Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

Hash

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


shadown at gmail

Jul 26, 2007, 7:05 AM

Post #1 of 22 (1663 views)
Permalink
Hash
Just some hashed for the record.

CA eTrust (vulnpack):
md5:919a7645a07aafb388af00e9b39d21bf
sha-1:b21f31892fff9de9bd6933850a66587786896fa1
SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86

--
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown [at] gmail

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake please let us know by e-mail immediately and
delete it from your system; should also not copy the message nor
disclose its contents to anyone. Many thanks.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


nick at virus-l

Jul 26, 2007, 4:20 PM

Post #2 of 22 (1581 views)
Permalink
Re: Hash [In reply to]
shadown wrote:

> Just some hashed for the record.
>
> CA eTrust (vulnpack):
> md5:919a7645a07aafb388af00e9b39d21bf
> sha-1:b21f31892fff9de9bd6933850a66587786896fa1
> SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86

Cool -- thanks for that info...

> --
> Sergio Alvarez
> Security, Research & Development
> IT Security Consultant
> email: shadown [at] gmail
>
> This message is confidential. ...

Yet you wilfully and knowingly posted it to a public-access mailing
list with tens of thousands of subscribers and that is well-known to be
archived in many places across the net?

You must be a prize moron...

> ... It may also contain information that is
> privileged or otherwise legally exempt from disclosure. ...

...who can't afford a lawyer with half a clue, and will now never be
able to meaningfully defend any kind of accidental Email-borne
"disclosure" of anything, as you've just admitted, on the public
record, that you are too stupid to tell if something is privileged or
legally exempt from disclosure, THUS your only legally defensible
position regarding such material in future is to ensure that you never
handle any of it, but as (by your own admission) you cannot tell what
that it is, you must cut yourself off from all information, a clearly
impossible task. In short, you've put yourself in the paradoxical
position of being both knowingly and negligently responsible for any
and all "improper" disclosures of any and all "sensitive" material you
should ever happen across in future.

Good luck ever getting hired again -- it would take a seriously stupid
employer to take on such a liability as you!

> ... If you have
> received it by mistake ...

As you say it _is_ confidential and I have NO existing relevant
"relationship" with you, I MUST have received this by mistake....

> ... please let us know by e-mail ...

...and I have a good faith belief that the mailing list software will
deliver this is to you by Email, so I've fulfilled that part of the
"deal". But what about the rest of the F-D subscribers? You'll get a
_LOT_ of Email...

> ...immediately ...

Although I wrote this as quickly as I could and sent it "immediately"
thereafter, I didn't read your message till several hours after
receiving it -- I hope that doesn't mean I didn't do it
"immediately"...

> ... and
> delete it from your system; ...

No. Why should I? Because _YOU_ are a moron and made a stupid
mistake?

In case it's not already nice and clear, I'll try to make it even
clearer why this kind of "Email AUP" is _THOROUGHLY_ bogus.

Imagine that I totally accidentally ran you over with my car BUT THEN
told you that the terms and conditions of my having run you over are
that you have to accept that I'm incompetent to judge whether I should
drive or not [that's the earlier stuff], that you are to forget it ever
happened [above]...

> ... should also not copy the message nor
> disclose its contents to anyone. Many thanks.

...and that you are never to tell anyone anything about the accident.

Do you think that would "protect" me in court if you actually had the
temerity to sue me for damages or some such?

Would any lawyer with at least two good brain cells (yes -- a very rare
breed) sensibly take _my_ case?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


tremaine at gmail

Jul 26, 2007, 5:23 PM

Post #3 of 22 (1579 views)
Permalink
Re: Hash [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>
>> This message is confidential. ...
>
> Yet you wilfully and knowingly posted it to a public-access mailing
> list with tens of thousands of subscribers and that is well-known
> to be
> archived in many places across the net?
>
> You must be a prize moron...
>


Actually I think you might be the one taking the prize....


>> ... It may also contain information that is
>> privileged or otherwise legally exempt from disclosure. ...
>
> ...who can't afford a lawyer with half a clue, and will now never be
> able to meaningfully defend any kind of accidental Email-borne
> "disclosure" of anything, as you've just admitted, on the public
> record, that you are too stupid to tell if something is privileged or
> legally exempt from disclosure, THUS your only legally defensible
> position regarding such material in future is to ensure that you never
> handle any of it, but as (by your own admission) you cannot tell what
> that it is, you must cut yourself off from all information, a clearly
> impossible task. In short, you've put yourself in the paradoxical
> position of being both knowingly and negligently responsible for any
> and all "improper" disclosures of any and all "sensitive" material you
> should ever happen across in future.
>
> Good luck ever getting hired again -- it would take a seriously stupid
> employer to take on such a liability as you!
>

<snip of more blithering>


> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



Apparently you've never heard of a mail administrator tagging
outbound email for all users. It's pretty common. Of course, you may
lack the experience of dealing with large companies.

Have a nice day.

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqTsKAAoJEKGa22zRy9WCMIkIAIx8CPQoQiqMvg2fFCsQEg5Z
MCEqoWgec4zsr/Ev+XG3I6h8s5G2pt9CzIaTUiz+2CkqZaaIiyQg3C3OebMp7Qhg
ZrJ3Z/c0BB2UJIqNudO8Zwc/aU10SXkDhugfVZLyN9MJ6L7cPNAROaIf59MxIgxV
wQU6N5fKLfC1CvsqoAsVDF86j6NUb8q3oS9Xw7ViaAdykxizSHbM9m5XW1KbuaCJ
rlCdOn93cDx8K3U61nJ+47Shw5cZjKABup0mD9EUPWmcGwGX1tvgj8/S6yWqIsBP
0Pd+ncapKWj60Sd4NUDFBmd9M8nRcl6xlnF2DBdjSoSGMKlbJFBxKEcoYOdQtFA=
=7zmM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


ronald at rmacd

Jul 26, 2007, 6:17 PM

Post #4 of 22 (1575 views)
Permalink
Re: Hash [In reply to]
On 27/07/07, Tremaine Lea <tremaine [at] gmail> wrote:
> Apparently you've never heard of a mail administrator tagging
> outbound email for all users. It's pretty common. Of course, you may
> lack the experience of dealing with large companies.
>
> Have a nice day.
>
> - ---
> Tremaine Lea
> Network Security Consultant
> Intrepid ACL
> "Paranoia for hire"

In truth, as the aforementioned Network Security Consultant be able to
tell us, Google mail signatures can be edited before sending out the
email. Nick's got a very good point, and it'd have been very easy for
Sergio to remove the sig.

Regards,
Ronald.



--
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


tremaine at gmail

Jul 26, 2007, 6:30 PM

Post #5 of 22 (1586 views)
Permalink
Re: Hash [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26-Jul-07, at 7:17 PM, Ronald MacDonald wrote:

> On 27/07/07, Tremaine Lea <tremaine [at] gmail> wrote:
>> Apparently you've never heard of a mail administrator tagging
>> outbound email for all users. It's pretty common. Of course, you may
>> lack the experience of dealing with large companies.
>>
>> Have a nice day.
>>
>> - ---
>> Tremaine Lea
>> Network Security Consultant
>> Intrepid ACL
>> "Paranoia for hire"
>
> In truth, as the aforementioned Network Security Consultant be able to
> tell us, Google mail signatures can be edited before sending out the
> email. Nick's got a very good point, and it'd have been very easy for
> Sergio to remove the sig.
>
> Regards,
> Ronald.
>
>
>
> --
> Ronald MacDonald
> http://www.rmacd.com/
> 0777 235 1655


Sure, it's possible. Possibly Sergio is lazy. As he sent it via
gmail's auth smtp servers and not from webmail, it's just as possible
it happened in his mail client.

And all of that aside, who cares? We see signatures like that all
the time on mailing lists. It's pretty obvious they're useless in
this context.

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqUrFAAoJEKGa22zRy9WCKNMIANjtxEAQto3Nf3vKcU6NyFZC
BIHOZDCjIl63dSJh75ZlLtiwLio8pCEYnlKwqdIzetgMvAHNAwMTGm6rjSi3QIaF
05BVstEhVDSLaj1ATrJ38y9WMXTtJRVFfA6lLvVe9o2DE2P8Ec6RdxDTPyMG479I
9qFVMp9mZKmxZUiKxMgFl4c5zNWGpZ1JThUY/ZWUEzlnVDwc8jIqgmO5ENwdy7bY
lufy9fMNIom5tpc6VEc3GBUl45r263pkMGQmumU5lnguM4V17hJQrJrE0GJvBmry
Ut6c2OimKn2iveQ0TC7dmSOHT4EB0y7abi4tzwUy2DLYsMpoEIslJPiRcSSbnwU=
=kOFu
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


prb at lava

Jul 26, 2007, 7:52 PM

Post #6 of 22 (1579 views)
Permalink
Re: Hash [In reply to]
Tremaine Lea wrote:
> Sure, it's possible. Possibly Sergio is lazy. As he sent it via
> gmail's auth smtp servers and not from webmail, it's just as possible
> it happened in his mail client.

And he still could have, and should have edited it.

> And all of that aside, who cares? We see signatures like that all
> the time on mailing lists. It's pretty obvious they're useless in
> this context.

Useless in any context. Sigs. like that are very unprofessional. Even if
I know they are nonsense, such disclaimers come across as mildly bullying.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


tremaine at gmail

Jul 26, 2007, 8:11 PM

Post #7 of 22 (1580 views)
Permalink
Re: Hash [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26-Jul-07, at 8:52 PM, Peter Besenbruch wrote:

> Tremaine Lea wrote:
>> Sure, it's possible. Possibly Sergio is lazy. As he sent it via
>> gmail's auth smtp servers and not from webmail, it's just as possible
>> it happened in his mail client.
>
> And he still could have, and should have edited it.
>

I don't disagree. It would appear he definitely had the choice since
it doesn't seem to have passed through a corporate mailserver that
enforces it outside his control.


>> And all of that aside, who cares? We see signatures like that all
>> the time on mailing lists. It's pretty obvious they're useless in
>> this context.
>
> Useless in any context. Sigs. like that are very unprofessional.
> Even if
> I know they are nonsense, such disclaimers come across as mildly
> bullying.
>
> --
> Hawaiian Astronomical Society: http://www.hawastsoc.org
> HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky


Useless, yes. Unprofessional, also yes. But no more so than the
long winded reply that followed it. I'd actually argue that annoying
bit of easily ignored text was less intrusive than the reply from
Nick Fitzgerald. I'm not sure about everyone else here, but those
legalese tags at the end of emails on lists register about as much as
the ads on webpages. They don't.

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqWJfAAoJEKGa22zRy9WCA4cIAKiFs/73n+tXkJhv/RiB90j5
kWOooPuzXQWtadHAIU52e8ZGsOPmdZBH1iNl+CIOmJVGdcLpuLGpacQVZjlTrbzP
d13RAoixHVX+OFbwhucmlKPPKt1YsCwJHcM2xUPfG+BlTPbKQ5+qTO6Z21fa7tjP
0e8mo1GRK1hAGOmY1F+0OYPrT5G7GKXERh6p8v+guPisHtCB/NpW1do8D8uoBrI1
FVTLS2b9Stgnslbo/hKWrd66jvzCE6rGeoyZWHanFBfy54MB7PzJV5ag9K2eTx0P
SUOPD2n9dSIY0rRDL6QU1O9EyF9C+BBMn738Su5kvPhhUzJ0WjL2zD7tNWIjlbQ=
=SpEd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


gjgowey at tmo

Jul 26, 2007, 8:16 PM

Post #8 of 22 (1578 views)
Permalink
Re: Hash [In reply to]
I've heard of grammar Nazi's lurking on lists, but now we have signature Nazi's too? Haven't you all got something else better to do like finding an exploit or something rather than bicker over something that amounts to little more than a tag line? Cripes, this has to be the stupidest argument/waste of time that I've seen in a while.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Tremaine Lea <tremaine [at] gmail>

Date: Thu, 26 Jul 2007 21:11:26
To:Peter Besenbruch <prb [at] lava>
Cc:full-disclosure [at] lists
Subject: Re: [Full-disclosure] Hash


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26-Jul-07, at 8:52 PM, Peter Besenbruch wrote:

> Tremaine Lea wrote:
>> Sure, it's possible. Possibly Sergio is lazy. As he sent it via
>> gmail's auth smtp servers and not from webmail, it's just as possible
>> it happened in his mail client.
>
> And he still could have, and should have edited it.
>

I don't disagree. It would appear he definitely had the choice since
it doesn't seem to have passed through a corporate mailserver that
enforces it outside his control.


>> And all of that aside, who cares? We see signatures like that all
>> the time on mailing lists. It's pretty obvious they're useless in
>> this context.
>
> Useless in any context. Sigs. like that are very unprofessional.
> Even if
> I know they are nonsense, such disclaimers come across as mildly
> bullying.
>
> --
> Hawaiian Astronomical Society: http://www.hawastsoc.org
> HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky


Useless, yes. Unprofessional, also yes. But no more so than the
long winded reply that followed it. I'd actually argue that annoying
bit of easily ignored text was less intrusive than the reply from
Nick Fitzgerald. I'm not sure about everyone else here, but those
legalese tags at the end of emails on lists register about as much as
the ads on webpages. They don't.

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqWJfAAoJEKGa22zRy9WCA4cIAKiFs/73n+tXkJhv/RiB90j5
kWOooPuzXQWtadHAIU52e8ZGsOPmdZBH1iNl+CIOmJVGdcLpuLGpacQVZjlTrbzP
d13RAoixHVX+OFbwhucmlKPPKt1YsCwJHcM2xUPfG+BlTPbKQ5+qTO6Z21fa7tjP
0e8mo1GRK1hAGOmY1F+0OYPrT5G7GKXERh6p8v+guPisHtCB/NpW1do8D8uoBrI1
FVTLS2b9Stgnslbo/hKWrd66jvzCE6rGeoyZWHanFBfy54MB7PzJV5ag9K2eTx0P
SUOPD2n9dSIY0rRDL6QU1O9EyF9C+BBMn738Su5kvPhhUzJ0WjL2zD7tNWIjlbQ=
=SpEd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


tremaine at gmail

Jul 26, 2007, 8:30 PM

Post #9 of 22 (1579 views)
Permalink
Re: Hash [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You're kidding. You must not have been receiving the list in the
last 24 hours then ;)

Cheers,

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"



On 26-Jul-07, at 9:16 PM, gjgowey [at] tmo wrote:

> I've heard of grammar Nazi's lurking on lists, but now we have
> signature Nazi's too? Haven't you all got something else better to
> do like finding an exploit or something rather than bicker over
> something that amounts to little more than a tag line? Cripes,
> this has to be the stupidest argument/waste of time that I've seen
> in a while.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqWbFAAoJEKGa22zRy9WCzPIH/RGviCYpRrOaYQu/ivR3tW5J
a4XGm8akRfWdNqhc+VkQGLjQMcaov/MGiwjS9WDqk5P38jt65jyjJVWjyk3MkS3i
HafRxNBsl0cyhzsbSKErUDskM5kfFwoayUaFP8yxJ4COYyLEOxzR+1mHPdnlvVed
qTo1zug79sbR1zrDiqMkuyp/M77ZYTCCiQjHpOaXv1sbNKfmF2UY4dymR1mG/XhE
D5RlAwKEl9nt8/lJqeEX6SprGUjqiPZtNbGEl5QLKLDDHOaRrX7287jprg2bK5ge
XgYBlCiY88OqIFGruSCFk5baiuBO0p6PW64aRbPA6exk2UC/V+atqnx7T0vpS6Q=
=Z818
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


joey.mengele at hushmail

Jul 26, 2007, 8:32 PM

Post #10 of 22 (1580 views)
Permalink
Re: Hash [In reply to]
Oh Nick, you're so dreamy!

J

On Thu, 26 Jul 2007 19:20:27 -0400 Nick FitzGerald <nick [at] virus
l.demon.co.uk> wrote:
>shadown wrote:
>
>> Just some hashed for the record.
>>
>> CA eTrust (vulnpack):
>> md5:919a7645a07aafb388af00e9b39d21bf
>> sha-1:b21f31892fff9de9bd6933850a66587786896fa1
>> SHA-
>256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf8
>6
>
>Cool -- thanks for that info...
>
>> --
>> Sergio Alvarez
>> Security, Research & Development
>> IT Security Consultant
>> email: shadown [at] gmail
>>
>> This message is confidential. ...
>
>Yet you wilfully and knowingly posted it to a public-access
>mailing
>list with tens of thousands of subscribers and that is well-known
>to be
>archived in many places across the net?
>
>You must be a prize moron...
>
>> ... It may also contain information that is
>> privileged or otherwise legally exempt from disclosure. ...
>
>...who can't afford a lawyer with half a clue, and will now never
>be
>able to meaningfully defend any kind of accidental Email-borne
>"disclosure" of anything, as you've just admitted, on the public
>record, that you are too stupid to tell if something is privileged
>or
>legally exempt from disclosure, THUS your only legally defensible
>position regarding such material in future is to ensure that you
>never
>handle any of it, but as (by your own admission) you cannot tell
>what
>that it is, you must cut yourself off from all information, a
>clearly
>impossible task. In short, you've put yourself in the paradoxical
>
>position of being both knowingly and negligently responsible for
>any
>and all "improper" disclosures of any and all "sensitive" material
>you
>should ever happen across in future.
>
>Good luck ever getting hired again -- it would take a seriously
>stupid
>employer to take on such a liability as you!
>
>> ... If you have
>> received it by mistake ...
>
>As you say it _is_ confidential and I have NO existing relevant
>"relationship" with you, I MUST have received this by mistake....
>
>> ... please let us know by e-mail ...
>
>...and I have a good faith belief that the mailing list software
>will
>deliver this is to you by Email, so I've fulfilled that part of
>the
>"deal". But what about the rest of the F-D subscribers? You'll
>get a
>_LOT_ of Email...
>
>> ...immediately ...
>
>Although I wrote this as quickly as I could and sent it
>"immediately"
>thereafter, I didn't read your message till several hours after
>receiving it -- I hope that doesn't mean I didn't do it
>"immediately"...
>
>> ... and
>> delete it from your system; ...
>
>No. Why should I? Because _YOU_ are a moron and made a stupid
>mistake?
>
>In case it's not already nice and clear, I'll try to make it even
>clearer why this kind of "Email AUP" is _THOROUGHLY_ bogus.
>
>Imagine that I totally accidentally ran you over with my car BUT
>THEN
>told you that the terms and conditions of my having run you over
>are
>that you have to accept that I'm incompetent to judge whether I
>should
>drive or not [that's the earlier stuff], that you are to forget it
>ever
>happened [above]...
>
>> ... should also not copy the message nor
>> disclose its contents to anyone. Many thanks.
>
>...and that you are never to tell anyone anything about the
>accident.
>
>Do you think that would "protect" me in court if you actually had
>the
>temerity to sue me for damages or some such?
>
>Would any lawyer with at least two good brain cells (yes -- a very
>rare
>breed) sensibly take _my_ case?
>
>
>Regards,
>
>Nick FitzGerald
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

--
HASH(0x8be3b7c)
HASH(0x8be3b34)
http://tagline.hushmail.com/fc/Ioyw6h4eAFZQ91Ni2ZPpPTTRppZ4ayYE8t6xoGrU0iXlmTRrPpK6Nq/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


codeshepherd at gmail

Jul 26, 2007, 8:57 PM

Post #11 of 22 (1582 views)
Permalink
Re: Hash [In reply to]
Nick FitzGerald wrote:
> shadown wrote:
>
>
>> Just some hashed for the record.
>>
>> CA eTrust (vulnpack):
>> md5:919a7645a07aafb388af00e9b39d21bf
>> sha-1:b21f31892fff9de9bd6933850a66587786896fa1
>> SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86
>>
>
> Cool -- thanks for that info...
>
>
>> --
>> Sergio Alvarez
>> Security, Research & Development
>> IT Security Consultant
>> email: shadown [at] gmail
>>
>> This message is confidential. ...
>>
>
> Yet you wilfully and knowingly posted it to a public-access mailing
> list with tens of thousands of subscribers and that is well-known to be
> archived in many places across the net?
>
> You must be a prize moron...
>
>
>> ... It may also contain information that is
>> privileged or otherwise legally exempt from disclosure. ...
>>
>
> ...who can't afford a lawyer with half a clue, and will now never be
> able to meaningfully defend any kind of accidental Email-borne
> "disclosure" of anything, as you've just admitted, on the public
> record, that you are too stupid to tell if something is privileged or
> legally exempt from disclosure, THUS your only legally defensible
> position regarding such material in future is to ensure that you never
> handle any of it, but as (by your own admission) you cannot tell what
> that it is, you must cut yourself off from all information, a clearly
> impossible task. In short, you've put yourself in the paradoxical
> position of being both knowingly and negligently responsible for any
> and all "improper" disclosures of any and all "sensitive" material you
> should ever happen across in future.
>
> Good luck ever getting hired again -- it would take a seriously stupid
> employer to take on such a liability as you!
>
>

