Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Steam defaced
From: xD 0x41 <secn3t () gmail com>
Date: Fri, 11 Nov 2011 23:03:58 +1100

Hi!
Hrm, well, i guess the best thing then is to maybe re tell them abit
about it... maybe I should try adding in a report of report :s , as Im
a amazon user, and, it is so big, that somany could be affected for
nothing, and really, i am free user so, id loose nothing but, i know
my family, has used it for simply books etc...wich, makes me abit
paranoid with it.. but, I am sorry, i did not take enough time to
read, i was busy, and just saw abit of a laugh at first,without
real;ly seeing why :s
i can say sorry, and will, and hope that Amazon is bloody listening this time!
if not, we can make them :)
i know, that it should be rep[aired, if it is not secure,and best way,
is always thru discussion and bringing it to places like here to
scrutinise..so infact, we prettymuch, agree on this, and then have
more power with amazon, as there is then 2 minds on it.. and, this
would then be hard to ignore, as, only more people would just
privately add theyre own comments im sure, as users that is..(if
users0..
I will try to get anything within the system, fixed, so, maybe i
should be writing less emails when i am not feeling well :s.
I apologise for my rudeness earlier... i was, and have had, a bad
day... a blown box, (my best box..) amongst other things :s... anyhow,
I do wish only best for amazon, so, any infos on this, and, oonn the
earlier reports etc and how they then handled it, i guess is what ill
be looking for.
i seem to have a good rapport with the staff there, and, they have
done me many favors, so, i could always try to speak to them to :s
i guess every words count...whe it comes to matters where, one voice
just, does not ring thru enough... and, they are so buig, you could
just get one lazy ass admin who doesnt want to patch...and, it would
take then, persistence...
So, if this is the case and, your being ignored, we could easily solve that..
I will ead more on this and your links when i wake... i am now in
sleepy land, and , already half asleep..so, all i say is, sorry for
the misunderstanding, i am abit of an arsehole at time :s but feel
free to kick my butt back :P
hehe.
take care, and thanks, for being a good spotrt.
if you code, pleae feel free to join my competition...and, with that,
every donation received by my non profit website, would be shown, as
going directly back into competition prizes/hosting. This would be
shown, and, i guess it would proove to be very bad, if i werent keepin
that word.. but, i have, and will uphold this... and, am forking out
the prize (yes a nice Kindle Pad from amazon), the newer models, are
very very nice, but, it will be even newer by the first draw... so, i
implore people with the extra bux, to read how to donate1 and, this
way, i would happilym, run 250-300bux code prizes, ona  very regular
basis.
Thankyou to those who are already participating, feel free to register
or email me about it, and, i will add you in...

now taking, skilled coders/pocs,and for more indepth rules, regarding
how it will be judged and what will be judged as materials..well, you
may want to speak to me or my staff about this, but, it basically is ,
all for the coders.
as it was, always before it was 'popular'..
cheers!

xd-- @ #HaxNET,#HaxSHELLS () EFNET

http://crazycoders.com/2011/11/craziest-coders-ever-and-links/
<------------ COMPETITION,But for indepth rules and judging,please ask
me, orill maybe add that into the online space in next day..but
basically d0s is not in, 0days are not what makes the prize and coding
skills will be judged,
Coding Styles/Methods used/Originality/Unique-exploitation vectors,
uses of methods wich are uncommon or, different and ofcourse simply
writing the better codes
Nomatter what the overflow, all stack based will be ofcourse, judged
more indepth,aswith simply a GOOD PC wich, covers all elements of the
PoC details, only 2010-2011 will be judged, since, we are NOT in 2009
anymore.
Hope this will bring some people fun and, all donates will be saton,
tomakesure theyre NOT illegit,so dont even waste time if your a carder
:)






On 11 Noember 2011 22:32, Sam Johnston <samj () samj net> wrote:
On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 <secn3t () gmail com> wrote:

about the clouds, dude, i found the whole attacking of amazon as rude,

So did I, which is why I came to Amazon's defense in pointing out that
those in glass houses shouldn't be throwing stones. The company
(Enomaly) abusing Amazon over a complex SAML XML digsig
vulnerability[1] was/is still using a trivial vulnerable signature
mechanism in their own products that Amazon had fixed years ago[2],
among other issues which I had reported 6+ months earlier (not
validating requests, passing prices to clients in hidden form fields,
etc). Their security response is also appalling[3].

and shit, so, as i said before, your a lamer. and, just stfu and wear
it, thats MY opinion i did not say the whole list has to follow
shithead.

stfu and ride your magical carpet thru the clouds... :P~
to the others who find cloud bs amusing, or ripping or fucking with
amazon as amusing, go read what your kids are buying shit from.. then
maybe you would see, some places, you do not fuck with, you ttreat
with respect, because they sometimes wont affect you directly, but
oneday, it wmay well do this, thanks to your silly exploits on things
that should not be used like this, features manipulated into
exploits...shit, you should not be disclosing shit with amazon, on Fd,
fullstop.
If you cannot see my view then, your just as stupid as i have thought.
now go play with your cloud formations, and upload some f1les to s0m3
l33t 4p4ch3 s3rv3r kid.

eh sorry henri and others, but i had to just get that out to, about
cloud/sploitcloud... it is fkn ridicuoud...asking for trouble, people
like that should get knocks on the door, simply to be put into a
mnental home for theyre own good.

Sorry for the confusion but that's not at all what I said[4]. No harm
done — others replied off list to say they found it amusing. Anyway I
have a credit card to go cancel (per the subject of this thread).

Sam

1. http://www.theregister.co.uk/2011/11/01/amazon_downplays_cloud_crypto_flaw/
2. http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html
3. http://samj.net/2011/11/how-not-to-respond-to-vulnerability.html
4. http://samj.net/2011/10/sploitcloud.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault