From prb at lava.net  Sat Dec  1 02:42:44 2007
From: prb at lava.net (Peter Besenbruch)
Date: Fri, 30 Nov 2007 16:42:44 -1000
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <47505E42.90503@rogers.com>
References: <47505E42.90503@rogers.com>
Message-ID: <200711301642.44111.prb@lava.net>

On Friday 30 November 2007 09:02:26 gmaggro wrote:
> I think it'd be interesting if we started a discussion on the selection
> of high value targets to be used in the staging of attacks that damage
> significant infrastructure. The end goals, ranked equal in importance,
> would be as follows:

[big snip]

So, you wanted to send a little Christmas present to the NSA folks monitoring 
the Internet backbone? Make their unutterably boring lives a little 
more "interesting?"

We live in "interesting" times (not a good thing). I was over at the Mycroft 
site, and noticed that there was a Firefox search extension for Scroogle that 
uses encryption. There was another encrypted search tool for Wikipedia.

http://mycroft.mozdev.org/download.html?name=scroogle&sherlock=yes&opensearch=yes&submitform=Search
http://mycroft.mozdev.org/download.html?name=secure+wikipedia&sherlock=yes&opensearch=yes&submitform=Search

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky



From coderman at gmail.com  Sat Dec  1 05:27:34 2007
From: coderman at gmail.com (coderman)
Date: Fri, 30 Nov 2007 21:27:34 -0800
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <47505E42.90503@rogers.com>
References: <47505E42.90503@rogers.com>
Message-ID: <4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>

On Nov 30, 2007 11:02 AM, gmaggro <gmaggro at rogers.com> wrote:
> I think it'd be interesting if we started a discussion on the selection
> of high value targets

translation: let's discuss how to discern high degree and/or vulnerable
nodes in critical infrastructure networks.


> 1. To bring like minded people together while operating under the
> strategy of 'leaderless resistance'
> (http://en.wikipedia.org/wiki/Leaderless_resistance)

*yawn*


> 2. To be the 'aboveground' partner to the 'underground' scene, or at
> least serve to distract authorities from the activities of underground
> groups

... ZZzzzzZZZ ... you're losing me, jim.


> 3. To see exactly what can be accomplished, and accomplish it

pretty easy to make inferences once you've mapped out the critical
infrastructure in question.  this is of course a little more difficult now
given the mostly inept attempts to reign in useful information on such
infrastructure.  (the easy days of pulling up fiber plats via county/gov
websites is long gone...)

as for actual attacks, you'll be biting the hand that feeds...
(i'll wait for that decentralized wireless mesh net before slicing
those glassy life lines, thanks)


> 4. To capture the imagination of the public

more like hatred.

the unwashed masses get all restless and cranky when:
a) the 'tubes are clogged or dead
b) phone lines to anywhere outside town are down.
c) all credit / debit transactions are dead - cash only?
d) some/most cable programming is tits up
e) travel and/or fuel is highly constrained / unavailable
f) electricity is spotty or unavailable


> Capturing the imagination of the public sounds like bizspeek bullshit,

this i fully agree with.  thanks for that...


> So, types of infrastructure to attack:
> [ list of infrastructure domains as if they exist as discrete units
     independent of each other... lolz! ]

rarely is one affected in isolation.  the ugly truth about critical
infrastructure
is that those high degree, critical nodes start impacting multiple domains
at once when affected by outages or targeted attack.


> [lots of blah blah blah misunderstanding of what critical infrastructure
>  is and how it is organized, USA bashing, etc...]

first, go read Global Guerrillas.  that will keep you busy for a few weeks
and save us all more of this blather:
 http://globalguerrillas.typepad.com/globalguerrillas/

second, some attacking critical infrastructure clif notes:

1. those with clue have realized the folly of trying to make infallible
   infrastructure.  their focus has shifted to rapid repair instead of
   prevention.  there are papers written that describe exactly how
   stupid it is to think you can build resilient infrastructure in the face
   of a skilled attacker.
   (see the ATT telco in a trailer truck, etc)

2. critical infrastructure viewed as a graph theory problem highlights
   the compound vulnerabilities across multiple infrastructures inherent
   in high degree / high value nodes of critical infrastucture.
   (metropolitan bridges carrying fiber, gas, electricity, vehicles, etc
    over the same physical span, etc.)

3. most critical infrastructure is resilient against planned / common
   failure scenarios, and these protections actually create hyper-
   sensitive vulnerabilities against targeted / unplanned attacks.
   (M of N redundancy that leads to catastrophic failure against
    well targeted M attacks, etc.)

combining these aspects into attack scenarios is left as an
exercise for the reader [who pines for a vacation in club fed...]

the crux of the problem for the practical attacker is discerning the nature
and location of critical infrastructure nodes and links.  fortunately for the
determined individual this is merely a matter of effort and time, not a
question of ability.  for the rest of us this means our life style / way of life
is highly dependent on the lack of sufficiently skilled malcontents able and
willing to express their grievances in direct action against such systems.

perhaps this can be viewed as a check against the fascist dystopia many
fear as the end result of authoritarian abuse of power coupled with high
tech tools for manipulation and control of the populace...

best regards,


p.s. my favorite tools in such scenarios (of course not advocation):

- the thermic lance
- portable saws (lithium battery cells quite power dense now)
- post hole diggers
- thermite flower pots (lol, so much fun!)
- software defined / police band and EM svcs capable radios
- bolt action .50 BMG (incendiary DU rounds++)



From James.Williams at ca.com  Sat Dec  1 08:37:50 2007
From: James.Williams at ca.com (Williams, James K)
Date: Sat, 1 Dec 2007 03:37:50 -0500
Subject: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup
	Message Engine Insecure Method Exposure Vulnerability
Message-ID: <649CDCB56C88AA458EFF2CBF494B620403F6ABE1@USILMS12.ca.com>


> Date: Wed, 28 Nov 2007 03:32:51 +0000
> From: cocoruder. <frankruder at hotmail.com>
> Subject: Re: [Full-disclosure] ZDI-07-069: CA BrightStor 
>           ARCserve Backup Message Engine Insecure Method Expos
> To: <full-disclosure at lists.grok.org.uk>, <bugtraq at securityfocus.com>
>
> it is so amazing that the vendor's advisory has been released 
> more than one month ago, (see my advisory of a similar vul at 
> http://ruder.cdut.net/blogview.asp?logID=221), and another thing 
> is that I have tested my reported vul again after CA's patch 
> released one month ago, but in fact they have not fixed it!! I 
> report it again to CA but there is no response, I guess CA is 
> making an international joke with us:), or because this product 
> is sooooooooo bad that they will not support it any more?  
> welcome to my blog:http://ruder.cdut.net

cocoruder,

We have not received any email from frankruder at hotmail, but we did 
receive an email about this issue from hfli at fortinet on 
2007-10-15.  We responded to that email on 2007-10-15.

FYI, we are currently wrapping up QA on new patches, and we have 
contacted hfli at fortinet with details.

Regards,
Ken
                                                           
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research


From slythers at gmail.com  Sat Dec  1 10:27:58 2007
From: slythers at gmail.com (Slythers Bro)
Date: Sat, 1 Dec 2007 11:27:58 +0100
Subject: [Full-disclosure] PlayStation 3 predicts next US president (fwd)
In-Reply-To: <Pine.NEB.4.64.0711301548270.29916@panix5.panix.com>
References: <Pine.NEB.4.64.0711301548270.29916@panix5.panix.com>
Message-ID: <8f6a58a30712010227g18b52062k3a7e567871aedb5e@mail.gmail.com>

is it real ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/6f79c342/attachment.html 

From majormal at pirate-radio.org  Sat Dec  1 10:25:31 2007
From: majormal at pirate-radio.org (Major Malfunction)
Date: Sat, 01 Dec 2007 10:25:31 +0000
Subject: [Full-disclosure] DC4420 - London DEFCON chapter Christmas Party -
	11th December
Message-ID: <4751369B.9060307@pirate-radio.org>

hi all,

you are cordially invited to the final DC4420 meet of 2007, which will 
be held on Tuesday the 11th December, at the usual location - Charing 
Cross Sports Club, Charing Cross Hospital:

http://www.multimap.com/map/browse.cgi?lat=51.4857&lon=-0.2194&scale=5000&icon=x

more info here:

   http://dc4420.org

we have the bar to ourselves and there will be no particular agenda 
other than drinking the place dry, eating good food and socialising, but 
we will definitely also be celebrating Alien's continued presence on our 
home planet after his near miss with the man in the black cloak!

all are welcome... "fight club" speaking rules are suspended for the 
evening, so bring a friend or two and make this a party to remember!

cheers,
MM
-- 
"In DEFCON, we have no names..." errr... well, we do... but silly ones...



From isbackgobbles at googlemail.com  Sat Dec  1 12:55:12 2007
From: isbackgobbles at googlemail.com (Gobbles is back)
Date: Sat, 1 Dec 2007 12:55:12 +0000
Subject: [Full-disclosure] Phioust gets all emotional to gobbles and friends
	...
Message-ID: <679de8620712010455qc29a263p8c571ecca24de6df@mail.gmail.com>

Phioust means business with his real name and all those philosopher (HAAAA),
CISSP and MCSE (lol) degrees ... see for urself in his dangerously sexy
email ... in response to our spam threat :)

---------- Forwarded message ----------
From: phioust <phioust at gmail.com>
Date: Nov 30, 2007 9:33 PM
Subject: spam?
To: isbackgobbles at googlemail.com

i suggest you do not make anymore threats, belive me, i have lots of
contacts to track you down ..

-- 
Lionel Phioust

Phd, CISSP, MCSE


ohhhh f33r the b33r, he owns 100 TOR nodes, 10000 wireless hotspots and one
lesbian gmail server admin to track our IP's .. wuuuuu !!!!

Spammers - We got Phiousts real name for yaall, self pat on the back for
good work. ohhh wait wait .. lets make him a bit more jobless by the oath of
google

Lionel Phioust, security, exploits, bugtraq, scriptkiddie, lamer, idiot,
bisexual, Phioust. ROFL


Note - Some of our concerned fans suspect us not to be gobbles. I will save
all those online forensic retards the time to analyse our emails and come
straight to the point .. in w00w00 style .. 10 europeans, 15 asians, 11
americans and one hell of a funny little turkey .. 5 member required to not
f33r w00w00 might .. and no .. Shok dont look like Marilyn Mansons gimp boy
!!! .. well the gimp suite was stiched by us ..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/8ed82fde/attachment.html 

From kristian.hermansen at gmail.com  Sat Dec  1 13:06:36 2007
From: kristian.hermansen at gmail.com (Kristian Erik Hermansen)
Date: Sat, 1 Dec 2007 05:06:36 -0800
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
Message-ID: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>

I know of many commercial security products which still utilize MD5 to
prove integrity of the data they distribute to customers.  This should
no longer be considered appropriate.  Now that tools are readily
available to exploit newer MD5 collision research, I think it is safe
to say that the public should retire its usage for good.


Read the most recent research regarding chosen-prefix collisions:
http://www.win.tue.nl/hashclash/EC07v2.0.pdf


A concrete example for your perusal:
khermans at khermans-laptop:/tmp$ wget
http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe
--04:36:32--  http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe
           => `HelloWorld-colliding.exe'
Resolving www.win.tue.nl... 131.155.70.190
Connecting to www.win.tue.nl|131.155.70.190|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 41,792 (41K) [application/octet-stream]

100%[====================================>] 41,792       109.16K/s

04:36:33 (108.92 KB/s) - `HelloWorld-colliding.exe' saved [41792/41792]

khermans at khermans-laptop:/tmp$ wget
http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe
--04:36:37--  http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe
           => `GoodbyeWorld-colliding.exe'
Resolving www.win.tue.nl... 131.155.70.190
Connecting to www.win.tue.nl|131.155.70.190|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 41,792 (41K) [application/octet-stream]

100%[====================================>] 41,792       127.20K/s

04:36:38 (126.82 KB/s) - `GoodbyeWorld-colliding.exe' saved [41792/41792]

khermans at khermans-laptop:/tmp$ ls -lsha *.exe
44K -rw-r--r-- 1 khermans khermans 41K 2007-11-23 01:08
GoodbyeWorld-colliding.exe
44K -rw-r--r-- 1 khermans khermans 41K 2007-11-23 01:08 HelloWorld-colliding.exe
khermans at khermans-laptop:/tmp$ strings HelloWorld-colliding.exe | tail
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CloseHandle
KERNEL32.dll
Hello World ;-)
khermans at khermans-laptop:/tmp$ strings GoodbyeWorld-colliding.exe | tail
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CloseHandle
KERNEL32.dll
Goodbye World :-(
khermans at khermans-laptop:/tmp$ md5sum HelloWorld-colliding.exe | awk
'{print $1}' | tee hw
18fcc4334f44fed60718e7dacd82dddf
khermans at khermans-laptop:/tmp$ md5sum GoodbyeWorld-colliding.exe | awk
'{print $1}' | tee gw
18fcc4334f44fed60718e7dacd82dddf
khermans at khermans-laptop:/tmp$ cmp hw gw
khermans at khermans-laptop:/tmp$ echo $?
0


There you have it.  Surely a GPL'd tool implementing this attack style
will be available shortly.  And since Chinese researchers have been
attacking SHA-1 lately, should SHA-256 be considered the proper
replacement?  I am unsure :-(
-- 
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."



From hardwick.carl at gmail.com  Sat Dec  1 13:48:35 2007
From: hardwick.carl at gmail.com (carl hardwick)
Date: Sat, 1 Dec 2007 14:48:35 +0100
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Message-ID: <bc7e11f20712010548t240f240av50299838834e6a88@mail.gmail.com>

Firefox 2.0.0.11 File Focus Stealing vulnerability:

Sorry Mozilla, but the recent file focus fix was not enough. I think
Mozilla made another mistake while fixing the previous file/label
issue. Because now I embed a file field and a textfield inside one
label. When this happens, and you type only one time in the textfield,
the focus travels to the file field and the value travels with it.
Back to the drawing board I would say. I only got it to work in
Firefox, Gareth checked Safari for me, and it also works in Safari. I
guess this type of exploit could function on other HTML objects as
well, and could be very dangerous because it only requires a one time
focus in a textfield.

PoC here:
http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm



From steven at securityzone.org  Sat Dec  1 15:20:53 2007
From: steven at securityzone.org (Steven Adair)
Date: Sat, 1 Dec 2007 10:20:53 -0500 (EST)
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
Message-ID: <26439.65.88.218.157.1196522453.squirrel@slashmail.org>

>
>
> There you have it.  Surely a GPL'd tool implementing this attack style
> will be available shortly.  And since Chinese researchers have been
> attacking SHA-1 lately, should SHA-256 be considered the proper
> replacement?  I am unsure :-(

Yes, it would probably be a good idea.  I think this link has been put out
on this list in the past with respect to discussion on SHA-1:

http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html

NIST might not be the bible to you on what to follow and implement, but
they are definitely worth listening to (even if you're not a U.S. Federal
agency) when they tell you not to use something anymore.  For those that
don't want to click and just want to read, here's the relevant parts:

----

March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
applications using secure hash algorithms. Federal agencies should stop
using SHA-1 for digital signatures, digital time stamping and other
applications that require collision resistance as soon as practical, and
must use the SHA-2 family of hash functions for these applications after
2010. After 2010, Federal agencies may use SHA-1 only for the following
applications: hash-based message authentication codes (HMACs); key
derivation functions (KDFs); and random number generators (RNGs).
Regardless of use, NIST encourages application and protocol designers to
use the SHA-2 family of hash functions for all new applications and
protocols.

----

Steven
http://www.securityzone.org

> --
> Kristian Erik Hermansen
> "I have no special talent. I am only passionately curious."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>




From juha-matti.laurio at netti.fi  Sat Dec  1 15:24:56 2007
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Date: Sat, 1 Dec 2007 17:24:56 +0200 (EET)
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
 vulnerability
Message-ID: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>

Netscape Navigator version 9.0.0.4 is affected too. Test done with PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
Vendor was contacted on 1st Dec 2007.

- Juha-Matti

carl hardwick <hardwick.carl at gmail.com> wrote: 
> Firefox 2.0.0.11 File Focus Stealing vulnerability:
> 
> Sorry Mozilla, but the recent file focus fix was not enough. I think
> Mozilla made another mistake while fixing the previous file/label
> issue. Because now I embed a file field and a textfield inside one
> label. When this happens, and you type only one time in the textfield,
> the focus travels to the file field and the value travels with it.
> Back to the drawing board I would say. I only got it to work in
> Firefox, Gareth checked Safari for me, and it also works in Safari. I
> guess this type of exploit could function on other HTML objects as
> well, and could be very dangerous because it only requires a one time
> focus in a textfield.
> 
> PoC here:
> http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
> 



From announce-noreply at rpath.com  Sat Dec  1 03:54:22 2007
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Fri, 30 Nov 2007 22:54:22 -0500
Subject: [Full-disclosure] rPSA-2007-0255-1 nss_ldap
Message-ID: <4750daee.wSL5wQCJa3g/Dx8V%announce-noreply@rpath.com>

rPath Security Advisory: 2007-0255-1
Published: 2007-11-30
Products:
    rPath Linux 1

Rating: Minor
Exposure Level Classification:
    Local Weakness
Updated Versions:
    nss_ldap=conary.rpath.com at rpl:1/239-9.2-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-1913

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794

Description:
    Previous versions of the nss_ldap package contain a race condition that
    can cause nss_ldap to return incorrect data to requesting processes.

http://wiki.rpath.com/Advisories:rPSA-2007-0255

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From prandal at herefordshire.gov.uk  Sat Dec  1 15:58:37 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat, 1 Dec 2007 15:58:37 -0000
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
	vulnerability
In-Reply-To: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>
References: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF3B@HC-MBX02.herefordshire.gov.uk>


 And the Mozilla bugzilla number is?


-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of
Juha-Matti Laurio
Sent: 01 December 2007 15:25
To: carl hardwick; full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
vulnerability

Netscape Navigator version 9.0.0.4 is affected too. Test done with
PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
Vendor was contacted on 1st Dec 2007.

- Juha-Matti

carl hardwick <hardwick.carl at gmail.com> wrote: 
> Firefox 2.0.0.11 File Focus Stealing vulnerability:
> 
> Sorry Mozilla, but the recent file focus fix was not enough. I think 
> Mozilla made another mistake while fixing the previous file/label 
> issue. Because now I embed a file field and a textfield inside one 
> label. When this happens, and you type only one time in the textfield,

> the focus travels to the file field and the value travels with it.
> Back to the drawing board I would say. I only got it to work in 
> Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> guess this type of exploit could function on other HTML objects as 
> well, and could be very dangerous because it only requires a one time 
> focus in a textfield.
> 
> PoC here:
> http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> tm
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



From gmaggro at rogers.com  Sat Dec  1 16:09:55 2007
From: gmaggro at rogers.com (gmaggro)
Date: Sat, 01 Dec 2007 11:09:55 -0500
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
References: <47505E42.90503@rogers.com>
	<4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
Message-ID: <47518753.9030006@rogers.com>

> translation: let's discuss how to discern high degree and/or vulnerable
> nodes in critical infrastructure networks.

Correct.

>> 1. To bring like minded people together while operating under the
>> strategy of 'leaderless resistance'
>> (http://en.wikipedia.org/wiki/Leaderless_resistance)
>
> *yawn*

Apologies, but there's some people that haven't heard of the idea. Not
everyone here is from a western country, or wastes their time combing
for what might be perceived as 'out there' literature like ELF or SHAC
stuff.

>> 2. To be the 'aboveground' partner to the 'underground' scene, or at
>> least serve to distract authorities from the activities of underground
>> groups
> 
> ... ZZzzzzZZZ ... you're losing me, jim.

If we wind up not being to do anything useful, then at least run
interference for the real subversives. Keep our friends in intel and law
enforcement busy chasing dead ends. Lower the signal-to-noise ratio and
make them have to spend as much money as possible. Tarpit them.

>> 4. To capture the imagination of the public
> 
> more like hatred.

What exactly is the difference? :)


>> So, types of infrastructure to attack:
>> [ list of infrastructure domains as if they exist as discrete units
>      independent of each other... lolz! ]

Well, what was one to do - just put "1. The Internet"? No, the domains
were split up for the matter of discussion. Of course with networks any
divisions are arbitrary. But given the large area to attack, some
focusing of effort will be required, at least at first.

>> [lots of blah blah blah misunderstanding of what critical infrastructure
>>  is and how it is organized, USA bashing, etc...]

Please elaborate on your perceptions of my failure to adequately define
'critical infrastructure'.

As for USA bashing, meh. It's just that they make a great target and
they got lots of enemies. If I was Irish, maybe I'd have picked England,
and if I was Chechen, maybe I'd pick Russia. Not important.


> first, go read Global Guerrillas.  that will keep you busy for a few weeks
> and save us all more of this blather:
>  http://globalguerrillas.typepad.com/globalguerrillas/

Thanks for the link, I'll check it out.

> second, some attacking critical infrastructure clif notes:
> 
> 1. those with clue have realized the folly of trying to make infallible
>    infrastructure.  their focus has shifted to rapid repair instead of
>    prevention.  there are papers written that describe exactly how
>    stupid it is to think you can build resilient infrastructure in the face
>    of a skilled attacker.
>    (see the ATT telco in a trailer truck, etc)
> 
> 2. critical infrastructure viewed as a graph theory problem highlights
>    the compound vulnerabilities across multiple infrastructures inherent
>    in high degree / high value nodes of critical infrastucture.
>    (metropolitan bridges carrying fiber, gas, electricity, vehicles, etc
>     over the same physical span, etc.)
> 
> 3. most critical infrastructure is resilient against planned / common
>    failure scenarios, and these protections actually create hyper-
>    sensitive vulnerabilities against targeted / unplanned attacks.
>    (M of N redundancy that leads to catastrophic failure against
>     well targeted M attacks, etc.)

Good stuff. But wouldn't you have already surprised yourself vis-a-vis
your first  point? 'those with clue' are smaller than we'd like.
Sloppiness abounds; I am certain of that.

> combining these aspects into attack scenarios is left as an
> exercise for the reader [who pines for a vacation in club fed...]

Well that depends on the exact nature of any alleged or purported crime,
and whatever extradition treaties between the nation-state someone
resides in and the USA. They also have to catch you first.

> the crux of the problem for the practical attacker is discerning the nature
> and location of critical infrastructure nodes and links.  fortunately for the
> determined individual this is merely a matter of effort and time, not a
> question of ability.  for the rest of us this means our life style / way of life
> is highly dependent on the lack of sufficiently skilled malcontents able and
> willing to express their grievances in direct action against such systems.

A good summary, thank you. So I suppose I'm saying "Hey malcontents, if
we can't go more public let's start sharing info and making it
incredibly easy for other malcontents".

And would people, for once, consider that maybe the net was adopted too
damn fast by too many morons in too slap-dash a fashion? I never thought
I'd find myself arguing for a conservative approach in, well, anything.
But people really need to start doing a better job as it's affecting too
many people. Since that's not likely to happen..

> perhaps this can be viewed as a check against the fascist dystopia many
> fear as the end result of authoritarian abuse of power coupled with high
> tech tools for manipulation and control of the populace...

> p.s. my favorite tools in such scenarios (of course not advocation):
> - the thermic lance
> - portable saws (lithium battery cells quite power dense now)
> - post hole diggers
> - thermite flower pots (lol, so much fun!)
> - software defined / police band and EM svcs capable radios
> - bolt action .50 BMG (incendiary DU rounds++)

Why not advocate? If you did get in trouble for this post, I don't think
adding a caveat like "of course not advocation" would help you much, if
at all. Like those quips in Phrack or Paladin Press books "For
educational purposes only". Bwahahaha!

Really, how much trouble could we get in if we posted up a list of
street addresses, each address being a building that contained
significant telco and/or routing infrastructure? Especially if the next
week, a bunch of completely unrelated people park Oklahoma Specials out
front of said buildings and blow them up.

I know where those locations are for my city, and I'm sure others know
where those are for their cities. I say, let's post them up, make alot
of people nervous, and see what happens.

Additional thoughts:

Probably be some interesting/useful information poking around BGP land
and looking at ASs and their relationships in more detail. Especially
when cross-referenced to actual physical locations.

Interesting maps:

http://chrisharrison.net/projects/InternetMap/high/worlddotblack.png
http://chrisharrison.net/projects/InternetMap/high/worldBlack.png
http://chrisharrison.net/projects/InternetMap/high/euroblack.png
http://chrisharrison.net/projects/InternetMap/high/NorthAmericaBlack.png

http://www.isi.edu/ant/address/
http://xkcd.com/195/



From gmaggro at rogers.com  Sat Dec  1 16:49:08 2007
From: gmaggro at rogers.com (gmaggro)
Date: Sat, 01 Dec 2007 11:49:08 -0500
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
References: <47505E42.90503@rogers.com>
	<4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
Message-ID: <47519084.4040108@rogers.com>

Forgot to tack these onto the last post. The wikipedia entry
http://en.wikipedia.org/wiki/Submarine_communications_cable has some
amusing links in it's reference section:

http://www.telegeography.com/products/map_cable/images/sub_cable_2007_large.jpg
http://www1.alcatel-lucent.com/submarine/refs/World_Map_LR.pdf
http://www.kddi.com/english/business/oversea/pdf/kddi_gnm_en.pdf
http://www.kidorf.com/DBLandings.php

And a list of the cable laying ships. Does that equate to cable repairships?

http://www.iscpc.org/information/Cableships_Page.htm

Apologies for the noise.




From nate.mcfeters at gmail.com  Sat Dec  1 17:37:29 2007
From: nate.mcfeters at gmail.com (Nate McFeters)
Date: Sat, 1 Dec 2007 12:37:29 -0500
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
	vulnerability
In-Reply-To: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>
References: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>
Message-ID: <997ef2c20712010937q1cc66354w78ac71761b31f1a0@mail.gmail.com>

More than likely all the gecko based browsers will be vulnerable to this.
So that would include Mozilla, Camino, SeaMonkey... possibly even things
like Thunderbird if you could get it to render.

Nice find guys!

Nate

On 12/1/07, Juha-Matti Laurio <juha-matti.laurio at netti.fi> wrote:
>
> Netscape Navigator version 9.0.0.4 is affected too. Test done with
> PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> Vendor was contacted on 1st Dec 2007.
>
> - Juha-Matti
>
> carl hardwick <hardwick.carl at gmail.com> wrote:
> > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> >
> > Sorry Mozilla, but the recent file focus fix was not enough. I think
> > Mozilla made another mistake while fixing the previous file/label
> > issue. Because now I embed a file field and a textfield inside one
> > label. When this happens, and you type only one time in the textfield,
> > the focus travels to the file field and the value travels with it.
> > Back to the drawing board I would say. I only got it to work in
> > Firefox, Gareth checked Safari for me, and it also works in Safari. I
> > guess this type of exploit could function on other HTML objects as
> > well, and could be very dangerous because it only requires a one time
> > focus in a textfield.
> >
> > PoC here:
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/81cebd51/attachment.html 

From nytrokiss at gmail.com  Sat Dec  1 17:39:56 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Sat, 1 Dec 2007 18:39:56 +0100
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <26439.65.88.218.157.1196522453.squirrel@slashmail.org>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
	<26439.65.88.218.157.1196522453.squirrel@slashmail.org>
Message-ID: <8a6b8e350712010939g1fee081eqd7815ba53a594b25@mail.gmail.com>

I agree! It should be changed and i have no idea why people still use it!

On Dec 1, 2007 4:20 PM, Steven Adair <steven at securityzone.org> wrote:

> >
> >
> > There you have it.  Surely a GPL'd tool implementing this attack style
> > will be available shortly.  And since Chinese researchers have been
> > attacking SHA-1 lately, should SHA-256 be considered the proper
> > replacement?  I am unsure :-(
>
> Yes, it would probably be a good idea.  I think this link has been put out
> on this list in the past with respect to discussion on SHA-1:
>
> http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
>
> NIST might not be the bible to you on what to follow and implement, but
> they are definitely worth listening to (even if you're not a U.S. Federal
> agency) when they tell you not to use something anymore.  For those that
> don't want to click and just want to read, here's the relevant parts:
>
> ----
>
> March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
> SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
> applications using secure hash algorithms. Federal agencies should stop
> using SHA-1 for digital signatures, digital time stamping and other
> applications that require collision resistance as soon as practical, and
> must use the SHA-2 family of hash functions for these applications after
> 2010. After 2010, Federal agencies may use SHA-1 only for the following
> applications: hash-based message authentication codes (HMACs); key
> derivation functions (KDFs); and random number generators (RNGs).
> Regardless of use, NIST encourages application and protocol designers to
> use the SHA-2 family of hash functions for all new applications and
> protocols.
>
> ----
>
> Steven
> http://www.securityzone.org
>
> > --
> > Kristian Erik Hermansen
> > "I have no special talent. I am only passionately curious."
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://search.goldwatches.com/?Search=Movado+Watches
http://www.jewelerslounge.com
http://www.goldwatches.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/46c508bd/attachment.html 

From erey at ernw.de  Sat Dec  1 17:51:47 2007
From: erey at ernw.de (Enno Rey)
Date: Sat, 1 Dec 2007 18:51:47 +0100
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <8a6b8e350712010939g1fee081eqd7815ba53a594b25@mail.gmail.com>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
	<26439.65.88.218.157.1196522453.squirrel@slashmail.org>
	<8a6b8e350712010939g1fee081eqd7815ba53a594b25@mail.gmail.com>
Message-ID: <20071201175147.GA85617@ws23.ernw.de>

because they perform risk-analysis:
- what are the threats to my assets?
- which role does MD5 play there?
- any subsequent risk then from using it?
- high priority risk? mitigating controls or risk acceptance?

would you be so kind to show me a real-world attack against a VPN using MD5 hashing? ...

thanks,

Enno




On Sat, Dec 01, 2007 at 06:39:56PM +0100, James Matthews wrote:
> I agree! It should be changed and i have no idea why people still use it!
> 
> On Dec 1, 2007 4:20 PM, Steven Adair <steven at securityzone.org> wrote:
> 
> > >
> > >
> > > There you have it.  Surely a GPL'd tool implementing this attack style
> > > will be available shortly.  And since Chinese researchers have been
> > > attacking SHA-1 lately, should SHA-256 be considered the proper
> > > replacement?  I am unsure :-(
> >
> > Yes, it would probably be a good idea.  I think this link has been put out
> > on this list in the past with respect to discussion on SHA-1:
> >
> > http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
> >
> > NIST might not be the bible to you on what to follow and implement, but
> > they are definitely worth listening to (even if you're not a U.S. Federal
> > agency) when they tell you not to use something anymore.  For those that
> > don't want to click and just want to read, here's the relevant parts:
> >
> > ----
> >
> > March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
> > SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
> > applications using secure hash algorithms. Federal agencies should stop
> > using SHA-1 for digital signatures, digital time stamping and other
> > applications that require collision resistance as soon as practical, and
> > must use the SHA-2 family of hash functions for these applications after
> > 2010. After 2010, Federal agencies may use SHA-1 only for the following
> > applications: hash-based message authentication codes (HMACs); key
> > derivation functions (KDFs); and random number generators (RNGs).
> > Regardless of use, NIST encourages application and protocol designers to
> > use the SHA-2 family of hash functions for all new applications and
> > protocols.
> >
> > ----
> >
> > Steven
> > http://www.securityzone.org
> >
> > > --
> > > Kristian Erik Hermansen
> > > "I have no special talent. I am only passionately curious."
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
> 
> 
> -- 
> http://search.goldwatches.com/?Search=Movado+Watches
> http://www.jewelerslounge.com
> http://www.goldwatches.com

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
Enno Rey

ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1

Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey



From tim-security at sentinelchicken.org  Sat Dec  1 19:20:21 2007
From: tim-security at sentinelchicken.org (Tim)
Date: Sat, 1 Dec 2007 14:20:21 -0500
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <20071201175147.GA85617@ws23.ernw.de>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
	<26439.65.88.218.157.1196522453.squirrel@slashmail.org>
	<8a6b8e350712010939g1fee081eqd7815ba53a594b25@mail.gmail.com>
	<20071201175147.GA85617@ws23.ernw.de>
Message-ID: <20071201192020.GD2079@sentinelchicken.org>

> because they perform risk-analysis:
> - what are the threats to my assets?
> - which role does MD5 play there?
> - any subsequent risk then from using it?
> - high priority risk? mitigating controls or risk acceptance?

Don't kid yourself.  Very few businesses in my experience think about
this stuff when they go to use a hash.  Most just use whatever hash
they're used to using.  I rarely see clients actually sitting down and
thinking about what the application of a given hash is and what the
threats are in their specific case. 


> would you be so kind to show me a real-world attack against a VPN
> using MD5 hashing? ...

Assuming there are no real-world attacks against your particular VPN
that uses MD5, does that make it safe for the rest of us in any given
application?  A rather leading question IMO.

tim



From staticrez at gmail.com  Sat Dec  1 20:00:22 2007
From: staticrez at gmail.com (Static Rez)
Date: Sat, 1 Dec 2007 15:00:22 -0500
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
	vulnerability
In-Reply-To: <997ef2c20712010937q1cc66354w78ac71761b31f1a0@mail.gmail.com>
References: <1200694.87911196522696390.JavaMail.juha-matti.laurio@netti.fi>
	<997ef2c20712010937q1cc66354w78ac71761b31f1a0@mail.gmail.com>
Message-ID: <5d80962a0712011200m280cfceblbf0bec30a86d0b56@mail.gmail.com>

Doesn't work in Gran Paradiso 3.0a7

On Dec 1, 2007 12:37 PM, Nate McFeters <nate.mcfeters at gmail.com> wrote:

>
> More than likely all the gecko based browsers will be vulnerable to this.
> So that would include Mozilla, Camino, SeaMonkey... possibly even things
> like Thunderbird if you could get it to render.
>
> Nice find guys!
>
> Nate
>
> On 12/1/07, Juha-Matti Laurio <juha-matti.laurio at netti.fi> wrote:
> >
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> >
> > - Juha-Matti
> >
> > carl hardwick <hardwick.carl at gmail.com> wrote:
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > >
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think
> > > Mozilla made another mistake while fixing the previous file/label
> > > issue. Because now I embed a file field and a textfield inside one
> > > label. When this happens, and you type only one time in the textfield,
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I
> > > guess this type of exploit could function on other HTML objects as
> > > well, and could be very dangerous because it only requires a one time
> > > focus in a textfield.
> > >
> > > PoC here:
> > >
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/98603232/attachment.html 

From psz at maths.usyd.edu.au  Sat Dec  1 20:30:47 2007
From: psz at maths.usyd.edu.au (Paul Szabo)
Date: Sun, 2 Dec 2007 07:30:47 +1100
Subject: [Full-disclosure] Firefox explicit charset inheritance
Message-ID: <200712012030.lB1KUlFo013154@asti.maths.usyd.edu.au>

I found that Firefox 2.0.0.10 will inherit the charset of the parent
page, when that had been selected manually (does not inherit the charset
specified in headers or meta). I found this inheritance to work both
with [a href] links and [iframe src] in the parent page.

See also:
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
https://bugzilla.mozilla.org/show_bug.cgi?id=356280

Cheers,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia



From pauls at utdallas.edu  Sat Dec  1 21:21:02 2007
From: pauls at utdallas.edu (Paul Schmehl)
Date: Sat, 01 Dec 2007 15:21:02 -0600
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <20071201192020.GD2079@sentinelchicken.org>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
	<26439.65.88.218.157.1196522453.squirrel@slashmail.org>
	<8a6b8e350712010939g1fee081eqd7815ba53a594b25@mail.gmail.com>
	<20071201175147.GA85617@ws23.ernw.de>
	<20071201192020.GD2079@sentinelchicken.org>
Message-ID: <5A6842764BDB4DDFF2D38F4A@paul-schmehls-powerbook59.local>

--On December 1, 2007 2:20:21 PM -0500 Tim 
<tim-security at sentinelchicken.org> wrote:

>> because they perform risk-analysis:
>> - what are the threats to my assets?
>> - which role does MD5 play there?
>> - any subsequent risk then from using it?
>> - high priority risk? mitigating controls or risk acceptance?
>
> Don't kid yourself.  Very few businesses in my experience think about
> this stuff when they go to use a hash.  Most just use whatever hash
> they're used to using.  I rarely see clients actually sitting down and
> thinking about what the application of a given hash is and what the
> threats are in their specific case.
>
>
>> would you be so kind to show me a real-world attack against a VPN
>> using MD5 hashing? ...
>
> Assuming there are no real-world attacks against your particular VPN
> that uses MD5, does that make it safe for the rest of us in any given
> application?  A rather leading question IMO.
>
While I don't think it's time to panic, it's definitely time to begin 
moving to SHA-256 and stop using MD-5.  FreeBSD has already done so in its 
ports system, although you can still use MD-5 as well.  But far too many 
downloads still use MD-5 or **no checksum at all**, and that is a problem.

While collisions in MD-5 are now proven, what I've not seen yet is the 
ability to alter a legitimate file or tarball yet generate the same 
checksum.  It *is* theoretically possible, however, and the fact that 
collisions have been proven should be enough to begin abandoning its use 
IMO.

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/



From isbackgobbles at googlemail.com  Sat Dec  1 21:24:23 2007
From: isbackgobbles at googlemail.com (Gobbles is back)
Date: Sat, 1 Dec 2007 21:24:23 +0000
Subject: [Full-disclosure] Phioust is now getting really emotional ...
Message-ID: <679de8620712011324x6d5733c8j2f128200b887dcb2@mail.gmail.com>

Phioust, we love you .. google your name for the christmas gift !!!

---------- Forwarded message ----------
From: phioust <phioust at gmail.com>
Date: Dec 1, 2007 2:33 PM
Subject: Re: spam?
To: Gobbles is back <isbackgobbles at googlemail.com>

Why are you doing this ? i dont even know you. i would appriciate if you
really stop doing this. incase i have offended anyone of you in the past in
any way , i did not mean to .. Infact i think its quite cool what you guys
are doing to matasano .. so please stop this .. its a honest request, sorry.



 On Dec 1, 2007 4:32 AM, Gobbles is back < isbackgobbles at googlemail.com>
wrote:

> You lil fucking idiot !!! now this mail of yours will be on Full D too,
> sadly with your dumb turky name and those useless degrees ... lol
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/c9f66a1b/attachment.html 

From isbackgobbles at googlemail.com  Sat Dec  1 22:09:36 2007
From: isbackgobbles at googlemail.com (Gobbles is back)
Date: Sat, 1 Dec 2007 22:09:36 +0000
Subject: [Full-disclosure] Phioust is now getting really emotional ...
In-Reply-To: <679de8620712011324x6d5733c8j2f128200b887dcb2@mail.gmail.com>
References: <679de8620712011324x6d5733c8j2f128200b887dcb2@mail.gmail.com>
Message-ID: <679de8620712011409n4bdf20f3u61b3b106bbe508c4@mail.gmail.com>

Phioust, we love you .. google your name for the christmas gift !!!

---------- Forwarded message ----------
From: phioust < phioust at gmail.com>
Date: Dec 1, 2007 2:33 PM
Subject: Re: spam?
To: Gobbles is back <isbackgobbles at googlemail.com>

why are you doing this ? i dont even know you. i would appreciate if you
really stop doing this. incase i have offended anyone of you in the past in
any way , i did not mean to. infact i think its quite cool what you guys are
doing to matasano. so please stop this, its a honest request, sorry.


 On Dec 1, 2007 4:32 AM, Gobbles is back < isbackgobbles at googlemail.com>
wrote:

> You lil idiot !!! now this mail of yours will be on Full D too, sadly with
> your dumb turkey name and those useless degrees ... lol
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/902b4d56/attachment.html 

From randallm at fidmail.com  Sat Dec  1 22:57:11 2007
From: randallm at fidmail.com (Randy Mueller)
Date: Sat, 01 Dec 2007 16:57:11 -0600
Subject: [Full-disclosure] Full-Disclosure Digest, Vol 34, Issue 1
In-Reply-To: <mailman.1.1196510401.14230.full-disclosure@lists.grok.org.uk>
References: <mailman.1.1196510401.14230.full-disclosure@lists.grok.org.uk>
Message-ID: <4751E6C7.5070604@fidmail.com>


> ------------------------------
>
> Message: 6
> Date: Fri, 30 Nov 2007 23:44:07 +0100
> From: "Max Moser" <max.moser at gmail.com>
> Subject: [Full-disclosure] 27Mhz based wireless security insecurities
> 	- Aka	- "We know what you typed last summer"
> To: full-disclosure at lists.netsys.com, full-disclosure at netsys.com,
> 	"Full Disclosure" <full-disclosure at lists.grok.org.uk>
> Message-ID:
> 	<cb3f57650711301444j15cc7ecu53e55da399c8e80d at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Dear List members,
>
> Today the team remote-exploit.org together with Dreamlab Technologies likes
> to release another piece of uniq research work.
>
> [snip}
> Max Moser & Philipp Schroedel
> Dreamlab Technologies AG / Team remote-exploit.org
>
>
>
> ------------------------------
>   

1. Thought is was great
2. Thought it was funny I had to "Allow" remote-exploit.org on Firefox 
Noscript!
3. Anyway you can share that software??!!!



From coderman at gmail.com  Sat Dec  1 23:09:32 2007
From: coderman at gmail.com (coderman)
Date: Sat, 1 Dec 2007 15:09:32 -0800
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
Message-ID: <4ef5fec60712011509qc21ddb9x769de40b1544b34a@mail.gmail.com>

On Dec 1, 2007 5:06 AM, Kristian Erik Hermansen
<kristian.hermansen at gmail.com> wrote:
> [MD5 is dead like WEP]

yup.


> And since Chinese researchers have been
> attacking SHA-1 lately, should SHA-256 be considered the proper
> replacement?

SHA2 is good.  (so 256 or 512).  the design differs from SHA1 and
avoids the weaknesses being exploited against this hash func.

still, ~2^69 collision resistance for SHA1 is a world of security
better than MD5.  iMD5 is really dead, lingering only to feast on the
brains of the unawares...



From coderman at gmail.com  Sat Dec  1 23:36:36 2007
From: coderman at gmail.com (coderman)
Date: Sat, 1 Dec 2007 15:36:36 -0800
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <47518753.9030006@rogers.com>
References: <47505E42.90503@rogers.com>
	<4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
	<47518753.9030006@rogers.com>
Message-ID: <4ef5fec60712011536t79f77c51x918090aae280405c@mail.gmail.com>

On Dec 1, 2007 8:09 AM, gmaggro <gmaggro at rogers.com> wrote:
> ...
> Why not advocate? If you did get in trouble for this post, I don't think
> adding a caveat like "of course not advocation" would help you much, if
> at all. Like those quips in Phrack or Paladin Press books "For
> educational purposes only". Bwahahaha!

Paladin Press, now you're taking me back...  ah, the days.

not advocating because as funny as some dude in jeans and a t-shirt
firing up a thermal lance would seem, in the end the darwin awards
need no assistance.

also, i don't want them cloggin' ma tubes!  jeez mang.


> Really, how much trouble could we get in if we posted up a list of
> street addresses, each address being a building that contained
> significant telco and/or routing infrastructure?

try it, it's amusing.  remember the all the photogs getting hassled by the
man for merely taking pictures of bridges and plants and such?

if you're actually effective at amassing a good database of infrastructure
information you'll get the attention you so desperately crave; i promise!

:P~


> Probably be some interesting/useful information poking around BGP land
> and looking at ASs and their relationships in more detail. Especially
> when cross-referenced to actual physical locations.

not really, focus on the physical transport.  the MPLS/IP layers just confirm
what you should have suspected all along: apparent diversity at the routing
layer is sharing way too much of the same physical transport.

(in telco land, one SONET span over aerial transport and the other buried
plant is considered sufficient "path diversity/redundancy".  never mind that
the same right of way is used...)


> http://xkcd.com/195/

xkcd is highly recommended.   in particular, a Shibboleth to sift the
pyro-anarcho-dimwits from those who recognize more effective means
at expressing and redressing grievances against their government.

one last hint: news feeds are a great way to discern details about critical
infrastructure and response times for repair.  don't forget to set your
google news alerts...



From juha-matti.laurio at netti.fi  Sun Dec  2 00:13:51 2007
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Date: Sun, 2 Dec 2007 02:13:51 +0200 (EET)
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
 vulnerability
Message-ID: <23227044.113251196554431449.JavaMail.juha-matti.laurio@netti.fi>

N/A unfortunately, but BID26669 points to entries
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
and
https://bugzilla.mozilla.org/show_bug.cgi?id=56236

via this older one advisory: http://www.securityfocus.com/bid/18308/references

Link: http://www.securityfocus.com/bid/26669/discuss

(Probably BID18038 mentioned is a typo...)

- Juha-Matti


"Randal, Phil" <prandal at herefordshire.gov.uk> kirjoitti: 
> 
>  And the Mozilla bugzilla number is?
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces at lists.grok.org.uk
> [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of
> Juha-Matti Laurio
> Sent: 01 December 2007 15:25
> To: carl hardwick; full-disclosure at lists.grok.org.uk
> Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> vulnerability
> 
> Netscape Navigator version 9.0.0.4 is affected too. Test done with
> PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> Vendor was contacted on 1st Dec 2007.
> 
> - Juha-Matti
> 
> carl hardwick <hardwick.carl at gmail.com> wrote: 
> > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > 
> > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > Mozilla made another mistake while fixing the previous file/label 
> > issue. Because now I embed a file field and a textfield inside one 
> > label. When this happens, and you type only one time in the textfield,
> 
> > the focus travels to the file field and the value travels with it.
> > Back to the drawing board I would say. I only got it to work in 
> > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > guess this type of exploit could function on other HTML objects as 
> > well, and could be very dangerous because it only requires a one time 
> > focus in a textfield.
> > 
> > PoC here:
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > tm
> > 




From Valdis.Kletnieks at vt.edu  Sun Dec  2 03:08:38 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sat, 01 Dec 2007 22:08:38 -0500
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: Your message of "Sat, 01 Dec 2007 05:06:36 PST."
	<fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
Message-ID: <21403.1196564918@turing-police.cc.vt.edu>

On Sat, 01 Dec 2007 05:06:36 PST, Kristian Erik Hermansen said:
> I know of many commercial security products which still utilize MD5 to
> prove integrity of the data they distribute to customers.  This should
> no longer be considered appropriate.  Now that tools are readily
> available to exploit newer MD5 collision research, I think it is safe
> to say that the public should retire its usage for good.

Admittedly, MD5 is on its last legs.  However, please note that the current
state of the art for MD5 collisions is "create two plaintexts that collide
with the same (but unpredictable) MD5 hash".  That's what these binaries
demonstrate.

What is still *not* known to be doable is "given a plaintext that has a
pre-specified MD5 hash, compute a second plaintext with the same hash".
So publishing the MD5 hash of the binary is still safe - for now.

If I was a vendor, I'd be publishing both MD5 and SHA-256 for the data.

(Note that strictly speaking, what you *really* want is a PGP-signed or
otherwise authenticated MD5/SHA-256 hash.  Otherwise, if I'm an attacker,
I can just splat a new binary up, and a new MD5SUMS file that lists the
MD5 sum for the backdoored binaries.  If anything, more people manage to
screw *this* part up than the much lesser offense of still using MD5 rather
than something from the SHA-2 family)....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071201/19ce617b/attachment.bin 

From kristian.hermansen at gmail.com  Sun Dec  2 03:31:53 2007
From: kristian.hermansen at gmail.com (Kristian Erik Hermansen)
Date: Sat, 1 Dec 2007 19:31:53 -0800
Subject: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
In-Reply-To: <21403.1196564918@turing-police.cc.vt.edu>
References: <fe37588d0712010506h192a2374uba72a0d3b5153b77@mail.gmail.com>
	<21403.1196564918@turing-police.cc.vt.edu>
Message-ID: <fe37588d0712011931m6d2a5930i3302cfd4441e5ace@mail.gmail.com>

On Dec 1, 2007 7:08 PM,  <Valdis.Kletnieks at vt.edu> wrote:
> Admittedly, MD5 is on its last legs.  However, please note that the current
> state of the art for MD5 collisions is "create two plaintexts that collide
> with the same (but unpredictable) MD5 hash".  That's what these binaries
> demonstrate.

Correct...

> What is still *not* known to be doable is "given a plaintext that has a
> pre-specified MD5 hash, compute a second plaintext with the same hash".
> So publishing the MD5 hash of the binary is still safe - for now.

But is it?  Let's create a thought experiment.  Let us first assume
that an internal security product release engineer has access to the
source code, the product binaries, and is responsible for creating ISO
images and MD5 hashes to accompany them for distribution to government
agencies which will utilize the security product internally.

OK, now let's say that this release engineer wants to create two
different ISO images, each with a different AUTORUN feature on the
disc.  Since he has the ability to choose the hash here, then we must
therefore conclude that MD5 will not actually ensure that the disc is
legitimate and unaltered.  Now, such an attack is not as sexy as
colliding with a pre-formed MD5 hash, but we do know that
approximately 70% of exploited security issues somehow involve
internal personnel.

> If I was a vendor, I'd be publishing both MD5 and SHA-256 for the data.

So my question to you then is why even bother with MD5, and not just
choose to use SHA-256 instead?  In fact, I might even go so far to say
that future Linux distributions should stop including the md5sum
program in default installations.  I say this because it correlates
with the "secure by default" motto.  If the user really needs md5sum,
they can install it separately.  The only issue is that both
applications are included in coreutils, so it is unlikely that they
would ever be separated.

> (Note that strictly speaking, what you *really* want is a PGP-signed or
> otherwise authenticated MD5/SHA-256 hash.  Otherwise, if I'm an attacker,
> I can just splat a new binary up, and a new MD5SUMS file that lists the
> MD5 sum for the backdoored binaries.  If anything, more people manage to
> screw *this* part up than the much lesser offense of still using MD5 rather
> than something from the SHA-2 family)....

Yeah, storing your MD5 and binary on the same asset is just like
keeping your important security logs on a system that was just
compromised.  Your data is tainted...
-- 
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."



From gmaggro at rogers.com  Sun Dec  2 04:13:31 2007
From: gmaggro at rogers.com (gmaggro)
Date: Sat, 01 Dec 2007 23:13:31 -0500
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: <4ef5fec60712011536t79f77c51x918090aae280405c@mail.gmail.com>
References: <47505E42.90503@rogers.com>	<4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>	<47518753.9030006@rogers.com>
	<4ef5fec60712011536t79f77c51x918090aae280405c@mail.gmail.com>
Message-ID: <475230EB.2030404@rogers.com>

> (in telco land, one SONET span over aerial transport and the other buried
> plant is considered sufficient "path diversity/redundancy".  never mind that
> the same right of way is used...)

Ah yes, I remember an old story not too dissimilar... multiple redundant
lines, all severed at the same time with the same backhoe. Idiots.

Anyone dig really deeply into that Maltego/Evolution program From
Paterva (http://www.paterva.com/web/Maltego/index.html)? It looks
interesting. HD Moore references it in that 'Tactical Exploitation' PDF
(http://milw0rm.com/papers/172) which is itself a good primer for
novitiates.



From paul.goebbels at freemail.hu  Sun Dec  2 05:12:54 2007
From: paul.goebbels at freemail.hu (Goebbels Amadeus)
Date: Sun, 2 Dec 2007 06:12:54 +0100 (CET)
Subject: [Full-disclosure] Hell Camp: A Terrifying Story of Lies and
	Middle-Men
Message-ID: <freemail.20071102061254.37689@fm02.freemail.hu>

Despite the misleading subject of my e-mail, I want to
bring to attention an important topic which hasn't been
discussed enough among the security industry: the exploit
and vulnerability research market.

Since this might be a vastly secretive community, I will
introduce
some of the members of this dramatically disturbing tale:

Since a few years ago, few companies emerged, who offer
rewards for exploit information and vulnerability research.
In the beginning, only iDefense (US-based) openly disclosed
its activities.

In the last 3-7 years we have seen ZDI (TippingPoint, now
3Com and soon its Chinese major shareholder..), WSLabi (the
failed attempt on creating an auction market model for these
sales) and Netragard (the old DMCA publicity stunt SNOsoft).

Now I'll start telling a tale of distrust, lies, middle men
and other creatures of the infraworld...

Once upon a time, there was an increasingly powerful work
force capable of crafting weapons which existed only in a
digital world. This force didn't have a name. They didn't
pursue certifications. They were anonymous. But some realized
they also had the power of influencing people, controlling the
flow of information from anywhere at any time. Humanity has
seen for ages how the power of controlling information can
take down whole nations. Nowadays, in an open and free market,
the corporate world is nothing but a battlefield.

There's no crimson tie. No blood escaping the bodies of its
soldiers. The soldiers are John Does, fighting for a decent
paycheck at any cost, selling out their spirits and time for
the corporate machine. Selling out their comrades and dignity.
Losing the values, principles and matter that make them human.
Unknowingly, they are becoming mere tools of few individuals
who have a neverending desire for fame and wealth.

Have you ever considered your future in their hands? You've
been working for 50 years, your liver and kidneys start failing,
creating visible symptoms, stains in your skin. You can't handle
life in the same way anymore. For what? What have you done in
those 50 years but serving another man to become more wealthy
and over powered. The approaching day of your death and its
mere vision strikes you like a burning iron blade.

In this New Age battlefield, you can make a difference. A
talented youth started emerging and dedicated passionately to
fulfill its curiosity. Day after day, spending countless hours
in front of a machine. Understanding it's inner design and
details, breaking it apart and reassembling it the way it wasn't
meant to be assembled.

Some others dedicated painful discipline to physical work and
trained themselves for achieving perfection in both intellectual
and physical matters. Others fell in the way and never made it
to the final round.

After realizing they could not let the corporate world exhaust
them, they tried another way. The emerging market of digital
ammunition seemed to be a potential solution for their problems.
But, unbeknown to them, they were wrong. They didn't think at
first glance of the impossibly huge amounts of lies and fallacies
they were about experience. Because in a world where you can
claim something while denying your obligation to prove it, the
only power that is left is that of common sense and intuition.
The ability to sense the deceitful and know the truthful.

Once day, our John Doe decided to approach an independent digital
weapons dealer, looking for better offers than those coming from
more established business men. He knew that more then business men,
they were only middle men. After numerous experiences with these
little twerps, he realized they were also abusing their condition.

John was also especially disappointed with the fact that in the
world of digital ammunitions, there's no real way of providing the
goods without turning them instantly useless and vulnerable to abuse.
John knew that these middle men were taking cuts far higher than
their alleged 10 to 15 percent of the sale. How could John prove it
otherwise? There was no way of ensuring that their contacts were
getting the very exact figure John demanded.

Despite this fact, John also realized that in this market of smoke,
the seller is not supposed to set the price of the goods. These
middle men, in their great mistake of thinking that wisdom and
knowledge are the very same thing, wanted John to believe that
they were the ones who set the price of the goods.

John's disappointment was growing to incredibly high stakes: "As a
child, whenever I tried to tell the candy shop clerk that the
chocolate bars cost as much as the peanut butter ones, he simply
tried to smack my head down. I wasn't supposed to even swap the
labels in a failed attempt to fool this man, who had been making
candy bars for more time than I was actually able to barely say
my name."

John had been crafting digital weapons for so many time, with
such a high talent and effectiveness, that he was much less
dispensable than this middle men. His personal background, of an
extremely tough childhood full of misery and hostility, also
gave him the necessary wisdom and experience in this world for
quickly spotting the weaknesses of these ego-crazed men. Their
weakness lies in the fact that without John and his comrades,
they have no business. They lack far more than just knowledge.
They lack wisdom, passion and truly devoted dedication to whatever
they do. Sooner or later they will make the same mistake of other
weapon dealers: getting killed with their own goods.

Hypocrisy among these poorly educated middle-men was so high,
that they resorted to low tricks and ridiculous attempts to gain
the trust of people like John. They went as far as insulting the
intelligence of those who provided them with the goods they are
unable to produce themselves. No matter how hard the tried, it
never brought anything back but silence. The silence that can be
clearly understood as a fully precise signal of genuine despise.

The fundamental error behind their approach is that trust can't
be gained for cheering, boosting the ego, claiming great benefits
and wealth. Trust is something sculpted in hard rock, taking years
to become an admirable master piece. It doesn't come attached to
an email.

At the end, John and his comrades found out that wasting their
time with these miserable beings was far less than fruitful. It
was exhausting them as much as the corporate world did. They
realized that any day above ground is a good day. Let the snakes
change their skin and show their true colors. In the desert,
being unable to match with environment has deadly consequences.
It might take years, or decades, but time will set them all where
they belong. Life does not forgive and everything has come to an
end... because they lack of patience, the end will approach their
nefarious activities sooner than they ever thought and John and
his comrades will be free again.

And this tale has to come to an end itself... the end of a
story about middle-men and their madness.

Time's striking force.

- Paul Amadeus Goebbels

Lemondta, de m?g nem k?t?tt ?jat? Vil?gbajnok ?rainkkal k?ss?n OLCS?BB K?TELEZ?T!
________________________________________________________
http://www.biztositas.hu/origo_aloldal/okgfb_rovat



From Valdis.Kletnieks at vt.edu  Sun Dec  2 05:24:17 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sun, 02 Dec 2007 00:24:17 -0500
Subject: [Full-disclosure] High Value Target Selection
In-Reply-To: Your message of "Sat, 01 Dec 2007 23:13:31 EST."
	<475230EB.2030404@rogers.com>
References: <47505E42.90503@rogers.com>
	<4ef5fec60711302127i3e7baef0vf055d8a6592a5ee7@mail.gmail.com>
	<47518753.9030006@rogers.com>
	<4ef5fec60712011536t79f77c51x918090aae280405c@mail.gmail.com>
	<475230EB.2030404@rogers.com>
Message-ID: <28972.1196573057@turing-police.cc.vt.edu>

On Sat, 01 Dec 2007 23:13:31 EST, gmaggro said:
> Ah yes, I remember an old story not too dissimilar... multiple redundant
> lines, all severed at the same time with the same backhoe. Idiots.

To be fair, it's often not "idiots".  First, you have to find 2 providers
that can get fiber from point A to point B at all (note that if one or the
other doesn't already have dark fiber laid, they're either digging a ditch
or they're going to lease some fiber from a 3rd party). Then you often need
to do NDA's with both to find out where their fibers are and verify that
they in fact are diverse.  And then you need to make sure they *stay* diverse.

The following happens a *LOT*:

1) You get Vendor A to give you 4 pairs of fiber that run south on B Avenue,
east on 3rd street, south on D ave, east on 5th st, and then south on E Av.

Vendor B's runs south on C avenue, east on 6th street, then south on F Av.

Except for a few crossovers, they're diverse.

2) Vendor B has to re-groom because of a construction project at C Av & 5th st.
So they re-route to another conduit (not A's) that runs east on 3rd st to F av.

3) Bozo with a backhoe on a water main break nails both conduits on 3rd
street between C Ave and D Ave.

What are your chances of getting vendor A to re-groom your paths off 3rd St
while B has their path going down that street, and then put them back once
B goes back the other way after the construction at C and 5th is done?

Note that sometimes, there really *isn't* a good way to get diversity - how many
ways are there to get an east-west long-haul fiber across the Mississippi
between St Louis and New Orleans?  Your choices are limited - under the bottom
of an interstate highway bridge right next to your competitor's conduit, or
you get to trench all the way across the river, and hope you put it deep enough
so if they ever have to dredge the channel, you won't get hit.  Similar
issues apply to Manhattan and a lot of other places.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/7f717524/attachment.bin 

From coderman at gmail.com  Sun Dec  2 05:59:30 2007
From: coderman at gmail.com (coderman)
Date: Sat, 1 Dec 2007 21:59:30 -0800
Subject: [Full-disclosure] Signature or checksum? (was: MD5 considered
	harmful)
Message-ID: <4ef5fec60712012159q21848fbdp62aee2d0ccd2d76b@mail.gmail.com>

On Dec 1, 2007 7:08 PM,  <Valdis.Kletnieks at vt.edu> wrote:
> ...
> (Note that strictly speaking, what you *really* want is a PGP-signed or
> otherwise authenticated MD5/SHA-256 hash.  Otherwise, if I'm an attacker,
> I can just splat a new binary up, and a new MD5SUMS file that lists the
> MD5 sum for the backdoored binaries.  If anything, more people manage to
> screw *this* part up than the much lesser offense of still using MD5 rather
> than something from the SHA-2 family)....

this has come up recently in situations like the hushmail trojan'd applets
and so forth.  consider a court order that compels you to sign a given
backdoor'd product in use by a targeted individual.

in this case, the use of signatures provides less security than comparing
public checksums.  (because you'd notice that your particular download
has a different sum, while comparing signatures you'd assume it was
legitimate.)

ideally everyone would compare both a signature (a trusted source
provided it) as well as a public checksum (let's assume you can do so
out of band securely using archives or other channel not actively
controlled by an attacker).

i know that signatures include a checksum, but this is hidden by the
verification process.  the human really needs to be in the loop for both.

best regards,

p.s.  for the tin foil hat crowd, those digital sigs are looking
weaker every year compared to cryptographic hash functions and block
ciphers:

http://dwave.wordpress.com/2007/11/26/slides-from-sc07-progress-in-quantum-computing-panel/

not to mention GNFS improvements the last few years...

(ok, i admit, i love an excuse to reference Mr. T)



From coderman at gmail.com  Sun Dec  2 06:28:38 2007
From: coderman at gmail.com (coderman)
Date: Sat, 1 Dec 2007 22:28:38 -0800
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
Message-ID: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>

On Dec 1, 2007 9:12 PM, Goebbels Amadeus <paul.goebbels at freemail.hu> wrote:
> ...
> Have you ever considered your future in their hands? You've
> been working for 50 years, your liver and kidneys start failing,
> creating visible symptoms, stains in your skin. You can't handle
> life in the same way anymore. For what? What have you done in
> those 50 years but serving another man to become more wealthy
> and over powered. The approaching day of your death and its
> mere vision strikes you like a burning iron blade.
> ...
> talented youth started emerging and dedicated passionately to
> fulfill its curiosity. Day after day, spending countless hours
> in front of a machine. Understanding it's inner design and
> details, breaking it apart and reassembling it the way it wasn't
> meant to be assembled.
>
> [a parable of looking for filthy lucre in a trade of love, only to
>  to discover that these dark funds have tainted the joy and
>  purity of a process and lifestyle that once brought fulfillment]

sooner or later every authentic hacker discovers that you must
separate work from play.  when you try and mix them both you
betray the joy and fulfillment of hacking for a paycheck, and it
never pays enough.

the ability of a person to deny and downplay this reality will
determine their ability to abide the infosecwhore industry.

as captain of their own independent ship they can insulate
themselves from much of this whoreish taint, but sooner or
later a labor for lucre will destroy the love.

no need to preach, the authentic hacker will discover this
on their own accord sooner or later.  it is inevitable.

for those of you on the cusp of this realization and ready to
start anew, do it.  abandon ship.  find a comfy admin or analyst
position with decent benefits and a wage that pays the mortgage.

adopt that pseudonym and rediscover the joy of hacking for its
own sake.  the rewards are still there, worth more than a dollar
can provide...

---

as with any broad categorization there are exceptions to this rule.
there is a minuscule minority that has found an amalgamation
sufficiently lucrative and deeply enjoyable without compromising
on any personal integrity.

to these people i say: you lucky fucks!
may i find such fortune one day...



From pdp.gnucitizen at googlemail.com  Sun Dec  2 08:48:52 2007
From: pdp.gnucitizen at googlemail.com (pdp (architect))
Date: Sun, 2 Dec 2007 08:48:52 +0000
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
Message-ID: <6905b1570712020048t8c49b53rbf30e7a21d2e50b0@mail.gmail.com>

right, this is what I like to call hacker romanticism, but do you know what?
it does not work this way! only in the movies, I guess! so if you are a
hacker, if you truly believe that you are a hacker, then you will find a way
to be better off then anybody else without the need to break any laws and
without compromising your passions at all.

there is one very old Chinese saying: "find a job that you love and you will
never work for the rest of your life". Being a technically talented person
and spending your life as a poor sysadmin is plain stupid not to say
completely unnecessary. Running away from money because you think that they
will corrupt you or they will compromise your identity is also quite
retarded to say, don't you think? money are just means to an end, a tool of
trade, and sometimes this is exactly what you need in order to cross to the
next level.

hacking is not about the inner geek and the vision of the lonely cyber
worrier. hacking is about outsmarting others. it is about thinking
creatively and moreover, thinking differently. if you can hack computer
systems, then hack life. you will soon realize the the skills that you have
obtained while being a technical hacker can be applied to many other
disciplines, and these skills are more valuable then you think. collecting
the fruits of your work is the most rewarding feeling.

the problem I see is that hacking has become something that is not. the
computer security hacker circles lost the sense of creativity and turned it
into plain procedure. most, if not all, of the security vulnerabilities
discovered today are discovered due to simple rules. you do this, you run
that, you wait, you've got it. this is not hacking. given enough time,
anybody can learn that. but embracing the mindset is something that a few
can do.

btw, GC is currently running a project to show the reality of what I've juts
said. it is still in very initial stage but it will get better with the
time: hakiri.com

On Dec 2, 2007 6:28 AM, coderman <coderman at gmail.com> wrote:

> On Dec 1, 2007 9:12 PM, Goebbels Amadeus <paul.goebbels at freemail.hu>
> wrote:
> > ...
> > Have you ever considered your future in their hands? You've
> > been working for 50 years, your liver and kidneys start failing,
> > creating visible symptoms, stains in your skin. You can't handle
> > life in the same way anymore. For what? What have you done in
> > those 50 years but serving another man to become more wealthy
> > and over powered. The approaching day of your death and its
> > mere vision strikes you like a burning iron blade.
> > ...
> > talented youth started emerging and dedicated passionately to
> > fulfill its curiosity. Day after day, spending countless hours
> > in front of a machine. Understanding it's inner design and
> > details, breaking it apart and reassembling it the way it wasn't
> > meant to be assembled.
> >
> > [a parable of looking for filthy lucre in a trade of love, only to
> >  to discover that these dark funds have tainted the joy and
> >  purity of a process and lifestyle that once brought fulfillment]
>
> sooner or later every authentic hacker discovers that you must
> separate work from play.  when you try and mix them both you
> betray the joy and fulfillment of hacking for a paycheck, and it
> never pays enough.
>
> the ability of a person to deny and downplay this reality will
> determine their ability to abide the infosecwhore industry.
>
> as captain of their own independent ship they can insulate
> themselves from much of this whoreish taint, but sooner or
> later a labor for lucre will destroy the love.
>
> no need to preach, the authentic hacker will discover this
> on their own accord sooner or later.  it is inevitable.
>
> for those of you on the cusp of this realization and ready to
> start anew, do it.  abandon ship.  find a comfy admin or analyst
> position with decent benefits and a wage that pays the mortgage.
>
> adopt that pseudonym and rediscover the joy of hacking for its
> own sake.  the rewards are still there, worth more than a dollar
> can provide...
>
> ---
>
> as with any broad categorization there are exceptions to this rule.
> there is a minuscule minority that has found an amalgamation
> sufficiently lucrative and deeply enjoyable without compromising
> on any personal integrity.
>
> to these people i say: you lucky fucks!
> may i find such fortune one day...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/86fdb6b8/attachment.html 

From coderman at gmail.com  Sun Dec  2 09:27:55 2007
From: coderman at gmail.com (coderman)
Date: Sun, 2 Dec 2007 01:27:55 -0800
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: <6905b1570712020048t8c49b53rbf30e7a21d2e50b0@mail.gmail.com>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
	<6905b1570712020048t8c49b53rbf30e7a21d2e50b0@mail.gmail.com>
Message-ID: <4ef5fec60712020127j5b996708k18f8317172057a59@mail.gmail.com>

On Dec 2, 2007 12:48 AM, pdp (architect) <pdp.gnucitizen at googlemail.com> wrote:
> ... you will find a way
> to be better off then anybody else without the need to break any laws ..

what does breaking the law have to do with this?


> there is one very old Chinese saying: "find a job that you love and you will
> never work for the rest of your life".

sure.  it takes a while to get there, don't you think?


> Being a technically talented person
> and spending your life as a poor sysadmin is plain stupid not to say
> completely unnecessary. Running away from money because you think that they
> will corrupt you or they will compromise your identity is also quite
> retarded to say, don't you think? money are just means to an end, a tool of
> trade, and sometimes this is exactly what you need in order to cross to the
> next level.

agreed.  perhaps i should have emphasized a path out, rather than destination...


> the problem I see is that hacking has become something that is not. the
> computer security hacker circles lost the sense of creativity and turned it
> into plain procedure. most, if not all, of the security vulnerabilities
> discovered today are discovered due to simple rules. you do this, you run
> that, you wait, you've got it. this is not hacking. given enough time,
> anybody can learn that. but embracing the mindset is something that a few
> can do.

this is what i suggested escaping, the mechanical substitute for what used
to be a creative and passionate endeavor.  escape from it, leave the
mechanical to something that pays the bills until you can find and enjoy
the "job you love where you never work another day in your life..."

if you can do this while mired in infosec whorey, more power to you.  the
admin / routine positions seem more accommodating to telecommute, flexible
schedule, and "free time" while giving the appearance of "working".


> btw, GC is currently running a project to show the reality of what I've juts
> said. it is still in very initial stage but it will get better with the
> time: hakiri.com

i'm watching and waiting...



From coderman at gmail.com  Sun Dec  2 09:33:32 2007
From: coderman at gmail.com (coderman)
Date: Sun, 2 Dec 2007 01:33:32 -0800
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: <4ef5fec60712020127j5b996708k18f8317172057a59@mail.gmail.com>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
	<6905b1570712020048t8c49b53rbf30e7a21d2e50b0@mail.gmail.com>
	<4ef5fec60712020127j5b996708k18f8317172057a59@mail.gmail.com>
Message-ID: <4ef5fec60712020133w2c542dc7u4edace047b906fcf@mail.gmail.com>

On Dec 2, 2007 1:27 AM, coderman <coderman at gmail.com> wrote:
> ...
> admin / routine positions seem more accommodating to telecommute, flexible
> schedule, and "free time" while giving the appearance of "working".

i completely forgot to mention lack of non compete, intellectual
property agreements, and other legal bullshit that par for the
infosecwhore course...



From juha-matti.laurio at netti.fi  Sun Dec  2 09:34:42 2007
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Date: Sun, 2 Dec 2007 11:34:42 +0200 (EET)
Subject: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
 vulnerability
Message-ID: <24658565.123601196588082933.JavaMail.juha-matti.laurio@netti.fi>

It appears that BID 26669 doesn't list these Bugzilla entries any more.

- Juha-Matti

Juha-Matti Laurio <juha-matti.laurio at netti.fi> kirjoitti: 
> N/A unfortunately, but BID26669 points to entries
> https://bugzilla.mozilla.org/show_bug.cgi?id=258875
> and
> https://bugzilla.mozilla.org/show_bug.cgi?id=56236
> 
> via this older one advisory: http://www.securityfocus.com/bid/18308/references
> 
> Link: http://www.securityfocus.com/bid/26669/discuss
> 
> (Probably BID18038 mentioned is a typo...)
> 
> - Juha-Matti
> 
> 
> "Randal, Phil" <prandal at herefordshire.gov.uk> kirjoitti: 
> > 
> >  And the Mozilla bugzilla number is?
> > 
> > 
> > -----Original Message-----
> > From: full-disclosure-bounces at lists.grok.org.uk
> > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of
> > Juha-Matti Laurio
> > Sent: 01 December 2007 15:25
> > To: carl hardwick; full-disclosure at lists.grok.org.uk
> > Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> > vulnerability
> > 
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> > 
> > - Juha-Matti
> > 
> > carl hardwick <hardwick.carl at gmail.com> wrote: 
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > > 
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > > Mozilla made another mistake while fixing the previous file/label 
> > > issue. Because now I embed a file field and a textfield inside one 
> > > label. When this happens, and you type only one time in the textfield,
> > 
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in 
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > > guess this type of exploit could function on other HTML objects as 
> > > well, and could be very dangerous because it only requires a one time 
> > > focus in a textfield.
> > > 
> > > PoC here:
> > > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > > tm
> > > 
> 



From nadtec at hotmail.com  Sun Dec  2 09:42:26 2007
From: nadtec at hotmail.com (happy nino)
Date: Sun, 2 Dec 2007 09:42:26 +0000
Subject: [Full-disclosure] need help in managing administrators
In-Reply-To: <4751369B.9060307@pirate-radio.org>
References: <4751369B.9060307@pirate-radio.org>
Message-ID: <BAY108-W322BB21B2871F55233261DD6730@phx.gbl>





Hi All,i've a problem in my organization that we have several domain admins, we are in the process of removing most of them but i need to have a person only authorized to installnew software to users' computers but without having access to other parts of the users machines, is this possible ?..can i delegate a function like this only to certain users with outbeing domain admins?Appreciate your great helpthanks alot regards,Nad 
_________________________________________________________________
Who's friends with who and co-starred in what?
http://www.searchgamesbox.com/celebrityseparation.shtml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/c4d790fb/attachment.html 

From eric at rachner.us  Sun Dec  2 11:03:09 2007
From: eric at rachner.us (Eric Rachner)
Date: Sun, 2 Dec 2007 12:03:09 +0100
Subject: [Full-disclosure] Bypassing group policy
Message-ID: <002001c834d2$fffdaa90$fff8ffb0$@us>

Hi all,

 

I just posted a quick little tool for bypassing certain group policy
restrictions under Windows.  It's not technically novel or interesting, but
it's handy to have if you need to operate within a domain-joined desktop
environment that's subject to group policy controls.

 

Details, binaries & source are posted here: http://www.rachner.us/blog/?p=15

 

Cheers,

 

- Eric

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/4911312d/attachment.html 

From jmm at debian.org  Sun Dec  2 12:06:03 2007
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Sun, 2 Dec 2007 13:06:03 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1417-1] New asterisk packages fix
	SQL injection
Message-ID: <20071202120603.GA4180@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1417-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
December 02, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : asterisk
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-6170

Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit performs insufficient sanitising of
call-related data, which may lead to SQL injection.

For the stable distribution (etch), this problem has been fixed in
version 1:1.2.13~dfsg-2etch2. Updated packages for ia64 will be provided
later.

For the old stable distribution (sarge), this problem has been fixed
in version asterisk 1:1.0.7.dfsg.1-2sarge6.

We recommend that you upgrade your asterisk packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6.diff.gz
    Size/MD5 checksum:    73711 44d028cde298e8f7b284f1e5f23e282b
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
    Size/MD5 checksum:  2929488 0d0f718ccd7a06ab998c3f637df294c0
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6.dsc
    Size/MD5 checksum:     1299 cba7066ff71b2ff473008c93a834094b

Architecture independent packages:

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge6_all.deb
    Size/MD5 checksum:  1180744 5991109424e0f9e1dbdb7f5638085591
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge6_all.deb
    Size/MD5 checksum:  1578186 efebc4a9928065b0c559539000e5e71f
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge6_all.deb
    Size/MD5 checksum:    83976 013903b5a38c5813811587fb638514fb
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge6_all.deb
    Size/MD5 checksum:    28968 9df0fbd4b3a8d909aaf0cf265881ea58
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge6_all.deb
    Size/MD5 checksum:    62190 d5a4064aa448829ea30efdc8b0728704

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_alpha.deb
    Size/MD5 checksum:  1503330 19cf64b0500b5f32d5d7fabbedff844f
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_alpha.deb
    Size/MD5 checksum:    32350 cb51cc369b6af13d30cb89fea320cad2
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_alpha.deb
    Size/MD5 checksum:    21768 fcd35799afddc4047249c7e97b2f38cd

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_amd64.deb
    Size/MD5 checksum:    22042 ebb7b2beddb130b8a4c131e054f371e3
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_amd64.deb
    Size/MD5 checksum:  1334162 ed16172e3931d0068b2501b851645156
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_amd64.deb
    Size/MD5 checksum:    31436 e20a91ebba5f67900bc8b443200f11f6

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_arm.deb
    Size/MD5 checksum:    30288 d3fed93376c7f4d7bcce1f3709bcb23a
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_arm.deb
    Size/MD5 checksum:    22046 8f2c8c14dc0bdd4927d3221bd79afe8c
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_arm.deb
    Size/MD5 checksum:  1285322 48c3e537c9092b0e13bf024fa280f08a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_hppa.deb
    Size/MD5 checksum:    22044 8e75a899a7b963e3cc6a777692203757
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_hppa.deb
    Size/MD5 checksum:    32078 e8ed693449fc423177ad9ed194d37e27
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_hppa.deb
    Size/MD5 checksum:  1448902 1497b1c6497658696d293ba3f39d4525

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_i386.deb
    Size/MD5 checksum:    30464 a0a8a5d35dd06ed8be8af8acdc98f736
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_i386.deb
    Size/MD5 checksum:    22044 ecae3e71a92c4f01b1a6ead8e97924a7
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_i386.deb
    Size/MD5 checksum:  1175934 6cb2fe293e3d2381ee95cbf50644ac44

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_ia64.deb
    Size/MD5 checksum:  1772256 87fc47caec0b66f2b0f4f00ddf6daa27
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_ia64.deb
    Size/MD5 checksum:    33574 ec8ecec8c3dbb5154404cacb3c3a47a9
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_ia64.deb
    Size/MD5 checksum:    22044 e2bb42321d579ba257a77818226e6b69

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_m68k.deb
    Size/MD5 checksum:  1185716 6e3fe558a2ec44e05043186991c41093
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_m68k.deb
    Size/MD5 checksum:    30820 77b9de99f9f5ad1857568e39f63b8d4c
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_m68k.deb
    Size/MD5 checksum:    22054 b069cd54d7252acdd295d59befb820c4

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_mips.deb
    Size/MD5 checksum:  1264864 469aa61e6d902fffed273f29a2a842f0
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_mips.deb
    Size/MD5 checksum:    22052 5b9e306014a84165740901274def6a2c
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_mips.deb
    Size/MD5 checksum:    30038 7d61fbba843d52b589f953bb35b73b98

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_mipsel.deb
    Size/MD5 checksum:    29970 982ca3d10deced2bd6840fcd57f454e3
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_mipsel.deb
    Size/MD5 checksum:    22046 81aea013d81cc8221cc8a6a5ce9bf3fc
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_mipsel.deb
    Size/MD5 checksum:  1271080 d65c1225c68b7dd66094084b9114f2d1

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_powerpc.deb
    Size/MD5 checksum:  1422816 b463ee475325b5cf149b70d428525ffc
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_powerpc.deb
    Size/MD5 checksum:    22048 3b5dd6f2ff7fb45e7f17cb335fcbcfa3
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_powerpc.deb
    Size/MD5 checksum:    31768 12ae4e4e62b76af4fda589e23d9b1feb

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_s390.deb
    Size/MD5 checksum:  1313296 76be9c71e1ea8b333d4fa3a3288befbf
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_s390.deb
    Size/MD5 checksum:    22046 12e91803d4abc7b796c8ce84ae8a036d
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_s390.deb
    Size/MD5 checksum:    31452 b176db899110dcf960d39e995ac554a3

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_sparc.deb
    Size/MD5 checksum:    30428 332ef000a128111344360c7f2c8c8d24
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_sparc.deb
    Size/MD5 checksum:    22050 ec745f87b6fb7d858d8f975d8f55dd30
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_sparc.deb
    Size/MD5 checksum:  1275162 4ba784cdb44193991fc5d69e3eb6b59c

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2.dsc
    Size/MD5 checksum:     1488 5bc27dcf0a82a73e8a79ad78b17277aa
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz
    Size/MD5 checksum:  3835589 f8ee088b2e4feffe2b35d78079f90b69
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2.diff.gz
    Size/MD5 checksum:   179646 5d5d4999c1cbd810b7aa9bb2ed89967d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:   169978 7bcb107cd321b2649bf2638088a8f7f7
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:   146506 a73171bc89be77d7d66fa86aee7ce521
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:  1499934 3a7d5bc17573ecb07432ebac20247d00
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:  1504618 2523347e9ce20b9f83616c4a51507b0d
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:    73776 cd61cec42645c392fa4daa6fee0f3a7b
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch2_all.deb
    Size/MD5 checksum:   131684 f9e7c93285e12f5cbb3665a130f39750

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_alpha.deb
    Size/MD5 checksum:   136988 f2c7839a68c5ec1ea803fb3f49cfd939
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_alpha.deb
    Size/MD5 checksum:  1934250 3925790d7f8397680da3bd0b805cff84
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_alpha.deb
    Size/MD5 checksum:  1897664 40a01e3530bb95b00eaccb522e7fbb2d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_amd64.deb
    Size/MD5 checksum:   133208 c5a4da5c660f6f2d10c5dfc28db3bdae
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_amd64.deb
    Size/MD5 checksum:  1779438 6d02381aac4b47d49ad78bdfc1322f2e
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_amd64.deb
    Size/MD5 checksum:  1744402 c79f28ee28ea91c22fa70a261464f6e0

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_arm.deb
    Size/MD5 checksum:  1667594 e1461ab8028dda720c70a4c9122380a6
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_arm.deb
    Size/MD5 checksum:   136364 b317f608dfe36d7c3b4c57b47922b08a
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_arm.deb
    Size/MD5 checksum:  1700884 5c247f91c863f70d7f1d7c55cecc7944

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_hppa.deb
    Size/MD5 checksum:  1869254 ddfd48013d5b55c1c29c3c261c07ba9d
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_hppa.deb
    Size/MD5 checksum:   145166 d3ddaf5fdb652e7e17a6ed9987c212cf
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_hppa.deb
    Size/MD5 checksum:  1830482 0d2310cb2e78f3cfafc85d5ac95156f2

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_i386.deb
    Size/MD5 checksum:  1615842 e1bd13a9e3f86a0f8a1d0ffa941ea2f0
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_i386.deb
    Size/MD5 checksum:   130902 13682de2a18935813a5899bb203f3341
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_i386.deb
    Size/MD5 checksum:  1649108 d8370ac6b5b6768cdcd9a89a9e5435d3

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_mips.deb
    Size/MD5 checksum:  1694384 eebce4382cb4d77fd3d6e7016b485be0
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_mips.deb
    Size/MD5 checksum:   129960 366db74d022a19358ebd8a417f5735e1
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_mips.deb
    Size/MD5 checksum:  1661822 674635501bfd694c16e169ee5a5f4ef3

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_mipsel.deb
    Size/MD5 checksum:  1663344 1b6ba1daed2ff8bc81ac20a710cb2ee5
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_mipsel.deb
    Size/MD5 checksum:  1695762 fa651e7dada470b7704a433069ca52fd
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_mipsel.deb
    Size/MD5 checksum:   129642 20765826499d3a70cdd24685beff94d3

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_powerpc.deb
    Size/MD5 checksum:  1863288 7d0c03b1bee1a65baca621f9486737f3
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_powerpc.deb
    Size/MD5 checksum:   133018 b322ad1ee9cffad5264b2182ef843e77
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_powerpc.deb
    Size/MD5 checksum:  1824944 8aa09064033e526f86cd9fa4c99bd4ff

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_s390.deb
    Size/MD5 checksum:   136542 d344d2500a3ae56204a7df49fde483f5
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_s390.deb
    Size/MD5 checksum:  1780086 7334a3e2feb674c36c9047ead63f9caf
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_s390.deb
    Size/MD5 checksum:  1744120 29ded42531751723b0b9ce18f9f4315d

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_sparc.deb
    Size/MD5 checksum:   132140 b88c46102c3fa6e3e0984efa51e57e64
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_sparc.deb
    Size/MD5 checksum:  1663704 8162cd98c1628bdf2a61a37099f43f30
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_sparc.deb
    Size/MD5 checksum:  1631588 5fbbc2ab0bae1f4549d0186280ce170e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHUp85Xm3vHE4uyloRAsTXAJ4uP19dVvidyti04d/W8ofTTHXrYwCcC6jN
hCe2TE4FFKOd3i2mReZa4TI=
=FbEr
-----END PGP SIGNATURE-----



From kristian.hermansen at gmail.com  Sun Dec  2 13:10:22 2007
From: kristian.hermansen at gmail.com (Kristian Erik Hermansen)
Date: Sun, 2 Dec 2007 08:10:22 -0500
Subject: [Full-disclosure] Signature or checksum?
Message-ID: <fe37588d0712020510u6a46fbd1mfbfed0a9ddf37a64@mail.gmail.com>

On Dec 2, 2007 7:00 AM,  coderman <coderman at gmail.com> wrote:
> p.s.  for the tin foil hat crowd, those digital sigs are looking
> weaker every year compared to cryptographic hash functions and block
> ciphers:
>
> http://dwave.wordpress.com/2007/11/26/slides-from-sc07-progress-in-quantum-computing-panel/
>
> not to mention GNFS improvements the last few years...

Don't forget Galois group and Fermat surface research :-P
-- 
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."



From 3lucid8 at googlemail.com  Sun Dec  2 10:38:44 2007
From: 3lucid8 at googlemail.com (3lucid8)
Date: Sun, 2 Dec 2007 10:38:44 +0000
Subject: [Full-disclosure] Phioust gets all emotional to gobbles and
	friends...
Message-ID: <8a5de94d0712020238k7150c78di5b01f16832826eb8@mail.gmail.com>

Now Lionel, "track you down.." who do you think you are? the Godfather?
Your Phd is obviously in fantasyland studies ;-)

------
Phioust means business with his real name and all those philosopher
(HAAAA), CISSP and MCSE (lol) degrees ... see for urself in his
dangerously sexy email ... in response to our spam threat :)

---------- Forwarded message ----------
From: phioust <phioust at gmail.com>
Date: Nov 30, 2007 9:33 PM
Subject: spam?
To: isbackgobbles at googlemail.com

i suggest you do not make anymore threats, belive me, i have lots of
contacts to track you down ..

-- 
Lionel Phioust

Phd, CISSP, MCSE


ohhhh f33r the b33r, he owns 100 TOR nodes, 10000 wireless hotspots
and one lesbian gmail server admin to track our IP's .. wuuuuu !!!!

Spammers - We got Phiousts real name for yaall, self pat on the back
for good work. ohhh wait wait .. lets make him a bit more jobless by
the oath of google

Lionel Phioust, security, exploits, bugtraq, scriptkiddie, lamer,
idiot, bisexual, Phioust. ROFL

Note - Some of our concerned fans suspect us not to be gobbles. I will
save all those online forensic retards the time to analyse our emails
and come straight to the point .. in w00w00 style .. 10 europeans, 15
asians, 11 americans and one hell of a funny little turkey .. 5 member
required to not f33r w00w00 might .. and no .. Shok dont look like
Marilyn Mansons gimp boy !!! .. well the gimp suite was stiched by us
..



From thijs at debian.org  Sun Dec  2 12:22:32 2007
From: thijs at debian.org (Thijs Kinkhorst)
Date: Sun, 2 Dec 2007 13:22:32 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1418-1] New cacti packages fix
	SQL injection
Message-ID: <20071202122232.GA4436@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1418-1                  security at debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
December 02, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : cacti
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-6035
Debian Bug     : 452085

It was discovered that Cacti, a tool to monitor systems and networks,
performs insufficient input sanitising, which allows SQL injection.

For the oldstable distribution (sarge) this problem has been fixed in
version 0.8.6c-7sarge5.

For the stable distribution (etch) this problem has been fixed in
version 0.8.6i-3.2.

For the unstable distribution (sid) this problem has been fixed in
version 0.8.7a-1.

We recommend that you upgrade your cacti package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
    Size/MD5 checksum:  1046586 b4130300f671e773ebea3b8f715912c1
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5.diff.gz
    Size/MD5 checksum:    56568 cbd167e3cdd2711ce2910c3a47dd6d45
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5.dsc
    Size/MD5 checksum:      887 8bfbdff5df7b79d6b8500cc9b859ac04

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5_all.deb
    Size/MD5 checksum:  1059858 fbf23e7c7829a8461dc30217f4f926bc

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz
    Size/MD5 checksum:  1122700 341b5828d95db91f81f5fbba65411d63
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2.dsc
    Size/MD5 checksum:      873 d595d4a1e11781e46b21e6d01c434b29
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2.diff.gz
    Size/MD5 checksum:    34884 46d229352afad9cca2fdc8e61329521e

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2_all.deb
    Size/MD5 checksum:   958872 a4156b5ff0ed3ef4251f8214dda90221


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHUqNPXm3vHE4uyloRApQoAJ991wGFAC5ZDOoAbvoTPhZYU4G4MgCg6V+U
Tj6mYk7pj4nUCYlHdo5D7d0=
=s7eM
-----END PGP SIGNATURE-----









From Billy.Hoffman at spidynamics.com  Sun Dec  2 00:18:52 2007
From: Billy.Hoffman at spidynamics.com (Billy.Hoffman at spidynamics.com)
Date: Sat, 1 Dec 2007 19:18:52 -0500 (EST)
Subject: [Full-disclosure] Web Beam,
	the new concept web application penetration testing tool
Message-ID: <200712020018.lB20HIDD026004@openbsd.nyi.net>


We are pleased to announce the result of the strategical partnership between SPI Dynamics and CORE SECURITY INC .
Paul Paget's security staff worked closely with us to integrate core impact security engine into our new Web Beam web application penetration testing tool.
Web Beam deliveries top level results in automatic web application discovery and in this new technology, the exploiting.
The platform includes an opensource licenced SDK to provide assistance in manual web vulnerability analysis that will be released on December 7th
on our website.
Web Beam includes 0day techniques for web attacks against well known enterprise grade applications widely found in intranet penetration tests.
To get an overview of the feature set of Web Beam and to signup for the Beta Testing Program download the presentation available on 
http://beam.to/WebPresentation2007.pdf


Billy Hoffman
--
Lead Researcher, SPI Labs
SPI Dynamics, An HP Company
http://www.spidynamics.com
Phone:  678-781-4800
Direct:   678-781-4845



From tbiehn at gmail.com  Sun Dec  2 15:29:20 2007
From: tbiehn at gmail.com (T Biehn)
Date: Sun, 2 Dec 2007 10:29:20 -0500
Subject: [Full-disclosure] need help in managing administrators
In-Reply-To: <BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
References: <4751369B.9060307@pirate-radio.org>
	<BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
Message-ID: <2d6724810712020729u103c24fcnbc9b9bc24e3965e7@mail.gmail.com>

In short, this depends on the permissions needed / how the installer
determines if the user has them. The easiest thing to do is to give
local administrator access (I'm assuming Windows platform because it
sounds like it), if this is not permissible to you (as local admin
access can easily be leveraged into obtaining domain admin) then
creating a user account with the required permissions may be your best
bet, but again, any extra permissions the installer may need can
probably be used to get local administrator access, then domain
administrator access.
As you probably don't care, go ahead and look at Microsoft KB and
search around for custom user permissions (Which range from Files, to
Registry RW, to System ability to install drivers, services,
impersonate users, create users...) Of course if your installer just
looks to see if the person installing is an Administrator instead of
looking for the access, then all this trouble is for naught.

I'd be interested to know if there was something I was missing, hence the RTA.

LOLDONGS,

Travis
On Dec 2, 2007 4:42 AM, happy nino <nadtec at hotmail.com> wrote:
>
>
>
>
>  Hi All,
> i've a problem in my organization that we have several domain admins, we are
> in the process of removing most of them but i need to have a person only
> authorized to install
> new software to users' computers but without having access to other parts of
> the users machines, is this possible ?..can i delegate a function like this
> only to certain users with out
> being domain admins?
> Appreciate your great help
> thanks alot
>
> regards,
> Nad
>
>
>
>
>
> ________________________________
> Get closer to the jungle. I'm a Celebrity Get Me Out Of Here!
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From jf at danglingpointers.net  Mon Dec  3 01:47:11 2007
From: jf at danglingpointers.net (jf)
Date: Mon, 3 Dec 2007 01:47:11 +0000 (UTC)
Subject: [Full-disclosure] authentic hackers still do it for the love
 ... (was: Hell Camp: It never pays enough)
In-Reply-To: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>

> sooner or later every authentic hacker discovers that you must
> separate work from play.

I really wish everyone would stop projecting their own world views and
insisting that in order for person A to be X you simply have to come to
the same conclusions and hold the same sets of beliefs that person B
did. In this case the noun is hacker, but the same
concept is fairly universal and happens a lot in politics as well.

Here is the simple truth, there is no underlying outlook,
background, dogma or set of ethics that define hacking. The only theme
that applies across the board is breaking computer security. Everything
else that you tie into the word is the projection of your own beliefs,
which is fine, I don't care what you believe, but don't pretend to speak
for me or to know what I'm thinking, in other words, don't put your shit
on me (or anyone else).

To sum up the point, let's say that you're I dunno southern baptist, you
don't presume that everyone else in the scene is also southern baptists,
so why do you presume to know my (or anyones) motives, ambitions, et
cetera?

> when you try and mix them both you
> betray the joy and fulfillment of hacking for a paycheck, and it
> never pays enough.

You're doing it wrong.



From Valdis.Kletnieks at vt.edu  Sun Dec  2 19:22:54 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sun, 02 Dec 2007 14:22:54 -0500
Subject: [Full-disclosure] need help in managing administrators
In-Reply-To: Your message of "Sun, 02 Dec 2007 09:42:26 GMT."
	<BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
References: <4751369B.9060307@pirate-radio.org>
	<BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
Message-ID: <16569.1196623374@turing-police.cc.vt.edu>

On Sun, 02 Dec 2007 09:42:26 GMT, happy nino said:
> Hi All,i've a problem in my organization that we have several domain admins,
> we are in the process of removing most of them but i need to have a person
> only authorized to installnew software to users' computers but without having
> access to other parts of the users machines, is this possible ?

What exactly are you trying to accomplish, given that if they are allowed to
install software, they are allowed to install software that will then at a
later point in time give them access to other parts of the machine?  There's no
"don't allow the installation of trojaned software" flag.  Also, if you're
backing up the machines (you *do* back them up, right?), your admin can
probably just restore the files from backup into some other directory...

Have you looked at using something like EFS or BitLocker *and turn off key
escrow* so the admin's keys don't work?  Of course, this makes backups
"interesting", and if you have an Internal Audit group, they may have a cow
about non-escrowed keys if they have a clue.

It would probably be easier to answer this one if you were able to say
specifically what "other parts" you didn't want the admins to be getting at,
and why you can't just use "if you abuse your privs, you're fired and we're
calling the local DA" to keep them in line (this works for most places,
if you pay your admins a fair wage, but of course some particularly high-value
targets invite high-risk attacks).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/22c007b4/attachment.bin 

From Valdis.Kletnieks at vt.edu  Sun Dec  2 19:25:02 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sun, 02 Dec 2007 14:25:02 -0500
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: Your message of "Mon, 03 Dec 2007 01:47:11 GMT."
	<Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
	<Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>
Message-ID: <16707.1196623502@turing-police.cc.vt.edu>

On Mon, 03 Dec 2007 01:47:11 GMT, jf said:

> Here is the simple truth, there is no underlying outlook,
> background, dogma or set of ethics that define hacking. The only theme
> that applies across the board is breaking computer security.

And there's still a few hold-outs that don't agree with *that* theme either,
because "hacking" had a different meaning back in the Elder Days.

Of course, English is a living language, and terms like "hacker" and "0-day"
get redefined, despite our best efforts at preventing it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/834bce1c/attachment.bin 

From coderman at gmail.com  Sun Dec  2 19:29:10 2007
From: coderman at gmail.com (coderman)
Date: Sun, 2 Dec 2007 11:29:10 -0800
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: <Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
	<Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>
Message-ID: <4ef5fec60712021129k6426162do9561a44ff445fa2@mail.gmail.com>

On Dec 2, 2007 5:47 PM, jf <jf at danglingpointers.net> wrote:
> ... something southern baptists ...
> You're doing it wrong.

oh well, i checked monster.com and my ruse didn't work.
no employeee exodus, no new signing bonus, and here i thought you'd all
send email notice on a pleasant saturday afternoon.

guess i'll have to pay for that CISSP after all...

[tell you what jf and pdp, i'd be more curious to know how you
 cultivated that "job" that isn't yet pays well than continuing this
 thread before it spirals further into inanity...]



From nytrokiss at gmail.com  Sun Dec  2 19:34:01 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Sun, 2 Dec 2007 20:34:01 +0100
Subject: [Full-disclosure] need help in managing administrators
In-Reply-To: <16569.1196623374@turing-police.cc.vt.edu>
References: <4751369B.9060307@pirate-radio.org>
	<BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
	<16569.1196623374@turing-police.cc.vt.edu>
Message-ID: <8a6b8e350712021134l72100737o143d1d7e5367f8e@mail.gmail.com>

Why are you removing the admins? based on what you wrote the computer
network will probably turn into a massive mess with all these programs
installed and users as admins..

On Dec 2, 2007 8:22 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Sun, 02 Dec 2007 09:42:26 GMT, happy nino said:
> > Hi All,i've a problem in my organization that we have several domain
> admins,
> > we are in the process of removing most of them but i need to have a
> person
> > only authorized to installnew software to users' computers but without
> having
> > access to other parts of the users machines, is this possible ?
>
> What exactly are you trying to accomplish, given that if they are allowed
> to
> install software, they are allowed to install software that will then at a
> later point in time give them access to other parts of the machine?
>  There's no
> "don't allow the installation of trojaned software" flag.  Also, if you're
> backing up the machines (you *do* back them up, right?), your admin can
> probably just restore the files from backup into some other directory...
>
> Have you looked at using something like EFS or BitLocker *and turn off key
> escrow* so the admin's keys don't work?  Of course, this makes backups
> "interesting", and if you have an Internal Audit group, they may have a
> cow
> about non-escrowed keys if they have a clue.
>
> It would probably be easier to answer this one if you were able to say
> specifically what "other parts" you didn't want the admins to be getting
> at,
> and why you can't just use "if you abuse your privs, you're fired and
> we're
> calling the local DA" to keep them in line (this works for most places,
> if you pay your admins a fair wage, but of course some particularly
> high-value
> targets invite high-risk attacks).
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://search.goldwatches.com/?Search=Movado+Watches
http://www.jewelerslounge.com
http://www.goldwatches.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/5bd46c52/attachment.html 

From nytrokiss at gmail.com  Sun Dec  2 19:35:12 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Sun, 2 Dec 2007 20:35:12 +0100
Subject: [Full-disclosure] authentic hackers still do it for the love
	... (was: Hell Camp: It never pays enough)
In-Reply-To: <4ef5fec60712021129k6426162do9561a44ff445fa2@mail.gmail.com>
References: <4ef5fec60712012228oe7333a2t894b553628f1d8c@mail.gmail.com>
	<Pine.LNX.4.64.0712030125120.20541@localhost.localdomain>
	<4ef5fec60712021129k6426162do9561a44ff445fa2@mail.gmail.com>
Message-ID: <8a6b8e350712021135o7e96e8d9l54403728051796b7@mail.gmail.com>

Correct there must be a separation between work and play! But playing will
always be fun!

On Dec 2, 2007 8:29 PM, coderman <coderman at gmail.com> wrote:

> On Dec 2, 2007 5:47 PM, jf <jf at danglingpointers.net> wrote:
> > ... something southern baptists ...
> > You're doing it wrong.
>
> oh well, i checked monster.com and my ruse didn't work.
> no employeee exodus, no new signing bonus, and here i thought you'd all
> send email notice on a pleasant saturday afternoon.
>
> guess i'll have to pay for that CISSP after all...
>
> [tell you what jf and pdp, i'd be more curious to know how you
>  cultivated that "job" that isn't yet pays well than continuing this
>  thread before it spirals further into inanity...]
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://search.goldwatches.com/?Search=Movado+Watches
http://www.jewelerslounge.com
http://www.goldwatches.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071202/28c87e0a/attachment.html 

From Valdis.Kletnieks at vt.edu  Sun Dec  2 20:23:05 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sun, 02 Dec 2007 15:23:05 -0500
Subject: [Full-disclosure] need help in managing administrators
In-Reply-To: Your message of "Sun, 02 Dec 2007 20:34:01 +0100."
	<8a6b8e350712021134l72100737o143d1d7e5367f8e@mail.gmail.com>
References: <4751369B.9060307@pirate-radio.org>
	<BAY108-W322BB21B2871F55233261DD6730@phx.gbl>
	<16569.1196623374@turing-police.cc.vt.edu>
	<8a6b8e350712021134l72100737o143d1d7e5367f8e@mail.gmail.com>
Message-ID: <20494.1196626985@turing-police.cc.vt.edu>

On Sun, 02 Dec 2007 20:34:01 +0100, James Matthews said:

> Why are you removing the admins? based on what you wrote the computer
> network will probably turn into a massive