Oh ya, you are the Mr.Perfect.
>> ... If you have
>> received it by mistake ...
>>
>
> As you say it _is_ confidential and I have NO existing relevant
> "relationship" with you, I MUST have received this by mistake....
>
>
>> ... please let us know by e-mail ...
>>
>
> ...and I have a good faith belief that the mailing list software will
> deliver this is to you by Email, so I've fulfilled that part of the
> "deal". But what about the rest of the F-D subscribers? You'll get a
> _LOT_ of Email...
>
>
>> ...immediately ...
>>
>
> Although I wrote this as quickly as I could and sent it "immediately"
> thereafter, I didn't read your message till several hours after
> receiving it -- I hope that doesn't mean I didn't do it
> "immediately"...
>
>
>> ... and
>> delete it from your system; ...
>>
>
> No. Why should I? Because _YOU_ are a moron and made a stupid
> mistake?
>
> In case it's not already nice and clear, I'll try to make it even
> clearer why this kind of "Email AUP" is _THOROUGHLY_ bogus.
>
> Imagine that I totally accidentally ran you over with my car BUT THEN
> told you that the terms and conditions of my having run you over are
> that you have to accept that I'm incompetent to judge whether I should
> drive or not [that's the earlier stuff], that you are to forget it ever
> happened [above]...
>
>
>> ... should also not copy the message nor
>> disclose its contents to anyone. Many thanks.
>>
>
> ...and that you are never to tell anyone anything about the accident.
>
> Do you think that would "protect" me in court if you actually had the
> temerity to sue me for damages or some such?
>
> Would any lawyer with at least two good brain cells (yes -- a very rare
> breed) sensibly take _my_ case?
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google Groups "Secure Computing" group.
> To post to this group, send email to Secure-Computing [at] googlegroups
> To unsubscribe from this group, send email to Secure-Computing-unsubscribe [at] googlegroups
> For more options, visit this group at http://groups.google.com/group/Secure-Computing?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Valdis.Kletnieks at vt

Jul 27, 2007, 6:49 AM

Post #12 of 22 (1581 views)
Permalink
Re: Hash [In reply to]
On Thu, 26 Jul 2007 18:23:37 MDT, Tremaine Lea said:

> Apparently you've never heard of a mail administrator tagging
> outbound email for all users. It's pretty common. Of course, you may
> lack the experience of dealing with large companies.

The fact a large company does it doesn't make it any less stupid. And you
think a large company could afford their own mailserver rather than making their
people use Gmail (now wrap your head around the concept of "confidential mail
anywhere *near* a Google-owned server"... ;)

To pick up on a part of the sig that Nick didn't rip into publicly:

> "and delete it from your system"

Presumably, Tremaine, in his self-claimed role as "Security Consultant"
*and* "Paranoia for hire", realizes that it quite likely sat on my site's main
mail server for anywhere from several seconds to several hours (in fact, there
are probably copies on *3* different servers in our mail cluster) - and that
until some *other* piece of mail happens to land on those same blocks of storage,
the text is quite easy to recover by any decent computer forensics practitioner.

On the other hand, actually going in and overwriting the affected block(s) is
quite challenging, especially when it's a 10 terabyte mailstore handling
several million messages a day for 100K users. We'll be happy to do it - *IF*
Tremaine's company is willing to indemnify us for the downtime.

So there's 2 possible outcomes here:

1) The request has zero legal standing, and Tremaine's company is relying on
the kindness of strangers rather than using PGP or S/MIME to actually secure
their mail. This sort of thing is usually called "lack of due diligence",
and I don't think any company wants to be flaunting it.

2) The request *does* have legal standing - in which case Tremaine's company
may indeed have some liability to pick up any and all associated costs.

Particularly interesting is the legal question of what happens when a
"please delete all copies" request is attached to something that's sent to
a company that is required to retain copies of *everything* for regulatory
compliance (as is true for some financial-sector companies).....


tremaine at gmail

Jul 27, 2007, 8:05 AM

Post #13 of 22 (1580 views)
Permalink
Re: Hash [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27-Jul-07, at 7:49 AM, Valdis.Kletnieks [at] vt wrote:

> On Thu, 26 Jul 2007 18:23:37 MDT, Tremaine Lea said:
>
>> Apparently you've never heard of a mail administrator tagging
>> outbound email for all users. It's pretty common. Of course, you may
>> lack the experience of dealing with large companies.
>
> The fact a large company does it doesn't make it any less stupid.
> And you
> think a large company could afford their own mailserver rather than
> making their
> people use Gmail (now wrap your head around the concept of
> "confidential mail
> anywhere *near* a Google-owned server"... ;)

I was as amused by that as you.


>
> To pick up on a part of the sig that Nick didn't rip into publicly:
>
>> "and delete it from your system"
>
> Presumably, Tremaine, in his self-claimed role as "Security
> Consultant"
> *and* "Paranoia for hire", realizes that it quite likely sat on my
> site's main
> mail server for anywhere from several seconds to several hours (in
> fact, there
> are probably copies on *3* different servers in our mail cluster) -
> and that
> until some *other* piece of mail happens to land on those same
> blocks of storage,
> the text is quite easy to recover by any decent computer forensics
> practitioner.

Yes, I do realize this. Duh.


>
> On the other hand, actually going in and overwriting the affected
> block(s) is
> quite challenging, especially when it's a 10 terabyte mailstore
> handling
> several million messages a day for 100K users. We'll be happy to
> do it - *IF*
> Tremaine's company is willing to indemnify us for the downtime.

Why would I (or the company I contract to) be interested in what you
do to delete Sergio's email?


>
> So there's 2 possible outcomes here:
>
> 1) The request has zero legal standing, and Tremaine's company is
> relying on
> the kindness of strangers rather than using PGP or S/MIME to
> actually secure
> their mail. This sort of thing is usually called "lack of due
> diligence",
> and I don't think any company wants to be flaunting it.

Speaking of due diligence... I'm pretty sure literacy and following
a trail of information is basic to this field. As you've clearly
missed, Sergio has nothing to do with me, the company I work with,
or ... hell, who knows. I don't know the guy from Adam. Or you.


>
> 2) The request *does* have legal standing - in which case
> Tremaine's company
> may indeed have some liability to pick up any and all associated
> costs.


Again with the not being able to follow the bouncing ball.

>
> Particularly interesting is the legal question of what happens when a
> "please delete all copies" request is attached to something that's
> sent to
> a company that is required to retain copies of *everything* for
> regulatory
> compliance (as is true for some financial-sector companies).....

That's the only really interesting thing you've contributed, and it's
a good question. Any one know of any court cases on this?

- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBAgAGBQJGqgm0AAoJEKGa22zRy9WCEvgIALax083+iHxWUphyIh+aXg7+
d9oqyw8CRe6iZ5Fe6GKYh1RHXO07PrJAx3kttMUyzvsIEupwsVmQdFtdzyGm7wPu
U1MRBPMFV9pIMhr6BF5Q96mYLmNf8dRvmMCIAoEoo1HmXRp3KocKzliLd3RqNJ6G
7Rsp+WOtpZJHnX4O+2Hn2EVAjIZTP3kZ7wko7FNVUTQcTe703/Cx9h82eGDgVmVZ
zaasGUsEX2Y9hgvPPFYdNebnX8EihkFZ1FjaLKpyXzl2aLBTGsmFKtoK0KdbS93Y
YwgMPiDByvXKNqTCR1Ehzl9c/Y6KVUMgR34jyFs9OQCr8/Cr2ePKZ5WGdT+YCxk=
=bgWU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


suckure at gmail

Jul 27, 2007, 11:21 AM

Post #14 of 22 (1573 views)
Permalink
Re: Hash [In reply to]
fucktard morons, (now write me a 10 paragraph response, im waiting!)


On 7/27/07, Tremaine Lea <tremaine [at] gmail> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 27-Jul-07, at 7:49 AM, Valdis.Kletnieks [at] vt wrote:
>
> > On Thu, 26 Jul 2007 18:23:37 MDT, Tremaine Lea said:
> >
> >> Apparently you've never heard of a mail administrator tagging
> >> outbound email for all users. It's pretty common. Of course, you may
> >> lack the experience of dealing with large companies.
> >
> > The fact a large company does it doesn't make it any less stupid.
> > And you
> > think a large company could afford their own mailserver rather than
> > making their
> > people use Gmail (now wrap your head around the concept of
> > "confidential mail
> > anywhere *near* a Google-owned server"... ;)
>
> I was as amused by that as you.
>
>
> >
> > To pick up on a part of the sig that Nick didn't rip into publicly:
> >
> >> "and delete it from your system"
> >
> > Presumably, Tremaine, in his self-claimed role as "Security
> > Consultant"
> > *and* "Paranoia for hire", realizes that it quite likely sat on my
> > site's main
> > mail server for anywhere from several seconds to several hours (in
> > fact, there
> > are probably copies on *3* different servers in our mail cluster) -
> > and that
> > until some *other* piece of mail happens to land on those same
> > blocks of storage,
> > the text is quite easy to recover by any decent computer forensics
> > practitioner.
>
> Yes, I do realize this. Duh.
>
>
> >
> > On the other hand, actually going in and overwriting the affected
> > block(s) is
> > quite challenging, especially when it's a 10 terabyte mailstore
> > handling
> > several million messages a day for 100K users. We'll be happy to
> > do it - *IF*
> > Tremaine's company is willing to indemnify us for the downtime.
>
> Why would I (or the company I contract to) be interested in what you
> do to delete Sergio's email?
>
>
> >
> > So there's 2 possible outcomes here:
> >
> > 1) The request has zero legal standing, and Tremaine's company is
> > relying on
> > the kindness of strangers rather than using PGP or S/MIME to
> > actually secure
> > their mail. This sort of thing is usually called "lack of due
> > diligence",
> > and I don't think any company wants to be flaunting it.
>
> Speaking of due diligence... I'm pretty sure literacy and following
> a trail of information is basic to this field. As you've clearly
> missed, Sergio has nothing to do with me, the company I work with,
> or ... hell, who knows. I don't know the guy from Adam. Or you.
>
>
> >
> > 2) The request *does* have legal standing - in which case
> > Tremaine's company
> > may indeed have some liability to pick up any and all associated
> > costs.
>
>
> Again with the not being able to follow the bouncing ball.
>
> >
> > Particularly interesting is the legal question of what happens when a
> > "please delete all copies" request is attached to something that's
> > sent to
> > a company that is required to retain copies of *everything* for
> > regulatory
> > compliance (as is true for some financial-sector companies).....
>
> That's the only really interesting thing you've contributed, and it's
> a good question. Any one know of any court cases on this?
>
> - ---
> Tremaine Lea
> Network Security Consultant
> Intrepid ACL
> "Paranoia for hire"
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iQEcBAEBAgAGBQJGqgm0AAoJEKGa22zRy9WCEvgIALax083+iHxWUphyIh+aXg7+
> d9oqyw8CRe6iZ5Fe6GKYh1RHXO07PrJAx3kttMUyzvsIEupwsVmQdFtdzyGm7wPu
> U1MRBPMFV9pIMhr6BF5Q96mYLmNf8dRvmMCIAoEoo1HmXRp3KocKzliLd3RqNJ6G
> 7Rsp+WOtpZJHnX4O+2Hn2EVAjIZTP3kZ7wko7FNVUTQcTe703/Cx9h82eGDgVmVZ
> zaasGUsEX2Y9hgvPPFYdNebnX8EihkFZ1FjaLKpyXzl2aLBTGsmFKtoK0KdbS93Y
> YwgMPiDByvXKNqTCR1Ehzl9c/Y6KVUMgR34jyFs9OQCr8/Cr2ePKZ5WGdT+YCxk=
> =bgWU
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


thouth at gmail

Oct 27, 2009, 5:37 PM

Post #15 of 22 (1294 views)
Permalink
Re: Hash [In reply to]
Bonjour!

Is this going to be another grossly misdiagnosed bug?

Also I'm glad you put that /usr/bin at the start, it would have been
confusing otherwise.

2009/10/27 laurent gaffie <laurent.gaffie [at] gmail>:
> For the record :
> /usr/bin/shasum advisory.txt
> 9fefeeb9d3ebf7c6822961e59ae94cfb655bcd53  advisory.txt
>
> Regards,
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


laurent.gaffie at gmail

Oct 28, 2009, 11:01 PM

Post #16 of 22 (1254 views)
Permalink
Re: Hash [In reply to]
Bonjour Fionnbharr Davies!,

I'm glad to make your life easier with the shasum full path, really.

Regarding the "Grossly misdiagnosed bug";
That's some funny words to describe one of the most difficult bug to exploit
in 2009 (http://seclists.org/dailydave/2009/q4/2)




Laurent


Bonjour!

Is this going to be another grossly misdiagnosed bug?

Also I'm glad you put that /usr/bin at the start, it would have been
confusing otherwise.


thouth at gmail

Oct 29, 2009, 12:29 AM

Post #17 of 22 (1250 views)
Permalink
Re: Hash [In reply to]
That sure would have be some funny words, glad I'm not talking about
how difficult to exploit it is! That would make me look pretty dumb
bringing something totally unrelated to my comment into the argument.

Yeeeeeeeeeep.

2009/10/29 laurent gaffie <laurent.gaffie [at] gmail>:
> Bonjour Fionnbharr Davies!,
>
> I'm glad to make your life easier with the shasum full path, really.
>
> Regarding the "Grossly misdiagnosed bug";
> That's some funny words to describe one of the most difficult bug to exploit
> in 2009 (http://seclists.org/dailydave/2009/q4/2)
>
>
>
>
> Laurent
>
>
> Bonjour!
>
> Is this going to be another grossly misdiagnosed bug?
>
> Also I'm glad you put that /usr/bin at the start, it would have been
> confusing otherwise.
>
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


pete.licoln at gmail

Nov 2, 2009, 12:57 AM

Post #18 of 22 (1168 views)
Permalink
Re: Hash [In reply to]
Fionnbharr,
laurent is blackhat peace of spit asshole, and you're an attention seeker.
Everyone knows, the only remote bug you can find is an xss or even better a
csrf.
laurent will find some nastie stufft as always, but will totally screw up at
disclosing theses issues (as argumented before the smb2 bugm aka soulseek).
Your troll sucks fionnbharr davies no one cares about you, and will, you're
like dropped tcp packet.

2009/10/29 Fionnbharr <thouth [at] gmail>

> That sure would have be some funny words, glad I'm not talking about
> how difficult to exploit it is! That would make me look pretty dumb
> bringing something totally unrelated to my comment into the argument.
>
> Yeeeeeeeeeep.
>
> 2009/10/29 laurent gaffie <laurent.gaffie [at] gmail>:
> > Bonjour Fionnbharr Davies!,
> >
> > I'm glad to make your life easier with the shasum full path, really.
> >
> > Regarding the "Grossly misdiagnosed bug";
> > That's some funny words to describe one of the most difficult bug to
> exploit
> > in 2009 (http://seclists.org/dailydave/2009/q4/2)
> >
> >
> >
> >
> > Laurent
> >
> >
> > Bonjour!
> >
> > Is this going to be another grossly misdiagnosed bug?
> >
> > Also I'm glad you put that /usr/bin at the start, it would have been
> > confusing otherwise.
> >
> >
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


thouth at gmail

Nov 2, 2009, 3:47 AM

Post #19 of 22 (1161 views)
Permalink
Re: Hash [In reply to]
It's true, Laurent is a blackhat. I am glad the security community at
large is accepting this fact. This matter has been passed onto his
soon to be employers.

Aside from that I'm not trolling, just speaking my mind. Something
you're obviously familiar with doing. Can't we be friends? I mean, you
don't like that Krakow Labs person either. It's can be the icebreaker
in our internet relationship. We can have and eDinner and discuss
interesting topics like your broken english and terrible comparisons.

Eventually though our love with wither and we'll stop mIRC32ing
together so much. It'll happen slowly at first, taking 30+ mins to
reply to a query, but it'll quickly grow much like our mutual
ambivalence. Until one day I'll care about you as much as a dropped
like a UDP packet.

:_(

2009/11/2 Pete Licoln <pete.licoln [at] gmail>:
> Fionnbharr,
> laurent is blackhat peace of spit asshole, and you're an attention seeker.
> Everyone knows, the only remote bug you can find is  an xss or even better a
> csrf.
> laurent will find some nastie stufft as always, but will totally screw up at
> disclosing theses issues (as argumented before the smb2 bugm aka soulseek).
> Your troll sucks fionnbharr davies no one cares about you, and will, you're
> like dropped tcp packet.
>
> 2009/10/29 Fionnbharr <thouth [at] gmail>
>>
>> That sure would have be some funny words, glad I'm not talking about
>> how difficult to exploit it is! That would make me look pretty dumb
>> bringing something totally unrelated to my comment into the argument.
>>
>> Yeeeeeeeeeep.
>>
>> 2009/10/29 laurent gaffie <laurent.gaffie [at] gmail>:
>> > Bonjour Fionnbharr Davies!,
>> >
>> > I'm glad to make your life easier with the shasum full path, really.
>> >
>> > Regarding the "Grossly misdiagnosed bug";
>> > That's some funny words to describe one of the most difficult bug to
>> > exploit
>> > in 2009 (http://seclists.org/dailydave/2009/q4/2)
>> >
>> >
>> >
>> >
>> > Laurent
>> >
>> >
>> > Bonjour!
>> >
>> > Is this going to be another grossly misdiagnosed bug?
>> >
>> > Also I'm glad you put that /usr/bin at the start, it would have been
>> > confusing otherwise.
>> >
>> >
>> >
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


akl at experian

Nov 6, 2009, 3:06 AM

Post #20 of 22 (1101 views)
Permalink
Re: Hash [In reply to]
Taunting other people's english skills work better when your own english isn't broken :)

-----Original Message-----
From: full-disclosure-bounces [at] lists [mailto:full-disclosure-bounces [at] lists] On Behalf Of Fionnbharr
Sent: 2. november 2009 12:48
To: Pete Licoln
Cc: full-disclosure [at] lists
Subject: Re: [Full-disclosure] Hash

It's true, Laurent is a blackhat. I am glad the security community at large is accepting this fact. This matter has been passed onto his soon to be employers.

Aside from that I'm not trolling, just speaking my mind. Something you're obviously familiar with doing. Can't we be friends? I mean, you don't like that Krakow Labs person either. It's can be the icebreaker in our internet relationship. We can have and eDinner and discuss interesting topics like your broken english and terrible comparisons.

Eventually though our love with wither and we'll stop mIRC32ing together so much. It'll happen slowly at first, taking 30+ mins to reply to a query, but it'll quickly grow much like our mutual ambivalence. Until one day I'll care about you as much as a dropped like a UDP packet.

:_(

2009/11/2 Pete Licoln <pete.licoln [at] gmail>:
> Fionnbharr,
> laurent is blackhat peace of spit asshole, and you're an attention seeker.
> Everyone knows, the only remote bug you can find is  an xss or even
> better a csrf.
> laurent will find some nastie stufft as always, but will totally screw
> up at disclosing theses issues (as argumented before the smb2 bugm aka soulseek).
> Your troll sucks fionnbharr davies no one cares about you, and will,
> you're like dropped tcp packet.
>
> 2009/10/29 Fionnbharr <thouth [at] gmail>
>>
>> That sure would have be some funny words, glad I'm not talking about
>> how difficult to exploit it is! That would make me look pretty dumb
>> bringing something totally unrelated to my comment into the argument.
>>
>> Yeeeeeeeeeep.
>>
>> 2009/10/29 laurent gaffie <laurent.gaffie [at] gmail>:
>> > Bonjour Fionnbharr Davies!,
>> >
>> > I'm glad to make your life easier with the shasum full path, really.
>> >
>> > Regarding the "Grossly misdiagnosed bug"; That's some funny words
>> > to describe one of the most difficult bug to exploit in 2009
>> > (http://seclists.org/dailydave/2009/q4/2)
>> >
>> >
>> >
>> >
>> > Laurent
>> >
>> >
>> > Bonjour!
>> >
>> > Is this going to be another grossly misdiagnosed bug?
>> >
>> > Also I'm glad you put that /usr/bin at the start, it would have
>> > been confusing otherwise.
>> >
>> >
>> >
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


pete.licoln at gmail

Nov 8, 2009, 8:48 PM

Post #21 of 22 (1034 views)
Permalink
Re: Hash [In reply to]
Just find a remote kernel on vista or seven (not an XSS bitch, just a
kernel remote)
Then you'll be able to open your big cunt ass fuck mouth .
Fuck your e-diner, "sympathy",redneck face
You're a fool, go suck a lemon bitch.


thouth at gmail

Nov 8, 2009, 9:09 PM

Post #22 of 22 (1036 views)
Permalink
Re: Hash [In reply to]
ahahahahaha <3

You seem to open your mouth fine without finding kernel remotes, must
be practise from all those dicks you put in it.

2009/11/9 Pete Licoln <pete.licoln [at] gmail>:
> Just find a remote kernel on vista  or seven (not an XSS bitch, just a
> kernel remote)
> Then  you'll be able to open your big cunt ass fuck mouth .
> Fuck your e-diner, "sympathy",redneck face
> You're a fool, go suck a lemon bitch.
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.