Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

Obama Order Sped Up Wave of Cyberattacks Against Iran

  

 
First page Previous page 1 2 3 4 5 6 Next page Last page  View All Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


me at b3nji

Jun 10, 2012, 2:54 PM

Post #126 of 143 (203 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
Which antisec kids? Unfortunately due to some poeple being utterly delued,
such as yourself, throwing that word around it's rather ambiguous now.

On Sun, Jun 10, 2012 at 10:49 PM, Laurelai <laurelai [at] oneechan> wrote:

> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>
> OK, I’ll bite this one time. I assert you are blatantly lying about
> military service. How about tell me your service dates? Surely you can’t
> consider that any sort of privacy breach. ****
>
> ** **
>
> This is an easy way for us to be done with the whole thing. Part of your
> diatribe is based on your “right” to bitch because of your military
> service. I, again, assert that is complete fabrication. As someone who
> actually HAS done work for the government I know (as you should) that your
> military service records are actually public record. I don’t need your
> service dates, but it will help. All I need do is fax over form SF-180,
> and they’ll verify your service.****
>
> ** **
>
> If you really did serve, I’ll apologize publically. If you didn’t (or
> don’t provide the information) then we’ll all know you are just a lying
> nutjob and we can ignore you from now on. Is that fair enough?****
>
> ** **
>
> *[.image: Description: Description: Description: Description: Description:
> Description: Description: Description: Description: TimSig]***
>
> * *
>
> *Timothy “Thor” Mullen*
>
> *www.hammerofgod.com*
>
> *Thor’s Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>
> *
>
> ** **
>
> ** **
>
> *From:* full-disclosure-bounces [at] lists [
> mailto:full-disclosure-bounces [at] lists<full-disclosure-bounces [at] lists>]
> *On Behalf Of *Laurelai
> *Sent:* Sunday, June 10, 2012 2:00 PM
> *To:* full-disclosure [at] lists
> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks
> Against Iran****
>
> ** **
>
> On 6/10/12 12:52 PM, Thor (Hammer of God) wrote: ****
>
> And not capitalizing "Army" when you claim to have spent 10 years of your
> life in service does precisely the same thing. ****
>
>
> On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan> wrote:****
>
>
>
> ****
>
> ** **
>
> I dont listen to either. And sorry to burst your bubble but I did serve
> 10 years in the army.****
>
> ** **
>
> Next I imagine you will insult my gender identity or something equally
> silly. For the record you should capitalize the first word of each sentence
> and put a punctuation mark at the end, not doing this just makes you look
> uneducated and ensures people do not take you seriously.****
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/****
>
>
>
>
> ****
>
> _______________________________________________****
>
> Full-Disclosure - We believe in it.****
>
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html****
>
> Hosted and sponsored by Secunia - http://secunia.com/****
>
> Except i don't like the government.****
>
> And i hope those antisec kids own the lot of your frauds, really i ask a
> simple question on how to avoid state sponsored malware that runs
> exclusively on windows platforms and not a single one of you said anything
> about using an alternate OS, some of you insisted in fact we should just
> lie down and take it. You aren't security experts you are scam artists.
> Makes me wonder if you are paid to act this way or if you all really just
> didnt consider it. Either answer is pretty chilling.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


laurelai at oneechan

Jun 10, 2012, 2:56 PM

Post #127 of 143 (203 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On 6/10/12 5:54 PM, Benji wrote:
> Which antisec kids? Unfortunately due to some poeple being utterly
> delued, such as yourself, throwing that word around it's rather
> ambiguous now.
>
> On Sun, Jun 10, 2012 at 10:49 PM, Laurelai <laurelai [at] oneechan
> <mailto:laurelai [at] oneechan>> wrote:
>
> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>>
>> OK, I’ll bite this one time. I assert you are blatantly lying
>> about military service. How about tell me your service dates?
>> Surely you can’t consider that any sort of privacy breach.
>>
>>
>>
>> This is an easy way for us to be done with the whole thing. Part
>> of your diatribe is based on your “right” to bitch because of
>> your military service. I, again, assert that is complete
>> fabrication. As someone who actually HAS done work for the
>> government I know (as you should) that your military service
>> records are actually public record. I don’t need your service
>> dates, but it will help. All I need do is fax over form SF-180,
>> and they’ll verify your service.
>>
>>
>>
>> If you really did serve, I’ll apologize publically. If you
>> didn’t (or don’t provide the information) then we’ll all know you
>> are just a lying nutjob and we can ignore you from now on. Is
>> that fair enough?
>>
>>
>>
>> *Description: Description: Description: Description: Description:
>> Description: Description: Description: Description: TimSig***
>>
>> * *
>>
>> *Timothy “Thor” Mullen*
>>
>> *www.hammerofgod.com <http://www.hammerofgod.com>*
>>
>> *Thor’s Microsoft Security Bible
>> <http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>*
>>
>>
>>
>>
>>
>> *From:*full-disclosure-bounces [at] lists
>> <mailto:full-disclosure-bounces [at] lists>
>> [mailto:full-disclosure-bounces [at] lists] *On Behalf Of
>> *Laurelai
>> *Sent:* Sunday, June 10, 2012 2:00 PM
>> *To:* full-disclosure [at] lists
>> <mailto:full-disclosure [at] lists>
>> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
>> Cyberattacks Against Iran
>>
>>
>>
>> On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
>>
>> And not capitalizing "Army" when you claim to have spent 10 years
>> of your life in service does precisely the same thing.
>>
>>
>> On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan
>> <mailto:laurelai [at] oneechan>> wrote:
>>
>>
>>
>>
>>
>> I dont listen to either. And sorry to burst your bubble
>> but I did serve 10 years in the army.
>>
>>
>>
>> Next I imagine you will insult my gender identity or
>> something equally silly. For the record you should capitalize
>> the first word of each sentence and put a punctuation mark at
>> the end, not doing this just makes you look uneducated and
>> ensures people do not take you seriously.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> Except i don't like the government.
>>
> And i hope those antisec kids own the lot of your frauds, really i
> ask a simple question on how to avoid state sponsored malware that
> runs exclusively on windows platforms and not a single one of you
> said anything about using an alternate OS, some of you insisted in
> fact we should just lie down and take it. You aren't security
> experts you are scam artists. Makes me wonder if you are paid to
> act this way or if you all really just didnt consider it. Either
> answer is pretty chilling.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
None of you could give the obvious solution to my question and I'm the
deluded one, right. Let me know when the blow wears off and you want to
talk for real ok?


me at b3nji

Jun 10, 2012, 2:56 PM

Post #128 of 143 (203 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
You're the one that suggested a real suggestion would be to use an
'alternate os'.

Live in a cave please?

On Sun, Jun 10, 2012 at 10:56 PM, Laurelai <laurelai [at] oneechan> wrote:

> On 6/10/12 5:54 PM, Benji wrote:
>
> Which antisec kids? Unfortunately due to some poeple being utterly delued,
> such as yourself, throwing that word around it's rather ambiguous now.
>
> On Sun, Jun 10, 2012 at 10:49 PM, Laurelai <laurelai [at] oneechan> wrote:
>
>> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>>
>> OK, I’ll bite this one time. I assert you are blatantly lying about
>> military service. How about tell me your service dates? Surely you can’t
>> consider that any sort of privacy breach.
>>
>>
>>
>> This is an easy way for us to be done with the whole thing. Part of your
>> diatribe is based on your “right” to bitch because of your military
>> service. I, again, assert that is complete fabrication. As someone who
>> actually HAS done work for the government I know (as you should) that your
>> military service records are actually public record. I don’t need your
>> service dates, but it will help. All I need do is fax over form SF-180,
>> and they’ll verify your service.
>>
>>
>>
>> If you really did serve, I’ll apologize publically. If you didn’t (or
>> don’t provide the information) then we’ll all know you are just a lying
>> nutjob and we can ignore you from now on. Is that fair enough?
>>
>>
>>
>> *[.image: Description: Description: Description: Description:
>> Description: Description: Description: Description: Description: TimSig]*
>> **
>>
>> * *
>>
>> *Timothy “Thor” Mullen*
>>
>> *www.hammerofgod.com*
>>
>> *Thor’s Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>
>> *
>>
>>
>>
>>
>>
>> *From:* full-disclosure-bounces [at] lists [
>> mailto:full-disclosure-bounces [at] lists<full-disclosure-bounces [at] lists>]
>> *On Behalf Of *Laurelai
>> *Sent:* Sunday, June 10, 2012 2:00 PM
>> *To:* full-disclosure [at] lists
>> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
>> Cyberattacks Against Iran
>>
>>
>>
>> On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
>>
>> And not capitalizing "Army" when you claim to have spent 10 years of your
>> life in service does precisely the same thing.
>>
>>
>> On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan> wrote:
>>
>>
>>
>>
>>
>> I dont listen to either. And sorry to burst your bubble but I did serve
>> 10 years in the army.
>>
>>
>>
>> Next I imagine you will insult my gender identity or something equally
>> silly. For the record you should capitalize the first word of each sentence
>> and put a punctuation mark at the end, not doing this just makes you look
>> uneducated and ensures people do not take you seriously.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>> _______________________________________________
>>
>> Full-Disclosure - We believe in it.
>>
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> Except i don't like the government.
>>
>> And i hope those antisec kids own the lot of your frauds, really i ask
>> a simple question on how to avoid state sponsored malware that runs
>> exclusively on windows platforms and not a single one of you said anything
>> about using an alternate OS, some of you insisted in fact we should just
>> lie down and take it. You aren't security experts you are scam artists.
>> Makes me wonder if you are paid to act this way or if you all really just
>> didnt consider it. Either answer is pretty chilling.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> None of you could give the obvious solution to my question and I'm the
> deluded one, right. Let me know when the blow wears off and you want to
> talk for real ok?
>


thor at hammerofgod

Jun 10, 2012, 3:00 PM

Post #129 of 143 (201 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
Awesome. I'll send 'er off. "Andrew Wallace," correct?

[Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]

Timothy "Thor" Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: Laurelai [mailto:laurelai [at] oneechan]
Sent: Sunday, June 10, 2012 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure [at] lists
Subject: Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
OK, I'll bite this one time. I assert you are blatantly lying about military service. How about tell me your service dates? Surely you can't consider that any sort of privacy breach.

This is an easy way for us to be done with the whole thing. Part of your diatribe is based on your "right" to bitch because of your military service. I, again, assert that is complete fabrication. As someone who actually HAS done work for the government I know (as you should) that your military service records are actually public record. I don't need your service dates, but it will help. All I need do is fax over form SF-180, and they'll verify your service.

If you really did serve, I'll apologize publically. If you didn't (or don't provide the information) then we'll all know you are just a lying nutjob and we can ignore you from now on. Is that fair enough?

[Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]

Timothy "Thor" Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: full-disclosure-bounces [at] lists<mailto:full-disclosure-bounces [at] lists> [mailto:full-disclosure-bounces [at] lists] On Behalf Of Laurelai
Sent: Sunday, June 10, 2012 2:00 PM
To: full-disclosure [at] lists<mailto:full-disclosure [at] lists>
Subject: Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
And not capitalizing "Army" when you claim to have spent 10 years of your life in service does precisely the same thing.

On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan<mailto:laurelai [at] oneechan>> wrote:




I dont listen to either. And sorry to burst your bubble but I did serve 10 years in the army.

Next I imagine you will insult my gender identity or something equally silly. For the record you should capitalize the first word of each sentence and put a punctuation mark at the end, not doing this just makes you look uneducated and ensures people do not take you seriously.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/
Except i don't like the government.
I went to basic in september of 99 and ETS'ed in may of 08. 6 years were national guard 4 years active duty, i went to basic at FT. Jackson South Carolina, the base has a lot of fire ants and the weather was a bit unpredictable. My drill sergeant's names were Drill Sergeant Hunter and Drill Sergeant Wachowski The unit i ETS'ed from was HHB 4/5 ADA out of camp carrol South Korea, and right before i left korea our CSM was relieved of duty (CSM Larkin) for sexually harassing junior enlisted soldiers under his command. I worked in the S-6 shop in a 25B slot for a long time even though i had been trained as a 14E ( patriot systems operator and maintainer), I went to echo school at FT. Bliss and let me tell you when I got there I thought the place was just terrible, but there is nothing like the view of watching the sun set against those desert mountains, absolutely beautiful. While I was i South Korea I met up with hubris from backtrace security believe it or not since he was in the area at the time, ( this was before there ever was a backtrace security) he showed me all the fun places to hang out away from the tourist traps and he has seen me in uniform. So stick that in your pipe and smoke it.
Attachments: image001.png (1.02 KB)


coderman at gmail

Jun 10, 2012, 3:12 PM

Post #130 of 143 (204 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, Jun 10, 2012 at 2:06 PM, Laurelai <laurelai [at] oneechan> wrote:
> ... in regards to protecting yourself
> from .gov malware, it really is quite simple... all only run on windows platforms.

this is wrong in fact, and understanding.

factually other state driven malware has targeted OSX, iOS, Android,
many other popular operating systems. the cost of exploit development
varies significantly between them, yet they are all vulnerable
targets.

your understanding is flawed in that at root these are well funded,
highly skilled, large resource entities able to position effective
attacks at multiple points around / within a target. if you are using
another OS distribution they may only get 2 vectors instead of 12; not
exactly a winning strategy for such a blanket statement.

defending against large resource attackers a very long tangent, too
long for this margin.
... more a method and practice of continuous learning,
eventually making you harder nut to crack than others ;P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


valdis.kletnieks at vt

Jun 10, 2012, 3:15 PM

Post #131 of 143 (202 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, 10 Jun 2012 17:06:37 -0400, Laurelai said:

> I am a bit surprised by the direction of this conversation and I have
> been waiting for someone to say the obvious in regards to protecting
> yourself from .gov malware, it really is quite simple if you think about
> it. Stuxnet, duqu, flame, ect.. all only run on windows platforms. If
> the people you are protecting are concerned about that kind of malware
> (and they should be) it would be a great time to tell them about
> GNU/Linux, BSD, ect..

You *do* realize that's basically the same logic as "Macs don't get viruses",
only even worse security-wise.

If your threat model actually includes "attacked by state actors", then it
should include the possibility that the team of state actors includes an OSX
jockey and a few Linux geeks.


cthulhucalling at gmail

Jun 10, 2012, 3:30 PM

Post #132 of 143 (204 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
What she fails to realize is the reason why Stuxnet was written to run on
Windows is because the Siemens PLC software interface runs on Windows.

The operating system is merely a means to the end. The motivation behind
the action is the real issue.

Ponder the Riddle of Steel upon the Tree of Woe.

On Jun 10, 2012 3:16 PM, <valdis.kletnieks [at] vt> wrote:

On Sun, 10 Jun 2012 17:06:37 -0400, Laurelai said:

> I am a bit surprised by the direction of this ...
You *do* realize that's basically the same logic as "Macs don't get
viruses",
only even worse security-wise.

If your threat model actually includes "attacked by state actors", then it
should include the possibility that the team of state actors includes an OSX
jockey and a few Linux geeks.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


ben.kreuter at gmail

Jun 10, 2012, 4:12 PM

Post #133 of 143 (202 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, 10 Jun 2012 14:29:23 -0700
coderman <coderman [at] gmail> wrote:

> On Sun, Jun 10, 2012 at 2:22 PM, coderman <coderman [at] gmail> wrote:
> > ...
> > we can split hairs on the origin and naming of a given capability,
> > but these are CALEA (aka "lawful intercept") functions used
> > unlawfully.
>
> more fun reading, if you're curious:
>
> "Exploiting Lawful Intercept to Wiretap the Internet"
> http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-slides.pdf
>
> "Lawful Interception and Countermeasures"
> http://web.it.kth.se/~maguire/DEGREE-PROJECT-REPORTS/080922-Romanidis_Evripidis-with-cover.pdf
>
>
> ... and, there are rumors VUPEN got hacked a few days ago. their
> weaponized exploits, also marketed as "lawful intercept" technologies,
> are sure to be abused if now in the wild.
>
> we could do this all day! ;)

Like I said, I have no doubt that it happens or that there are
vulnerabilities -- I just wanted examples specifically from the US, or
at least some indication that CALEA's mandates are synchronized with
requirements in other countries to the point where any attacks on
systems in other countries could have be carried out here.

-- Ben

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
Benjamin R Kreuter
UVA Computer Science
brk7bx [at] virginia
KK4FJZ

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
Attachments: signature.asc (0.82 KB)


laurelai at oneechan

Jun 10, 2012, 4:20 PM

Post #134 of 143 (195 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On 6/10/12 6:00 PM, Thor (Hammer of God) wrote:
>
> Awesome. I'll send 'er off. "Andrew Wallace," correct?
>
>
>
> *Description: Description: Description: Description: Description:
> Description: Description: Description: Description: TimSig***
>
> * *
>
> *Timothy "Thor" Mullen*
>
> *www.hammerofgod.com*
>
> *Thor's Microsoft Security Bible
> <http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>*
>
>
>
>
>
> *From:*Laurelai [mailto:laurelai [at] oneechan]
> *Sent:* Sunday, June 10, 2012 2:26 PM
> *To:* Thor (Hammer of God)
> *Cc:* full-disclosure [at] lists
> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
> Cyberattacks Against Iran
>
>
>
> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>
> OK, I'll bite this one time. I assert you are blatantly lying about
> military service. How about tell me your service dates? Surely you
> can't consider that any sort of privacy breach.
>
>
>
> This is an easy way for us to be done with the whole thing. Part of
> your diatribe is based on your "right" to bitch because of your
> military service. I, again, assert that is complete fabrication. As
> someone who actually HAS done work for the government I know (as you
> should) that your military service records are actually public
> record. I don't need your service dates, but it will help. All I
> need do is fax over form SF-180, and they'll verify your service.
>
>
>
> If you really did serve, I'll apologize publically. If you didn't (or
> don't provide the information) then we'll all know you are just a
> lying nutjob and we can ignore you from now on. Is that fair enough?
>
>
>
> *Description: Description: Description: Description: Description:
> Description: Description: Description: Description: TimSig*
>
> * *
>
> *Timothy "Thor" Mullen*
>
> *www.hammerofgod.com*
>
> *Thor's Microsoft Security Bible
> <http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>*
>
>
>
>
>
> *From:*full-disclosure-bounces [at] lists
> <mailto:full-disclosure-bounces [at] lists>
> [mailto:full-disclosure-bounces [at] lists] *On Behalf Of *Laurelai
> *Sent:* Sunday, June 10, 2012 2:00 PM
> *To:* full-disclosure [at] lists
> <mailto:full-disclosure [at] lists>
> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
> Cyberattacks Against Iran
>
>
>
> On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
>
> And not capitalizing "Army" when you claim to have spent 10 years of
> your life in service does precisely the same thing.
>
>
> On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan
> <mailto:laurelai [at] oneechan>> wrote:
>
>
>
>
>
>
> I dont listen to either. And sorry to burst your bubble but I
> did serve 10 years in the army.
>
>
>
> Next I imagine you will insult my gender identity or something
> equally silly. For the record you should capitalize the first word
> of each sentence and put a punctuation mark at the end, not doing
> this just makes you look uneducated and ensures people do not take
> you seriously.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> Except i don't like the government.
>
> I went to basic in september of 99 and ETS'ed in may of 08. 6 years
> were national guard 4 years active duty, i went to basic at FT.
> Jackson South Carolina, the base has a lot of fire ants and the
> weather was a bit unpredictable. My drill sergeant's names were Drill
> Sergeant Hunter and Drill Sergeant Wachowski The unit i ETS'ed from
> was HHB 4/5 ADA out of camp carrol South Korea, and right before i
> left korea our CSM was relieved of duty (CSM Larkin) for sexually
> harassing junior enlisted soldiers under his command. I worked in the
> S-6 shop in a 25B slot for a long time even though i had been trained
> as a 14E ( patriot systems operator and maintainer), I went to echo
> school at FT. Bliss and let me tell you when I got there I thought the
> place was just terrible, but there is nothing like the view of
> watching the sun set against those desert mountains, absolutely
> beautiful. While I was i South Korea I met up with hubris from
> backtrace security believe it or not since he was in the area at the
> time, ( this was before there ever was a backtrace security) he showed
> me all the fun places to hang out away from the tourist traps and he
> has seen me in uniform. So stick that in your pipe and smoke it.
>
Where the hell did you get that name from lol


ben.kreuter at gmail

Jun 10, 2012, 4:22 PM

Post #135 of 143 (196 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sun, 10 Jun 2012 17:06:37 -0400
Laurelai <laurelai [at] oneechan> wrote:

> I am a bit surprised by the direction of this conversation and I have
> been waiting for someone to say the obvious in regards to protecting
> yourself from .gov malware, it really is quite simple if you think
> about it. Stuxnet, duqu, flame, ect.. all only run on windows
> platforms. If the people you are protecting are concerned about that
> kind of malware (and they should be) it would be a great time to tell
> them about GNU/Linux, BSD, ect..

Which would do little to protect anyone. Do you really think that
GNU/Linux would be a more difficult target for the NSA (or whichever
agencies were responsible -- I would guess the NSA, but there may be
others)? GNU/Linux machines are compromised by criminals all the time,
and the majority of people would not be willing to put in the effort
needed to keep their system secure.

There are probably a bunch of remote exploits in the Linux kernel, in
Firefox and Chrome, in OpenSSL and NSS, in Ghostscript, and in any of
the thousands of other packages that will be installed on a typical
GNU/Linux system.

There is no magic bullet here. Security is not about running the right
OS, it is about running your OS the right way (and more). Telling
people that using GNU/Linux will make them safe is silly.

- -- Ben


- --
Benjamin R Kreuter
UVA Computer Science
brk7bx [at] virginia
KK4FJZ

- --

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCgAGBQJP1SxSAAoJEOV0+MnZK9ijPB0P/1NQQ5ea/xQhu4vdPdMz02Km
rzs/ecj4BXuD1k9kmFiZtoU9g9yG4Vm1J99baD/ywV83XeOqLuQREk0Zhv6fumax
x8Cj0GEYXNinmg1n5nYqgr4g7Ba2GBc0D7NGkyckKHXpIu6QkThKKYOwdSjFkmJS
yjH+2Gzz03tGHuiz/0S0mZYt6H02OAl6/cEXX45PkxnAR2V2EU2v738WcS6dpI9P
sAu4osMBg8DfF/Zo+ioHcsDao7+8apJ/meVpQoZ4UDQEfasacoKVWRFKhaVKxZNG
lwhqtJObpNYkMCK2/YH6JXttA6Dx93aQ2Wa0vq2sdquDK+R7V2HRd6oKgLWobCOj
Pb5m//RLZRSM39rvBwOZ5ehX72zc32V+wONai+qNqEpjcD5h2JfcxsySQ9QD6dR3
c5AL4RTsEqA1Nm6gmoZlD5geQL7b9L/9s40T7bbFXUh0I5sUFLdvqyQWx8CD8nVE
UxWqIlCHiZ5DLFJuXneNBhBtwEJjc9AnTrDUnRwdU/V1egf8XtXjIEJI7/6CRlex
oUQBVwEE0lhRZuY/5JLIFivWMXcCXQ0awl/75rJjcULZQ/Qp7Dg/Icz34wKHrg3H
FhFMtevC2KzFg2ivjqZNA4I2QQSVmSAIiGE1PMg1Cylb3eleAE4wvof24D4SE8VK
uL1btjgFXC5QfqPp0Mvl
=a5T+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


cthulhucalling at gmail

Jun 10, 2012, 4:35 PM

Post #136 of 143 (194 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, Jun 10, 2012 at 2:06 PM, Laurelai <laurelai [at] oneechan> wrote:
> I am a bit surprised by the direction of this conversation and I have been
> waiting for someone to say the obvious in regards to protecting yourself
> from .gov malware, it really is quite simple if you think about it. Stuxnet,
> duqu, flame, ect.. all only run on windows platforms. If the people you are
> protecting are concerned about that kind of malware (and they should be) it
> would be a great time to tell them about GNU/Linux, BSD, ect..

What makes you think the world doesn't already know about these, and
that the various world governments don't already have their own 0days
or hooks into them? Why was Stuxnet written on Windows? Not because of
it's history of flaws, but because the Siemens PLC code that
interfaces with the centrifuges runs on Windows. If it ran on any
other platform, I would *guarantee* that it would still happen. "Just
run Linux" is not a panacea that instantly cures everything. Mac
fanboys used to say the same thing until someone decided to shut them
up. I've worked at places where it was Linux 100% and we STILL had
security issues. Conversely, I've worked at Windows heavy shops that
were actually well-run, and didn't have the mythical security issues
that seem to plague the news.

The operating system is merely the conduit, one has to look past that
to the motivation of the attacking party. Consider this your own
Riddle of Steel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


crossd at gmail

Jun 10, 2012, 4:58 PM

Post #137 of 143 (193 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, Jun 10, 2012 at 7:22 PM, Benjamin Kreuter <ben.kreuter [at] gmail> wrote:
>> I am a bit surprised by the direction of this conversation and I have
>> been waiting for someone to say the obvious in regards to protecting
>> yourself from .gov malware, it really is quite simple if you think
>> about it. Stuxnet, duqu, flame, ect.. all only run on windows
>> platforms. If the people you are protecting are concerned about that
>> kind of malware (and they should be) it would be a great time to tell
>> them about GNU/Linux, BSD, ect..
>
> Which would do little to protect anyone.  Do you really think that
> GNU/Linux would be a more difficult target for the NSA (or whichever
> agencies were responsible -- I would guess the NSA, but there may be
> others)?  GNU/Linux machines are compromised by criminals all the time,
> and the majority of people would not be willing to put in the effort
> needed to keep their system secure.
>
> There are probably a bunch of remote exploits in the Linux kernel, in
> Firefox and Chrome, in OpenSSL and NSS, in Ghostscript, and in any of
> the thousands of other packages that will be installed on a typical
> GNU/Linux system.
>
> There is no magic bullet here.  Security is not about running the right
> OS, it is about running your OS the right way (and more).  Telling
> people that using GNU/Linux will make them safe is silly.

Fundamentally I agree with you, security isn't about running the right
OS, etc, we should acknowledge that not all operating systems are the
same. Windows is fabulously complex, with a really large number of
system calls, many of which take a large number of arguments that in
turn change the semantics of the call greatly. Together, these
represent a very large surface area for potential attacks. In turn,
many of the Unix variants are simpler; they may not be any more
secure, but at a minimum, they have less attack surface area. Of
course, it's been my impression over the last couple of decades that
they're trying as hard as they can to fill the gap. To put it in
military terms, the Unix variants have traditionally had more surfaces
and fewer gaps than Windows.

Anyway, this isn't to say that Unix or some variant is inherently more
secure, but all other things being equal, I'd rather put my money on
the simpler thing, since simpler is often easier to get right.
Whether that's really the case or not is another matter; I simply
wanted to point out that there are other arguments beside the flawed,
"security through obscurity" that may come into play when deciding
between operating systems with respect to security.

- Dan C.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


uuf6429 at gmail

Jun 10, 2012, 5:17 PM

Post #138 of 143 (195 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
All this talk about a lot of arguments to syscalls reminded me of
`ls`....and that's just the beginning..
Let's be honest, no matter the amount of "standardization" (or plain
"planning") you put in, there's always room for complications.
In what I've seen, the only exception here, is a dozen or so small hobbyist
OSes.





On Mon, Jun 11, 2012 at 1:58 AM, Dan Cross <crossd [at] gmail> wrote:

> On Sun, Jun 10, 2012 at 7:22 PM, Benjamin Kreuter <ben.kreuter [at] gmail>
> wrote:
> >> I am a bit surprised by the direction of this conversation and I have
> >> been waiting for someone to say the obvious in regards to protecting
> >> yourself from .gov malware, it really is quite simple if you think
> >> about it. Stuxnet, duqu, flame, ect.. all only run on windows
> >> platforms. If the people you are protecting are concerned about that
> >> kind of malware (and they should be) it would be a great time to tell
> >> them about GNU/Linux, BSD, ect..
> >
> > Which would do little to protect anyone. Do you really think that
> > GNU/Linux would be a more difficult target for the NSA (or whichever
> > agencies were responsible -- I would guess the NSA, but there may be
> > others)? GNU/Linux machines are compromised by criminals all the time,
> > and the majority of people would not be willing to put in the effort
> > needed to keep their system secure.
> >
> > There are probably a bunch of remote exploits in the Linux kernel, in
> > Firefox and Chrome, in OpenSSL and NSS, in Ghostscript, and in any of
> > the thousands of other packages that will be installed on a typical
> > GNU/Linux system.
> >
> > There is no magic bullet here. Security is not about running the right
> > OS, it is about running your OS the right way (and more). Telling
> > people that using GNU/Linux will make them safe is silly.
>
> Fundamentally I agree with you, security isn't about running the right
> OS, etc, we should acknowledge that not all operating systems are the
> same. Windows is fabulously complex, with a really large number of
> system calls, many of which take a large number of arguments that in
> turn change the semantics of the call greatly. Together, these
> represent a very large surface area for potential attacks. In turn,
> many of the Unix variants are simpler; they may not be any more
> secure, but at a minimum, they have less attack surface area. Of
> course, it's been my impression over the last couple of decades that
> they're trying as hard as they can to fill the gap. To put it in
> military terms, the Unix variants have traditionally had more surfaces
> and fewer gaps than Windows.
>
> Anyway, this isn't to say that Unix or some variant is inherently more
> secure, but all other things being equal, I'd rather put my money on
> the simpler thing, since simpler is often easier to get right.
> Whether that's really the case or not is another matter; I simply
> wanted to point out that there are other arguments beside the flawed,
> "security through obscurity" that may come into play when deciding
> between operating systems with respect to security.
>
> - Dan C.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


valdis.kletnieks at vt

Jun 10, 2012, 5:59 PM

Post #139 of 143 (193 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Mon, 11 Jun 2012 02:17:15 +0200, Christian Sciberras said:

> All this talk about a lot of arguments to syscalls reminded me of
> `ls`....and that's just the beginning..

"The real reason GNU ls is 8-bit-clean is so that they can start using ISO-8859-1 option characters."
- Christopher Davis (ckd [at] loiosh)


crossd at gmail

Jun 10, 2012, 7:41 PM

Post #140 of 143 (184 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On Sun, Jun 10, 2012 at 8:17 PM, Christian Sciberras <uuf6429 [at] gmail> wrote:
> All this talk about a lot of arguments to syscalls reminded me of
> `ls`....and that's just the beginning..

'ls' is a user program, not a system call; system calls are entry
points into the operating system itself: basically little passage ways
into the kernel. Having many them opens up the surface area for bugs.
The Linux people seem to be making great strides in, ahem, 'catching
up' to Microsoft in this area, but comparing the number of options to
a non-privileged user-level program to the number of system calls in
the win32 or win64 API isn't very useful.

> Let's be honest, no matter the amount of "standardization" (or plain
> "planning") you put in, there's always room for complications.

I totally agree. The question is do you want to use the system that
allows you to be complex, or the one that forces you to be?

> In what I've seen, the only exception here, is a dozen or so small hobbyist
> OSes.

For general purpose computing, this unfortunately seems to be more or
less true. It's a sad state of affairs.

- Dan C.

> On Mon, Jun 11, 2012 at 1:58 AM, Dan Cross <crossd [at] gmail> wrote:
>>
>> On Sun, Jun 10, 2012 at 7:22 PM, Benjamin Kreuter <ben.kreuter [at] gmail>
>> wrote:
>> >> I am a bit surprised by the direction of this conversation and I have
>> >> been waiting for someone to say the obvious in regards to protecting
>> >> yourself from .gov malware, it really is quite simple if you think
>> >> about it. Stuxnet, duqu, flame, ect.. all only run on windows
>> >> platforms. If the people you are protecting are concerned about that
>> >> kind of malware (and they should be) it would be a great time to tell
>> >> them about GNU/Linux, BSD, ect..
>> >
>> > Which would do little to protect anyone.  Do you really think that
>> > GNU/Linux would be a more difficult target for the NSA (or whichever
>> > agencies were responsible -- I would guess the NSA, but there may be
>> > others)?  GNU/Linux machines are compromised by criminals all the time,
>> > and the majority of people would not be willing to put in the effort
>> > needed to keep their system secure.
>> >
>> > There are probably a bunch of remote exploits in the Linux kernel, in
>> > Firefox and Chrome, in OpenSSL and NSS, in Ghostscript, and in any of
>> > the thousands of other packages that will be installed on a typical
>> > GNU/Linux system.
>> >
>> > There is no magic bullet here.  Security is not about running the right
>> > OS, it is about running your OS the right way (and more).  Telling
>> > people that using GNU/Linux will make them safe is silly.
>>
>> Fundamentally I agree with you, security isn't about running the right
>> OS, etc, we should acknowledge that not all operating systems are the
>> same.  Windows is fabulously complex, with a really large number of
>> system calls, many of which take a large number of arguments that in
>> turn change the semantics of the call greatly.  Together, these
>> represent a very large surface area for potential attacks.  In turn,
>> many of the Unix variants are simpler; they may not be any more
>> secure, but at a minimum, they have less attack surface area.  Of
>> course, it's been my impression over the last couple of decades that
>> they're trying as hard as they can to fill the gap.  To put it in
>> military terms, the Unix variants have traditionally had more surfaces
>> and fewer gaps than Windows.
>>
>> Anyway, this isn't to say that Unix or some variant is inherently more
>> secure, but all other things being equal, I'd rather put my money on
>> the simpler thing, since simpler is often easier to get right.
>> Whether that's really the case or not is another matter; I simply
>> wanted to point out that there are other arguments beside the flawed,
>> "security through obscurity" that may come into play when deciding
>> between operating systems with respect to security.
>>
>>        - Dan C.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


nick at virus-l

Jun 10, 2012, 7:47 PM

Post #141 of 143 (184 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
Laurelai wrote:

> ... really i ask a
> simple question on how to avoid state sponsored malware that runs
> exclusively on windows platforms and not a single one of you said
> anything about using an alternate OS, some of you insisted in fact we
> should just lie down and take it. You aren't security experts you are
> scam artists. Makes me wonder if you are paid to act this way or if you
> all really just didnt consider it. Either answer is pretty chilling.

I was trying to keep right out of this one, but...

OK -- that was not actually quite what you asked, but as you have now
asked it this way, I'll reply to this version of your question.

The "state-sponsored malware" you're talking about arose as part of a
plan to execute a (more-or-less) targeted attack. That meant that it
had to target the OS of the intended victim(s).

Not much use writing a brilliant attack against IIS 7 when the target's
webserver runs Apache 2.2.21 on some BSD.

"Not running Windows", as a general policy to adopt in order to prevent
yourself or your organization from potentially feeling the unintended
side-effects of some state-sponsored malware "going feral", will likely
be about as useful as "not running Windows" as a general policy to
avoid malware (under the assumption that likely targets of state-
sponsored malware will sample target platforms in roughly the same way
that the rest of the population will).

As changing the whole of your IT infrastructure, recovering the value
of the training, experience, etc of your staff in using that
infrastructure, etc, etc, is something that most organizations either
have not consdered, or have considered and (mostly) rejected, you will
have to show us a major additional increase in risk that state-
sponsored malware brings to the table before the ROI of changing IT
infrastructure starts to stack up economically.

Just tacking the adjective "state-sponsored" in front of the term does
not do that (well, except, perhaps, for a few folk at the really mal-
adjusted ends of some or other psychiatric spectra).



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


thor at hammerofgod

Jun 10, 2012, 8:10 PM

Post #142 of 143 (189 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
Well no freaking wonder then. For whatever reason, I keep thinking you are Andrew posting under a different name, which always confused me. I know Andrew didn't serve in the Army, which just made me think he was losing his mind. (I've actually never had a problem with Andrew, though I guess many here have.)

So yes, my apologies, as I obviously don't know you from Adam. Now everything makes more sense.
T

Sent from my iPad

On Jun 10, 2012, at 4:21 PM, "Laurelai" <laurelai [at] oneechan<mailto:laurelai [at] oneechan>> wrote:

On 6/10/12 6:00 PM, Thor (Hammer of God) wrote:
Awesome. I’ll send ‘er off. “Andrew Wallace,” correct?

<mime-attachment.png>

Timothy “Thor” Mullen
www.hammerofgod.com
Thor’s Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: Laurelai [mailto:laurelai [at] oneechan]
Sent: Sunday, June 10, 2012 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure [at] lists<mailto:full-disclosure [at] lists>
Subject: Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
OK, I’ll bite this one time. I assert you are blatantly lying about military service. How about tell me your service dates? Surely you can’t consider that any sort of privacy breach.

This is an easy way for us to be done with the whole thing. Part of your diatribe is based on your “right” to bitch because of your military service. I, again, assert that is complete fabrication. As someone who actually HAS done work for the government I know (as you should) that your military service records are actually public record. I don’t need your service dates, but it will help. All I need do is fax over form SF-180, and they’ll verify your service.

If you really did serve, I’ll apologize publically. If you didn’t (or don’t provide the information) then we’ll all know you are just a lying nutjob and we can ignore you from now on. Is that fair enough?

<mime-attachment.png>

Timothy “Thor” Mullen
www.hammerofgod.com
Thor’s Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: full-disclosure-bounces [at] lists<mailto:full-disclosure-bounces [at] lists> [mailto:full-disclosure-bounces [at] lists] On Behalf Of Laurelai
Sent: Sunday, June 10, 2012 2:00 PM
To: full-disclosure [at] lists<mailto:full-disclosure [at] lists>
Subject: Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran

On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
And not capitalizing "Army" when you claim to have spent 10 years of your life in service does precisely the same thing.

On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan<mailto:laurelai [at] oneechan>> wrote:




I dont listen to either. And sorry to burst your bubble but I did serve 10 years in the army.

Next I imagine you will insult my gender identity or something equally silly. For the record you should capitalize the first word of each sentence and put a punctuation mark at the end, not doing this just makes you look uneducated and ensures people do not take you seriously.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/
Except i don't like the government.
I went to basic in september of 99 and ETS'ed in may of 08. 6 years were national guard 4 years active duty, i went to basic at FT. Jackson South Carolina, the base has a lot of fire ants and the weather was a bit unpredictable. My drill sergeant's names were Drill Sergeant Hunter and Drill Sergeant Wachowski The unit i ETS'ed from was HHB 4/5 ADA out of camp carrol South Korea, and right before i left korea our CSM was relieved of duty (CSM Larkin) for sexually harassing junior enlisted soldiers under his command. I worked in the S-6 shop in a 25B slot for a long time even though i had been trained as a 14E ( patriot systems operator and maintainer), I went to echo school at FT. Bliss and let me tell you when I got there I thought the place was just terrible, but there is nothing like the view of watching the sun set against those desert mountains, absolutely beautiful. While I was i South Korea I met up with hubris from backtrace security believe it or not since he was in the area at the time, ( this was before there ever was a backtrace security) he showed me all the fun places to hang out away from the tourist traps and he has seen me in uniform. So stick that in your pipe and smoke it.
Where the hell did you get that name from lol
Attachments: ATT00001.png (1.02 KB)


laurelai at oneechan

Jun 10, 2012, 8:18 PM

Post #143 of 143 (189 views)
Permalink
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran [In reply to]
On 6/10/12 11:10 PM, Thor (Hammer of God) wrote:
> Well no freaking wonder then. For whatever reason, I keep thinking
> you are Andrew posting under a different name, which always confused
> me. I know Andrew didn't serve in the Army, which just made me think
> he was losing his mind. (I've actually never had a problem with
> Andrew, though I guess many here have.)
>
> So yes, my apologies, as I obviously don't know you from Adam. Now
> everything makes more sense.
> T
>
> Sent from my iPad
>
> On Jun 10, 2012, at 4:21 PM, "Laurelai" <laurelai [at] oneechan
> <mailto:laurelai [at] oneechan>> wrote:
>
>> On 6/10/12 6:00 PM, Thor (Hammer of God) wrote:
>>>
>>> Awesome. I’ll send ‘er off. “Andrew Wallace,” correct?
>>>
>>>
>>>
>>> *<mime-attachment.png>***
>>>
>>> * *
>>>
>>> *Timothy “Thor” Mullen*
>>>
>>> *www.hammerofgod.com*
>>>
>>> *Thor’s Microsoft Security Bible
>>> <http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>*
>>>
>>>
>>>
>>>
>>>
>>> *From:*Laurelai [mailto:laurelai [at] oneechan]
>>> *Sent:* Sunday, June 10, 2012 2:26 PM
>>> *To:* Thor (Hammer of God)
>>> *Cc:* full-disclosure [at] lists
>>> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
>>> Cyberattacks Against Iran
>>>
>>>
>>>
>>> On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
>>>
>>> OK, I’ll bite this one time. I assert you are blatantly lying about
>>> military service. How about tell me your service dates? Surely you
>>> can’t consider that any sort of privacy breach.
>>>
>>>
>>>
>>> This is an easy way for us to be done with the whole thing. Part of
>>> your diatribe is based on your “right” to bitch because of your
>>> military service. I, again, assert that is complete fabrication.
>>> As someone who actually HAS done work for the government I know (as
>>> you should) that your military service records are actually public
>>> record. I don’t need your service dates, but it will help. All I
>>> need do is fax over form SF-180, and they’ll verify your service.
>>>
>>>
>>>
>>> If you really did serve, I’ll apologize publically. If you didn’t
>>> (or don’t provide the information) then we’ll all know you are just
>>> a lying nutjob and we can ignore you from now on. Is that fair enough?
>>>
>>>
>>>
>>> *<mime-attachment.png>*
>>>
>>> * *
>>>
>>> *Timothy “Thor” Mullen*
>>>
>>> *www.hammerofgod.com*
>>>
>>> *Thor’s Microsoft Security Bible
>>> <http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>*
>>>
>>>
>>>
>>>
>>>
>>> *From:*full-disclosure-bounces [at] lists
>>> <mailto:full-disclosure-bounces [at] lists>
>>> [mailto:full-disclosure-bounces [at] lists] *On Behalf Of
>>> *Laurelai
>>> *Sent:* Sunday, June 10, 2012 2:00 PM
>>> *To:* full-disclosure [at] lists
>>> <mailto:full-disclosure [at] lists>
>>> *Subject:* Re: [Full-disclosure] Obama Order Sped Up Wave of
>>> Cyberattacks Against Iran
>>>
>>>
>>>
>>> On 6/10/12 12:52 PM, Thor (Hammer of God) wrote:
>>>
>>> And not capitalizing "Army" when you claim to have spent 10 years of
>>> your life in service does precisely the same thing.
>>>
>>>
>>> On Jun 10, 2012, at 3:31 AM, "Laurelai" <laurelai [at] oneechan
>>> <mailto:laurelai [at] oneechan>> wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>> I dont listen to either. And sorry to burst your bubble but
>>> I did serve 10 years in the army.
>>>
>>>
>>>
>>> Next I imagine you will insult my gender identity or something
>>> equally silly. For the record you should capitalize the first
>>> word of each sentence and put a punctuation mark at the end, not
>>> doing this just makes you look uneducated and ensures people do
>>> not take you seriously.
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>> Except i don't like the government.
>>>
>>> I went to basic in september of 99 and ETS'ed in may of 08. 6 years
>>> were national guard 4 years active duty, i went to basic at FT.
>>> Jackson South Carolina, the base has a lot of fire ants and the
>>> weather was a bit unpredictable. My drill sergeant's names were
>>> Drill Sergeant Hunter and Drill Sergeant Wachowski The unit i ETS'ed
>>> from was HHB 4/5 ADA out of camp carrol South Korea, and right
>>> before i left korea our CSM was relieved of duty (CSM Larkin) for
>>> sexually harassing junior enlisted soldiers under his command. I
>>> worked in the S-6 shop in a 25B slot for a long time even though i
>>> had been trained as a 14E ( patriot systems operator and
>>> maintainer), I went to echo school at FT. Bliss and let me tell you
>>> when I got there I thought the place was just terrible, but there is
>>> nothing like the view of watching the sun set against those desert
>>> mountains, absolutely beautiful. While I was i South Korea I met up
>>> with hubris from backtrace security believe it or not since he was
>>> in the area at the time, ( this was before there ever was a
>>> backtrace security) he showed me all the fun places to hang out away
>>> from the tourist traps and he has seen me in uniform. So stick that
>>> in your pipe and smoke it.
>>>
>> Where the hell did you get that name from lol
Hey no problem. No hard feelings.

First page Previous page 1 2 3 4 5 6 Next page Last page  View All Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.