Mailing List Archive: Full Disclosure: Full-Disclosure

(no subject)

1 2 3 4 5 6 7

View All

Full Disclosure full-disclosure RSS feed

Index | Next | Previous | View Threaded

capzlock at hushmail

Aug 13, 2002, 11:23 AM

Post #1 of 161 (2757 views)
Permalink

(no subject)

kill.the.turkey | kill.the.turkey | kill.the.turkey | kill.the.turkey

http://www.eurocompton.net/~fuk/phrack
http://www.eurocompton.net/~fuk/phrack/texts/faq1.txt
http://www.eurocompton.net/~fuk/phrack/texts/hack1.txt
http://www.eurocompton.net/~fuk/phrack/texts/hack2.txt

kill.the.turkey | kill.the.turkey | kill.the.turkey | kill.the.turkey

Rloxley of #hackphreak @ undernet fondles young boys. He advocates against child pornography, however, this is merely a masquearade to conceal his kiddie porn circulation ring. celest also lingers on #hackphreak @ undernet and is known to have past homicidal tendencies and once forced herself upon a dog.

kill.the.turkey | kill.the.turkey | kill.the.turkey | kill.the.turkey

HERE'S A BUG FOR FULL-DISCLOSURE:

[nobody[at]localhost ~]$ /bin/su `perl -e 'print "A"x31337'`

Segmentation fault (core dumped)

THAT AUDITING TECHNIQUE WAS BLATANTLY STOLEN FROM SNOSOFT.COM. THEY ARE NEW SCHOOL HACKERS WITH AN OLD SCHOOL FLAVAH, FA SHO DIRTY.

kill.the.turkey | kill.the.turkey | kill.the.turkey | kill.the.turkey

--------| bug7r4q m0d3r473z 4nd s0 sh0uld j00 !@#$%! |--------

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

chaos_magician at hushmail

Aug 16, 2002, 8:59 AM

Post #2 of 161 (2648 views)
Permalink

Re: (no subject) [In reply to]

Matthew,

"These people" are a phenomenon brought about by our own actions. We have enlisted technology to such a degree in this industry that we begin to "trust" it. Do you like trust relationships? When it comes to my computers I dont care if its an 8-bit machine or a 64-bit machine... I dont allow trust. Because I know who wrote the technology... humans. Lets not forget that this is why we are in business to begin with.

We in the security industry would like to be the biggest sticks on the block. Nothing wrong with that. The only thing wrong with that is we have to actually swing the stick. I think collectively we have what it takes... its just that there is a HUGE amount of apathy in the industry. When it comes to getting ideas into technology... then you either have to write the entire thing yourself or get some corporate development team to buy off on it, and they are listening to Marketing Requirement Docs from a new generation of users who are, for the most part, clueless. So that puts available innovative technology back about 5 years. And fighting for that gets tiresome after a while.

It is survival of fittest. And if Infosec from Corporate America wants to survive.. they need to become leaner and meaner to adapt to the environment.

We need to understand the general cultural reasons behind this new phenomena of the el8 types. I could care less about their specific reasons, as they are unconcsiously part of an organic trend.

The quicker we realize this, the quicker we can let go of our egos and use *THEM* to perpetuate our existences and our own individual "ethical" crusades.

-Chaos_Magician

> Over these last few days we have (obviously) faced numerous
> maladies
>such as mass junk mail, attacks against mailservers, ... but we
> are still
>here. However, I see no need at all to bashing each other over
> our
>responses to the incident. Fighting between ourselves and post
>ing this crap
>on the list both amplifies the effect of the idiots' posts, and
> lets them
>know that their effort is working -- that has got to stop.
>
> I will be the first one to say that I applaud how Len has h
>andled all of
>this -- the list must not be moderated. Moderating the list wo
>uld be giving
>a victory to some of the lowest scum of all time. Rather than
>seek
>alternatives, we have to be firm about the reason this list was
> created in
>the first place -- freedom of information. This list was creat
>ed to inform,
>and inform quickly. By advocating moderation, you are essentia
>lly
>advocating destroying the list.
>
> These last few days have been a test of how strongly we bel
>ieved in the
>idea that all information should be delivered in a timely fashi
>on. Someone
>who truly believes in the concept of full disclosure will stand
> up for it
>even as the very concept itself is attacked. Advocating modera
>tion of the
>list, or bringing your personal struggles to the list as it fac
>es this
>attack shows that your belief in the concept of full disclosure
> is
>incredibly weak.
>
> We must direct our anger towards these losers at these lose
>rs. Anything
>else is an attack against our own values. While they claim to
>be hackers,
>their method of attack shows them to be nothing more than spoil
>ed children.
>You can either fight them or give up, there's not an inch of mi
>ddle ground.
>Are you up for it?
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Get your free encrypted email at https://www.hushmail.com

chaos_magician at hushmail

Aug 16, 2002, 1:00 PM

Post #3 of 161 (2654 views)
Permalink

Re: (no subject) [In reply to]

>
>WHY? Their entire view makes absolutely no sense -- they propo
>se
>to say that stopping the flow of information will somehow help
>the
>problem?

Datapoint 1. These guys are not trying to solve any problems except for the proliferation of vulnerability information in the corporate sector. Do not fool yourself into thinking it is for some idealistic purpose.

>create an even bigger problem than anybody could imagine? This
> just
>further shows the character of our friends at "phrack" -- selfi
>sh, childish,
>irrational loner wannabes.
></rant>

Correction.. that is #phrack... not phrack from phrack.org Remember these guys "took over" the #phrack channel on efnet... not to be in anyway linked to the folks at phrack like route et al.

Chaos_Magician

Get your free encrypted email at https://www.hushmail.com

sockz at email

Aug 16, 2002, 10:43 PM

Post #4 of 161 (2651 views)
Permalink

Re: (no subject) [In reply to]

Dear Matthew Murphy,

When I first read your email I laughed a lot because I thought it was some
kind of joke. Sadly, however, by the end I realised that perhaps you were
serious after all. So I am replying to your letter in the hope that maybe
you are just misguided and can somehow be put back on track.

> Over these last few days we have (obviously) faced numerous maladies
> such as mass junk mail, attacks against mailservers, ... but we are still
> here. However, I see no need at all to bashing each other over our
> responses to the incident. Fighting between ourselves and posting this crap
> on the list both amplifies the effect of the idiots' posts, and lets them
> know that their effort is working -- that has got to stop.

fighting between yourselves? you mean debating right? debating over what
is good and what is evil? Matthew, i think your paranoia is playing up
again, the people on the list aren't fighting. they're having an
intellectual discussion over the pros, cons, and alternatives to the
security industry. JOIN IN! unless you dont have anything intelligent to
contribute (as is being clearly demonstrated by the speculation, personal
attacks, and silliness of your email).

> I will be the first one to say that I applaud how Len has handled all of
> this -- the list must not be moderated. Moderating the list would be giving
> a victory to some of the lowest scum of all time. Rather than seek
> alternatives, we have to be firm about the reason this list was created in
> the first place -- freedom of information. This list was created to inform,
> and inform quickly. By advocating moderation, you are essentially
> advocating destroying the list.

of course. moderating the list would also mean that we couldn't have this
discussion, which i feel is important, not for me though, Matthew, but for
you. you need to let go of all these fears that `hackers are trying to get
into your system 24/7' and start to embrace concepts like "free thought",
"rationality", and "understanding".

> These last few days have been a test of how strongly we believed in the
> idea that all information should be delivered in a timely fashion. Someone
> who truly believes in the concept of full disclosure will stand up for it
> even as the very concept itself is attacked. Advocating moderation of the
> list, or bringing your personal struggles to the list as it faces this
> attack shows that your belief in the concept of full disclosure is
> incredibly weak.

yeah no i disagree. i think over the past few days, if anything, real
intelligence has hit the list and you're not entirely sure as to how you
want to deal with it. that's natural, Matthew, you're being intimidated,
your standing in the whitehat community seems to you as though it is being
threatened. thats OKAY. you just have to get past all that fear and start
to loosen up a bit.

> We must direct our anger towards these losers at these losers. Anything

this sentence didn't make sense to me. could you please clarify?

> else is an attack against our own values. While they claim to be hackers,
> their method of attack shows them to be nothing more than spoiled children.

could you please give an example to back up your views? because you must
realise, Matthew, that we all come from different cultures. what is a
spoiled child to you may be something completely different to the next
person. also, by giving an example, and making your argument clearer, i
think you'll find that people will not only understand you more, but also
understand you enough that they can retort in a much more informed manner.
which helps the discussion overall.

> You can either fight them or give up, there's not an inch of middle ground.

oh no, wrong again. keep trying, Matthew. see, the middle ground is this
list. it is our medium for discussion. though in your case i think it
would be better exemplified by the analogy of a battlefield on which to
fight, although i dont back this idea 100%.

> Are you up for it?

up for what exactly?
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

mattmurphy at kc

Aug 17, 2002, 9:14 AM

Post #5 of 161 (2648 views)
Permalink

Re: (no subject) [In reply to]

When I first read your email I laughed a lot because I thought it was some
kind of joke. Sadly, however, by the end I realised that perhaps you were
serious after all. So I am replying to your letter in the hope that maybe
you are just misguided and can somehow be put back on track.

>> [...] Fighting between ourselves and posting this crap
>> on the list both amplifies the effect of the idiots' posts, and lets them
>> know that their effort is working -- that has got to stop.

>fighting between yourselves? you mean debating right? debating over what
>is good and what is evil? Matthew, i think your paranoia is playing up
>again, the people on the list aren't fighting. they're having an
>intellectual discussion over the pros, cons, and alternatives to the
>security industry. JOIN IN! unless you dont have anything intelligent to
>contribute (as is being clearly demonstrated by the speculation, personal
>attacks, and silliness of your email).

No, I mean the "discussion" over the values of our attackers, such as has
ensued from my initial post. Generally to me, discussion = has some value.
Some of the "discussion" here does not fit that criterion. Just take a flip
through the archives to discover this for yourself.

I frankly am not interested in learning about the values of our phrack
friends
and I could care less. I get more useless junk from the e-mails about the
junk mail than the junk mail itself (which Outlook Express so nicely deletes
for me now). The only thing it has to do with security is the target of the
junk mail.

>> I will be the first one to say that I applaud how Len has handled all
of
>> this -- the list must not be moderated. Moderating the list would be
giving
>> a victory to some of the lowest scum of all time. Rather than seek
>> alternatives, we have to be firm about the reason this list was created
in
>> the first place -- freedom of information. This list was created to
inform,
>> and inform quickly. By advocating moderation, you are essentially
>> advocating destroying the list.

>of course. moderating the list would also mean that we couldn't have this
>discussion, which i feel is important, not for me though, Matthew, but for
>you.

I think the discussion is equally important for everyone here, if nothing
else but
for clarity, in my case (which I will try to improve in the future)

>you need to let go of all these fears that `hackers are trying to get
>into your system 24/7' and start to embrace concepts like "free thought",
>"rationality", and "understanding".

Just FYI, the "fears" are the tools of a certain software company in Redmond
(cough Microsoft cough). I don't have such a fear that *everybody* is
always
after me, but I need to be ready for the one who gets in.

>> These last few days have been a test of how strongly we believed in
the
>> idea that all information should be delivered in a timely fashion.
Someone
>> who truly believes in the concept of full disclosure will stand up for it
>> even as the very concept itself is attacked. Advocating moderation of
the
>> list, or bringing your personal struggles to the list as it faces this
>> attack shows that your belief in the concept of full disclosure is
>> incredibly weak.

>yeah no i disagree. i think over the past few days, if anything, real
>intelligence has hit the list and you're not entirely sure as to how you
>want to deal with it.

So, the "real intelligence" is from those advocating moderation? If I'm
getting
what you're

>that's natural, Matthew, you're being intimidated,
>your standing in the whitehat community seems to you as though it is being
>threatened. thats OKAY. you just have to get past all that fear and start
>to loosen up a bit.

You're wrong there. Frankly, I will not leave the list no matter what they
do
to me. Nothing of mine is threatened, but the progress of the list *is*
threatened
if we give in to such pitiful and weak tactics as junk e-mail.

>> We must direct our anger towards these losers at these losers.

>this sentence didn't make sense to me. could you please clarify?

Ah, the principle of focus. Incredible, isn't it?

>> Anything else is an attack against our own values. While they claim to
be hackers,
>> their method of attack shows them to be nothing more than spoiled
children.

>could you please give an example to back up your views? because you must
>realise, Matthew, that we all come from different cultures. what is a
>spoiled child to you may be something completely different to the next
>person. also, by giving an example, and making your argument clearer, i
>think you'll find that people will not only understand you more, but also
>understand you enough that they can retort in a much more informed manner.
>which helps the discussion overall.

Okay, I guess I should have put "spoiled children according to my culture"?
I
was implying several specific characteristics, but my main argument was that
one who calls themself a hacker and then resorts to (trivially blocked) junk
e-mail is both of low maturity and ability as well as simply wanting to feel
like
they have done something.

>> You can either fight them or give up, there's not an inch of middle
ground.

>oh no, wrong again. keep trying, Matthew. see, the middle ground is this
>list. it is our medium for discussion. though in your case i think it
>would be better exemplified by the analogy of a battlefield on which to
>fight, although i dont back this idea 100%.

The concept of full-disclosure *is* having a medium for discussion for all
that
are affected, and in a timely manner, correct?

>> Are you up for it?

>up for what exactly?

I suppose this links with your statement on the battlefield analogy. What I
am drawing at is a simple, but incredible thing known as *determination*.

People can either ignore the crap (i.e, with mail filters) or whine about
"We
have *got* to moderate the list! Too much junk mail!". It doesn't even
take but a few seconds to put a mail rule on "#phrack".

To those who suggest the answer is moderation of the list -- get a life.

sockz at email

Aug 18, 2002, 5:35 AM

Post #6 of 161 (2658 views)
Permalink

Re: (no subject) [In reply to]

Hi Matthew,
The weather here is nice. Been sunny all day. Nice day for being in a
good mood. Hence I've tried to answer all the questions you posed
in an earlier email.

[blah snip blah]
> No, I mean the "discussion" over the values of our attackers, such as has
> ensued from my initial post. Generally to me, discussion = has some value.
> Some of the "discussion" here does not fit that criterion. Just take a flip
> through the archives to discover this for yourself.

your idea of discussion seems rather insular. i suggest broadening your
horizons.

> I frankly am not interested in learning about the values of our phrack
> friends
> and I could care less. I get more useless junk from the e-mails about the
> junk mail than the junk mail itself (which Outlook Express so nicely deletes
> for me now). The only thing it has to do with security is the target of the
> junk mail.

whitehat using outlook express. hehe, gotta love the irony in life.

> >of course. moderating the list would also mean that we couldn't have this
> >discussion, which i feel is important, not for me though, Matthew, but for
> >you.
>
> I think the discussion is equally important for everyone here, if nothing
> else but
> for clarity, in my case (which I will try to improve in the future)

you're right, you know. its not just about you. its about the other people
here too. you're absolutely right.

> >you need to let go of all these fears that `hackers are trying to get
> >into your system 24/7' and start to embrace concepts like "free thought",
> >"rationality", and "understanding".
>
> Just FYI, the "fears" are the tools of a certain software company in Redmond
> (cough Microsoft cough). I don't have such a fear that *everybody* is
> always
> after me, but I need to be ready for the one who gets in.

and do you really think that day is going to come? cuz i dont. though if
*they* do, i doubt they'd be using something you're already protected against.
catch my drift? you're screwed either way. this whole security business is
just a waste of time. all you're doing is protecting yourself against script
kiddies, who without whitehats, wouldn't know how to exploit vulnerabilities
in the first place. IF YOU STOP TELLING PEOPLE WHERE YOUR SYSTEM IS WEAK
THEY WILL STOP TRYING TO ATTACK YOU WHERE YOU ARE MOST WEAK. its quite
simple, really.

> >yeah no i disagree. i think over the past few days, if anything, real
> >intelligence has hit the list and you're not entirely sure as to how you
> >want to deal with it.
>
> So, the "real intelligence" is from those advocating moderation? If I'm
> getting
> what you're

...saying?
short answer: yes.
long answer: hell yes.

> >that's natural, Matthew, you're being intimidated,
> >your standing in the whitehat community seems to you as though it is being
> >threatened. thats OKAY. you just have to get past all that fear and start
> >to loosen up a bit.
>
> You're wrong there. Frankly, I will not leave the list no matter what they
> do
> to me. Nothing of mine is threatened, but the progress of the list *is*
> threatened
> if we give in to such pitiful and weak tactics as junk e-mail.

glad to see we have another supporter then.

> >> We must direct our anger towards these losers at these losers.
>
> >this sentence didn't make sense to me. could you please clarify?
>
> Ah, the principle of focus. Incredible, isn't it?

after reading this sentence four times over i see where you goofed up.
the sentence should read: "we must direct our anger towards these
losers,... at these loosers..."

amazing what a little punctuation can do isn't it :)

> >could you please give an example to back up your views? because you must
> >realise, Matthew, that we all come from different cultures. what is a
> >spoiled child to you may be something completely different to the next
> >person. also, by giving an example, and making your argument clearer, i
> >think you'll find that people will not only understand you more, but also
> >understand you enough that they can retort in a much more informed manner.
> >which helps the discussion overall.
>
> Okay, I guess I should have put "spoiled children according to my culture"?

no, i understand that you and i are from different subcultures. that was why
i asked for an example. so that i can better understand this difference, not
that it simply existed.

> I
> was implying several specific characteristics, but my main argument was that
> one who calls themself a hacker and then resorts to (trivially blocked) junk
> e-mail is both of low maturity and ability as well as simply wanting to feel
> like
> they have done something.

this is much clearer thankyou. but are you sure it was a spoiled child who
sent you spam, and not just normal advertising? i mean, there must be dozens
of spam bots trolling through this list for email addresses. unless you call
automated scripts "spoiled children" too. see what i mean? paranoia.

> The concept of full-disclosure *is* having a medium for discussion for all
> that
> are affected, and in a timely manner, correct?

yes i do agree. i have found Full Disclosure to be more than adequate for
communicating my part of the discussions so far. i stated this before.
where am i losing you?

> >> Are you up for it?
>
> >up for what exactly?
>
> I suppose this links with your statement on the battlefield analogy. What I
> am drawing at is a simple, but incredible thing known as *determination*.

ah but discussion isn't war. i alluded to this in my previous email. even
still, i cant help but be provoked by curiosity... why am i up for
determination?

> To those who suggest the answer is moderation of the list -- get a life.

oh i agree. i'm much prefer to see this list turned into an anti-whitehat
discussion list. seems like much more of an appropriate place than a newer
list for sure. i mean, this list is much more known than a list that hasn't
even been created yet. and its audience is probably more likely to be less
fearful of involving itself, than say, if this list were renamed to "WHITEHAT
HOLOCAUST". dont you agree?
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

pauls at utdallas

Aug 18, 2002, 6:09 AM

Post #7 of 161 (2654 views)
Permalink

RE: (no subject) [In reply to]

Here is why it's useless talking to these people.

Paul Schmehl (pauls[at]utdallas.edu)
Supervisor, Support Services
University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

> -----Original Message-----
> From: sockz loves you [mailto:sockz[at]email.com]
> Sent: Sunday, August 18, 2002 7:35 AM
> To: full-disclosure[at]lists.netsys.com
> Subject: Re: [Full-Disclosure] (no subject)
>
> this whole security business is just a waste of time.
> all you're doing is protecting yourself against script
> kiddies, who without whitehats, wouldn't know how to exploit
> vulnerabilities in the first place. IF YOU STOP TELLING
> PEOPLE WHERE YOUR SYSTEM IS WEAK THEY WILL STOP TRYING TO
> ATTACK YOU WHERE YOU ARE MOST WEAK. its quite simple, really.
>
If you believe this, you're dumber than I originally thought, which is
pretty damn dumb.

Don't bother responding. I won't see it.

mattmurphy at kc

Aug 18, 2002, 7:51 AM

Post #8 of 161 (2663 views)
Permalink

Re: (no subject) [In reply to]

[blah snip blah]
>> No, I mean the "discussion" over the values of our attackers, such as has
>> ensued from my initial post. Generally to me, discussion = has some
value.
>> Some of the "discussion" here does not fit that criterion. Just take a
flip
>> through the archives to discover this for yourself.
>
>your idea of discussion seems rather insular. i suggest broadening your
>horizons.

Broadening my horizons to pointless, stupid "discussion" (more like childish
name calling most of the time) serves no purpose for me or anybody else
here.

>> I frankly am not interested in learning about the values of our phrack
>> friends
>> and I could care less. I get more useless junk from the e-mails about
the
>> junk mail than the junk mail itself (which Outlook Express so nicely
deletes
>> for me now). The only thing it has to do with security is the target of
the
>> junk mail.

>whitehat using outlook express. hehe, gotta love the irony in life.

Your point? OE was free, and came installed on my machine (which was
important on my 28.8 kbps connection, which I have happily ditched now),
it's fast, and actually, OE 6 makes some nice security/privacy improvements
over previous versions, and I can access Hotmail from it, which is a plus.
Actually, if you keep your client patched (which us pretty easy with a
couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft that
*also* came conveniently installed as "Windows Update Automatic Update"),
and you have enough common sense not to go double clicking on every other
attachment you receive, OE is just as good as (and usually better than) many
mail clients.

>> >of course. moderating the list would also mean that we couldn't have
this
>> >discussion, which i feel is important, not for me though, Matthew, but
for
>> >you.
>>
>> I think the discussion is equally important for everyone here, if nothing
>> else but
>> for clarity, in my case (which I will try to improve in the future)

you're right, you know. its not just about you. its about the other people
here too. you're absolutely right.

>> >you need to let go of all these fears that `hackers are trying to get
>> >into your system 24/7' and start to embrace concepts like "free
thought",
>> >"rationality", and "understanding".
>>
>> Just FYI, the "fears" are the tools of a certain software company in
Redmond
>> (cough Microsoft cough). I don't have such a fear that *everybody* is
>> always after me, but I need to be ready for the one who gets in.
>
>and do you really think that day is going to come? cuz i dont. though if
>*they* do, i doubt they'd be using something you're already protected
against.
>catch my drift? you're screwed either way. this whole security business
is
>just a waste of time. all you're doing is protecting yourself against
script
>kiddies, who without whitehats, wouldn't know how to exploit
vulnerabilities
>in the first place. IF YOU STOP TELLING PEOPLE WHERE YOUR SYSTEM IS WEAK
>THEY WILL STOP TRYING TO ATTACK YOU WHERE YOU ARE MOST WEAK. its quite
>simple, really.

I wouldn't be protected against it if the details weren't made public and
fixes made
available to me. Just FYI blaming the industry for the proliferation of
security info
is not a very good way to look at this. Vendors should have written secure
code
in the first place, so such vulnerability information would never have to be
distributed.

>> >yeah no i disagree. i think over the past few days, if anything, real
>> >intelligence has hit the list and you're not entirely sure as to how you
>> >want to deal with it.
>>
>> So, the "real intelligence" is from those advocating moderation? If I'm
>> getting
>> what you're
>>
>>...saying?
>short answer: yes.
>long answer: hell yes.

Let me provide you with a rather incredible piece of information on this
subject --
the list will *never* be moderated. Plain and simple.

>> >that's natural, Matthew, you're being intimidated,
>> >your standing in the whitehat community seems to you as though it is
being
>> >threatened. thats OKAY. you just have to get past all that fear and
start
>> >to loosen up a bit.
>>
>> You're wrong there. Frankly, I will not leave the list no matter what
they
>> do
>> to me. Nothing of mine is threatened, but the progress of the list *is*
>> threatened
>> if we give in to such pitiful and weak tactics as junk e-mail.

>glad to see we have another supporter then.

I'm not planning on leaving any time soon...

>> >> We must direct our anger towards these losers at these losers.
>>
>> >this sentence didn't make sense to me. could you please clarify?
>>
>> Ah, the principle of focus. Incredible, isn't it?
>
>after reading this sentence four times over i see where you goofed up.
>the sentence should read: "we must direct our anger towards these
>losers,... at these loosers..."
>
>amazing what a little punctuation can do isn't it :)

:-)

>>>could you please give an example to back up your views? because you must
>>>realise, Matthew, that we all come from different cultures. what is a
>>>spoiled child to you may be something completely different to the next
>>>person. also, by giving an example, and making your argument clearer, i
>>>think you'll find that people will not only understand you more, but also
>>>understand you enough that they can retort in a much more informed
manner.
>>>which helps the discussion overall.
>>
>> Okay, I guess I should have put "spoiled children according to my
culture"?
>
>no, i understand that you and i are from different subcultures. that was
why
>i asked for an example. so that i can better understand this difference,
not
>that it simply existed.

These "phrack" idiots are spoiled children -- whine about everything, and
act like
they have some level of importance in the world by way of a pitiful attempt
to
destroy another sign of progress in information security.

>> I
>> was implying several specific characteristics, but my main argument was
that
>> one who calls themself a hacker and then resorts to (trivially blocked)
junk
>> e-mail is both of low maturity and ability as well as simply wanting to
feel
>> like
>> they have done something.
>
>this is much clearer thankyou. but are you sure it was a spoiled child who
>sent you spam, and not just normal advertising? i mean, there must be
dozens
>of spam bots trolling through this list for email addresses. unless you
call
>automated scripts "spoiled children" too. see what i mean? paranoia.

It wasn't *normal* advertising. It was/is a deliberate attempt to bring
down the
list (I thought we had agreed on this, yes?). And, no, I don't call the
bots spoiled
children. I call the spammers controlling them spoiled children.

>> The concept of full-disclosure *is* having a medium for discussion for
all
>> that
>> are affected, and in a timely manner, correct?
>
>yes i do agree. i have found Full Disclosure to be more than adequate for
>communicating my part of the discussions so far. i stated this before.
>where am i losing you?

You referred to the list (the list *named* "Full-Disclosure", btw) as a
middle
ground between those in support of Full-Disclosure and those who aren't. I
don't think we would have named such at it is if it were a "middle ground",
correct?

>> >> Are you up for it?
>>
>> >up for what exactly?
>>
>> I suppose this links with your statement on the battlefield analogy.
What I
>> am drawing at is a simple, but incredible thing known as *determination*.
>
>ah but discussion isn't war. i alluded to this in my previous email. even
>still, i cant help but be provoked by curiosity... why am i up for
>determination?

You don't have to be fighting a war to be determined, as is true in this
case.
I am (don't know about you) determined not to let a bunch of bored, anti-
social losers force this list into moderation.

>> To those who suggest the answer is moderation of the list -- get a life.
>
>oh i agree. i'm much prefer to see this list turned into an anti-whitehat
>discussion list. seems like much more of an appropriate place than a newer
>list for sure. i mean, this list is much more known than a list that
hasn't
>even been created yet. and its audience is probably more likely to be less
>fearful of involving itself, than say, if this list were renamed to
"WHITEHAT
>HOLOCAUST". dont you agree?

You won't have a whole ton of support on that one, I'm afraid... (definitely
not any from me) :-)

sockz at email

Aug 18, 2002, 9:33 PM

Post #9 of 161 (2658 views)
Permalink

Re: (no subject) [In reply to]

----- Original Message -----
From: "Matthew Murphy" <mattmurphy[at]kc.rr.com>
Date: Sun, 18 Aug 2002 09:51:02 -0500
To: <full-disclosure[at]lists.netsys.com>
Subject: Re: [Full-Disclosure] (no subject)

> >whitehat using outlook express. hehe, gotta love the irony in life.
>
> Your point? OE was free, and came installed on my machine (which was
> important on my 28.8 kbps connection, which I have happily ditched now),
> it's fast, and actually, OE 6 makes some nice security/privacy improvements
> over previous versions, and I can access Hotmail from it, which is a plus.
> Actually, if you keep your client patched (which us pretty easy with a
> couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft that
> *also* came conveniently installed as "Windows Update Automatic Update"),
> and you have enough common sense not to go double clicking on every other
> attachment you receive, OE is just as good as (and usually better than) many
> mail clients.

kids these days have no appreciation of just how fast the internet is.
dude, i was downloading openbsd on a 33k modem only a few months ago... i dont
see how your point is very valid. i mean, we're talking about an email
client here, not an entire operating system. hotmail is as buggy as outlook
express, and as for windows updates... well, i can honestly say that i'd
rather patch windows myself, microsofts "updates" seem to cause more problems
than they fix. perhaps outlook express is good. perhaps its not. i just
found it funny that someone like yourself was actually using the product given
its sullied reputation in the security industry.

> I wouldn't be protected against it if the details weren't made public and
> fixes made
> available to me. Just FYI blaming the industry for the proliferation of
> security info
> is not a very good way to look at this. Vendors should have written secure
> code
> in the first place, so such vulnerability information would never have to be
> distributed.

incorrect. vendors are just human. do produce code that perfect you'd end
up paying a whole lot more. my method works better. dont approach the
whitehat community with your bug. go to the software developers directly.
and no one else. that is, assuming you want to tell anyone at all... which
i dont personally advocate but we have to be realistic here... some ppl
wont let go of ethics, and i understand that. you're probably a good
example.

> Let me provide you with a rather incredible piece of information on this
> subject --
> the list will *never* be moderated. Plain and simple.

you have said this a number of times. as have other people. its not all
that incredible. really. in fact i'm starting to wonder if this is the
only line of defence you whitehats have. to cling to your precious list
and scream in a whiney voice "we're not leaving". hell, i dont expect
you to. thats far to simple a solution.

> >glad to see we have another supporter then.
>
> I'm not planning on leaving any time soon...

thats the spirit!
*hands you a pint*
*takes it back*
you _are_ old enough to drink in your state, right?

> These "phrack" idiots are spoiled children -- whine about everything, and
> act like
> they have some level of importance in the world by way of a pitiful attempt
> to
> destroy another sign of progress in information security.

you dont read much do you, Matthew. i mean you're not into philosophy or
sociology a whole lot are you, really. its a shame i dont have more time
to explain in detail just how much of a difference the PHC will make in
the long run. i'll try and make some time over the next few days to spell
it all out for you. stay tuned :)

> You referred to the list (the list *named* "Full-Disclosure", btw) as a
> middle
> ground between those in support of Full-Disclosure and those who aren't. I
> don't think we would have named such at it is if it were a "middle ground",
> correct?

definitions change. discussions on *Full-Disclosure* to date have already
covered this phenomena. embrace change, Matthew, dont push it away.

> You don't have to be fighting a war to be determined, as is true in this
> case.
> I am (don't know about you) determined not to let a bunch of bored, anti-
> social losers force this list into moderation.

if that comment is supposed to be directed at me in some way, then i must
protest. i'm not bored. in fact i'm taking time off work to post here
so i'd appreciate a bit more respect thanks. and the reason why i am so
damned anti-social is because i work harder doing what i do than you ever
will. going *outside* is not something one considers when they're working
24hr schedules inside.

> >oh i agree. i'm much prefer to see this list turned into an anti-whitehat
> >discussion list. seems like much more of an appropriate place than a newer
> >list for sure. i mean, this list is much more known than a list that
> hasn't
> >even been created yet. and its audience is probably more likely to be less
> >fearful of involving itself, than say, if this list were renamed to
> "WHITEHAT
> >HOLOCAUST". dont you agree?
>
> You won't have a whole ton of support on that one, I'm afraid... (definitely
> not any from me) :-)

and i'm seeing this exemplified how? on the one hand you're saying you're not
going to leave... on the other you say you're not going to support the list...
i'm getting conflicting messages here, Matthew.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

fred at the-debaters

Aug 18, 2002, 10:38 PM

Post #10 of 161 (2650 views)
Permalink

Re: (no subject) [In reply to]

"incorrect. vendors are just human. do produce code that perfect you'd end
up paying a whole lot more. my method works better. dont approach the
whitehat community with your bug. go to the software developers directly.
and no one else. that is, assuming you want to tell anyone at all... which
i dont personally advocate but we have to be realistic here... some ppl
wont let go of ethics, and i understand that. you're probably a good
example."

I don't usually post to mailing lists, but I just had to comment on the
above remark ^

If you ever find a major security bug in a major piece of software, such as
M$ software, approaching the vendor directly does not work. Quite often they
will just add it to the end of the list of complaints, and might get around
to it in some future patch... if they feel like it... and if they think the
security bug you found posses great risk, they still won't fix it till they
feel like doing it.. instead, they now know who you are... and they take
subtle yet effective precautions to make sure you don't tell anyone about
it. I know.

Atleast if proof of concept is out there, and the risk is publicly known,
they have some motivation to fix it, and the users of the product can take
precautions to get around the bug until it is fixed.

Anyway, my thoughts.

Cheers

----- Original Message -----
From: "sockz loves you" <sockz[at]email.com>
To: <full-disclosure[at]lists.netsys.com>
Sent: Monday, August 19, 2002 2:33 PM
Subject: Re: [Full-Disclosure] (no subject)

> ----- Original Message -----
> From: "Matthew Murphy" <mattmurphy[at]kc.rr.com>
> Date: Sun, 18 Aug 2002 09:51:02 -0500
> To: <full-disclosure[at]lists.netsys.com>
> Subject: Re: [Full-Disclosure] (no subject)
>
> > >whitehat using outlook express. hehe, gotta love the irony in life.
> >
> > Your point? OE was free, and came installed on my machine (which was
> > important on my 28.8 kbps connection, which I have happily ditched now),
> > it's fast, and actually, OE 6 makes some nice security/privacy
improvements
> > over previous versions, and I can access Hotmail from it, which is a
plus.
> > Actually, if you keep your client patched (which us pretty easy with a
> > couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft
that
> > *also* came conveniently installed as "Windows Update Automatic
Update"),
> > and you have enough common sense not to go double clicking on every
other
> > attachment you receive, OE is just as good as (and usually better than)
many
> > mail clients.
>
> kids these days have no appreciation of just how fast the internet is.
> dude, i was downloading openbsd on a 33k modem only a few months ago... i
dont
> see how your point is very valid. i mean, we're talking about an email
> client here, not an entire operating system. hotmail is as buggy as
outlook
> express, and as for windows updates... well, i can honestly say that i'd
> rather patch windows myself, microsofts "updates" seem to cause more
problems
> than they fix. perhaps outlook express is good. perhaps its not. i just
> found it funny that someone like yourself was actually using the product
given
> its sullied reputation in the security industry.
>
> > I wouldn't be protected against it if the details weren't made public
and
> > fixes made
> > available to me. Just FYI blaming the industry for the proliferation of
> > security info
> > is not a very good way to look at this. Vendors should have written
secure
> > code
> > in the first place, so such vulnerability information would never have
to be
> > distributed.
>
> incorrect. vendors are just human. do produce code that perfect you'd
end
> up paying a whole lot more. my method works better. dont approach the
> whitehat community with your bug. go to the software developers directly.
> and no one else. that is, assuming you want to tell anyone at all...
which
> i dont personally advocate but we have to be realistic here... some ppl
> wont let go of ethics, and i understand that. you're probably a good
> example.
>
> > Let me provide you with a rather incredible piece of information on this
> > subject --
> > the list will *never* be moderated. Plain and simple.
>
> you have said this a number of times. as have other people. its not all
> that incredible. really. in fact i'm starting to wonder if this is the
> only line of defence you whitehats have. to cling to your precious list
> and scream in a whiney voice "we're not leaving". hell, i dont expect
> you to. thats far to simple a solution.
>
> > >glad to see we have another supporter then.
> >
> > I'm not planning on leaving any time soon...
>
> thats the spirit!
> *hands you a pint*
> *takes it back*
> you _are_ old enough to drink in your state, right?
>
> > These "phrack" idiots are spoiled children -- whine about everything,
and
> > act like
> > they have some level of importance in the world by way of a pitiful
attempt
> > to
> > destroy another sign of progress in information security.
>
> you dont read much do you, Matthew. i mean you're not into philosophy or
> sociology a whole lot are you, really. its a shame i dont have more time
> to explain in detail just how much of a difference the PHC will make in
> the long run. i'll try and make some time over the next few days to spell
> it all out for you. stay tuned :)
>
> > You referred to the list (the list *named* "Full-Disclosure", btw) as a
> > middle
> > ground between those in support of Full-Disclosure and those who aren't.
I
> > don't think we would have named such at it is if it were a "middle
ground",
> > correct?
>
> definitions change. discussions on *Full-Disclosure* to date have already
> covered this phenomena. embrace change, Matthew, dont push it away.
>
> > You don't have to be fighting a war to be determined, as is true in this
> > case.
> > I am (don't know about you) determined not to let a bunch of bored,
anti-
> > social losers force this list into moderation.
>
> if that comment is supposed to be directed at me in some way, then i must
> protest. i'm not bored. in fact i'm taking time off work to post here
> so i'd appreciate a bit more respect thanks. and the reason why i am so
> damned anti-social is because i work harder doing what i do than you ever
> will. going *outside* is not something one considers when they're working
> 24hr schedules inside.
>
> > >oh i agree. i'm much prefer to see this list turned into an
anti-whitehat
> > >discussion list. seems like much more of an appropriate place than a
newer
> > >list for sure. i mean, this list is much more known than a list that
> > hasn't
> > >even been created yet. and its audience is probably more likely to be
less
> > >fearful of involving itself, than say, if this list were renamed to
> > "WHITEHAT
> > >HOLOCAUST". dont you agree?
> >
> > You won't have a whole ton of support on that one, I'm afraid...
(definitely
> > not any from me) :-)
>
> and i'm seeing this exemplified how? on the one hand you're saying you're
not
> going to leave... on the other you say you're not going to support the
list...
> i'm getting conflicting messages here, Matthew.
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

fred at the-debaters

Aug 18, 2002, 10:41 PM

Post #11 of 161 (2656 views)
Permalink

Re: (no subject) [In reply to]

sockz at email

Aug 19, 2002, 12:20 AM

Post #12 of 161 (2653 views)
Permalink

Re: (no subject) [In reply to]

----- Original Message -----
From: "M L Lynch [ SotG ]" <fred[at]the-debaters.com>
Date: Mon, 19 Aug 2002 15:38:12 +1000
To: <full-disclosure[at]lists.netsys.com>
Subject: Re: [Full-Disclosure] (no subject)

> If you ever find a major security bug in a major piece of software, such as
> M$ software, approaching the vendor directly does not work. Quite often they
> will just add it to the end of the list of complaints, and might get around
> to it in some future patch... if they feel like it... and if they think the
> security bug you found posses great risk, they still won't fix it till they
> feel like doing it.. instead, they now know who you are... and they take
> subtle yet effective precautions to make sure you don't tell anyone about
> it. I know.

well then thats the company's problem isn't it. in a hypothetical situation like that you should be aiming your complaints not at the lack of a security industry but at the software developers idiotic business practices.

> Atleast if proof of concept is out there, and the risk is publicly known,
> they have some motivation to fix it, and the users of the product can take
> precautions to get around the bug until it is fixed.

not really. if the concept is out there but the vendor isn't going to do anything... then you're posing a greater security risk by having the vulnerability out there aren't you. forcing vendors to fix bugs by threatening to make those bugs public is a poor solution to shoddy workplace practices.

> Anyway, my thoughts.

interesting none the less

> Cheers

likewise
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

fred at the-debaters

Aug 19, 2002, 1:39 AM

Post #13 of 161 (2657 views)
Permalink

Re: (no subject) [In reply to]

"well then thats the company's problem isn't it. in a hypothetical
situation like that you should be aiming your complaints not at the lack of
a security industry but at the software developers idiotic business
practices."

Aye, it is idiotic business practices, but as much as it is the $companies
problem, it is also the users... as they are using the software with the
hole, and they must protect themselves and their clients.

(btw although it was presented in a hypothetical manner, they mentioned
situation has proven itself to be the real case too many times.)

"not really. if the concept is out there but the vendor isn't going to do
anything... then you're posing a greater security risk by having the
vulnerability out there aren't you. forcing vendors to fix bugs by
threatening to make those bugs public is a poor solution to shoddy workplace
practices."

Ok, but if someone like me finds a major security hole in a widely used
system, chances are a great many $kiddles are already aware of the problem,
wether thru self discovery (hehe, yeah right), or thru over hearing
blackhats sharing info.

By releasing the exploit it allows two things,

1) Experience system administrators to devise temporary hacks to work around
the bug until it is properly fixed. (and lets say no one did know about the
exploit, I would lay money an experienced sys-admin could right a correction
hack faster then most $kiddles could figure out how to turn a proof of
concept in to something dangerous... or even compile some of then :p )

2) It gives the $company motivation to fix the problem, where there was no
motivation before... why would a mega-$company fix a bug if in their mind no
one knew about it? they don't care... release info on the bug.. and proof of
concept, and you question their reputation... this will get most $companies
moving.

Anyway, I am dribbling...

Cheers

----- Original Message -----
From: "sockz loves you" <sockz[at]email.com>
To: <full-disclosure[at]lists.netsys.com>
Sent: Monday, August 19, 2002 5:20 PM
Subject: Re: [Full-Disclosure] (no subject)

>
> ----- Original Message -----
> From: "M L Lynch [ SotG ]" <fred[at]the-debaters.com>
> Date: Mon, 19 Aug 2002 15:38:12 +1000
> To: <full-disclosure[at]lists.netsys.com>
> Subject: Re: [Full-Disclosure] (no subject)
>
> > If you ever find a major security bug in a major piece of software, such
as
> > M$ software, approaching the vendor directly does not work. Quite often
they
> > will just add it to the end of the list of complaints, and might get
around
> > to it in some future patch... if they feel like it... and if they think
the
> > security bug you found posses great risk, they still won't fix it till
they
> > feel like doing it.. instead, they now know who you are... and they take
> > subtle yet effective precautions to make sure you don't tell anyone
about
> > it. I know.
>
> well then thats the company's problem isn't it. in a hypothetical
situation like that you should be aiming your complaints not at the lack of
a security industry but at the software developers idiotic business
practices.
>
> > Atleast if proof of concept is out there, and the risk is publicly
known,
> > they have some motivation to fix it, and the users of the product can
take
> > precautions to get around the bug until it is fixed.
>
> not really. if the concept is out there but the vendor isn't going to do
anything... then you're posing a greater security risk by having the
vulnerability out there aren't you. forcing vendors to fix bugs by
threatening to make those bugs public is a poor solution to shoddy workplace
practices.
>
> > Anyway, my thoughts.
>
> interesting none the less
>
> > Cheers
>
> likewise
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

sockz at email

Aug 19, 2002, 3:26 AM

Post #14 of 161 (2651 views)
Permalink

Re: (no subject) [In reply to]

> Aye, it is idiotic business practices, but as much as it is the $companies
> problem, it is also the users... as they are using the software with the
> hole, and they must protect themselves and their clients.

aye? what are you a pirate? i might also point out to the rest of this
list that "fred" is in fact the same pirate as "M L Lynch"... don't want
anyone getting mixed up on that point there.

i dont see how a bug in the user's software is anything that a _user_
should be doing anything about. as i've said time and time again, if you
think you've found a bug in your software, go to the software vendor to
report it... not some open discussion list. if the dudes who make your
software dont want to fix the damned thing THEN CHANGE F*CKING BRANDS!
(where possible)

> Ok, but if someone like me finds a major security hole in a widely used
> system, chances are a great many $kiddles are already aware of the problem,
> wether thru self discovery (hehe, yeah right), or thru over hearing
> blackhats sharing info.

some important notes here:
1. blackhats dont release their exploits to the rest of the community. any
blackhat who does is no more a "hacker" than a whitehat is. just because you
have malicious intent doesn't mean you're not a whitehat. and no, there is
no such thing as a grey hat.

2. like you noted, script kiddies lack the intelligence and skillz to find
their own bugs. they hear about 0-day exploitz through their friends from
school, from "hacking" websites and so-called "hacker zines" which act in
just the same manner as whitehat mailing lists like bugtraq, full disclosure,
or vuln-dev. THIS IS WHERE THESE MORONS GET THEIR ELITE INFO FROM! NOT
THE BLACKHAT COMMUNITY (which advocates exactly the opposite)!

3. SO, if you find a "major security hole" in some piece of software, and
dont know how to fix it yourself, then CONTACT YOUR VENDOR! i mean, dude,
its not that hard a concept to grasp. alternatively you can muster the
intelligence to fix the bug yourself, and then use it to compromise other
people's machines.

> By releasing the exploit it allows two things,
>
> 1) Experience system administrators to devise temporary hacks to work around
> the bug until it is properly fixed. (and lets say no one did know about the
> exploit, I would lay money an experienced sys-admin could right a correction
> hack faster then most $kiddles could figure out how to turn a proof of
> concept in to something dangerous... or even compile some of then :p )

i dont see how this would be any different if you didn't report the bug to
the software developers alone.

> 2) It gives the $company motivation to fix the problem, where there was no
> motivation before... why would a mega-$company fix a bug if in their mind no
> one knew about it? they don't care... release info on the bug.. and proof of
> concept, and you question their reputation... this will get most $companies
> moving.

wow. cuz its like this dude. smaller software companies are worried about
their reputation and larger companies are worried about their investors. any
company that didn't listen to something like that would be down right stupid.
it seems like i'm running around in circles here. i mean, i must have ex-
plained this to you five times in completely different ways. WHERE AM I
LOSING YOU?!

> Anyway, I am dribbling...

thats way to easy...

> Cheers

ah-hoy, matey!
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

coley at linus

Aug 19, 2002, 12:35 PM

Post #15 of 161 (2647 views)
Permalink

Re: (no subject) [In reply to]

>as much as it is the $companies problem, it is also the users... as
>they are using the software with the hole, and they must protect
>themselves and their clients.

And it's ultimately the users who can force vendors to become more
responsive to vulnerability reports. I've heard several major vendors
(not just one) say that the security community is a small part of
their installation base, albeit a vocal one. Even the US government,
while a major consumer, is a small portion of the overall market as I
understand it.

If the above paragraph has a grain of truth, then to me it seems that
one challenge for those who want secure products, is to educate the
general public to (1) ask their vendors for security (and *how* to ask
for security), (2) monitor their vendors with respect to security, and
(3) live with the fact that security by its nature may reduce some of
the functionality. In the short term we have to live with (3), but
good, solid research into "easy-to-use security" could help with
that.

But the question is, how can we get more "Joe Q. Customers" ask for
security, and base their purchasing decisions on it (thereby affecting
the vendors' bottom line)? And who is "we"?

>By releasing the exploit it allows two things,
>
>1) Experience system administrators to devise temporary hacks to work
>around the bug until it is properly fixed.

One difficulty here is when the only "temporary hack" is to completely
disable the service. If you've got a service that's meant for
complete access to the Internet or some other set of non-trusted
computers (say, a web or mail server), you don't necessarily have a
lot of options. It seems reasonable to give the vendor *some*
opportunity to fix the issue before releasing a fully functioning
exploit, not for the sake of the vendor, but for the sake of most
admins.

- Steve

sockz at email

Sep 15, 2002, 10:01 AM

Post #16 of 161 (2647 views)
Permalink

Re: (no subject) [In reply to]

----- Original Message -----
From: silvio[at]big.net.au
Date: Sun, 15 Sep 2002 01:49:55 -0700
To: sockz loves you <sockz[at]email.com>
Subject: Re: [Full-Disclosure] (no subject)

> umm.. hi sockz!

um hi!!!

> just some naive questions, and this is not my profession, so gross
> inaccuracies may be present!

elite

> wasn't the 1998 (?) bombings in iraq a "result of" rejecting un weapons
> inspections?

not really. that may have been an excuse at one stage or another. the truth
is that for the most part the coalition's motivation for the december 1998
attack was 'cloudy'. but one thing is for sure and thats that those weapons
inspectors were NEVER "thrown out" of iraq. they were pulled out by clinton,
prior to desert fox, because he had already planned to bomb iraq again.

technically the US has never stopped bombing iraq either... i was informed a
while back that the coalition bombs iraq at least once every 3 days, i'm not
sure how much this has changed recently though. this is why so many ppl are
dead over there (1.5 million... thats like 1/10 australians). i'm not sure if
that figure includes the deaths from cancer as a result of the estimated
950,000 DU missiles and shells dropped on the nation. or the 300 tons of
depleted uranium dust which has attacked the immune systems of ppl in the area,
and increased the prevalence of some nasty diseases... then there's the death
caused by sanctions against basic sanitary products like household cleaners,
and the shortage of anti-biotics (because there was due speculation that some
anti-biotics labs were being doubled as labs for making biological weapons)...
sanctions that have seriously degraded the quality of life for the iraqi
people, and have done nothing to saddam himself.

> didn't israel refuse at some point for the un to go to jenin (?) this year?

not sure. i think in general israel was unwilling to co-operate with the UN
investigation because it didn't like the team of ppl the UN had put together.
something about anti-terrorism or something. memory: hazy.

> does arafat still have half a building to single handedly control those
> suicide bombers? i think the other half was blown up at some point.

i'm not familiar with this claim at all. what makes you ask?

> Australia btw a few years ago asked the .us to provide military support
> in east timor.. i belive the .us responsed at the time, (paraphrase),
> "we are not the police of the world. local regions must take care of their
> own affairs" (if someone can get the exact quote of this?).

the US was just referring back to the Guam Doctrine. basically the doctrine
said that the united states would no longer rush to the aid of its allies,
unless it directly promotes the interests of america. kinda conflicts with the
whole ANZUS treaty... but you get that. i think clinton puts it best when he
says "I don't believe America or any of the other countries were sufficiently
sensitive in the beginning or for a long time". i dont want to get too nasty
here, so i wont go into the 1975 invasion of east timor, and which nations were
backing it, and why. i tried to find the exact text of clinton's speech, but i
couldn't. i might have a hard copy somewhere, but to be honest, it would take
more effort to find than it would be worth.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

silvio at big

Sep 15, 2002, 3:39 PM

Post #17 of 161 (2647 views)
Permalink

Re: (no subject) [In reply to]

OK.. something technical first.

for execv redirection in kernel backdoors.. sometimes they perform a checksum
on the original image so that when a hacker does mv/rm, and runs the binary,
it doesnt execute anyway :)

well.. obviously patching a binary in trivial ways that have zero effect on
behaviour is possible (you can use /bin/vi).

of course.. run it in gdb also. better yet, attach to it once its up and
running (so a backdoor cant just look at the trace flag, and then run
the original binary).

+++

some more silly questions..

did the .us see much media coverage on the military coup a few years ago
in fiji?

it was a little nutty i'll say.. but there really wasn't involvement by other
countries for this, though it was headline news in .au for a while.

and last i heard, the .us was one of those anti military coup nations (well..
maybe as some sort of ideological statement).

--

this is going to be the most dumbest question i'll almost ever ask I guess

-->

why isnt china on the list of terrorist harboring nations, or part of the
axz of evil?

i tried to do a websearch for it, but i couldnt get past the chinese routers
blocking traffic.

erm.. also.. like south africa. were they a terrorist nation 15 years ago?

no civilian has ever died in china afaik, and the government is very much
pro capitalism and democracy... that which the vietnam war apparently
had its premise based on (i think that nipped it in the bud, before communism
spread).

its ok though.. those afghani women have been liberated triumphantly!

disclaimer.. i am very meek in my political knowledge, but obviously am
interested in such discussion.

--
Silvio

gobbles at hush

Sep 25, 2002, 8:41 PM

Post #18 of 161 (2646 views)
Permalink

Re: (no subject) [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

they say gobbles english bad

wow

On Wed, 25 Sep 2002 18:40:56 -0700 leseulfrog[at]hush.com wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>gobbles[at]hush.com/goobles/phc/etc: Close kisses it. The last time
>where you washed yourselves hair was when the players of football
>at the school pushed your head in bottom of a toilet. the best of
>you can be able to align some shellcode on a pile but cannot even
>appear out way of aligning the buttons on your shirt so that you
>do not release yourselves like slob complete. Turn over and crawl
>under a rock you of the social delays of kisses. Or test harder to
>make me the laughter, like Nuno Fernandes and empirical. They are
>funny. You are not the Full-revelation is a list of mood and any
>actual value outside of that does not have.
>
>engineer/theblackfist memetic: Hakim Bey is a pedophile. The only
>thing
>which enters the TAZ downwards is little boys ass- being violated.
>Is
>Radiohead is music of culture of the consumer, it what people listen
>to when they attack purchase a waistcoat of space space. The club
>of combat is cinema of sloper for the unsatisfactory men who not
>pirn of wire that the homoeroticism turns their crank (or pablum
>simply just of Hollywood for the remainder of us). You are cattle
>slow mobiles who are too much to kiss stupid to realize that the
>shit that you spread yourselves was there is of old man and tired
>ten years. Renes Descartes wrote about the shit in the matrix at
>the 17th century, but I know who do not have the fury against the
>machine on the cyberspeak of Gibsonesque of sound track or daft.
>You do not have the scale of attention to make it longer by anything
>than a booklet in any event.
>
>It must be regrettable of living by an identity for which someone
>else
>developed and suffered. Why don't you obtain your cut balls of a
>blow of scissors as the hulled grain of genesis p-orridge (wants)?
>He is not as you employ them in any event, you them parasitic pubescant
>of jump-culture. You think yourselves order the same memes, but they
>really order you. The full-A remainder of us carried out the human
>beings just must live with saying something which from time to time
>could be honest, sincere or perspicacious.
>
>You obtain to employ the words of others, and because the source
>is a little obscure (obscure as in the majority of the people do
>not may find it beneficial to spend the hour or to type them in the
>google), people think you are an original. Afflicted to break it
>with you, but the Internet is traditional, and since all the shit
>are to you in is catalogued on the Internet, it is traditional too.
>
>prospects for the work of hellnbak: Anonymity is good. It means that
>the current and possible employers cannot seek the shit moronic which
>you said on a list of forwarding. And since everyone on the list
>works in the market of the transferable securities or wants (refuse
>to him the will however), you should all try to obtain anonymity.
>Do you think Steve 'the load that broad' Manzuik never will find
>or to maintain to a work of safety when its cash clerks can right
>outward journey on line and to see it saying the HP to push your
>resume to the top of their ass or to say people it becomes larger
>one time sexually awaked (no matter what it of the means)? Well,
>it is if its employers give on the fact that it is overfed the pig
>which can only eat from the bottom. Although I guess it could always
>strike to the top of the French national company to the down syndrome
>for a work as to the boy of poster of down syndrome.
>
>Sorry for my poor english.
>
>frog-m[at]n
>
>-----BEGIN PGP SIGNATURE-----
>Version: Hush 2.2 (Java)
>Note: This signature can be verified at https://www.hushtools.com/verify
>
>wlsEARECABsFAj2SZhEUHGxlc2V1bGZyb2dAaHVzaC5jb20ACgkQzzaTd3lGYXMYDwCf
>QFtLPmOhfgxbdwYog/1D4pw4IJIAoLx6Na2dxFaVQDIsadn7xnBuq7we
>=zNlo
>-----END PGP SIGNATURE-----
>
>
>
>
>Get your free encrypted email at https://www.hushmail.com
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlgEARECABgFAj2SggkRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56vdTQCePIz5
lKlOH9aLxocWUFivjvjCHegAoL1HvXzDD5oZH2MNjf0JOuuQmZc9
=GETi
-----END PGP SIGNATURE-----

