Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Facebook seems to think my Arch Linux box has malware on it
From: GloW - XD <doomxd () gmail com>
Date: Sat, 21 Jan 2012 10:42:12 +1100

ya just cant please em all on here :P


On 21 January 2012 10:24, Gage Bystrom <themadichib0d () gmail com> wrote:
Well I apologize if you consider a 'dns lookup' to be a buzz word. I also
apologize if you are incapable of understanding intent without it being
spelled out for you that I was stating what I would do if I had seen that
and I suggest he do something similar.

What's your problem with me being specific instead of being vague about the
steps? The difference between your idiotic "Hollywood" script and what I
actually said is that I put an ounce of thought into mine. If you have a
problem with that I said then explain what's wrong with it instead of going
about with an ad hominem fallacy.

Speaking of contribution what the hell are you contributing with all of
this? I gave some 'trite advice' as to what he could do and I framed it as
what I would have done. What's so bad about that? If you can do nothing but
bitch about how my advice and my phrasing makes me a horrible person than
you might as well move on. I certainly know that's what I intend to do. Oh
wait, you have a problem with people stating what they would do in a given
situation, I'm sorry. I'll try to be more considerate next time.

On Jan 20, 2012 3:10 PM, "James Condron" <james () zero-internet org uk> wrote:

Yeah, you really weren't, you were telling us how you would have handled
it, with all the buzzwords and terms you could have thought of.

Hell, I'm surprised you didn't manage to get the word 'synergy' in there.

" I would do a dns lookup and then compare those results to that of a
public web service, and save the links for the AVs to check if they have any
malicious history associated with them."

Reads like s bad Hollywood script

"First I would ping the phone number and see if I could telnet to the
ICMP, then get the PTR of the MAC address and use an ARP overflow and spoof
the TTL of the Window Size and..." (etc. etc.)

What are you suggesting; take a look at where the request is coming from
and make a decision based on that whether the software is being punted by
facebook or a third party?

Fine- just say that; make your suggestion and get on with your life. Its a
little trite as advice goes, but if thats all you can contribute then go for
it.

Coming in with your Marky-Mark talk of "First I'd get the first hijacker
and use his head to kill the second hijacker and then I'd be all like 'yeah,
lets land the plane here- let me drive'" is not very helpful

On 20 Jan 2012, at 22:37, Gage Bystrom wrote:

What the hell are you talking about? I was just giving some advice on
how he could check if it was legit or not if it happens again.

What crawled up your ass and died this morning?

On Jan 20, 2012 2:21 PM, <james () zero-internet org uk> wrote:
You should tell us what you would have done had you been on one of the
hijacked sept 11 planes.

Bet things would have gone down different then, amiright?

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Gage Bystrom <themadichib0d () gmail com>
Sender: full-disclosure-bounces () lists grok org uk
Date: Fri, 20 Jan 2012 13:29:01
To: Wesley Kerfoot<wjak56 () gmail com>;
full-disclosure () lists grok org uk<full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Facebook seems to think my Arch Linux box
has
 malware on it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault