[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CALCvwp75J1nPExpeRBJRzmeLp96y+u+vXLF1dvgQgmYUSa1HLA@mail.gmail.com>
Date: Thu, 26 Jan 2012 09:22:11 +1100
From: GloW - XD <doomxd@...il.com>
To: Dave <mrx@...pergander.org.uk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Faux Anonymous hackers to Facebook: 'We're
not playing'
stfu idiot..
now go look at your boxes :) and netstats....and enjoy being part of,
a much nicer, smaller organisation wich is only here, to destroy you
all. :)
bye!
oh btw, secunia,.com is also, owned.
have phun!
GLOW
On 26 January 2012 09:19, Dave <mrx@...pergander.org.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25/01/2012 20:16, adam wrote:
>> If we cared, we'd visit that site of our own volition. Secondly, even if we
>> were interested: most of the people on these lists are intelligent enough
>> not to click on links from spammers. Third, even if the content were
>> interesting, even if this were the place for it and even if you hadn't
>> spammed: "pay and register" is incentive enough for me *not* to join and *
>> not* to ever visit that site again.
>>
>> Short version: this purpose of this list isn't for you to spam your new
>> state-of-the-art website. Instead, it's typically to discuss/disclose
>> issues/concepts related to computer/network security. Once in a while,
>> there are discussions about the overflowing stupidity that some site
>> owners/coders have. For example, people that stupidly (and blindly) inject
>> code (e.g. for tracking purposes) into every single file on their site,
>> regardless of extension:
>>
>> http://www.karmacyberintel.net/robots.txt
>>
>> Another one is blatantly disclosing paths in robots.txt that aren't even
>> linked to and would never be found anyway (at least by bots that honor
>> robots.txt, which ends up being the exact opposite of the desired effect).
>> An example of how/why this can be a problem:
>>
>> md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3,
>> if we perform a simple Google search - we can determine that you're likely
>> running version 3.3.1 of Wordpress. From there, we have enough information
>> to perform a targeted attack on your server. Except, we don't need to
>> because you've already made it more than easy enough for us.
>>
>> Pretty much every single field on http://www.karmacyberintel.net/pay/ is
>> vulnerable to SQL injection, which could easily allow anyone to completely
>> compromise the database and possibly the entire site. On top of that,
>> register.php also allows for session fixation attacks, as a result of
>> header/cookie manipulation. If that weren't bad enough, the admin section
>> for your karma theme is also vulnerable to cross-site scripting.
>>
>> Not to mention, all the problems with with how you've configured SSL and
>> everything else. If you're going to spam, at least make sure the website
>> you're spamming has been tested and determined to be *somewhat* secure.
>>
>
>
>
> Thanks for the smile.
>
> If one is not certain that ones own house is not made of glass, it's best to not throw stones.
>
> D
>>
>> On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel <
>> karmacyberintel1@...il.com> wrote:
>>
>>> *UPDATE* After attacking several government sites to protest
>>> controversial US legislation in past weeks, hacktivist group Anonymous is
>>> setting its sights on one of the Internet's biggest targets: Facebook. Or
>>> maybe not.
>>>
>>> Sources Form karmacyberintel.net
>>>
>>> for more details
>>>
>>>
>>> http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ
> xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh
> rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ
> EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU
> B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y
> kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ==
> =U0gT
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists