1, 2010 at 1:28 AM, Anders Klixbull <akl@...erian.dk>
> wrote:
> > > > Wouldn't you if you were bubba's boytoy in the can?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Fra: full-disclosure-bounces@...ts.grok.org.uk
> > > > [mailto:full-disclosure-bounces@...ts.grok.org.uk] P? vegne af
> > > PsychoBilly
> > > > Sendt: 1. juni 2010 10:21
> > > > Til: full-disclosure@...ts.grok.org.uk
> > > > Emne: [Full-disclosure] The_UT is repenting
> > > >
> > > >
> > > >
> > > > http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> >
> > --
> > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
> >
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=
> on
> > http://pastebin.com/f6fd606da
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > http://lists.grok.org.uk/pipermail/full-
> disclosure/attachments/20100601/37bc81bd/attachment.html
> >
> > ------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > End of Full-Disclosure Digest, Vol 64, Issue 3
> > **********************************************
> >
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists