headers
Cron Solo | 1 Mar 2010 02:47

Watch out weev... Honeytrap.


Andrew Auerheimer (Weev) was contacted by a honeytrap at a bar who
tried to seduce him.

Weev has previously alluded that it might be FBI (probably
counterintelligence). This is actually only a "maybe".

Who says weev hasn't attracted this attention of JDL and mossad?
Maybe the FBI coming to visit Andrew was because they saw from his
survellience he had MOSSAD honeypots following him. "Damn, they're
not with us", the SF FBI office thought.

Don't believe me?

http://www.doubtcome.com/images/girls1.htm (mirror:
http://www.webcitation.org/5ntPoRsEK)
http://www.doubtcome.com/images/girls2.htm (mirror:
http://www.webcitation.org/5ntQDLS9z)
http://www.rense.com/general52/themossadseductress.htm (mirror:
http://www.webcitation.org/5ntQM2kza)
oh, yeah, and the new Dubai assassination.

Weev, You are so screwed. It may sound paradoxical, but USA may be
the safest place for you to be. Des Moines, even.

The same people who are trying to prosecute you are bound by law to
protect you, listen to what tbiehn says.

Do you have anything else to say on this matter? Please dude, get
the truth out here. Get your testament out. If something happens to
(Continue reading)

Permalink | Reply | 1 comment |
headers
T Biehn | 1 Mar 2010 03:32
Picon
Gravatar

Re: Fwd: steathbomb

Alzo see: USB DMA.

On Fri, Feb 26, 2010 at 8:29 AM, McGhee, Eddie <Eddie.McGhee <at> ncr.com> wrote:
> Its simply using USB autorun to launch and install itself, not sure how much it is picked up but tbh you could
build one yourself possibly with the features you need, just look into getting some decent bot source and
go from there, would save the 130 dollars imo.
>
> Plenty source code out there to make one these, in fact, I think I will make a guide on it if I get around to it
with a stripped down bot, the only thing you really need to worry about is detection, if you have the know how
build yourself a decent crypter and make sure no one gets a hold of it to keep detections down.
>
> phed
>
> -----Original Message-----
> From: full-disclosure-bounces <at> lists.grok.org.uk
[mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of RandallM
> Sent: 26 February 2010 12:36
> To: full-disclosure <at> lists.grok.org.uk
> Subject: [Full-disclosure] Fwd: steathbomb
>
> anyone see this and know about it? How it works and good detection?
>
> http://www.brickhousesecurity.com/pc-computer-spy.html
>
> --
> been great, thanks
> RandyM
> a.k.a System
>
> _______________________________________________
(Continue reading)

Permalink | Reply | 0 comments |
headers
Marsh Ray | 1 Mar 2010 03:28
Favicon

Re: Two MSIE 6.0/7.0 NULL pointer crashes

On 2/28/2010 2:22 PM, Pavel Kankovsky wrote:
> On Sun, 24 Jan 2010, Dan Kaminsky wrote:
>> Nah, it's actually a lot worse. You have to start thinking in terms of
>> state explosion -- having turing complete access to even some of the
>> state of a remote system creates all sorts of new states that, even if
>> *reachable* otherwise, would never be *predictably reachable*.

Perhaps it would be more proper to say that those states really did
exist beforehand but were unrecognized? We could refer to them as
"latent states"!

Even the simplest static analysis should uncover the explosion caused by
scanf("%s"). The problem is that there are so many other ways that a
combinatorial explosion of states can exceed the capacity of static
analysis it can't tell the valid ones from the exploitable ones. If you
make a static analysis product, I suspect your customers will want it to
somehow run in bounded time and memory.

> I do not want to downplay the ingenuity of Marsh Ray and Steve Dispensa 
> (and Martin Rex) but...

Oh man. We should downplay those guys whenever we get the chance. :-)

Pavel and Dan, truly it is you who instruct us by your example!

Did you guys catch our talk at Shmoo 2010 yet? We've got to get that
online somehow.

> Any attempt to formalize integrity properties SSL/TLS is supposed to
> guarantee would inevitably lead to something along the lines of "all data
(Continue reading)

Permalink | Reply | 0 comments |
headers
Henri Torgemane | 1 Mar 2010 04:02

Re: Yahoo! UK and US Hiring Security and Risk management experts


Yes.

To clarify, this post was meant to be satirical. It was not written
by an employee at Yahoo. I apologize for mentioning age. (In the
United States, you're not allowed to mention age, creed, gender,
etc. in terms of hiring new guys)

However, I have a question for you Mark.

What is your opinion on Andrew Wallace and "n3td3v"? Would Yahoo!
consider vouching for him after all the high-value intel he's given
you?

On Sat, 27 Feb 2010 20:42:30 +0000 mark seiden <mis <at> yahoo-inc.com>
wrote:
>yet another nice troll with a stylistic stench of n3td3v about it,
> judging by
>the fanciful misconceptions surrounding a kernel of truth
>(and the phony attribution to someone to whom he's taken an
>unreasonable
>disliking...)
>
>it's true that yahoo is hiring security people, though, typically
>not as consultants
>but as employees -- programmers and engineers who are clueful
>about
>security.
>
>careers.yahoo.com is a good way, in fact,  to find out about those
(Continue reading)

Permalink | Reply | 0 comments |
headers
dann frazier | 1 Mar 2010 04:53
Picon
Favicon

[SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities


----------------------------------------------------------------------
Debian Security Advisory DSA-2004-1                security <at> debian.org
http://www.debian.org/security/                           Dann Frazier
February 27, 2010                   http://www.debian.org/security/faq
----------------------------------------------------------------------

Package        : linux-2.6.24
Vulnerability  : privilege escalation/denial of service/sensitive memory leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
                 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
                 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
                 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410
                 CVE-2010-0415 CVE-2010-0622

NOTE: This kernel update marks the final planned kernel security
update for the 2.6.24 kernel in the Debian release 'etch'.  Although
security support for 'etch' officially ended on Feburary 15th, 2010,
this update was already in preparation before that date.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-2691

    Steve Beattie and Kees Cook reported an information leak in the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Garfinkle | 1 Mar 2010 05:49

Going "underground", living out of backpack, etc?


Hello.

I am interested in getting some advice from you security
professionals (white hat and black hat) about going underground.

I am sick of big brother, I love independence, I was to experience
the world and have no commitments.

I am just sick of being held down in one place. It's too easy for
people to harass and stalk you.  You gotta be mobile. Fancy free
and foot loose.

You gotta be underground.

Have any advice for living out of a bag? Any stories? Any lessons?
Permalink | Reply | 8 comments |
headers
Christian Sciberras | 1 Mar 2010 08:21
Picon
Gravatar

Re: Going "underground", living out of backpack, etc?

Start by not touching any kind of digital device. You wouldn't know how many chinese have put tracking/spy bugs inside them. Or how many modified NSA backdoors, for the matter.
Using a PC probably increases risk by 1000%.




On Mon, Mar 1, 2010 at 5:49 AM, Simon Garfinkle <lolwebtwo <at> hush.ai> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello.

I am interested in getting some advice from you security
professionals (white hat and black hat) about going underground.

I am sick of big brother, I love independence, I was to experience
the world and have no commitments.

I am just sick of being held down in one place. It's too easy for
people to harass and stalk you.  You gotta be mobile. Fancy free
and foot loose.

You gotta be underground.

Have any advice for living out of a bag? Any stories? Any lessons?

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuLR3UACgkQRQnwIcxK0rKdJwP9Fbv4ENsN+ouzbn34owsypykpL00+
E1qCZBwZGD4EJ5QK6PKdyR3kc33hOOasqaWn+HQVX1OtdKa/bXwWCJw3b3bEbImPHHoM
FSfO7mJsrifYsufZcXtgRgFOI3KA7W+cN1DHncawcBf5/7CNKrjXSVi2NewLsp7beFlM
gJrMvYw=
=ii33
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 1 comment |
headers
intel unit | 1 Mar 2010 09:06

full disclosure is an intelligence blackhole


John Cartwright is perpetrating global conflict by censoring
n3td3v's 0days and commenting.
Opinion by Andrew Wallace. Published by a believer in free speech
who knows Andrew Wallace is an super spy expert. Luyk a jelly
samwich amirite?

Is banning people from a mailing list a national security risk?

We haven't been on the mailing list since January 2009, although
there have been plenty of hackers trying to impersonate us.

For sure the impersonations are misleading, and we would like to
ask, is banning people from a mailing list a vulnerability?

Let's just say we haven't been able to release any information to
the public for over a year now.

We don't have anywhere we can post information.

Isn't it a security risk to ban one the biggest security &
intelligence groups in the UK from posting?

We think so, and why would you want to create a climate where there
are plenty n3td3v wanna be's posting to the mailing list, but no
actual intelligence on what we're upto, what we've been researching
or anything like that.

A security & intelligence group with over 6000 security
professionals in jobs around the world who make up the n3td3v
group, banned from making announcements relating to national
security matters.

A whole year of no information getting out to the security industry
about the vulnerabilities in national security and other research
that we've been getting upto.

None of that has been post, its all been supressed.

By who? One man decided to risk security by banning one of the
largest security groups in the United Kingdom.

We were treated badly on the mailing list, it wasn't us in the
wrong, we only defended ourselves and the integrity of our group
from people who were obviously wanting an argument.

We aren't playing around, we are grown adults who are serious about
security & intelligence.

We were made out to be something that we weren't, its not nice to
be treated like that.

It's why the mailing list can't be taken seriously and poses a risk
to national security.

Because the people who do research security aren't able to post on
the mailing list.

And I don't know why more people haven't spoken out about an
organisation as big as n3td3v being banned from the mailing list,
its a risk to national security.

We don't post our intelligence anywhere else apart from the mailing
list we've been banned from, and we don't give out any signals
intelligence about what we are getting upto, we're very careful
about that.

The only opportunity to find out what the n3td3v security and
intelligence group were upto was being subscribed to the mailing
list and reading our emails.

Andrew is banned, and banned with that are the voices of over 6000
and more researchers, security consultants and many others.

Is banning n3td3v from Full-disclosure mailing list a national
security issue? Of course it is.

National security has been at risk for over a year and will remain
at risk... because the information flow has been cut off.

Who will be to blame? One man who runs the mailing list, one man
will need to live with himself, his name is John Cartwright.

He has cut off a major security research and intelligence group on
purpose, I don't think he cares about national security.

Can he live with himself?

We've been sitting in our offices wondering this for over a year,
we've held security conferences with our members and other stuff
and remain frustrated that we've been cut off from communicating
with the security industry.

Yours faithfully,

n3td3v security
& intelligence group
Permalink | Reply | 6 comments |
headers
McGhee, Eddie | 1 Mar 2010 09:53
Picon

Re: full disclosure is an intelligence blackhole

Come on mate seriously its getting boring, if any serious security threats are out there then drop the info
and man up, stop with the bullshit of making netdev a poor internet meme, because that's all it is.. 

-----Original Message-----
From: full-disclosure-bounces <at> lists.grok.org.uk
[mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of intel unit
Sent: 01 March 2010 08:06
To: full-disclosure <at> lists.grok.org.uk
Subject: [Full-disclosure] full disclosure is an intelligence blackhole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Cartwright is perpetrating global conflict by censoring n3td3v's 0days and commenting.
Opinion by Andrew Wallace. Published by a believer in free speech who knows Andrew Wallace is an super spy
expert. Luyk a jelly samwich amirite?

Is banning people from a mailing list a national security risk?

We haven't been on the mailing list since January 2009, although there have been plenty of hackers trying to
impersonate us.

For sure the impersonations are misleading, and we would like to ask, is banning people from a mailing list a vulnerability?

Let's just say we haven't been able to release any information to the public for over a year now.

We don't have anywhere we can post information.

Isn't it a security risk to ban one the biggest security & intelligence groups in the UK from posting?

We think so, and why would you want to create a climate where there are plenty n3td3v wanna be's posting to the
mailing list, but no actual intelligence on what we're upto, what we've been researching or anything like that.

A security & intelligence group with over 6000 security professionals in jobs around the world who make up
the n3td3v group, banned from making announcements relating to national security matters.

A whole year of no information getting out to the security industry about the vulnerabilities in national
security and other research that we've been getting upto.

None of that has been post, its all been supressed.

By who? One man decided to risk security by banning one of the largest security groups in the United Kingdom.

We were treated badly on the mailing list, it wasn't us in the wrong, we only defended ourselves and the
integrity of our group from people who were obviously wanting an argument.

We aren't playing around, we are grown adults who are serious about security & intelligence.

We were made out to be something that we weren't, its not nice to be treated like that.

It's why the mailing list can't be taken seriously and poses a risk to national security.

Because the people who do research security aren't able to post on the mailing list.

And I don't know why more people haven't spoken out about an organisation as big as n3td3v being banned from
the mailing list, its a risk to national security.

We don't post our intelligence anywhere else apart from the mailing list we've been banned from, and we
don't give out any signals intelligence about what we are getting upto, we're very careful about that.

The only opportunity to find out what the n3td3v security and intelligence group were upto was being
subscribed to the mailing list and reading our emails.

Andrew is banned, and banned with that are the voices of over 6000 and more researchers, security
consultants and many others.

Is banning n3td3v from Full-disclosure mailing list a national security issue? Of course it is.

National security has been at risk for over a year and will remain at risk... because the information flow
has been cut off.

Who will be to blame? One man who runs the mailing list, one man will need to live with himself, his name is John Cartwright.

He has cut off a major security research and intelligence group on purpose, I don't think he cares about
national security.

Can he live with himself?

We've been sitting in our offices wondering this for over a year, we've held security conferences with our
members and other stuff and remain frustrated that we've been cut off from communicating with the
security industry.

Yours faithfully,

n3td3v security
& intelligence group
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8IwnkL
PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe3
hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBqB
mCK69YQ=
=xM2C
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 1 comment |
headers
Christian Sciberras | 1 Mar 2010 10:16
Picon
Gravatar

Re: full disclosure is an intelligence blackhole

Boring?
Amusing more likely.

On Mon, Mar 1, 2010 at 9:53 AM, McGhee, Eddie <Eddie.McGhee <at> ncr.com> wrote:
Come on mate seriously its getting boring, if any serious security threats are out there then drop the info and man up, stop with the bullshit of making netdev a poor internet meme, because that's all it is..

-----Original Message-----
From: full-disclosure-bounces <at> lists.grok.org.uk [mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of intel unit
Sent: 01 March 2010 08:06
To: full-disclosure <at> lists.grok.org.uk
Subject: [Full-disclosure] full disclosure is an intelligence blackhole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Cartwright is perpetrating global conflict by censoring n3td3v's 0days and commenting.
Opinion by Andrew Wallace. Published by a believer in free speech who knows Andrew Wallace is an super spy expert. Luyk a jelly samwich amirite?


Is banning people from a mailing list a national security risk?

We haven't been on the mailing list since January 2009, although there have been plenty of hackers trying to impersonate us.

For sure the impersonations are misleading, and we would like to ask, is banning people from a mailing list a vulnerability?

Let's just say we haven't been able to release any information to the public for over a year now.

We don't have anywhere we can post information.

Isn't it a security risk to ban one the biggest security & intelligence groups in the UK from posting?

We think so, and why would you want to create a climate where there are plenty n3td3v wanna be's posting to the mailing list, but no actual intelligence on what we're upto, what we've been researching or anything like that.

A security & intelligence group with over 6000 security professionals in jobs around the world who make up the n3td3v group, banned from making announcements relating to national security matters.

A whole year of no information getting out to the security industry about the vulnerabilities in national security and other research that we've been getting upto.

None of that has been post, its all been supressed.

By who? One man decided to risk security by banning one of the largest security groups in the United Kingdom.

We were treated badly on the mailing list, it wasn't us in the wrong, we only defended ourselves and the integrity of our group from people who were obviously wanting an argument.

We aren't playing around, we are grown adults who are serious about security & intelligence.

We were made out to be something that we weren't, its not nice to be treated like that.

It's why the mailing list can't be taken seriously and poses a risk to national security.

Because the people who do research security aren't able to post on the mailing list.

And I don't know why more people haven't spoken out about an organisation as big as n3td3v being banned from the mailing list, its a risk to national security.

We don't post our intelligence anywhere else apart from the mailing list we've been banned from, and we don't give out any signals intelligence about what we are getting upto, we're very careful about that.

The only opportunity to find out what the n3td3v security and intelligence group were upto was being subscribed to the mailing list and reading our emails.

Andrew is banned, and banned with that are the voices of over 6000 and more researchers, security consultants and many others.

Is banning n3td3v from Full-disclosure mailing list a national security issue? Of course it is.

National security has been at risk for over a year and will remain at risk... because the information flow has been cut off.

Who will be to blame? One man who runs the mailing list, one man will need to live with himself, his name is John Cartwright.

He has cut off a major security research and intelligence group on purpose, I don't think he cares about national security.

Can he live with himself?

We've been sitting in our offices wondering this for over a year, we've held security conferences with our members and other stuff and remain frustrated that we've been cut off from communicating with the security industry.

Yours faithfully,

n3td3v security
& intelligence group
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8IwnkL
PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe3
hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBqB
mCK69YQ=
=xM2C
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |

Gmane