lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTim0qUYT_wfzodLQMfy5aZVRvfxzTwMDFfr3km3R@mail.gmail.com>
Date: Wed, 2 Jun 2010 18:56:29 +0530
From: Srinivas Naik <naik.srinu@...il.com>
To: Cor Rosielle <cor@...post24.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-disclosure] Why the IPS product designers

Cor,


   This might not be applicable for Enterprise Network and ISP's even. If
there is any alternative solution for this, then let me know. I agree with
your decision either for SOHO Networks or Small Offices.

Regards,
Srinivas Naik
On Wed, Jun 2, 2010 at 12:05 PM, Cor Rosielle <cor@...post24.com> wrote:

> I would say: an host IPS could be considered, even if there is a network
> IPS. If it is a wise decision to spent your money or use your hardware for
> this, depends from case to case. And I might even add: if someone tells you
> different, he must be selling something.
>
> Regards,
> Cor
>
>
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-
> > disclosure-bounces@...ts.grok.org.uk] On Behalf Of Srinivas Naik
> > Sent: dinsdag 1 juni 2010 21:14
> > To: full-disclosure@...ts.grok.org.uk
>  > Subject: [Full-disclosure] Full-disclosure] Why the IPS product
> > designers
> >
> > Mr. Nelson has brought a good point, Host IPS should also be running
> > even if
> > there is Nework IPS.
> >
> > There are Client end Attacks which has got many Evasion techniques and
> > almost the recent research presents us the proof of such Attacks.
> > Apart these there exist other exploits/malware which cannot be detected
> > over
> > the network.
> >
> > Regards,
> > Srinivas Naik (Certified Hacker and Forensic Investigator)
> > IPS Evaluator
> > http://groups.google.com/group/nforceit
> >
> > On Tue, Jun 1, 2010 at 9:16 PM,
> > <full-disclosure-request@...ts.grok.org.uk>wrote:
> >
> > > Send Full-Disclosure mailing list submissions to
> > >        full-disclosure@...ts.grok.org.uk
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > >        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> > > or, via email, send a message with subject or body 'help' to
> > >        full-disclosure-request@...ts.grok.org.uk
> > >
> > > You can reach the person managing the list at
> > >        full-disclosure-owner@...ts.grok.org.uk
> > >
> > > When replying, please edit your Subject line so it is more specific
> > > than "Re: Contents of Full-Disclosure digest..."
> > >
> > >
> > > Note to digest recipients - when replying to digest posts, please
> > trim your
> > > post appropriately. Thank you.
> > >
> > >
> > > Today's Topics:
> > >
> > >   1. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (Nelson
> > Brito)
> > >   2. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection
> > >      (Valdis.Kletnieks@...edu)
> > >   3. DoS vulnerability in Internet Explorer (MustLive)
> > >   4. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (rajendra
> > prasad)
> > >   5. Re: Why the IPS product designers concentrate     on      server
> > side
> > >      protection? why they are missing client protection (Cor
> > Rosielle)
> > >   6. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (Nelson
> > Brito)
> > >   7. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (Nelson
> > Brito)
> > >   8. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
> > >   9. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
> > >  10. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (Cor
> > Rosielle)
> > >  11. Re: DoS vulnerability in Internet Explorer (PsychoBilly)
> > >  12. Re: Why the IPS product designers concentrate on  server side
> > >      protection? why they are missing client protection (Nelson
> > Brito)
> > >  13. Onapsis Research Labs: Onapsis Bizploit - The opensource ERP
> > >      Penetration Testing framework (Onapsis Research Labs)
> > >  14. Re: The_UT is repenting (T Biehn)
> > >
> > >
> > > ---------------------------------------------------------------------
> > -
> > >
> > > Message: 1
> > > Date: Tue, 1 Jun 2010 08:50:05 -0300
> > > From: Nelson Brito <nbrito@...ure.org>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: rajendra prasad <rajendra.palnaty@...il.com>
> > > Cc: "full-disclosure@...ts.grok.org.uk"
> > >        <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <E01DF83F-4EB0-4212-8866-76DDB5C3B55B@...ure.org>
> > > Content-Type: text/plain;       charset=utf-8;  format=flowed;
> > delsp=yes
> > >
> > > You're missing one point: Host IPS MUST be deployed with any Network
> > > Security (Firewalls os NIPSs).
> > >
> > > No security solution/technology is the miracle protection alone, so
> > > that's the reason everybody is talking about defense in depth.
> > >
> > > Cheers.
> > >
> > > Nelson Brito
> > > Security Researcher
> > > http://fnstenv.blogspot.com/
> > >
> > > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> > >
> > > Sent on an ? iPhone wireless device. Please, forgive any potential
> > > misspellings!
> > >
> > > On Jun 1, 2010, at 4:38 AM, rajendra prasad
> > > <rajendra.palnaty@...il.com> wrote:
> > >
> > > > Hi List,
> > > >
> > > > I am putting my thoughts on this, please share your thoughts,
> > > > comments.
> > > >
> > > > Request length is less than the response length.So, processing
> > small
> > > > amount of data is better than of processing bulk data. Response may
> > > > have encrypted data. Buffering all the client-server transactions
> > > > and validating signatures on them is difficult. Even though
> > > > buffered, client data may not be in the plain text. Embedding all
> > > > the client encryption/decryption process on the fly is not
> > possible,
> > > > even though ips gathered key values of clients.Most of the client
> > > > protection is done by anti-virus. So, concentrating client attacks
> > > > at IPS level is not so needed.
> > > >
> > > >
> > > > Thanks
> > > > Rajendra
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 2
> > > Date: Tue, 01 Jun 2010 08:34:22 -0400
> > > From: Valdis.Kletnieks@...edu
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: rajendra prasad <rajendra.palnaty@...il.com>
> > > Cc: full-disclosure@...ts.grok.org.uk
> > > Message-ID: <14206.1275395662@...alhost>
> > > Content-Type: text/plain; charset="us-ascii"
> > >
> > > On Tue, 01 Jun 2010 13:08:32 +0530, rajendra prasad said:
> > >
> > > > Request length is less than the response length.So, processing
> > small
> > > amount
> > > > of data is better than of processing bulk data. Response may have
> > > encrypted
> > > > data. Buffering all the client-server transactions and validating
> > > signatures
> > > > on them is difficult.
> > >
> > > All of that is total wanking.  The *real* reason why IPS product
> > designers
> > > concentrate on servers is because hopefully the server end is run by
> > some
> > > experienced people with a clue, and maybe even hardened to last more
> > than
> > > 35 seconds when a hacker attacks.  Meanwhile, if anybody designed an
> > IPS
> > > for
> > > the client end, it would just get installed on an end-user PC running
> > > Windows,
> > > where it will have all the issues and work just as well as any other
> > > anti-malware software on an end-user PC.
> > >
> > > Oh - and there's also the little detail that a site is more likely to
> > buy
> > > *one* software license to run on their web server (or whatever),
> > rather
> > > than
> > > the hassle of buying and administering 10,000 end-user licenses.
> > >  Especially
> > > when an IPS on the client end doesn't actually tell you much about
> > attacks
> > > against the valuable target (the server) from machines you haven't
> > > installed
> > > the end-user IPS on (like the entire rest of the Internet).
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: not available
> > > Type: application/pgp-signature
> > > Size: 227 bytes
> > > Desc: not available
> > > Url :
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/0896c76b/attachment-0001.bin
> > >
> > > ------------------------------
> > >
> > > Message: 3
> > > Date: Tue, 1 Jun 2010 15:42:58 +0300
> > > From: "MustLive" <mustlive@...security.com.ua>
> > > Subject: [Full-disclosure] DoS vulnerability in Internet Explorer
> > > To: <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <005e01cb0188$162059b0$010000c0@ml>
> > > Content-Type: text/plain; format=flowed; charset="windows-1251";
> > >        reply-type=response
> > >
> > > Hello Full-Disclosure!
> > >
> > > I want to warn you about Denial of Service vulnerability in Internet
> > > Explorer. Which I already disclosed at my site in 2008 (at
> > 29.09.2008). But
> > > recently I made new tests concerning this vulnerability, so I decided
> > to
> > > remind you about it.
> > >
> > > I know this vulnerability for a long time - it's well-known DoS in
> > IE. It
> > > works in IE6 and after release of IE7 I hoped that Microsoft fixed
> > this
> > > hole
> > > in seventh version of the browser. But as I tested at 29.09.2008, IE7
> > was
> > > also vulnerable to this attack. And as I tested recently, IE8 is also
> > > vulnerable to this attack.
> > >
> > > Also I informed Microsoft at 01.10.2008 about it, but they ignored
> > and
> > > didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor
> > in IE8.
> > >
> > > That time I published about this vulnerability at SecurityVulns
> > > (http://securityvulns.com/Udocument636.html).
> > >
> > > DoS:
> > >
> > > Vulnerability concerned with handling by browser of expression in
> > styles,
> > > which leads to blocking of work of IE.
> > >
> > > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> > >
> > > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
> > > Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
> > > previous versions.
> > >
> > > To Susan Bradley from Bugtraq:
> > >
> > > This is one of those cases, which I told you before, when browser
> > vendors
> > > ignore to fix DoS holes in their browsers for many years.
> > >
> > > Best wishes & regards,
> > > MustLive
> > > Administrator of Websecurity web site
> > > http://websecurity.com.ua
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 4
> > > Date: Tue, 1 Jun 2010 18:28:03 +0530
> > > From: rajendra prasad <rajendra.palnaty@...il.com>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: full-disclosure@...ts.grok.org.uk
> > > Message-ID:
> > >        <AANLkTinFeCKoKUNI59k2citWgTJlytqjRiZ8Ze8oM1rp@...l.gmail.com>
> > > Content-Type: text/plain; charset="iso-8859-1"
> > >
> > > Hi List,
> > >
> > > I have started this discussion with respect to Network IPS.
> > >
> > > Thanks
> > > Rajendra
> > >
> > > On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad
> > > <rajendra.palnaty@...il.com>wrote:
> > >
> > > > Hi List,
> > > >
> > > > I am putting my thoughts on this, please share your thoughts,
> > comments.
> > > >
> > > > Request length is less than the response length.So, processing
> > small
> > > amount
> > > > of data is better than of processing bulk data. Response may have
> > > encrypted
> > > > data. Buffering all the client-server transactions and validating
> > > signatures
> > > > on them is difficult. Even though buffered, client data may not be
> > in the
> > > > plain text. Embedding all the client encryption/decryption process
> > on the
> > > > fly is not possible, even though ips gathered key values of
> > clients.Most
> > > of
> > > > the client protection is done by anti-virus. So, concentrating
> > client
> > > > attacks at IPS level is not so needed.
> > > >
> > > >
> > > > Thanks
> > > > Rajendra
> > > >
> > > >
> > > >
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/0cb18940/attachment-0001.html
> > >
> > > ------------------------------
> > >
> > > Message: 5
> > > Date: Tue, 1 Jun 2010 14:52:51 +0200
> > > From: "Cor Rosielle" <cor@...post24.com>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate     on      server side protection? why they are
> > missing
> > > client
> > >        protection
> > > To: "'Nelson Brito'" <nbrito@...ure.org>
> > > Cc: full-disclosure@...ts.grok.org.uk
> > > Message-ID: <003001cb0189$5962ddf0$0c2899d0$@com>
> > > Content-Type: text/plain;       charset="UTF-8"
> > >
> > > Nelson,
> > >
> > > > You're missing one point: Host IPS MUST be deployed with any
> > Network
> > > > Security (Firewalls os NIPSs).
> > > Please be aware this is a risk decision and not a fact. I don't use
> > an host
> > > IPS and no anti Virus either. Still I'm sure my laptop is perfectly
> > safe.
> > > This is because I do critical thinking about security measures and
> > don't
> > > copy behavior of others (who often don't think for themselves and
> > just
> > > copies other peoples behavior). Please note I'm not saying you're not
> > > thinking. If you did some critical thinking and an host IPS is a good
> > > solution for you, then that's OK> It just doesn't mean it is a good
> > solution
> > > for everybody else and everybody MUST deploy an host IPS.
> > >
> > > > No security solution/technology is the miracle protection alone,
> > > That's true.
> > >
> > > > so that's the reason everybody is talking about defense in depth.
> > > Defense in depth is often used for another line of a similar defense
> > > mechanism as the previous already was. Different layers of defense
> > works
> > > best if the defense mechanism differ. So if you're using anti virus
> > software
> > > (which gives you an authentication control and an alarm control
> > according to
> > > the OSSTMM), then an host IDS is not the best additional security
> > measure
> > > (because this also gives you an authentication and an alarm control).
> > > This would also be a risk decision, but based on facts and the rules
> > > defined in the OSSTMM and not based on some marketing material. You
> > should
> > > give it a try.
> > >
> > > Regards,
> > > Cor Rosielle
> > >
> > > w: www.lab106.com
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 6
> > > Date: Tue, 1 Jun 2010 10:27:48 -0300
> > > From: Nelson Brito <nbrito@...ure.org>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: rajendra prasad <rajendra.palnaty@...il.com>
> > > Cc: "full-disclosure@...ts.grok.org.uk"
> > >        <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <76444513-375E-472C-A3CA-8F4A9776EDD4@...ure.org>
> > > Content-Type: text/plain; charset="utf-8"
> > >
> > > Okay, but why did you mention AV as a client-side protection?
> > >
> > > It leads to a discussion about client-side protection, anyways.
> > >
> > > Cheers.
> > >
> > > Nelson Brito
> > > Security Researcher
> > > http://fnstenv.blogspot.com/
> > >
> > > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> > >
> > > Sent on an ? iPhone wireless device. Please, forgive any potential
> > > misspellings!
> > >
> > > On Jun 1, 2010, at 9:58 AM, rajendra prasad
> > > <rajendra.palnaty@...il.com> wrote:
> > >
> > > > Hi List,
> > > >
> > > > I have started this discussion with respect to Network IPS.
> > > >
> > > > Thanks
> > > > Rajendra
> > > >
> > > > On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <
> > > rajendra.palnaty@...il.com
> > > > > wrote:
> > > > Hi List,
> > > >
> > > > I am putting my thoughts on this, please share your thoughts,
> > > > comments.
> > > >
> > > > Request length is less than the response length.So, processing
> > small
> > > > amount of data is better than of processing bulk data. Response may
> > > > have encrypted data. Buffering all the client-server transactions
> > > > and validating signatures on them is difficult. Even though
> > > > buffered, client data may not be in the plain text. Embedding all
> > > > the client encryption/decryption process on the fly is not
> > possible,
> > > > even though ips gathered key values of clients.Most of the client
> > > > protection is done by anti-virus. So, concentrating client attacks
> > > > at IPS level is not so needed.
> > > >
> > > >
> > > > Thanks
> > > > Rajendra
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/d583f90d/attachment-0001.html
> > >
> > > ------------------------------
> > >
> > > Message: 7
> > > Date: Tue, 1 Jun 2010 10:23:31 -0300
> > > From: Nelson Brito <nbrito@...ure.org>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: Cor Rosielle <cor@...post24.com>
> > > Cc: "<full-disclosure@...ts.grok.org.uk>"
> > >        <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <6AAECC36-E447-497D-BA87-D7C5EFB18E43@...ure.org>
> > > Content-Type: text/plain;       charset=utf-8;  format=flowed;
> > delsp=yes
> > >
> > > Comments are inline!
> > >
> > > Nelson Brito
> > > Security Researcher
> > > http://fnstenv.blogspot.com/
> > >
> > > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> > >
> > > Sent on an ? iPhone wireless device. Please, forgive any potential
> > > misspellings!
> > >
> > > On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor@...post24.com> wrote:
> > >
> > > > Nelson,
> > > >
> > > >> You're missing one point: Host IPS MUST be deployed with any
> > Network
> > > >> Security (Firewalls os NIPSs).
> > > > Please be aware this is a risk decision and not a fact. I don't use
> > > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > > perfectly safe. This is because I do critical thinking about
> > > > security measures and don't copy behavior of others (who often
> > don't
> > > > think for themselves and just copies other peoples behavior).
> > Please
> > > > note I'm not saying you're not thinking. If you did some critical
> > > > thinking and an host IPS is a good solution for you, then that's
> > OK>
> > > > It just doesn't mean it is a good solution for everybody else and
> > > > everybody MUST deploy an host IPS.
> > >
> > > That's so 1990! NIPS and/or Firewall just protect you if you're
> > inside
> > > the "borders"... But, come on. Who doesn't have a laptop nowadays?
> > So,
> > > multiple protection layers is better than none, anyways.
> > >
> > > You have choices when adopting a security posture or, if you prefer,
> > > risk posture. I believe that it's quite difficult and almost
> > > impossible you stay updated with all the threads, due to exponential
> > > growth of them.
> > >
> > > >
> > > >> No security solution/technology is the miracle protection alone,
> > > > That's true.
> > > >
> > > >> so that's the reason everybody is talking about defense in depth.
> > > > Defense in depth is often used for another line of a similar
> > defense
> > > > mechanism as the previous already was. Different layers of defense
> > > > works best if the defense mechanism differ. So if you're using anti
> > > > virus software (which gives you an authentication control and an
> > > > alarm control according to the OSSTMM), then an host IDS is not the
> > > > best additional security measure (because this also gives you an
> > > > authentication and an alarm control).
> > >
> > > Woowoo.. I cannot agree with you, because AV has nothing to do
> > > protecting end-point against network attacks. AV will alert and
> > > protect only when the thread already reached your end-point. Besides,
> > > there are other layers, such as: buffer overflow protection inside
> > > HIPS. Look that I am not talking abous IDS. 8)
> > >
> > > > This would also be a risk decision, but based on facts and the
> > rules
> > > > defined in the OSSTMM and not based on some marketing material. You
> > > > should give it a try.
> > >
> > > It always is a risk decision, and I not basing MHO on any "standard",
> > > that's based on my background... And, AFAIK, nodoby can expect that
> > > users and/or server systems will be able to apply all or any update
> > in
> > > a huge environment.
> > >
> > > >
> > > > Regards,
> > > > Cor Rosielle
> > > >
> > > > w: www.lab106.com
> > > >
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 8
> > > Date: Tue, 01 Jun 2010 23:54:33 +1000
> > > From: Laurent Gaffie <laurent.gaffie@...il.com>
> > > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > > To: full-disclosure@...ts.grok.org.uk
> > > Message-ID: <4C051119.1010702@...il.com>
> > > Content-Type: text/plain; charset="iso-8859-1"
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hello Full-Disclosure!
> > >
> > > I want to warn you about a Denial of Service in every browser finaly
> > !!!
> > >
> > > It actually affect every browser with a javascript engine  build in
> > !!!
> > >
> > > Adobe may be vulnerable to !!!!
> > >
> > > PoC :
> > >
> > > <html>
> > > <head><title>0n0z</title></head>
> > > <body>
> > > <DEFANGED_script type="text/javascript">
> > > for (i=0;i<65535;i++) {
> > >  alert('0n0z mustlive got you, now you're fucked, the only solution
> > > is to restart your browser or be faster than JS !!!');
> > > }
> > > </DEFANGED_script>
>  > > </body>
> > > </html>
> > >
> > > Greetz to Mustlive@...ap.com.ua
> > >
> > >
> > > On 01/06/10 22:42, MustLive wrote:
> > > > Hello Full-Disclosure!
> > > >
> > > > I want to warn you about Denial of Service vulnerability in
> > > > Internet Explorer. Which I already disclosed at my site in 2008 (at
> > > > 29.09.2008). But recently I made new tests concerning this
> > > > vulnerability, so I decided to remind you about it.
> > > >
> > > > I know this vulnerability for a long time - it's well-known DoS in
> > > > IE. It works in IE6 and after release of IE7 I hoped that Microsoft
> > > > fixed this
> > > hole
> > > > in seventh version of the browser. But as I tested at 29.09.2008,
> > > > IE7 was also vulnerable to this attack. And as I tested recently,
> > > > IE8 is also vulnerable to this attack.
> > > >
> > > > Also I informed Microsoft at 01.10.2008 about it, but they ignored
> > > > and didn't fix it. They didn't fix the hole not in IE6, nor in IE7,
> > > > nor in IE8.
> > > >
> > > > That time I published about this vulnerability at SecurityVulns
> > > > (http://securityvulns.com/Udocument636.html).
> > > >
> > > > DoS:
> > > >
> > > > Vulnerability concerned with handling by browser of expression in
> > > > styles, which leads to blocking of work of IE.
> > > >
> > > > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> > > >
> > > > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180),
> > > > Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8
> > > > (8.0.7600.16385) and previous versions.
> > > >
> > > > To Susan Bradley from Bugtraq:
> > > >
> > > > This is one of those cases, which I told you before, when browser
> > > > vendors ignore to fix DoS holes in their browsers for many years.
> > > >
> > > > Best wishes & regards, MustLive Administrator of Websecurity web
> > > > site http://websecurity.com.ua
> > > >
> > > > _______________________________________________ Full-Disclosure -
> > > > We believe in it. Charter:
> > > > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > > > sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > >
> > > iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE
> > > 7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp
> > > AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB
> > > JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi
> > > A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp
> > > KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd
> > > XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0
> > > l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z
> > > H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK
> > > kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO
> > > llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv
> > > mpMV1kIb911r6Ps4UhGp
> > > =n3v/
> > > -----END PGP SIGNATURE-----
> > >
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/6908f1f7/attachment-0001.html
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: 0x09D391F0.asc
> > > Type: application/pgp-keys
> > > Size: 3130 bytes
> > > Desc: not available
> > > Url :
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/6908f1f7/attachment-0003.bin
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: 0x09D391F0.asc
> > > Type: application/pgp-keys
> > > Size: 3130 bytes
> > > Desc: not available
> > > Url :
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/6908f1f7/attachment-0004.bin
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: 0x09D391F0.asc
> > > Type: application/pgp-keys
> > > Size: 3129 bytes
> > > Desc: not available
> > > Url :
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/6908f1f7/attachment-0005.bin
> > >
> > > ------------------------------
> > >
> > > Message: 9
> > > Date: Wed, 02 Jun 2010 00:00:05 +1000
> > > From: Laurent Gaffie <laurent.gaffie@...il.com>
> > > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > > To: MustLive <mustlive@...security.com.ua>,
> > >        full-disclosure@...ts.grok.org.uk
> > > Message-ID: <4C051265.1050207@...il.com>
> > > Content-Type: text/plain; charset="iso-8859-1"
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Sorry Mustlive,
> > > i understand you need to see this in clear text finaly.
> > > I guess ascii is the best to communicate with you;
> > >
> > >
> > > Hello Full-Disclosure!
> > >
> > > I want to warn you about a Denial of Service in every browser finaly
> > !!!
> > >
> > > It actually affect every browser with a javascript engine  build in
> > !!!
> > >
> > > Adobe may be vulnerable to !!!!
> > >
> > > PoC :
> > >
> > > <html>
> > > <head><title>0n0z</title></head>
> > > <body>
> > > <DEFANGED_script type="text/javascript">
> > > for (i=0;i<65535;i++) {
> > > alert('0n0z mustlive got you, now you're fucked, the only solution is
> > > to restart your browser or be faster than JS !!!');
> > > }
> > > </DEFANGED_script>
>  > > </body>
> > > </html>
> > >
> > >
> > > Greetz to Mustlive@...ap.com.ua
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > >
> > > iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> > > 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> > > weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> > > 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> > > i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> > > OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> > > Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> > > gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> > > nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> > > vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> > > 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> > > g+1w9Kvgr12i+aEmD2Me
> > > =v3oL
> > > -----END PGP SIGNATURE-----
> > >
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: 0x09D391F0.asc
> > > Type: application/pgp-keys
> > > Size: 3129 bytes
> > > Desc: not available
> > > Url :
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100602/47b07336/attachment-0001.bin
> > >
> > > ------------------------------
> > >
> > > Message: 10
> > > Date: Tue, 1 Jun 2010 16:20:10 +0200
> > > From: "Cor Rosielle" <cor@...post24.com>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: "'Nelson Brito'" <nbrito@...ure.org>
> > > Cc: full-disclosure@...ts.grok.org.uk
> > > Message-ID: <001b01cb0195$8c21a080$a464e180$@com>
> > > Content-Type: text/plain;       charset="utf-8"
> > >
> > > Nelson,
> > >
> > > I put my comments inline as well
> > >
> > > Regards, Cor
> > >
> > > ...snip...
> > > > > Nelson,
> > > > >
> > > > >> You're missing one point: Host IPS MUST be deployed with any
> > Network
> > > > >> Security (Firewalls os NIPSs).
> > > > > Please be aware this is a risk decision and not a fact. I don't
> > use
> > > > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > > > perfectly safe. This is because I do critical thinking about
> > > > > security measures and don't copy behavior of others (who often
> > don't
> > > > > think for themselves and just copies other peoples behavior).
> > Please
> > > > > note I'm not saying you're not thinking. If you did some critical
> > > > > thinking and an host IPS is a good solution for you, then that's
> > OK>
> > > > > It just doesn't mean it is a good solution for everybody else and
> > > > > everybody MUST deploy an host IPS.
> > > >
> > > > That's so 1990! NIPS and/or Firewall just protect you if you're
> > inside
> > > > the "borders"... But, come on. Who doesn't have a laptop nowadays?
> > So,
> > > > multiple protection layers is better than none, anyways.
> > > >
> > > Even one layer is better than none :-). Multiple layers are even
> > better,
> > > especially when they are different types of protection. But applying
> > > security without thinking is bad. Even if you have enough money and
> > hardware
> > > to spent, you should at least think about the balance between the
> > amount
> > > security you get and the amount of risk you run when installing
> > another
> > > piece of software. Then you can decide if it is worth the money or
> > hardware
> > > you need to spend.
> > >
> > > > You have choices when adopting a security posture or, if you
> > prefer,
> > > > risk posture. I believe that it's quite difficult and almost
> > > > impossible you stay updated with all the threads, due to
> > exponential
> > > > growth of them.
> > > You have a point here. That's why it is better not to base security
> > on
> > > defenses to known and existing threats alone, but use defense
> > mechanisms
> > > that protect you both against known and existing threats and against
> > unknown
> > > and future threats as well. I can't help to mention the OSSTMM again,
> > > because this is pretty much what it is about.
> > >
> > > > >> No security solution/technology is the miracle protection alone,
> > > > > That's true.
> > > > >
> > > > >> so that's the reason everybody is talking about defense in
> > depth.
> > > > > Defense in depth is often used for another line of a similar
> > defense
> > > > > mechanism as the previous already was. Different layers of
> > defense
> > > > > works best if the defense mechanism differ. So if you're using
> > anti
> > > > > virus software (which gives you an authentication control and an
> > > > > alarm control according to the OSSTMM), then an host IDS is not
> > the
> > > > > best additional security measure (because this also gives you an
> > > > > authentication and an alarm control).
> > > >
> > > > Woowoo.. I cannot agree with you, because AV has nothing to do
> > > > protecting end-point against network attacks. AV will alert and
> > > > protect only when the thread already reached your end-point.
> > Besides,
> > > > there are other layers, such as: buffer overflow protection inside
> > > > HIPS. Look that I am not talking abous IDS. 8)
> > > Sure you're right about that. There is a lot of other threats AV
> > doesn't
> > > protect you to. Just like an IPS doesn't protect you against all
> > threats.
> > > But that doesn't mean it is a wise decision to install each and every
> > part
> > > of security software you can get, because software comes with costs
> > and
> > > risks too. This is true for IPS's too.
> > >
> > > >
> > > > > This would also be a risk decision, but based on facts and the
> > rules
> > > > > defined in the OSSTMM and not based on some marketing material.
> > You
> > > > > should give it a try.
> > > >
> > > > It always is a risk decision, and I not basing MHO on any
> > "standard",
> > > > that's based on my background... And, AFAIK, nodoby can expect that
> > > > users and/or server systems will be able to apply all or any update
> > in
> > > > a huge environment.
> > > >
> > >
> > > Of course you don't have to agree, but I think it is better to be
> > critical
> > > about the software you install. And if you don't agree and rather
> > spend your
> > > money on things that were useful for someone else at another time and
> > under
> > > different circumstances, then just do that. But I wish you wouldn't
> > write
> > > that others must (you wrote it even in capitals) deploy an IPS.
> > >
> > > Regards,
> > > Cor
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 11
> > > Date: Tue, 01 Jun 2010 16:26:37 +0200
> > > From: PsychoBilly <zpamh0l3@...il.com>
> > > Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> > > To: fdisclo <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <4C05189D.7050200@...il.com>
> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > > This had already been published
> > > http://www.pewy.fr/hamster.html
> > >
> > > ************************  Cluster #[[   Laurent Gaffie   ]] possibly
> > > emitted, @Time [[   01/06/2010 16:00   ]] The Following #String
> > >  **********************
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Sorry Mustlive,
> > > > i understand you need to see this in clear text finaly.
> > > > I guess ascii is the best to communicate with you;
> > > >
> > > >
> > > > Hello Full-Disclosure!
> > > >
> > > > I want to warn you about a Denial of Service in every browser
> > finaly !!!
> > > >
> > > > It actually affect every browser with a javascript engine  build in
> > !!!
> > > >
> > > > Adobe may be vulnerable to !!!!
> > > >
> > > > PoC :
> > > >
> > > > <html>
> > > > <head><title>0n0z</title></head>
> > > > <body>
> > > > <DEFANGED_script type="text/javascript">
> > > > for (i=0;i<65535;i++) {
> > > > alert('0n0z mustlive got you, now you're fucked, the only solution
> > is
> > > > to restart your browser or be faster than JS !!!');
> > > > }
> > > > </DEFANGED_script>
>  > > > </body>
> > > > </html>
> > > >
> > > >
> > > > Greetz to Mustlive@...ap.com.ua
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > > >
> > > > iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> > > > 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> > > > weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> > > > 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> > > > i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> > > > OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> > > > Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> > > > gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> > > > nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> > > > vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> > > > 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> > > > g+1w9Kvgr12i+aEmD2Me
> > > > =v3oL
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 12
> > > Date: Tue, 1 Jun 2010 11:49:28 -0300
> > > From: Nelson Brito <nbrito@...ure.org>
> > > Subject: Re: [Full-disclosure] Why the IPS product designers
> > >        concentrate on  server side protection? why they are missing
> > client
> > >        protection
> > > To: Cor Rosielle <cor@...post24.com>
> > > Cc: "<full-disclosure@...ts.grok.org.uk>"
> > >        <full-disclosure@...ts.grok.org.uk>
> > > Message-ID: <ABDDB41B-4F4E-4A6D-8E75-09DC9ACCFB8E@...ure.org>
> > > Content-Type: text/plain;       charset=utf-8;  format=flowed;
> > delsp=yes
> > >
> > > I still keep in capital: anyone MUST deploy Host IPS when adopting
> > > Network IPS. If you don't do so you MUST keep in mind that you are
> > > just approaching some threads, even because Host and Network IPS have
> > > different approaches.
> > >
> > > Otherwise you will THINK you're protected... But nobody can guarantee
> > > that.
> > >
> > > Regarding the aquisition of those solutions, of course it cannot be
> > > done without a deep looking inside the corporate, but it doesn't mean
> > > you don't have to...
> > >
> > > When you decided to aquire a security solution you have to be careful
> > > and have well designed criterias to do so, but, again, it doesn't
> > mean
> > > you don't have to aquire them.
> > >
> > > About the known and unknown threads, I will not enter into this,
> > > because it is kind of a phylosofical discussion.
> > >
> > > Cheers.
> > >
> > > Nelson Brito
> > > Security Researcher
> > > http://fnstenv.blogspot.com/
> > >
> > > Please, help me to develop the ENG? SQL Fingerprint? downloading it
> > > from Google Code (http://code.google.com/p/mssqlfp/) or from
> > > Sourceforge (https://sourceforge.net/projects/mssqlfp/).
> > >
> > > Sent on an ? iPhone wireless device. Please, forgive any potential
> > > misspellings!
> > >
> > > On Jun 1, 2010, at 11:20 AM, "Cor Rosielle" <cor@...post24.com>
> > wrote:
> > >
> > > > Nelson,
> > > >
> > > > I put my comments inline as well
> > > >
> > > > Regards, Cor
> > > >
> > > > ...snip...
> > > >>> Nelson,
> > > >>>
> > > >>>> You're missing one point: Host IPS MUST be deployed with any
> > > >>>> Network
> > > >>>> Security (Firewalls os NIPSs).
> > > >>> Please be aware this is a risk decision and not a fact. I don't
> > use
> > > >>> an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > >>> perfectly safe. This is because I do critical thinking about
> > > >>> security measures and don't copy behavior of others (who often
> > don't
> > > >>> think for themselves and just copies other peoples behavior).
> > Please
> > > >>> note I'm not saying you're not thinking. If you did some critical
> > > >>> thinking and an host IPS is a good solution for you, then that's
> > OK>
> > > >>> It just doesn't mean it is a good solution for everybody else and
> > > >>> everybody MUST deploy an host IPS.
> > > >>
> > > >> That's so 1990! NIPS and/or Firewall just protect you if you're
> > > >> inside
> > > >> the "borders"... But, come on. Who doesn't have a laptop nowadays?
> > > >> So,
> > > >> multiple protection layers is better than none, anyways.
> > > >>
> > > > Even one layer is better than none :-). Multiple layers are even
> > > > better, especially when they are different types of protection. But
> > > > applying security without thinking is bad. Even if you have enough
> > > > money and hardware to spent, you should at least think about the
> > > > balance between the amount security you get and the amount of risk
> > > > you run when installing another piece of software. Then you can
> > > > decide if it is worth the money or hardware you need to spend.
> > > >
> > > >> You have choices when adopting a security posture or, if you
> > prefer,
> > > >> risk posture. I believe that it's quite difficult and almost
> > > >> impossible you stay updated with all the threads, due to
> > exponential
> > > >> growth of them.
> > > > You have a point here. That's why it is better not to base security
> > > > on defenses to known and existing threats alone, but use defense
> > > > mechanisms that protect you both against known and existing threats
> > > > and against unknown and future threats as well. I can't help to
> > > > mention the OSSTMM again, because this is pretty much what it is
> > > > about.
> > > >
> > > >>>> No security solution/technology is the miracle protection alone,
> > > >>> That's true.
> > > >>>
> > > >>>> so that's the reason everybody is talking about defense in
> > depth.
> > > >>> Defense in depth is often used for another line of a similar
> > defense
> > > >>> mechanism as the previous already was. Different layers of
> > defense
> > > >>> works best if the defense mechanism differ. So if you're using
> > anti
> > > >>> virus software (which gives you an authentication control and an
> > > >>> alarm control according to the OSSTMM), then an host IDS is not
> > the
> > > >>> best additional security measure (because this also gives you an
> > > >>> authentication and an alarm control).
> > > >>
> > > >> Woowoo.. I cannot agree with you, because AV has nothing to do
> > > >> protecting end-point against network attacks. AV will alert and
> > > >> protect only when the thread already reached your end-point.
> > Besides,
> > > >> there are other layers, such as: buffer overflow protection inside
> > > >> HIPS. Look that I am not talking abous IDS. 8)
> > > > Sure you're right about that. There is a lot of other threats AV
> > > > doesn't protect you to. Just like an IPS doesn't protect you
> > against
> > > > all threats. But that doesn't mean it is a wise decision to install
> > > > each and every part of security software you can get, because
> > > > software comes with costs and risks too. This is true for IPS's
> > too.
> > > >
> > > >>
> > > >>> This would also be a risk decision, but based on facts and the
> > rules
> > > >>> defined in the OSSTMM and not based on some marketing material.
> > You
> > > >>> should give it a try.
> > > >>
> > > >> It always is a risk decision, and I not basing MHO on any
> > "standard",
> > > >> that's based on my background... And, AFAIK, nodoby can expect
> > that
> > > >> users and/or server systems will be able to apply all or any
> > update
> > > >> in
> > > >> a huge environment.
> > > >>
> > > >
> > > > Of course you don't have to agree, but I think it is better to be
> > > > critical about the software you install. And if you don't agree and
> > > > rather spend your money on things that were useful for someone else
> > > > at another time and under different circumstances, then just do
> > > > that. But I wish you wouldn't write that others must (you wrote it
> > > > even in capitals) deploy an IPS.
> > > >
> > > > Regards,
> > > > Cor
> > > >
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 13
> > > Date: Tue, 01 Jun 2010 11:31:19 -0300
> > > From: Onapsis Research Labs <research@...psis.com>
> > > Subject: [Full-disclosure] Onapsis Research Labs: Onapsis Bizploit -
> > >        The opensource ERP Penetration Testing framework
> > > To: full-disclosure@...ts.grok.org.uk
> > > Message-ID: <4C0519B7.8050403@...psis.com>
> > > Content-Type: text/plain; charset=UTF-8
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Dear colleague,
> > >
> > > We are proud to announce the release of Onapsis Bizploit, the first
> > > opensource ERP Penetration Testing framework.
> > >
> > > Presented at the renowned HITB Dubai security conference, Bizploit is
> > > expected to provide the security community with a basic framework to
> > support
> > > the
> > > discovery, exploration, vulnerability assessment and exploitation of
> > ERP
> > > systems.
> > >
> > > The term "ERP Security" has been so far understood by most of the IT
> > > Security and Auditing industries as a synonym of ?Segregation of
> > Duties?.
> > > While
> > > this aspect is absolutely important for the overall security of the
> > > Organization's core business platforms, there are many other threats
> > that
> > > are
> > > still overlooked and imply much higher levels of risk. Onapsis
> > Bizploit is
> > > designed as an academic proof-of-concept that will help the general
> > > community to illustrate and understand this kind of risks.
> > >
> > > Currently Onapsis Bizploit provides all the features available in the
> > > sapyto GPL project, plus several new plugins and connectors focused
> > in the
> > > security of SAP business platforms. Updates for other popular ERPs
> > are to
> > > be released in the short term.
> > >
> > > Your can download the software freely from http://www.onapsis.com
> > >
> > > Best regards,
> > >
> > > - --------------------------------------------
> > > The Onapsis Research Labs Team
> > >
> > > Onapsis S.R.L
> > > Email: research@...psis.com
> > > Web: www.onapsis.com
> > > PGP: http://www.onapsis.com/pgp/research.asc
> > > - --------------------------------------------
> > >
> > >
> > >
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.9 (GNU/Linux)
> > >
> > > iEYEARECAAYFAkwFGLQACgkQz3i6WNVBcDVp7wCgktzu7vYVXTBnE9DM5GPYAnGx
> > > OjAAn0uVawK36FZMP9DFYye3XX56CN1v
> > > =80ir
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 14
> > > Date: Tue, 1 Jun 2010 11:46:26 -0400
> > > From: T Biehn <tbiehn@...il.com>
> > > Subject: Re: [Full-disclosure] The_UT is repenting
> > > To: Anders Klixbull <akl@...erian.dk>
> > > Cc: full-disclosure@...ts.grok.org.uk
> > > Message-ID:
> > >        <AANLkTimnEwv9Zy-QYvJ2qn5UxYBEFh3cI0_6tv4TgUX7@...l.gmail.com>
> > > Content-Type: text/plain; charset="iso-8859-1"
> > >
> > > I don't think UT is anyone's 'boy toy.' The guy is massive.
> > >
> > > I'm sure he'll meet all kinds of experienced scam artists and
> > criminals and
> > > learn all sorts of neat things for use when he gets out.
> > >
> > > -Travis
> > >
> > > On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull <akl@...erian.dk>
> > wrote:
> > >
> > > > I'm so sorry that your friend was retarded enough to get busted.
> > > > And thank you for the archive!
> > > > It's always nice to have a personal librarian :)
> > > > You may be sorry for the repeat material, but please go suck a
> > lemon.
> > > > Thanks.
> > > >
> > > > -----Oprindelig meddelelse-----
> > > > Fra: ghost [mailto:ghosts@...il.com]
> > > > Sendt: 1. juni 2010 11:35
> > > > Til: Anders Klixbull
> > > > Cc: full-disclosure@...ts.grok.org.uk
> > > > Emne: Re: [Full-disclosure] The_UT is repenting
> > > >
> > > > Anders - i'm very sorry, you must of confused this mailing list
> > with
> > > > astalavista forums. Please go away... or kill yourself, whichever
> > you
> > > > prefer...... and in the interest of full-disclosure, I have my
> > fingers
> > > > crossed for the latter :)
> > > >
> > > > Thanks.
> > > >
> > > >
> > > >
> > > ---------------------------------------------------------------------
> > --------------------
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Please stop stating the obvious. Keep in mind that to us your
> > useless
> > > > replies are of no importance.
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > But their website graphics is super cool!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > we care we really do From fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > take a chill pill wigger
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > shut the fuck up From fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > then you gadi and n3td3v should jump off a cliff
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Apology not accepted! Alcohol is required!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > ) If im ever near there i will look you up! Cheers
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Thinking a little highly of yourself arent you? Saving the world
> > lol
> > > > lol lol Keep your moronic comics to yourself please
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > 0day pictures of Mark's mom for sale From
> > fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Keep your talentless tripe to yourself
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > You're obviously retarded
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > You forgot to include MiniMySqlat0r01.jar in your zip file..
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > ???? ????????!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Free 0day for all!!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Fuck the vendors put them on FD
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Go suck a lemon bitch
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > The hardcore cockgobbler scene of scotland
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > TEH TXT FIEL FORMATTING SI TEH FUCKED From
> > fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Religion is nothing more than mental crutches for weakminded people
> > > >
> > > > Message Results
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > But isnt that where you feel most at home brother n3td3v?
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Because we are drawn to you like moths to a flame
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > It's safe to assume that it covers the both of you ignorant turds
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Nice teenspeak maybe your mother can invite n3td3v over to hot
> > cocoa
> > > > and cookies?
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > removing anyone is pointless From fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Project chroma project? Welcome to the redundancy department of
> > > > redundancy.. Mike c aka n3td3v shut the fuck up
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > retardo
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Are you smoking crack?
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Helol n3td3v
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > go suck a lemon From fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > OH MY GOD I DONT KNOW BUT DO WE REALLY CARE???? their site was
> > always
> > > > a crappy piece of shit
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > He's too busy living the good life in a cardboard box in hobotown
> > to
> > > > answer ) Vi hj?lper dig til at tr?ffe bedre beslutninger. Vi
> > tilbyder
> > > > analyse og informationsservices der ?ger salget m?lretter
> > > > markedsf?ringen og reducerer risikoen for ta...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > GO SUCK A LEMON
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > And pigs eat bananas with their ears
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > he's the wino on the corner sucking your lemon
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > I heard he ch0ked on a lemon
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Taunting other people's english skills work better when your own
> > > > english isn't broken )
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > So youre whining about a 4 year old post? lol and who uses an
> > exploit
> > > > without changing the shellcode anyway
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Wow such depth! Such insight! WOW
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > you need to get a job you no good for nothing lazy bum From
> > > > fulldisclosurebounces@...t...
> > > >
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > seems to be cropping in? as far as know rainbow tables has been
> > around
> > > > for years...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > lol they have been useful for years son just because YOU never
> > found a
> > > > use for them doesn't mean noone else has
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > you'd like to gobble that sausage wouldn't you From
> > > > fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > callate la boca carajo. que la chupes y que la sigas chupando From
> > > > Rosa Maria Gonzalez Pereira
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > yes the correct answer is 'cheese' From
> > fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > you obviously misunderstood since every geek on the planet knows
> > that
> > > > the answer in numeric form is 42!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Shut up weev Take your fake panama bank accounts and put them where
> > > > the sun don't shine If you can fit it in while you have that
> > aircraft
> > > > carrier up there
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Andrew/weev is an amateur troll He has ridden other peoples fame
> > more
> > > than
> > > > once
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Nobody cares about a homeless bum Move along
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Learn how to blow old men and live on their couches
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > Thank you shawarma! From fulldisclosurebounces@...t...
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > He never said anything profound 140 characters or not
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > bohooo stop crying he can disclose bugs when he feels like it if
> > you
> > > > dont like that then go suck a lemon
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > lol look who's talking about being professional yeah sure because
> > > > klixbull is such a russian name right? and oh yeah my email address
> > > > also ends in .ua julian its time to stop gobbling that cock and
> > shut
> > > > the fuck up
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > why does it hurt when you suck lemons? does your teeth gets fucked
> > up
> > > > when you smoke cock all day?
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > yeah sure.. you junkies are alle the same you suck dicks for
> > > > cheeseburgers and crack
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > dad? is that you? mom says to stop blowing off strangers for free
> > and
> > > > bring home some money!
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > But aren't gnaa retired anyway?
> > > >
> > > > Re:
> > > > by Anders Klixbull in full-disclosure@...ts.grok.org.uk (31613
> > messages)
> > > > lol seems to be? you should know better than "seems" since your
> > email
> > > > is in the gnaa ascii
> > > >
> > > >
> > > > On Tue, Jun 1, 2010 at 1:28 AM, Anders Klixbull <akl@...erian.dk>
> > wrote:
> > > > > Wouldn't you if you were bubba's boytoy in the can?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Fra: full-disclosure-bounces@...ts.grok.org.uk
> > > > > [mailto:full-disclosure-bounces@...ts.grok.org.uk] P? vegne af
> > > > PsychoBilly
> > > > > Sendt: 1. juni 2010 10:21
> > > > > Til: full-disclosure@...ts.grok.org.uk
> > > > > Emne: [Full-disclosure] The_UT is repenting
> > > > >
> > > > >
> > > > >
> > > > > http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg
> > > > >
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > >
> > > --
> > > FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> > >
> > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=
> > on
> > > http://pastebin.com/f6fd606da
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://lists.grok.org.uk/pipermail/full-
> > disclosure/attachments/20100601/37bc81bd/attachment.html
> > >
> > > ------------------------------
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > > End of Full-Disclosure Digest, Vol 64, Issue 3
> > > **********************************************
> > >
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