Get your free encrypted email at https://www.hushmail.com

memetic-engineer at australia

Sep 26, 2002, 4:55 AM

Post #19 of 161 (2657 views)
Permalink

Re: (no subject) [In reply to]

>>engineer/theblackfist memetic: Hakim Bey is a pedophile. The only
>>thing
>>which enters the TAZ downwards is little boys ass- being
>>>>>violated.

how clever.
I did not know this.

xrp.(w)-ib m iqr r=k
746266

Regardless of his sickness, TAZ concept is
sound. Actually, I prefer Musashis theories of independant autonomous cores
working in ignorance of one another toward a
common goal.

" the wise man does not discriminate ; he gathers together
all shreds of light, from wherever they may come"
- Aglie

[sic]
>>Radiohead is music of culture of the consumer, it what people listen
>>to when they attack purchase a waistcoat of space space.

You're leaving
The crackle of pigskin
The dust and the screaming
The yuppies networking
The panic, the vomit
The panic, the vomit
- Radiohead "Paranoid Android"

*shrug* I never paid for any of my radiohead.
who gives a fuck? I like them.

>>The club
>>of combat
.

>>is cinema of sloper for the unsatisfactory men who not
>>pirn of wire that the homoeroticism turns their crank (or pablum
>>simply just of Hollywood for the remainder of us). You are cattle
>>slow mobiles who are too much to kiss stupid to realize that the
>>shit that you spread yourselves was there is of old man and tired
>>ten years. Renes Descartes wrote about the shit in the matrix at
>>the 17th century, but I know who do not have the fury against the
>>machine on the cyberspeak of Gibsonesque of sound track or daft.
>>You do not have the scale of attention to make it longer by anything
>>than a booklet in any event.

hahahaha whoa. such spite. sockz ? :)

Im sorry you didn't GET fight club.

I will pray for you on sunday.

Descartes was a push over.

I like Aquinas,Eckhart,Gurdjieff and Aristotles myself.

I would prefer they stay buried where they belong.
We see what fruit the seeds of our collective
forefathers have brought us.isn't it about time
to move forth? Of course we all borrow from
ideals, morality, and principles of people we
have come in contactor read about, but the
ability to pick and choose the patterns you
are engrained with is an actual science B4cK3d
w|7h 50und m47hs. ( See Dawkins or Moritz. )

cunningly apt
no conform nor adapt
remorseful synap-
tic purpose perhaps

- me 2 seconds flat

and what do you know of my scale of attention?
friend
.:.

Today I :

Built a wall and the beginning of a custom home entertainment center with
cool little doo-hickeys like remote controlled extendable drawers
controlled by servo motors for my 60 inch Sony hdtv I own with monies from
backdoored cgi-mail-relay warez
I sell to big-spamming-maggots in, on, and about the www.

FREE YOURSELF FROM CORPORATE MAW OF DEATH BY SELLING YOUR DISDAIN!

Wrote a poem. Did 750 sit-ups 1000 push ups. Practiced 8 point
attack Kali Kata. Wrote a neat little progression on my acoustic guitar
recorded rough draft, started to write some words. read phoenelits' cool
IOS pape/poc. and thing by riq and gera.

What did you do? ( besides uninformedly run your pathetic mouth)
I have action behind my ramblings both on and outside the ether.
What do you do?

>>It must be regrettable of living by an identity for which someone
>>else <<<???????
>>developed and suffered. Why don't you obtain your cut balls of a
>>blow of scissors as the hulled grain of genesis p-orridge >.>>>> (wants)?

What the hell are you talking about? Are you on drugs?

gen was grandad of industrial. He was quirky, I liked him.
He was mentioned in the original v.23 thread.
The original spirit of the thread was for it to be a "viral husk"
meant to grow and propagate. Fell in perfect with the whole thing.

SEE BELOW

>>He is not as you employ them in any event, you them parasitic pubescant
>>of jump-culture. You think yourselves order the same memes, but they
>>really order you. The full-A remainder of us carried out the human
>>beings just must live with saying something which from time to time
>>could be honest, sincere or perspicacious.
>>
>>You obtain to employ the words of others, and because the source
>>is a little obscure (obscure as in the majority of the people do
>>not may find it beneficial to spend the hour or to type them in >>the

Employ the words of others? where? See above you moron. Then look below and
realize the true depth of your stupidity.

NEWSFLASH!!!!!

The whole thing (TBF/Meme156/memetic-engineer) thing was/is/has been a joke
of sorts. The best lies are told with a thread of truth. The fact that
people have taken it so seriously makes me want to submit the whole drama
as a mass pychology study.

If your sense of humour is too underdeveloped to understand this
I cannot help you. Why the fuck do you think it is hosted @ tinfoilhat.org

"Waiter, this food isn't fit for a pig."
"Just a moment, I'll get some that is."

3.5.7 staircase ascent

excuse my superiority

/meme156//

P.S. CR+L is not a sin

This message was sent from http://australia.edu
Check out the new international site at http://australia.edu/international

pauls at utdallas

Oct 3, 2002, 7:26 AM

Post #20 of 161 (2649 views)
Permalink

RE: (no subject) [In reply to]

The chances are extremely good that the IP you're seeing is JAHB (just
another hacked box.)

Paul Schmehl (pauls[at]utdallas.edu)
Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

> -----Original Message-----
> From: full-disclosure-admin[at]lists.netsys.com
> [mailto:full-disclosure-admin[at]lists.netsys.com] On Behalf Of
> Francisco Guerreiro
> Sent: Thursday, October 03, 2002 7:59 AM
> To: full-disclosure[at]lists.netsys.com
> Subject: [Full-Disclosure] (no subject)
>
>
> hi folks..
> I was meddling in a friend's box when I came across a weird
> file in /tmp with apache perms. I thought it was a exploit to
> obtain root since the machine was vuln to the openssl
> problem, but it turned out to be something else. attached I
> send the stuff I found, it's quite self explanatory. I've
> looked at it for a few minutes, it's the slaper code, with
> some comments and a shell script that ghaters info about the
> box and send's it to an email account at yahoo.com . The ip
> that is written on the worm resolves to an adsl acount on
> some ISP, i guess it is somekind of target since it would be
> quite stupid to put your home ip on a worm.

remailer at remailer

Oct 3, 2002, 8:30 AM

Post #21 of 161 (2646 views)
Permalink

RE: (no subject) [In reply to]

Francisco Guerreiro <scent[at]mail.pt> wrote:

>I've looked at it for a few minutes, it's the slaper code, with some
>comments and a shell script

It's just another slapper variant. Seen it in quite a few boxes out
there. Interesting to see: worm war. Release of a worm variant that
would clean infected boxes. Easy to accomplish actually: infect, kill
all procs known to be worm-variants and delete respective files, alert
admin to patch ssl.

euan_briggs at btinternet

Nov 23, 2002, 10:31 AM

Post #22 of 161 (2647 views)
Permalink

Re: (no subject) [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Think about the people you think you know online. This is the only
> hint I will give you. Think about the timing of all of this. Think
> about the new Office of Homeland Security. Think about the $200M+
> SAIC contract with the NSA. Think about the failure of the NIPC,
> and the political reasons (and I mean real politics, not this phony
> blackhat/whitehat stuff) behind shutting down full disclosure,
> consolidating cliques, and inciting new activity in the
> underground. Do real blackhats really act this way? Think about why
> the original progenitors of all this have already left. Think about
> why certain people have been fired, or sent away, or have been
> behaving the way they are to attract attention, your friendship,
> and your trust. Think about why and how certain people have been
> busted, or have disappeared silently. Think about what they have
> told others.

This is a very interesting point indeed. Are these young,
impressionable, idealistic second-generation blackhats vulnerable to
political manipulation? I have already stated that I don't think
their agenda has a positive impact on the real blackhat scene.
Infact, it provides the perfect, visible justification for the
lock-down of the internet and the supression of people who, if they
truly did have malicious intentions, could be a very real and
significant threat to the electronic infrastructure which we now all
depend on. Governments must be jumping with joy at the actions of
PHC, with their heavy handed paranoid legislation etc just waiting
for this kind of justification. You just need to look at the USA
Governments new TIA (total information awareness) plan, to see how
paranoid they have become about the intellectual freedom and
communication that the internet puts in peoples hands. The internet
is an enormous threat to the control the media and governments have
exercised successfully on the population throughout the 20th century,
and threatens to unlock the mental chains which keeps the population
under control of those in power.

The fact that someone kick-started PHC and then seemed to dissapear,
certainly makes me a little suspicious. The fact that their agenda is
actually detrimental to the original blackhat movement also makes me
supicious. The fact that they don't seem to have any real coherent
argument makes me suspicious.

The real blackhat movement is unrepresented, it operates in the
shadows. It doesn't take much for someone to stand up and claim to
represent it, and there is no reason why real blackhats would.

No doubt some of you are now thinking "conspiracy theorist wacko!",
and to you I say check out the following site :
http://www.cointel.org . I am not suggest PHC are government spooks
or whatever, but I think it is entirely feasible that they could have
been unwittingly manipulated by external forces, and this is a
possibility which should not be immediately discounted as paranoia.

In the post 11/09 environment, serious change is afoot and people
need to have their wits about them. You should not be suckered into
thinking that the government doesn't care about the effects of the
internet.

Euan

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPd+7V0P0lBKBG8xoEQI+KQCg53tw4o6zSZ1HFDa0qdnq6iGKLUEAn1Oj
3iKUNuXlPQBKPrxLtOh+z+Dp
=7/pp
-----END PGP SIGNATURE-----

simon at snosoft

Feb 5, 2003, 1:08 PM

Post #23 of 161 (2664 views)
Permalink

Re: (no subject) [In reply to]

Hrm,
When I read this I see the key phrase "for the vulnerable daemon". If a
firewall is forwarding traffic from the internet to an internal system,
to a vulnerable daemon on that system, then file transfers are the least
of your worries.

On Tue, 2003-02-04 at 11:41, bugtraq[at]780inc.com wrote:
> So, really you didnt find a way to bypass every firewall you found a way to
> upload/download files on a remote system. I have seen something like this
> before.
>
> alt
>
> Date: Tue, 4 Feb 2003 01:58:44 -0300
> From: ^Shadown^ <shadown[at]bariloche.com.ar>
> To: full-disclosure[at]lists.netsys.com
> Subject: [Full-Disclosure] re: Global HIGH Security Risk
>
> Dear Folks,
>
> I've set up a server behind a fw (ipchains) without gcc, with a
> vulnerable daemon,
> the fw was set up just to allow the server to go through out by the
> binded daemon
> port only.
> What I did first was just to code an exploit for the vulnerable
> daemon and added a
> simple command sequence to write down to the server an uuencoded
> file using vi
> editor, then uudecode it and un-tar.gz and that way could upload
> binary files
> (which could be tools, sniffers, local exploits, etc). That way I
> could upload
> binary to execute on the remote server. But I've wanted to download
> files too (text
> and binaries) so I've coded a sniffer which listens for a specific
> ID-secuence to
> start/stop dumping to a file. And coded a tool to send the ID-
> secuence and the file
> to the sniffer. All this worked right.
> Then I removed all the programas that could be used as an text
> editor (joe, vim,
> cat, ed, etc), uudecode/uuencode, and compressing file tools.
> And I began to develop a technique which may be apply in any
> exploit code.
> It could be done many ways. Every coder is gonna do it it's own
> way, but I did it
> mine.
> I've coded an exploit with few options -f file_to_upload -s
> spawn_shell.
> The exploit sends diferent encrypted shellcodes depending the
> options.
> A shellcode sends and writes down to /tmp the file which firstly
> was fragmented by
> the exploit to be inserted into the multi shellcode sequence.(-f)
> The other is a standard shellcode.
> As simple as this, so you can upload and download any file type,
> and executed on
> the remote server.
> I think this explains the idea.
> I wish to post the PoC, but don't wanna get in trouble.
> Cheers,
> ^Shadown^
>
> my pgp key:
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: PGPfreeware 5.0i for non-commercial use
>
> mQGiBDewdE4RBADwVP96nauXxbvLNENeZYrvDVF+L59UygAFN5GyUOlMWKLOCJYX
> ETlwkSHdhJ4yK+QXHdT7fVIxFSbUbPA2W1qRg070XGFXZUyd8KzIHRpYXxTfQ4Z9
> T8Gy3Ah/Q3ug7ka1mSv+u0s2TLc/zzpn2avlqHDMe9LnNhb/dQuOyxhqHwCg/1PR
> wkqWQ6VhvOVr/2WLRHAtQk0D/i0FyzXs4kXudugwi3Wa19yXR3NeJrNTRBYH4Ewe
> 1G8OCLSKA2i03h0coU9pnvrqSdmXaH3YveZcFyq8BLLPZR0t8CZOLoim2wn8HuSC
> rfRR+dLdyGic6Yzkz9xlXIpY8lkW0DFfv2dwgRmU3Uw7vFWYc+cKhhNRQXvIOPBE
> b+2LA/0bY6axVCqrgBcIxBdsShQQTCb46koc5/h7p4WuOZJsouhfa/TH2Ao2v5Kg
> zYipelHJt3NG2cX+tVWrlCLI++GMrTDdhfpQnzphXmrY8TdDZdLJnoIo4dZNL4XP
> nxC5J7s6d+gpiT3JU8Z/v7jXxDLAY9OHm58sfLNjA72uJR49NLQkXlNoYWRvd25e
> IDxTaGFkb3duQGJhcmlsb2NoZS5jb20uYXI+iQBOBBARAgAOBQI3sHROBAsDAgEC
> GQEACgkQYbpiyBSkmBV5uACg5vp2HtkVBLb/DZ1vfNor4zkydPYAnAp3713OS/yQ
> uVKqOQEt+KR0uwUKuQINBDewdE4QCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu
> uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89
> PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa
> 8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
> jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
> ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/9ZMU/n
> 2QMvtMWRp+o3N8hJXRMzfBWK/Uuq3+ena8VGrHXyoA/9QTNbTCaJTaEUSqtjRBYn
> SOJlb9cfvlV5uwNFJYLv4ZHDXGv0TwNZbMjYCL4dWZOY/yaKFg0Ut48iOcyL0bPj
> Grn8BrA0odpQXqAhJb7kNlR9iAcQiHzjvbTrF2XwXPknvyhXU5fwl+5LUbaZqNhE
> FAA1sFktniOXgYshPqIGtZfQXdHdKl2Zd/K2cnuIAffFKDiHtlfvH4kLs9h5SlSt
> cZfXodl+TxcEoELI9dke+HmUuJYqVCRN03znfIIUnDVlc5CyZYMlF/bwGAXwcVei
> +1qLyWnJOadmoa6miQBGBBgRAgAGBQI3sHROAAoJEGG6YsgUpJgV/LYAnjQ7sSin
> FSdirJmF4F/DCd/8GisYAKCFkOPu67W5Tug8ixlRKFwBIyEdzg==
> =i8Hu
> -----END PGP PUBLIC KEY BLOCK-----
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
ATD <simon[at]snosoft.com>
Secure Network Operations, Inc.

Attachments:

signature.asc (0.23 KB)

cepacolmax at hushmail

May 21, 2003, 7:08 AM

Post #24 of 161 (2665 views)
Permalink

Re: (no subject) [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmm.
I don't get it - supposed to be a BO, obviously, but seems pointless.
Anyone?

On Wed, 21 May 2003 04:33:51 -0700 huw <trippz[at]overflow.org> wrote:
># MISSING BITMAPZ!HAS BATTERIEZ!SEGMENTS
># CAN BE DIVIDED USING CARRIAGE RETURN (
># \r)DONT BE FOOLED!MURDERER WITH A GUN?
>import sys
>def k():
> buffer = ""
> size = 25000
> while 1:
> h = 0
> o = 0
> if len(buffer) + 1 >= size:
> print "too big"
> sys.stdout.write(buffer)
> break
> k = raw_input("lame> ")
> if k == "print":
> sys.stdout.write(buffer)
> break
> elif k == "plain":
> h = 1
> k = raw_input("file> ")
> elif k == "string":
> t = raw_input("string> ")
> o = 1
> if o != 1:
> g = open(k,"r")
> t = g.read(-1) # REVOLUTIONARY WITH A CAUSE
> g.close()
> for r in t:
> if h == 1:
> buffer += r
> else:
> z = ord(r)
> z = "\\x%x" % z
> buffer += z
>k()
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj7LiD4ACgkQ6muvpb42jIDymACeN44Fpw925ogFirj9yl0NfjA+Zz8A
oIFU+0cbREbOJbsJFT8+5Unt5EnW
=8PG1
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

pauls at utdallas

Jun 27, 2003, 6:11 PM

Post #25 of 161 (2645 views)
Permalink

RE: (no subject) [In reply to]

> -----Original Message-----
> From: ATD [mailto:atd[at]secnetops.com]
> Sent: Friday, June 27, 2003 6:00 PM
> To: full-disclosure[at]lists.netsys.com
> Subject: [Full-Disclosure] (no subject)
>
>
> Guys,
> I'd like to start a thread on IDS solutions and
> systems, both commercial and non.

No need. There's been an ongoing discussion on the topic for over a
month on the focus-ids[at]securityfocus.com list. Just read the archives -
or better yet, subscribe.

Paul Schmehl (pauls[at]utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

1 2 3 4 5 6 7

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com