Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Full-disclosure] Why the IPS product designers
From: "Cor Rosielle" <cor () outpost24 com>
Date: Wed, 2 Jun 2010 08:35:48 +0200

I would say: an host IPS could be considered, even if there is a network
IPS. If it is a wise decision to spent your money or use your hardware for
this, depends from case to case. And I might even add: if someone tells you
different, he must be selling something. 

Regards,
Cor


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-
disclosure-bounces () lists grok org uk] On Behalf Of Srinivas Naik
Sent: dinsdag 1 juni 2010 21:14
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Full-disclosure] Why the IPS product
designers

Mr. Nelson has brought a good point, Host IPS should also be running
even if
there is Nework IPS.

There are Client end Attacks which has got many Evasion techniques and
almost the recent research presents us the proof of such Attacks.
Apart these there exist other exploits/malware which cannot be detected
over
the network.

Regards,
Srinivas Naik (Certified Hacker and Forensic Investigator)
IPS Evaluator
http://groups.google.com/group/nforceit

On Tue, Jun 1, 2010 at 9:16 PM,
<full-disclosure-request () lists grok org uk>wrote:

Send Full-Disclosure mailing list submissions to
       full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
       https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
       full-disclosure-request () lists grok org uk

You can reach the person managing the list at
       full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please
trim your
post appropriately. Thank you.


Today's Topics:

  1. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (Nelson
Brito)
  2. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection
     (Valdis.Kletnieks () vt edu)
  3. DoS vulnerability in Internet Explorer (MustLive)
  4. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (rajendra
prasad)
  5. Re: Why the IPS product designers concentrate     on      server
side
     protection? why they are missing client protection (Cor
Rosielle)
  6. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (Nelson
Brito)
  7. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (Nelson
Brito)
  8. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
  9. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
 10. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (Cor
Rosielle)
 11. Re: DoS vulnerability in Internet Explorer (PsychoBilly)
 12. Re: Why the IPS product designers concentrate on  server side
     protection? why they are missing client protection (Nelson
Brito)
 13. Onapsis Research Labs: Onapsis Bizploit - The opensource ERP
     Penetration Testing framework (Onapsis Research Labs)
 14. Re: The_UT is repenting (T Biehn)


---------------------------------------------------------------------
-

Message: 1
Date: Tue, 1 Jun 2010 08:50:05 -0300
From: Nelson Brito <nbrito () sekure org>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: rajendra prasad <rajendra.palnaty () gmail com>
Cc: "full-disclosure () lists grok org uk"
       <full-disclosure () lists grok org uk>
Message-ID: <E01DF83F-4EB0-4212-8866-76DDB5C3B55B () sekure org>
Content-Type: text/plain;       charset=utf-8;  format=flowed;
delsp=yes

You're missing one point: Host IPS MUST be deployed with any Network
Security (Firewalls os NIPSs).

No security solution/technology is the miracle protection alone, so
that's the reason everybody is talking about defense in depth.

Cheers.

Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/

Please, help me to develop the ENG? SQL Fingerprint? downloading it
from Google Code (http://code.google.com/p/mssqlfp/) or from
Sourceforge (https://sourceforge.net/projects/mssqlfp/).

Sent on an ? iPhone wireless device. Please, forgive any potential
misspellings!

On Jun 1, 2010, at 4:38 AM, rajendra prasad
<rajendra.palnaty () gmail com> wrote:

Hi List,

I am putting my thoughts on this, please share your thoughts,
comments.

Request length is less than the response length.So, processing
small
amount of data is better than of processing bulk data. Response may
have encrypted data. Buffering all the client-server transactions
and validating signatures on them is difficult. Even though
buffered, client data may not be in the plain text. Embedding all
the client encryption/decryption process on the fly is not
possible,
even though ips gathered key values of clients.Most of the client
protection is done by anti-virus. So, concentrating client attacks
at IPS level is not so needed.


Thanks
Rajendra


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



------------------------------

Message: 2
Date: Tue, 01 Jun 2010 08:34:22 -0400
From: Valdis.Kletnieks () vt edu
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: rajendra prasad <rajendra.palnaty () gmail com>
Cc: full-disclosure () lists grok org uk
Message-ID: <14206.1275395662 () localhost>
Content-Type: text/plain; charset="us-ascii"

On Tue, 01 Jun 2010 13:08:32 +0530, rajendra prasad said:

Request length is less than the response length.So, processing
small
amount
of data is better than of processing bulk data. Response may have
encrypted
data. Buffering all the client-server transactions and validating
signatures
on them is difficult.

All of that is total wanking.  The *real* reason why IPS product
designers
concentrate on servers is because hopefully the server end is run by
some
experienced people with a clue, and maybe even hardened to last more
than
35 seconds when a hacker attacks.  Meanwhile, if anybody designed an
IPS
for
the client end, it would just get installed on an end-user PC running
Windows,
where it will have all the issues and work just as well as any other
anti-malware software on an end-user PC.

Oh - and there's also the little detail that a site is more likely to
buy
*one* software license to run on their web server (or whatever),
rather
than
the hassle of buying and administering 10,000 end-user licenses.
 Especially
when an IPS on the client end doesn't actually tell you much about
attacks
against the valuable target (the server) from machines you haven't
installed
the end-user IPS on (like the entire rest of the Internet).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/0896c76b/attachment-0001.bin

------------------------------

Message: 3
Date: Tue, 1 Jun 2010 15:42:58 +0300
From: "MustLive" <mustlive () websecurity com ua>
Subject: [Full-disclosure] DoS vulnerability in Internet Explorer
To: <full-disclosure () lists grok org uk>
Message-ID: <005e01cb0188$162059b0$010000c0 () ml>
Content-Type: text/plain; format=flowed; charset="windows-1251";
       reply-type=response

Hello Full-Disclosure!

I want to warn you about Denial of Service vulnerability in Internet
Explorer. Which I already disclosed at my site in 2008 (at
29.09.2008). But
recently I made new tests concerning this vulnerability, so I decided
to
remind you about it.

I know this vulnerability for a long time - it's well-known DoS in
IE. It
works in IE6 and after release of IE7 I hoped that Microsoft fixed
this
hole
in seventh version of the browser. But as I tested at 29.09.2008, IE7
was
also vulnerable to this attack. And as I tested recently, IE8 is also
vulnerable to this attack.

Also I informed Microsoft at 01.10.2008 about it, but they ignored
and
didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor
in IE8.

That time I published about this vulnerability at SecurityVulns
(http://securityvulns.com/Udocument636.html).

DoS:

Vulnerability concerned with handling by browser of expression in
styles,
which leads to blocking of work of IE.

http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html

Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
previous versions.

To Susan Bradley from Bugtraq:

This is one of those cases, which I told you before, when browser
vendors
ignore to fix DoS holes in their browsers for many years.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua



------------------------------

Message: 4
Date: Tue, 1 Jun 2010 18:28:03 +0530
From: rajendra prasad <rajendra.palnaty () gmail com>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: full-disclosure () lists grok org uk
Message-ID:
       <AANLkTinFeCKoKUNI59k2citWgTJlytqjRiZ8Ze8oM1rp () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hi List,

I have started this discussion with respect to Network IPS.

Thanks
Rajendra

On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad
<rajendra.palnaty () gmail com>wrote:

Hi List,

I am putting my thoughts on this, please share your thoughts,
comments.

Request length is less than the response length.So, processing
small
amount
of data is better than of processing bulk data. Response may have
encrypted
data. Buffering all the client-server transactions and validating
signatures
on them is difficult. Even though buffered, client data may not be
in the
plain text. Embedding all the client encryption/decryption process
on the
fly is not possible, even though ips gathered key values of
clients.Most
of
the client protection is done by anti-virus. So, concentrating
client
attacks at IPS level is not so needed.


Thanks
Rajendra



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/0cb18940/attachment-0001.html

------------------------------

Message: 5
Date: Tue, 1 Jun 2010 14:52:51 +0200
From: "Cor Rosielle" <cor () outpost24 com>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate     on      server side protection? why they are
missing
client
       protection
To: "'Nelson Brito'" <nbrito () sekure org>
Cc: full-disclosure () lists grok org uk
Message-ID: <003001cb0189$5962ddf0$0c2899d0$ () com>
Content-Type: text/plain;       charset="UTF-8"

Nelson,

You're missing one point: Host IPS MUST be deployed with any
Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't use
an host
IPS and no anti Virus either. Still I'm sure my laptop is perfectly
safe.
This is because I do critical thinking about security measures and
don't
copy behavior of others (who often don't think for themselves and
just
copies other peoples behavior). Please note I'm not saying you're not
thinking. If you did some critical thinking and an host IPS is a good
solution for you, then that's OK> It just doesn't mean it is a good
solution
for everybody else and everybody MUST deploy an host IPS.

No security solution/technology is the miracle protection alone,
That's true.

so that's the reason everybody is talking about defense in depth.
Defense in depth is often used for another line of a similar defense
mechanism as the previous already was. Different layers of defense
works
best if the defense mechanism differ. So if you're using anti virus
software
(which gives you an authentication control and an alarm control
according to
the OSSTMM), then an host IDS is not the best additional security
measure
(because this also gives you an authentication and an alarm control).
This would also be a risk decision, but based on facts and the rules
defined in the OSSTMM and not based on some marketing material. You
should
give it a try.

Regards,
Cor Rosielle

w: www.lab106.com



------------------------------

Message: 6
Date: Tue, 1 Jun 2010 10:27:48 -0300
From: Nelson Brito <nbrito () sekure org>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: rajendra prasad <rajendra.palnaty () gmail com>
Cc: "full-disclosure () lists grok org uk"
       <full-disclosure () lists grok org uk>
Message-ID: <76444513-375E-472C-A3CA-8F4A9776EDD4 () sekure org>
Content-Type: text/plain; charset="utf-8"

Okay, but why did you mention AV as a client-side protection?

It leads to a discussion about client-side protection, anyways.

Cheers.

Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/

Please, help me to develop the ENG? SQL Fingerprint? downloading it
from Google Code (http://code.google.com/p/mssqlfp/) or from
Sourceforge (https://sourceforge.net/projects/mssqlfp/).

Sent on an ? iPhone wireless device. Please, forgive any potential
misspellings!

On Jun 1, 2010, at 9:58 AM, rajendra prasad
<rajendra.palnaty () gmail com> wrote:

Hi List,

I have started this discussion with respect to Network IPS.

Thanks
Rajendra

On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <
rajendra.palnaty () gmail com
wrote:
Hi List,

I am putting my thoughts on this, please share your thoughts,
comments.

Request length is less than the response length.So, processing
small
amount of data is better than of processing bulk data. Response may
have encrypted data. Buffering all the client-server transactions
and validating signatures on them is difficult. Even though
buffered, client data may not be in the plain text. Embedding all
the client encryption/decryption process on the fly is not
possible,
even though ips gathered key values of clients.Most of the client
protection is done by anti-virus. So, concentrating client attacks
at IPS level is not so needed.


Thanks
Rajendra



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/d583f90d/attachment-0001.html

------------------------------

Message: 7
Date: Tue, 1 Jun 2010 10:23:31 -0300
From: Nelson Brito <nbrito () sekure org>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: Cor Rosielle <cor () outpost24 com>
Cc: "<full-disclosure () lists grok org uk>"
       <full-disclosure () lists grok org uk>
Message-ID: <6AAECC36-E447-497D-BA87-D7C5EFB18E43 () sekure org>
Content-Type: text/plain;       charset=utf-8;  format=flowed;
delsp=yes

Comments are inline!

Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/

Please, help me to develop the ENG? SQL Fingerprint? downloading it
from Google Code (http://code.google.com/p/mssqlfp/) or from
Sourceforge (https://sourceforge.net/projects/mssqlfp/).

Sent on an ? iPhone wireless device. Please, forgive any potential
misspellings!

On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor () outpost24 com> wrote:

Nelson,

You're missing one point: Host IPS MUST be deployed with any
Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't use
an host IPS and no anti Virus either. Still I'm sure my laptop is
perfectly safe. This is because I do critical thinking about
security measures and don't copy behavior of others (who often
don't
think for themselves and just copies other peoples behavior).
Please
note I'm not saying you're not thinking. If you did some critical
thinking and an host IPS is a good solution for you, then that's
OK>
It just doesn't mean it is a good solution for everybody else and
everybody MUST deploy an host IPS.

That's so 1990! NIPS and/or Firewall just protect you if you're
inside
the "borders"... But, come on. Who doesn't have a laptop nowadays?
So,
multiple protection layers is better than none, anyways.

You have choices when adopting a security posture or, if you prefer,
risk posture. I believe that it's quite difficult and almost
impossible you stay updated with all the threads, due to exponential
growth of them.


No security solution/technology is the miracle protection alone,
That's true.

so that's the reason everybody is talking about defense in depth.
Defense in depth is often used for another line of a similar
defense
mechanism as the previous already was. Different layers of defense
works best if the defense mechanism differ. So if you're using anti
virus software (which gives you an authentication control and an
alarm control according to the OSSTMM), then an host IDS is not the
best additional security measure (because this also gives you an
authentication and an alarm control).

Woowoo.. I cannot agree with you, because AV has nothing to do
protecting end-point against network attacks. AV will alert and
protect only when the thread already reached your end-point. Besides,
there are other layers, such as: buffer overflow protection inside
HIPS. Look that I am not talking abous IDS. 8)

This would also be a risk decision, but based on facts and the
rules
defined in the OSSTMM and not based on some marketing material. You
should give it a try.

It always is a risk decision, and I not basing MHO on any "standard",
that's based on my background... And, AFAIK, nodoby can expect that
users and/or server systems will be able to apply all or any update
in
a huge environment.


Regards,
Cor Rosielle

w: www.lab106.com




------------------------------

Message: 8
Date: Tue, 01 Jun 2010 23:54:33 +1000
From: Laurent Gaffie <laurent.gaffie () gmail com>
Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
To: full-disclosure () lists grok org uk
Message-ID: <4C051119.1010702 () gmail com>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Full-Disclosure!

I want to warn you about a Denial of Service in every browser finaly
!!!

It actually affect every browser with a javascript engine  build in
!!!

Adobe may be vulnerable to !!!!

PoC :

<html>
<head><title>0n0z</title></head>
<body>
<DEFANGED_script type="text/javascript">
for (i=0;i<65535;i++) {
 alert('0n0z mustlive got you, now you're fucked, the only solution
is to restart your browser or be faster than JS !!!');
}
</DEFANGED_script>
</body>
</html>

Greetz to Mustlive () oswap com ua


On 01/06/10 22:42, MustLive wrote:
Hello Full-Disclosure!

I want to warn you about Denial of Service vulnerability in
Internet Explorer. Which I already disclosed at my site in 2008 (at
29.09.2008). But recently I made new tests concerning this
vulnerability, so I decided to remind you about it.

I know this vulnerability for a long time - it's well-known DoS in
IE. It works in IE6 and after release of IE7 I hoped that Microsoft
fixed this
hole
in seventh version of the browser. But as I tested at 29.09.2008,
IE7 was also vulnerable to this attack. And as I tested recently,
IE8 is also vulnerable to this attack.

Also I informed Microsoft at 01.10.2008 about it, but they ignored
and didn't fix it. They didn't fix the hole not in IE6, nor in IE7,
nor in IE8.

That time I published about this vulnerability at SecurityVulns
(http://securityvulns.com/Udocument636.html).

DoS:

Vulnerability concerned with handling by browser of expression in
styles, which leads to blocking of work of IE.

http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html

Vulnerable versions are Internet Explorer 6 (6.0.2900.2180),
Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8
(8.0.7600.16385) and previous versions.

To Susan Bradley from Bugtraq:

This is one of those cases, which I told you before, when browser
vendors ignore to fix DoS holes in their browsers for many years.

Best wishes & regards, MustLive Administrator of Websecurity web
site http://websecurity.com.ua

_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE
7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp
AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB
JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi
A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp
KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd
XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0
l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z
H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK
kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO
llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv
mpMV1kIb911r6Ps4UhGp
=n3v/
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/6908f1f7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x09D391F0.asc
Type: application/pgp-keys
Size: 3130 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/6908f1f7/attachment-0003.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x09D391F0.asc
Type: application/pgp-keys
Size: 3130 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/6908f1f7/attachment-0004.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x09D391F0.asc
Type: application/pgp-keys
Size: 3129 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/6908f1f7/attachment-0005.bin

------------------------------

Message: 9
Date: Wed, 02 Jun 2010 00:00:05 +1000
From: Laurent Gaffie <laurent.gaffie () gmail com>
Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
To: MustLive <mustlive () websecurity com ua>,
       full-disclosure () lists grok org uk
Message-ID: <4C051265.1050207 () gmail com>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry Mustlive,
i understand you need to see this in clear text finaly.
I guess ascii is the best to communicate with you;


Hello Full-Disclosure!

I want to warn you about a Denial of Service in every browser finaly
!!!

It actually affect every browser with a javascript engine  build in
!!!

Adobe may be vulnerable to !!!!

PoC :

<html>
<head><title>0n0z</title></head>
<body>
<DEFANGED_script type="text/javascript">
for (i=0;i<65535;i++) {
alert('0n0z mustlive got you, now you're fucked, the only solution is
to restart your browser or be faster than JS !!!');
}
</DEFANGED_script>
</body>
</html>


Greetz to Mustlive () oswap com ua

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
g+1w9Kvgr12i+aEmD2Me
=v3oL
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x09D391F0.asc
Type: application/pgp-keys
Size: 3129 bytes
Desc: not available
Url :
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100602/47b07336/attachment-0001.bin

------------------------------

Message: 10
Date: Tue, 1 Jun 2010 16:20:10 +0200
From: "Cor Rosielle" <cor () outpost24 com>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: "'Nelson Brito'" <nbrito () sekure org>
Cc: full-disclosure () lists grok org uk
Message-ID: <001b01cb0195$8c21a080$a464e180$ () com>
Content-Type: text/plain;       charset="utf-8"

Nelson,

I put my comments inline as well

Regards, Cor

...snip...
Nelson,

You're missing one point: Host IPS MUST be deployed with any
Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't
use
an host IPS and no anti Virus either. Still I'm sure my laptop is
perfectly safe. This is because I do critical thinking about
security measures and don't copy behavior of others (who often
don't
think for themselves and just copies other peoples behavior).
Please
note I'm not saying you're not thinking. If you did some critical
thinking and an host IPS is a good solution for you, then that's
OK>
It just doesn't mean it is a good solution for everybody else and
everybody MUST deploy an host IPS.

That's so 1990! NIPS and/or Firewall just protect you if you're
inside
the "borders"... But, come on. Who doesn't have a laptop nowadays?
So,
multiple protection layers is better than none, anyways.

Even one layer is better than none :-). Multiple layers are even
better,
especially when they are different types of protection. But applying
security without thinking is bad. Even if you have enough money and
hardware
to spent, you should at least think about the balance between the
amount
security you get and the amount of risk you run when installing
another
piece of software. Then you can decide if it is worth the money or
hardware
you need to spend.

You have choices when adopting a security posture or, if you
prefer,
risk posture. I believe that it's quite difficult and almost
impossible you stay updated with all the threads, due to
exponential
growth of them.
You have a point here. That's why it is better not to base security
on
defenses to known and existing threats alone, but use defense
mechanisms
that protect you both against known and existing threats and against
unknown
and future threats as well. I can't help to mention the OSSTMM again,
because this is pretty much what it is about.

No security solution/technology is the miracle protection alone,
That's true.

so that's the reason everybody is talking about defense in
depth.
Defense in depth is often used for another line of a similar
defense
mechanism as the previous already was. Different layers of
defense
works best if the defense mechanism differ. So if you're using
anti
virus software (which gives you an authentication control and an
alarm control according to the OSSTMM), then an host IDS is not
the
best additional security measure (because this also gives you an
authentication and an alarm control).

Woowoo.. I cannot agree with you, because AV has nothing to do
protecting end-point against network attacks. AV will alert and
protect only when the thread already reached your end-point.
Besides,
there are other layers, such as: buffer overflow protection inside
HIPS. Look that I am not talking abous IDS. 8)
Sure you're right about that. There is a lot of other threats AV
doesn't
protect you to. Just like an IPS doesn't protect you against all
threats.
But that doesn't mean it is a wise decision to install each and every
part
of security software you can get, because software comes with costs
and
risks too. This is true for IPS's too.


This would also be a risk decision, but based on facts and the
rules
defined in the OSSTMM and not based on some marketing material.
You
should give it a try.

It always is a risk decision, and I not basing MHO on any
"standard",
that's based on my background... And, AFAIK, nodoby can expect that
users and/or server systems will be able to apply all or any update
in
a huge environment.


Of course you don't have to agree, but I think it is better to be
critical
about the software you install. And if you don't agree and rather
spend your
money on things that were useful for someone else at another time and
under
different circumstances, then just do that. But I wish you wouldn't
write
that others must (you wrote it even in capitals) deploy an IPS.

Regards,
Cor



------------------------------

Message: 11
Date: Tue, 01 Jun 2010 16:26:37 +0200
From: PsychoBilly <zpamh0l3 () gmail com>
Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
To: fdisclo <full-disclosure () lists grok org uk>
Message-ID: <4C05189D.7050200 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

This had already been published
http://www.pewy.fr/hamster.html

************************  Cluster #[[   Laurent Gaffie   ]] possibly
emitted, @Time [[   01/06/2010 16:00   ]] The Following #String
 **********************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry Mustlive,
i understand you need to see this in clear text finaly.
I guess ascii is the best to communicate with you;


Hello Full-Disclosure!

I want to warn you about a Denial of Service in every browser
finaly !!!

It actually affect every browser with a javascript engine  build in
!!!

Adobe may be vulnerable to !!!!

PoC :

<html>
<head><title>0n0z</title></head>
<body>
<DEFANGED_script type="text/javascript">
for (i=0;i<65535;i++) {
alert('0n0z mustlive got you, now you're fucked, the only solution
is
to restart your browser or be faster than JS !!!');
}
</DEFANGED_script>
</body>
</html>


Greetz to Mustlive () oswap com ua

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
g+1w9Kvgr12i+aEmD2Me
=v3oL
-----END PGP SIGNATURE-----




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



------------------------------

Message: 12
Date: Tue, 1 Jun 2010 11:49:28 -0300
From: Nelson Brito <nbrito () sekure org>
Subject: Re: [Full-disclosure] Why the IPS product designers
       concentrate on  server side protection? why they are missing
client
       protection
To: Cor Rosielle <cor () outpost24 com>
Cc: "<full-disclosure () lists grok org uk>"
       <full-disclosure () lists grok org uk>
Message-ID: <ABDDB41B-4F4E-4A6D-8E75-09DC9ACCFB8E () sekure org>
Content-Type: text/plain;       charset=utf-8;  format=flowed;
delsp=yes

I still keep in capital: anyone MUST deploy Host IPS when adopting
Network IPS. If you don't do so you MUST keep in mind that you are
just approaching some threads, even because Host and Network IPS have
different approaches.

Otherwise you will THINK you're protected... But nobody can guarantee
that.

Regarding the aquisition of those solutions, of course it cannot be
done without a deep looking inside the corporate, but it doesn't mean
you don't have to...

When you decided to aquire a security solution you have to be careful
and have well designed criterias to do so, but, again, it doesn't
mean
you don't have to aquire them.

About the known and unknown threads, I will not enter into this,
because it is kind of a phylosofical discussion.

Cheers.

Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/

Please, help me to develop the ENG? SQL Fingerprint? downloading it
from Google Code (http://code.google.com/p/mssqlfp/) or from
Sourceforge (https://sourceforge.net/projects/mssqlfp/).

Sent on an ? iPhone wireless device. Please, forgive any potential
misspellings!

On Jun 1, 2010, at 11:20 AM, "Cor Rosielle" <cor () outpost24 com>
wrote:

Nelson,

I put my comments inline as well

Regards, Cor

...snip...
Nelson,

You're missing one point: Host IPS MUST be deployed with any
Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't
use
an host IPS and no anti Virus either. Still I'm sure my laptop is
perfectly safe. This is because I do critical thinking about
security measures and don't copy behavior of others (who often
don't
think for themselves and just copies other peoples behavior).
Please
note I'm not saying you're not thinking. If you did some critical
thinking and an host IPS is a good solution for you, then that's
OK>
It just doesn't mean it is a good solution for everybody else and
everybody MUST deploy an host IPS.

That's so 1990! NIPS and/or Firewall just protect you if you're
inside
the "borders"... But, come on. Who doesn't have a laptop nowadays?
So,
multiple protection layers is better than none, anyways.

Even one layer is better than none :-). Multiple layers are even
better, especially when they are different types of protection. But
applying security without thinking is bad. Even if you have enough
money and hardware to spent, you should at least think about the
balance between the amount security you get and the amount of risk
you run when installing another piece of software. Then you can
decide if it is worth the money or hardware you need to spend.

You have choices when adopting a security posture or, if you
prefer,
risk posture. I believe that it's quite difficult and almost
impossible you stay updated with all the threads, due to
exponential
growth of them.
You have a point here. That's why it is better not to base security
on defenses to known and existing threats alone, but use defense
mechanisms that protect you both against known and existing threats
and against unknown and future threats as well. I can't help to
mention the OSSTMM again, because this is pretty much what it is
about.

No security solution/technology is the miracle protection alone,
That's true.

so that's the reason everybody is talking about defense in
depth.
Defense in depth is often used for another line of a similar
defense
mechanism as the previous already was. Different layers of
defense
works best if the defense mechanism differ. So if you're using
anti
virus software (which gives you an authentication control and an
alarm control according to the OSSTMM), then an host IDS is not
the
best additional security measure (because this also gives you an
authentication and an alarm control).

Woowoo.. I cannot agree with you, because AV has nothing to do
protecting end-point against network attacks. AV will alert and
protect only when the thread already reached your end-point.
Besides,
there are other layers, such as: buffer overflow protection inside
HIPS. Look that I am not talking abous IDS. 8)
Sure you're right about that. There is a lot of other threats AV
doesn't protect you to. Just like an IPS doesn't protect you
against
all threats. But that doesn't mean it is a wise decision to install
each and every part of security software you can get, because
software comes with costs and risks too. This is true for IPS's
too.


This would also be a risk decision, but based on facts and the
rules
defined in the OSSTMM and not based on some marketing material.
You
should give it a try.

It always is a risk decision, and I not basing MHO on any
"standard",
that's based on my background... And, AFAIK, nodoby can expect
that
users and/or server systems will be able to apply all or any
update
in
a huge environment.


Of course you don't have to agree, but I think it is better to be
critical about the software you install. And if you don't agree and
rather spend your money on things that were useful for someone else
at another time and under different circumstances, then just do
that. But I wish you wouldn't write that others must (you wrote it
even in capitals) deploy an IPS.

Regards,
Cor




------------------------------

Message: 13
Date: Tue, 01 Jun 2010 11:31:19 -0300
From: Onapsis Research Labs <research () onapsis com>
Subject: [Full-disclosure] Onapsis Research Labs: Onapsis Bizploit -
       The opensource ERP Penetration Testing framework
To: full-disclosure () lists grok org uk
Message-ID: <4C0519B7.8050403 () onapsis com>
Content-Type: text/plain; charset=UTF-8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

We are proud to announce the release of Onapsis Bizploit, the first
opensource ERP Penetration Testing framework.

Presented at the renowned HITB Dubai security conference, Bizploit is
expected to provide the security community with a basic framework to
support
the
discovery, exploration, vulnerability assessment and exploitation of
ERP
systems.

The term "ERP Security" has been so far understood by most of the IT
Security and Auditing industries as a synonym of ?Segregation of
Duties?.
While
this aspect is absolutely important for the overall security of the
Organization's core business platforms, there are many other threats
that
are
still overlooked and imply much higher levels of risk. Onapsis
Bizploit is
designed as an academic proof-of-concept that will help the general
community to illustrate and understand this kind of risks.

Currently Onapsis Bizploit provides all the features available in the
sapyto GPL project, plus several new plugins and connectors focused
in the
security of SAP business platforms. Updates for other popular ERPs
are to
be released in the short term.

Your can download the software freely from http://www.onapsis.com

Best regards,

- --------------------------------------------
The Onapsis Research Labs Team

Onapsis S.R.L
Email: research () onapsis com
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc
- --------------------------------------------




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkwFGLQACgkQz3i6WNVBcDVp7wCgktzu7vYVXTBnE9DM5GPYAnGx
OjAAn0uVawK36FZMP9DFYye3XX56CN1v
=80ir
-----END PGP SIGNATURE-----



------------------------------

Message: 14
Date: Tue, 1 Jun 2010 11:46:26 -0400
From: T Biehn <tbiehn () gmail com>
Subject: Re: [Full-disclosure] The_UT is repenting
To: Anders Klixbull <akl () experian dk>
Cc: full-disclosure () lists grok org uk
Message-ID:
       <AANLkTimnEwv9Zy-QYvJ2qn5UxYBEFh3cI0_6tv4TgUX7 () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

I don't think UT is anyone's 'boy toy.' The guy is massive.

I'm sure he'll meet all kinds of experienced scam artists and
criminals and
learn all sorts of neat things for use when he gets out.

-Travis

On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull <akl () experian dk>
wrote:

I'm so sorry that your friend was retarded enough to get busted.
And thank you for the archive!
It's always nice to have a personal librarian :)
You may be sorry for the repeat material, but please go suck a
lemon.
Thanks.

-----Oprindelig meddelelse-----
Fra: ghost [mailto:ghosts () gmail com]
Sendt: 1. juni 2010 11:35
Til: Anders Klixbull
Cc: full-disclosure () lists grok org uk
Emne: Re: [Full-disclosure] The_UT is repenting

Anders - i'm very sorry, you must of confused this mailing list
with
astalavista forums. Please go away... or kill yourself, whichever
you
prefer...... and in the interest of full-disclosure, I have my
fingers
crossed for the latter :)

Thanks.



---------------------------------------------------------------------
--------------------

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Please stop stating the obvious. Keep in mind that to us your
useless
replies are of no importance.

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
But their website graphics is super cool!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
we care we really do From fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
take a chill pill wigger

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
shut the fuck up From fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
then you gadi and n3td3v should jump off a cliff

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Apology not accepted! Alcohol is required!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
) If im ever near there i will look you up! Cheers

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Thinking a little highly of yourself arent you? Saving the world
lol
lol lol Keep your moronic comics to yourself please

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
0day pictures of Mark's mom for sale From
fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Keep your talentless tripe to yourself

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
You're obviously retarded

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
You forgot to include MiniMySqlat0r01.jar in your zip file..

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
???? ????????!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Free 0day for all!!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Fuck the vendors put them on FD

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Go suck a lemon bitch

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
The hardcore cockgobbler scene of scotland

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
TEH TXT FIEL FORMATTING SI TEH FUCKED From
fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Religion is nothing more than mental crutches for weakminded people

Message Results

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
But isnt that where you feel most at home brother n3td3v?

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Because we are drawn to you like moths to a flame

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
It's safe to assume that it covers the both of you ignorant turds

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Nice teenspeak maybe your mother can invite n3td3v over to hot
cocoa
and cookies?

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
removing anyone is pointless From fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Project chroma project? Welcome to the redundancy department of
redundancy.. Mike c aka n3td3v shut the fuck up

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
retardo

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Are you smoking crack?

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Helol n3td3v

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
go suck a lemon From fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
OH MY GOD I DONT KNOW BUT DO WE REALLY CARE???? their site was
always
a crappy piece of shit

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
He's too busy living the good life in a cardboard box in hobotown
to
answer ) Vi hj?lper dig til at tr?ffe bedre beslutninger. Vi
tilbyder
analyse og informationsservices der ?ger salget m?lretter
markedsf?ringen og reducerer risikoen for ta...

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
GO SUCK A LEMON

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
And pigs eat bananas with their ears

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
he's the wino on the corner sucking your lemon

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
I heard he ch0ked on a lemon

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Taunting other people's english skills work better when your own
english isn't broken )

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
So youre whining about a 4 year old post? lol and who uses an
exploit
without changing the shellcode anyway

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Wow such depth! Such insight! WOW

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
you need to get a job you no good for nothing lazy bum From
fulldisclosurebounces () list   


Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
seems to be cropping in? as far as know rainbow tables has been
around
for years...

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
lol they have been useful for years son just because YOU never
found a
use for them doesn't mean noone else has

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
you'd like to gobble that sausage wouldn't you From
fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
callate la boca carajo. que la chupes y que la sigas chupando From
Rosa Maria Gonzalez Pereira

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
yes the correct answer is 'cheese' From
fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
you obviously misunderstood since every geek on the planet knows
that
the answer in numeric form is 42!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Shut up weev Take your fake panama bank accounts and put them where
the sun don't shine If you can fit it in while you have that
aircraft
carrier up there

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Andrew/weev is an amateur troll He has ridden other peoples fame
more
than
once

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Nobody cares about a homeless bum Move along

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Learn how to blow old men and live on their couches

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
Thank you shawarma! From fulldisclosurebounces () list   

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
He never said anything profound 140 characters or not

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
bohooo stop crying he can disclose bugs when he feels like it if
you
dont like that then go suck a lemon

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
lol look who's talking about being professional yeah sure because
klixbull is such a russian name right? and oh yeah my email address
also ends in .ua julian its time to stop gobbling that cock and
shut
the fuck up

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
why does it hurt when you suck lemons? does your teeth gets fucked
up
when you smoke cock all day?

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
yeah sure.. you junkies are alle the same you suck dicks for
cheeseburgers and crack

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
dad? is that you? mom says to stop blowing off strangers for free
and
bring home some money!

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
But aren't gnaa retired anyway?

Re:
by Anders Klixbull in full-disclosure () lists grok org uk (31613
messages)
lol seems to be? you should know better than "seems" since your
email
is in the gnaa ascii


On Tue, Jun 1, 2010 at 1:28 AM, Anders Klixbull <akl () experian dk>
wrote:
Wouldn't you if you were bubba's boytoy in the can?





Fra: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] P? vegne af
PsychoBilly
Sendt: 1. juni 2010 10:21
Til: full-disclosure () lists grok org uk
Emne: [Full-disclosure] The_UT is repenting



http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C

http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=
on
http://pastebin.com/f6fd606da
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20100601/37bc81bd/attachment.html

------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 64, Issue 3
**********************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault