OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] I know gadi personally

From: Juan Fernandez (juanbabigmail.com)
Date: Sat Sep 22 2007 - 22:14:42 CDT


I know who is gadi, we took a cissp course in tel aviv israel, he is a fat
and ugly guy that thinks that he knows about security and he is the one that
invented it ! everyone hated gadi in the course he is the kind of guy that
dont have friends.cause he thinks that he is sooo smart !!! but the truth is
that he didnt made a single pen test in his entire life !!

yes gadi its me Juan, the guy that passed the cissp exam when you even didnt
has the bolls to come to the exam !

On 9/22/07, full-disclosure-requestlists.grok.org.uk <
full-disclosure-requestlists.grok.org.uk> wrote:
>
> Send Full-Disclosure mailing list submissions to
> full-disclosurelists.grok.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> full-disclosure-requestlists.grok.org.uk
>
> You can reach the person managing the list at
> full-disclosure-ownerlists.grok.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim
> your post appropriately. Thank you.
>
>
> Today's Topics:
>
> 1. Gadi Evron strikes again (worried security)
> 2. EEYE: Multiple Vulnerabilities in CA ARCserve for Laptops &
> Desktops (eEye Advisories)
> 3. Re: Gadi Evron strikes again (Richard Golodner)
> 4. Re: Gadi Evron strikes again (gjgoweytmo.blackberry.net)
> 5. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Dave Korn)
> 6. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Jimby Sharp)
> 7. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Kristian Erik Hermansen)
> 8. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Jimby Sharp)
> 9. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Jimby Sharp)
> 10. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Leif Ericksen)
> 11. Re: [Dailydave] Hacking software is lame -- try medical
> research... (Fabrizio)
> 12. Re: Security contact in at&t (Randal T. Rioux)
> 13. Greek Web Election System Sucks - Remote File Inclusion?
> (George Papandreou)
> 14. Re: 0day: PDF pwns Windows (silky)
> 15. Re: Greek Web Election System Sucks - Remote File Inclusion?
> (Slythers Bro)
> 16. Re: Keep Gadi Evron off Bugtraq (worried security)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 22 Sep 2007 14:10:49 +0100
> From: "worried security" <worriedsecuritygooglemail.com>
> Subject: [Full-disclosure] Gadi Evron strikes again
> To: full-disclosurelists.grok.org.uk
> Message-ID:
> <67ea64530709220610n1070c845ub4c9b5c546025bcemail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Who seen Gadi Evron on the mailing lists trolling about what a 0day is and
> what a 0day isn't, in the middle of a serious disclosure about a PDF flaw?
>
> Hilarious.
>
> Well, just incase you missed it, here it is again...
>
> http://seclists.org/bugtraq/2007/Sep/0229.html
>
> And this guy wants to be a high profile guy at the forefront of
> information
> security discussion?
>
> lolzers.
>
> Script kiddos unite behind the big man Evron.
>
> He leads, where the rest of us follow.
>
> And he comes on the lists complaining people are mimicing his e-mail
> addresses and calling him a dick. *I wonder why?*
>
> Its funny, he strongly keeps an eye on Funsec mailing list and keeps
> everyone in check,Yet, he has a total disregard for "quality control" else
> where, especially on Bugtraq!!!!!!!!
>
> My question is "Who is Gadi Evron?".
>
> This guy you would think would add something special to a discussion, but
> he
> doesn't, and you know what I know his excuse is? He is keeping his
> knowledge
> secret so bad guys can't learn from his knowledge.
>
> lolzers Gadi Evron.
>
> The truth is, Gadi just wants to make sure his name and e-mail address is
> in
> every major flaw disclosure, no matter how lame the comment is, just as
> long
> as his name and e-mail is in high profile disclosures, then Gadi Evron can
> sleep at night.
>
> Thanks Gadi!!! My hero.
>
> Bugtraq is moderated for a reason, so Bugtraq moderators, start moderating
> it!!! Symantec arsewipes.
>
> Securityfocus, no really, why are you allowing Gadi Evron troll on such a
> high profile respected moderated list? Gadi's comment mentioned above was
> a
> true breach of the rules, so start moderating his comments more in future.
>
> Leave the trolling for F-D Gadi, Bugtraq readers don't want to see your
> shit
> in future, and Bugtraq moderators, actually read what Gadi Evron is
> posting
> in future, instead of just reading the name and sender and approving the
> message without actually reading the body.
>
> *Oh its Gadi, its automatically approved*
>
> Lets look at Bugtraq's description:
>
> "BugTraq is a full disclosure moderated mailing list for the *detailed*
> discussion and announcement of computer security vulnerabilities: what
> they
> are, how to exploit them, and how to fix them. "
> http://www.securityfocus.com/archive/1/description#0.1.1
>
> lolzers, Bugtraq moderators don't read thier own shit or inforce it!
>
> Someone snip a bit of that description that gives Gadi right of way to
> troll
> on Bugtraq in the middle of serious flaw disclosures!!!!!
>
> Gadi, seriously f**king learn about the stuff you read , so you can
> actually
> input into the threads and help with the topic infront of you, instead of
> random off-topic messages about what defines a 0-day and what doesn't.
>
> Why didn't you start your own thread on Bugtraq about "what is a 0-day?",
> because they wouldn't let you!!!! Instead you sneak your shit into high
> profile threads, to get a name for yourself.
>
> Your conversation, as always Gadi, is best suited for Full-Disclosure or
> security-basics, so get the f*** off Bugtraq you idiot.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070922/6aeaba2a/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Fri, 21 Sep 2007 12:57:07 -0700
> From: "eEye Advisories" <eEyeAdvisorieseeye.com>
> Subject: [Full-disclosure] EEYE: Multiple Vulnerabilities in CA
> ARCserve for Laptops & Desktops
> To: <Full-Disclosurelists.grok.org.uk>
> Message-ID:
> <
> D52FCFAE57472647956CBAEDC08DA5530183641Fav-mail01.corp.int-eeye.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops
>
> Release Date:
> September 20, 2007
>
> Date Reported:
> June 5, 2007
>
> Severity:
> High (Remote Code Execution)
>
> Vendor:
> Computer Associates (CA)
>
> Systems Affected:
> CA ARCserve Backup for Laptops and Desktops r11.5
> CA ARCserve Backup for Laptops and Desktops r11.1 SP2
> CA ARCserve Backup for Laptops and Desktops r11.1 SP1
> CA ARCserve Backup for Laptops and Desktops r11.1
> CA ARCserve Backup for Laptops and Desktops r11.0
> CA ARCserve Backup for Laptops and Desktops r4.0
> CA Desktop Management Suite 11.2
> CA Desktop Management Suite 11.1
> CA Desktop Management Suite 11.0
> CA Protection Suites r2
>
> Overview:
> eEye Digital Security has discovered multiple vulnerabilities within CA
> ARCserve for Laptops & Desktops (L&D), an enterprise-level backup
> software suite designed for workstations. The vulnerabilities can be
> utilized by an attacker to execute arbitrary code on a remote system
> anonymously over TCP/1900.
>
>
> Technical Details:
> ARCserve L&D uses TCP/1900 as its "RPC" interface to manage ARCserve L&D
> servers. An example of sample benign traffic follows:
>
> 0000000027rxrLogin~~administrator
> ---------------------------------------------
> Field 1: 10-digit base10 command length field ("0000000027")
> Field 2: RPC command ("rxrLogin")
> Field 3: Constant Argument Delimiter ("~~")
> Field 4: Argument ("administrator")
>
> Vulnerability #1: Authentication Username Overflow
> A stack-based buffer overflow exists within the authentication portion
> of rxRPC.dll which is accessible via TCP/1900. A sample legitimate
> authentication packet resembles the following:
>
> 0000000013rxrLogin~~administrator
>
> The single argument ("administrator") is copied into a buffer size of
> 0x1AC on the stack using wsprintfW, however no string length checks are
> performed. By sending an overly long username as part of the first
> authentication request, an exploitable condition is reached.
>
>
> Vulnerability 2: Authentication Password Overflow
> Another stack-based buffer overflow exists within the authentication
> portion of rxRPC.dll which is accessible via TCP/1900. A sample
> legitimate authentication request with a password resembles the
> following:
>
> 1: 0000000030rxrLogin~~administrator~~0000200
> 2: MyPasswordIs1234
>
> The second argument of the first rxrLogin request defines the length of
> the password that will be sent in the following request. Although this
> does verify that the length of the password string in the second request
> is the correct length, there is no bounds checking on the potential
> length of a password. If a long password length is specified, along
> with a long password delivered in the second request, the long password
> will overflow a stack-based buffer used for the destination of the
> password string, causing an exploitable condition.
>
>
> Vulnerability #3: Authentication Password Integer Overflow
> Another stack-based overflow exists within the authentication portion of
> rxRPC.dll which is accessible via TCP/1900. A sample legitimate
> authentication request with a useless password resembles the following:
>
> 1: 0000000030rxrLogin~~administrator~~18
> 2: 000000000000000000
>
> The encrypted password is virtually useless as a password. However,
> surprisingly, it does offer access to an exploitable condition:
>
> .text: 00231F24 mov cl, [esi+8]
> .text: 00231F27 and ecx, 0x0F
> .text: 00231F2A add esp, 8
> .text: 00231F2D dec ecx ; XXXX Integer Overflow If ECX
> = 0
> .text: 00231F2E mov [esp+0x7C+var_6C], eax
> .text: 00231F32 mov dwPasswordCopyLength, ecx
> .text: 00231F38 mov eax, ecx
> .text: 00231F3A lea esi, [esp+0x7C+var_6C]
> .text: 00231F3E mov edi, ebx
> .text: 00231F40 shr ecx, 2
> .text: 00231F43 rep movs ; XXXX EXCEPTION: HITS PAGE
> BOUNDARY XXXX
>
> The data in the source buffer contains a lot of uncontrollable data.
> However, a copy of the username also exists within the source buffer, so
> this can be utilized to overwrite the exception handler if a long
> username is specified in the original packet.
>
>
> Vulnerability #4: Arbitrary File Upload
> An arbitrary file upload vulnerability exists within unauthenticated
> communication with rxRPC.dll, accessible via TCP/1900. A sample file
> upload request resembles the following:
>
> 1:
> 0000000056rxrReceiveFileFromServer~~8~~test1234.txt~~4~~3675727989
> 2: 0000000031~~<file_contents>
>
> The first parameter of the request specifies the sub-command of
> rxrReceiveFileFromServer. The number "8" specifies that a file will be
> uploaded to the ARCserve L&D installation directory. The second
> argument specifies the file destination name. The third argument
> specifies the length of the destination file. The fifth argument
> specifies the CRC32 hash of the incoming file.
>
> rxRPC.dll however does not protect against directory traversals via
> sub-function "8". So, by using "..\" within the filename, an arbitrary
> file can be written to an arbitrary directory using SYSTEM-level
> privileges. To foster immediate exploitability, ARCserve L&D's
> "security.dll" can be overwritten using this "functionality", and can
> then be immediately loaded into memory by calling another rxrLogin
> request, which would now inject the potentially-malicious "security.dll"
> into the ARCserve L&D process.
>
>
> Vulnerability #5: 8 Similar Buffer Overflows
> Buffer overflow vulnerabilities exist within 8 other functions
> accessible remotely via TCP/1900. For brevity's sake, exploitable
> samples follow:
>
> rxsUseLicenseIni~~<overflow>
> rxsLicGetSiteId~~<overflow>
> rxsGetLogFileNames~~<overflow>~~40000
> rxsGetBackupLog~~aa~~<overflow>~~40000
> rxsBackupComplete~~aa~~aa~~aa~~<overflow>~~aa
> rxsSetDataGrowthScheduleAndFilter~~aa~~aa~~aa~~aa~~<overflow>
> rxsSetDefaultConfigName~~<overflow>
>
> rxrSetMessageLogSettings~~65~~45~~79~~65~~<overflow>~~52~65~73~65~61~72~
> 63~68~21
>
>
> The only form of mitigation for these vulnerabilities is to disable
> TCP/1900 at the host-level, or to uninstall ARCserve L&D server
> installations.
>
>
> Protection:
> Blink - Unified Client Security has proactively protected from these
> vulnerabilities since their discovery.
> Retina - Network Security Scanner has been updated to identify these
> vulnerabilities.
>
> Vendor Status:
> Computer Associates released patches for these vulnerabilities. These
> patches are available here:
> http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcserveb
> ld-securitynotice.asp.
>
> Credit:
> Matt Oh, Andre Derek Protas, Yuji Ukai
>
> Related Links:
> Preview - Advanced Security Intelligence - http://www.eeye.com/preview
> Retina - Network Security Scanner - Free Trial:
> http://www.eeye.com/html/products/retina/download/index.html
> Blink - Unified Client Security Personal - Free For Home Use:
> http://www.eeye.com/html/products/blink/personal/download/index.html
> Blink - Unified Client Security Professional - Free Trial:
> http://www.eeye.com/html/products/blink/download/index.html
>
> Greetings:
> Matt: Bugtruck subscribers
> Andre: GLin, Maif, SuperSoederBros, TheClaw, TheBear, DragonKick, Hugo's
> Drawers, Moti, Rolf, and the many eEye Ninjas Past ^ Present Keeping It
> Real
> Yuji: fourteenfourty.jp
>
> Copyright (c) 1998-2007 eEye Digital Security
> Permission is hereby granted for the redistribution of this alert
> electronically. It is not to be edited in any way without express
> consent of eEye. If you wish to reprint the whole or any part of this
> alert in any other medium excluding electronic medium, please email
> alerteEye.com for permission.
>
> Disclaimer
> The information within this paper may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are no warranties, implied or express, with regard to this
> information. In no event shall the author be liable for any direct or
> indirect damages whatsoever arising out of or in connection with the use
> or spread of this information. Any use of this information is at the
> user's own risk.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 22 Sep 2007 11:33:10 -0400
> From: "Richard Golodner" <rgolodnerinfratection.com>
> Subject: Re: [Full-disclosure] Gadi Evron strikes again
> To: "'worried security'" <worriedsecuritygooglemail.com>,
> <full-disclosurelists.grok.org.uk>
> Message-ID: <000f01c7fd2d$e23ad2d0$600a0a0aAntares>
> Content-Type: text/plain; charset="us-ascii"
>
> WoriedSecurity said"blah, blah, nothing".
>
> Do you know Gadi? Have you ever corresponded with him? He adds some
> valuable
> knowledge to a legitimate issue that most Service Providers down to the
> home
> user should be aware of.
>
> I read the "serious 0-day" thread and I think you are just pissed off. If
> you had some balls you would use your real name like most legitimate
> networkers do instead of hiding behind a pseudonym.
>
> Check Gadi's work and see for yourself instead of letting your hurt
> feelings
> get in the way. Talk about script kiddies. Jesus man, are you sure you
> real
> name is not n3td3v? I do not see anyone soliciting your opinion about
> anything. What have you contributed to the body of knowledge? All I read
> is
> juvenile BS. Mail from WorriedSecurity now gets dumped before it even sees
> my mail client.
>
> Thanks for making it clear that you're an ass.
>
> Richard Golodner
>
>
>
> _____
>
> From: full-disclosure-bounceslists.grok.org.uk
> [mailto:full-disclosure-bounceslists.grok.org.uk] On Behalf Of worried
> security
> Sent: Saturday, September 22, 2007 9:11 AM
> To: full-disclosurelists.grok.org.uk
> Subject: [Full-disclosure] Gadi Evron strikes again
>
>
>
> Who seen Gadi Evron on the mailing lists trolling about what a 0day is and
> what a 0day isn't, in the middle of a serious disclosure about a PDF flaw?
>
>
>
> Hilarious.
>
>
>
> Well, just incase you missed it, here it is again...
>
>
>
> http://seclists.org/bugtraq/2007/Sep/0229.html
>
>
>
> And this guy wants to be a high profile guy at the forefront of
> information
> security discussion?
>
>
>
> lolzers.
>
>
>
> Script kiddos unite behind the big man Evron.
>
>
>
> He leads, where the rest of us follow.
>
>
>
> And he comes on the lists complaining people are mimicing his e-mail
> addresses and calling him a dick. *I wonder why?*
>
>
>
> Its funny, he strongly keeps an eye on Funsec mailing list and keeps
> everyone in check,Yet, he has a total disregard for "quality control" else
> where, especially on Bugtraq!!!!!!!!
>
>
>
> My question is "Who is Gadi Evron?".
>
>
>
> This guy you would think would add something special to a discussion, but
> he
> doesn't, and you know what I know his excuse is? He is keeping his
> knowledge
> secret so bad guys can't learn from his knowledge.
>
>
>
> lolzers Gadi Evron.
>
>
>
> The truth is, Gadi just wants to make sure his name and e-mail address is
> in
> every major flaw disclosure, no matter how lame the comment is, just as
> long
> as his name and e-mail is in high profile disclosures, then Gadi Evron can
> sleep at night.
>
>
>
> Thanks Gadi!!! My hero.
>
>
>
> Bugtraq is moderated for a reason, so Bugtraq moderators, start moderating
> it!!! Symantec arsewipes.
>
>
>
> Securityfocus, no really, why are you allowing Gadi Evron troll on such a
> high profile respected moderated list? Gadi's comment mentioned above was
> a
> true breach of the rules, so start moderating his comments more in future.
>
>
>
> Leave the trolling for F-D Gadi, Bugtraq readers don't want to see your
> shit
> in future, and Bugtraq moderators, actually read what Gadi Evron is
> posting
> in future, instead of just reading the name and sender and approving the
> message without actually reading the body.
>
>
>
> *Oh its Gadi, its automatically approved*
>
>
>
> Lets look at Bugtraq's description:
>
>
>
> "BugTraq is a full disclosure moderated mailing list for the *detailed*
> discussion and announcement of computer security vulnerabilities: what
> they
> are, how to exploit them, and how to fix them. "
> http://www.securityfocus.com/archive/1/description#0.1.1
>
>
>
> lolzers, Bugtraq moderators don't read thier own shit or inforce it!
>
>
>
> Someone snip a bit of that description that gives Gadi right of way to
> troll
> on Bugtraq in the middle of serious flaw disclosures!!!!!
>
>
>
> Gadi, seriously f**king learn about the stuff you read , so you can
> actually
> input into the threads and help with the topic infront of you, instead of
> random off-topic messages about what defines a 0-day and what doesn't.
>
>
>
> Why didn't you start your own thread on Bugtraq about "what is a 0-day?",
> because they wouldn't let you!!!! Instead you sneak your shit into high
> profile threads, to get a name for yourself.
>
>
>
> Your conversation, as always Gadi, is best suited for Full-Disclosure or
> security-basics, so get the f*** off Bugtraq you idiot.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070922/83ec040a/attachment-0001.html
>
> ------------------------------
>
> Message: 4
> Date: Sat, 22 Sep 2007 17:43:05 +0000
> From: gjgoweytmo.blackberry.net
> Subject: Re: [Full-disclosure] Gadi Evron strikes again
> To: "Richard Golodner" <rgolodnerinfratection.com>,
> full-disclosure-bounceslists.grok.org.uk, "'worried
> security'"
> <worriedsecuritygooglemail.com>,
> full-disclosurelists.grok.org.uk
> Message-ID:
> <
> 783961451-1190483013-cardhu_decombobulator_blackberry.rim.net-392786992-bxe006.bisx.prod.on.blackberry
> >
>
> Content-Type: text/plain; charset="Windows-1252"
>
> I think the real problem is that worried security suffers from undescended
> testicles.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: "Richard Golodner" <rgolodnerinfratection.com>
>
> Date: Sat, 22 Sep 2007 11:33:10
> To:"'worried security'" <worriedsecuritygooglemail.com>,<
> full-disclosurelists.grok.org.uk>
> Subject: Re: [Full-disclosure] Gadi Evron strikes again
>
>
> WoriedSecurity said?blah, blah, nothing?.
> Do you know Gadi? Have you ever corresponded with him? He adds some
> valuable knowledge to a legitimate issue that most Service Providers down to
> the home user should be aware of.
> I read the ?serious 0-day? thread and I think you are just pissed off. If
> you had some balls you would use your real name like most legitimate
> networkers do instead of hiding behind a pseudonym.
> Check Gadi?s work and see for yourself instead of letting your hurt
> feelings get in the way. Talk about script kiddies. Jesus man, are you sure
> you real name is not n3td3v? I do not see anyone soliciting your opinion
> about anything. What have you contributed to the body of knowledge? All I
> read is juvenile BS. Mail from WorriedSecurity now gets dumped before it
> even sees my mail client.
> ??????????? Thanks for making it clear that you?re an ass.
> Richard Golodner
> ?
>
>
> ----------------
>
> From: full-disclosure-bounceslists.grok.org.uk [mailto:
> full-disclosure-bounceslists.grok.org.uk] On Behalf Of worried security
> Sent: Saturday, September 22, 2007 9:11 AM
> To: full-disclosurelists.grok.org.uk
> Subject: [Full-disclosure] Gadi Evron strikes again
> ?
>
> Who seen Gadi Evron on the mailing lists trolling about what a 0day is and
> what a 0day isn't, in the middle of a serious disclosure about a PDF flaw?
>
> ?
>
> Hilarious.
>
> ?
>
> Well, just incase you missed it, here it is again...
>
> ?
>
> http://seclists.org/bugtraq/2007/Sep/0229.html <
> http://seclists.org/bugtraq/2007/Sep/0229.html>
>
> ?
>
> And this guy wants to be a high profile guy at the forefront of
> information security discussion?
>
> ?
>
> lolzers.
>
> ?
>
> Script kiddos unite behind the big man Evron.
>
> ?
>
> He leads, where the rest of us follow.
>
> ?
>
> And he comes on the lists complaining people are mimicing his e-mail
> addresses and calling him a dick. *I wonder why?*
>
> ?
>
>
> Its funny, he strongly keeps an eye on Funsec mailing list and keeps
> everyone in check,Yet, he has a total disregard for?"quality control"?else
> where, especially on Bugtraq!!!!!!!!
>
> ?
>
> My question is "Who is Gadi Evron?".
>
> ?
>
> This guy you would think would add something special to a discussion, but
> he doesn't, and you know what I know his excuse is? He is keeping his
> knowledge secret so bad guys can't learn from his knowledge.
>
> ?
>
> lolzers Gadi Evron.
>
> ?
>
> The truth is, Gadi just wants to make sure his name and e-mail address is
> in every major flaw disclosure, no matter how lame the comment is, just as
> long as his name and e-mail is in high profile disclosures, then Gadi Evron
> can sleep at night.
>
> ?
>
> Thanks Gadi!!! My hero.
>
> ?
>
> Bugtraq is moderated for a reason, so Bugtraq moderators, start moderating
> it!!! Symantec arsewipes.
>
> ?
>
> Securityfocus, no really, why are you allowing Gadi Evron troll on such a
> high profile respected moderated list? Gadi's comment mentioned above was a
> true breach of the rules, so start moderating his comments more in future.
>
> ?
>
> Leave the trolling for F-D Gadi, Bugtraq readers don't want to see your
> shit in future, and Bugtraq moderators, actually read what Gadi Evron is
> posting in future, instead of just reading the name and sender and approving
> the message without actually reading the body.
>
> ?
>
> *Oh its Gadi, its automatically approved*
>
> ?
>
> Lets look at Bugtraq's description:
>
> ?
>
> "BugTraq is a full disclosure moderated mailing list for the *detailed*
> discussion and announcement of computer security vulnerabilities: what they
> are, how to exploit them, and how to fix them. "
> http://www.securityfocus.com/archive/1/description#0.1.1
>
> ?
>
> lolzers, Bugtraq moderators?don't read thier own shit or inforce it!
>
> ?
>
> Someone snip a bit of that description that gives Gadi right of way to
> troll on Bugtraq in the middle of serious flaw disclosures!!!!!
>
> ?
>
> Gadi, seriously f**king learn about the stuff you read , so you can
> actually input into the threads and help with the topic infront of you,
> instead of random off-topic messages about what defines a 0-day and what
> doesn't.
>
> ?
>
> Why didn't you start your own thread on Bugtraq about "what is a 0-day?",
> because they wouldn't let you!!!! Instead you sneak your shit into high
> profile threads, to get a name for yourself.
>
> ?
>
> Your conversation, as always Gadi, is best suited for Full-Disclosure or
> security-basics, so get the f*** off Bugtraq you idiot.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ------------------------------
>
> Message: 5
> Date: Sat, 22 Sep 2007 16:20:36 +0100
> From: "Dave Korn" <dave.kornartimi.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: "'Kristian Erik Hermansen'" <kristian.hermansengmail.com>,
> <full-disclosurelists.grok.org.uk>, <
> dailydavelists.immunitysec.com>
> Message-ID: <02af01c7fd2c$20348650$2e08a8c0CAM.ARTIMI.COM>
> Content-Type: text/plain; charset="Windows-1252"
>
> On 21 September 2007 18:37, Kristian Erik Hermansen wrote:
>
> > Some interesting discussion came up on some security lists this week
> > and it got me to thinking. Yes, hacking software is lame. Cool, so
> > you found some vulnerabilities in some widely distributed application,
> > service, or OS and it is patched just as quickly. Why don't we spend
> > our time and valuable energy researching cures for rare or popular
> > diseases instead?
>
> I already have a computer, and the skills needed to use it. I don't
> have a
> lab full of testtubes nor the skills needed to use them nor the years of
> training required before I would consider myself competent to perform
> experiments on human beings. I haven't met your brother or friend, so
> their
> tragedy doesn't motivate me to make the enormous effort to suddenly change
> my
> life around in a completely different direction.
>
> I don't want to sound callous and inhumane. But I am, so that's how it
> comes across.[*]
>
> cheers,
> DaveK
> [*] - deliberate misquote, fact-checkers.
> --
> Can't think of a witty .sigline today....
>
>
>
> ------------------------------
>
> Message: 6
> Date: Sun, 23 Sep 2007 00:08:24 +0530
> From: "Jimby Sharp" <jimbysharpgmail.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: "Dave Korn" <dave.kornartimi.com>
> Cc: Kristian Erik Hermansen <kristian.hermansengmail.com>,
> full-disclosurelists.grok.org.uk, dailydavelists.immunitysec.com
> Message-ID:
> <3eab9ed60709221138t3ab4851dy2233b428cc84f770mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I had a wonderful breakfast, two eggs and sandwitch. :-) I am flying
> to New York today. Can anyone tell me any good mall or store where I
> can buy a good sleeping bag?
>
> A last question, is the book Atlas Shrugged by Ayn Rand worth reading?
>
> - Jimby
>
> P.S. Well, everyone is jumping into FD to discuss their favorite
> topic, so i thought I might try as well.
>
> On 9/22/07, Dave Korn <dave.kornartimi.com> wrote:
> > On 21 September 2007 18:37, Kristian Erik Hermansen wrote:
> >
> > > Some interesting discussion came up on some security lists this week
> > > and it got me to thinking. Yes, hacking software is lame. Cool, so
> > > you found some vulnerabilities in some widely distributed application,
> > > service, or OS and it is patched just as quickly. Why don't we spend
> > > our time and valuable energy researching cures for rare or popular
> > > diseases instead?
> >
> > I already have a computer, and the skills needed to use it. I don't
> have a
> > lab full of testtubes nor the skills needed to use them nor the years of
> > training required before I would consider myself competent to perform
> > experiments on human beings. I haven't met your brother or friend, so
> their
> > tragedy doesn't motivate me to make the enormous effort to suddenly
> change my
> > life around in a completely different direction.
> >
> > I don't want to sound callous and inhumane. But I am, so that's how
> it
> > comes across.[*]
> >
> > cheers,
> > DaveK
> > [*] - deliberate misquote, fact-checkers.
> > --
> > Can't think of a witty .sigline today....
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> ------------------------------
>
> Message: 7
> Date: Sat, 22 Sep 2007 11:44:45 -0700
> From: "Kristian Erik Hermansen" <kristian.hermansengmail.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: "Jimby Sharp" <jimbysharpgmail.com>
> Cc: Dave Korn <dave.kornartimi.com>,
> full-disclosurelists.grok.org.uk,
> dailydavelists.immunitysec.com
> Message-ID:
> <fe37588d0709221144t7260a63drb22aede144bcf7efmail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 9/22/07, Jimby Sharp <jimbysharpgmail.com> wrote:
> > I had a wonderful breakfast, two eggs and sandwitch. :-) I am flying
> > to New York today. Can anyone tell me any good mall or store where I
> > can buy a good sleeping bag?
> >
> > A last question, is the book Atlas Shrugged by Ayn Rand worth reading?
> >
> > - Jimby
> >
> > P.S. Well, everyone is jumping into FD to discuss their favorite
> > topic, so i thought I might try as well.
>
> full-disclosure of your life is permitted according to the FD mailing
> list guidelines. Now please list your SSN, credit card numbers, last
> three previous addresses, and the hotel where you will be staying in
> New York so I can come visit you :-)
> --
> Kristian Erik Hermansen
>
>
>
> ------------------------------
>
> Message: 8
> Date: Sun, 23 Sep 2007 00:27:25 +0530
> From: "Jimby Sharp" <jimbysharpgmail.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: "Kristian Erik Hermansen" <kristian.hermansengmail.com>
> Cc: Dave Korn <dave.kornartimi.com>,
> full-disclosurelists.grok.org.uk,
> dailydavelists.immunitysec.com
> Message-ID:
> <3eab9ed60709221157l4e519c02l77c222db6cc8b0d5mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> You didn't answer my question. I don't want to meet you.
>
> Let me go and water the plants. I'll come back in 2 hours and see what
> you guys are doing.
>
> - Jimby
>
> On 9/23/07, Kristian Erik Hermansen <kristian.hermansengmail.com> wrote:
> > On 9/22/07, Jimby Sharp <jimbysharpgmail.com> wrote:
> > > I had a wonderful breakfast, two eggs and sandwitch. :-) I am flying
> > > to New York today. Can anyone tell me any good mall or store where I
> > > can buy a good sleeping bag?
> > >
> > > A last question, is the book Atlas Shrugged by Ayn Rand worth reading?
> > >
> > > - Jimby
> > >
> > > P.S. Well, everyone is jumping into FD to discuss their favorite
> > > topic, so i thought I might try as well.
> >
> > full-disclosure of your life is permitted according to the FD mailing
> > list guidelines. Now please list your SSN, credit card numbers, last
> > three previous addresses, and the hotel where you will be staying in
> > New York so I can come visit you :-)
> > --
> > Kristian Erik Hermansen
> >
>
>
>
> ------------------------------
>
> Message: 9
> Date: Sun, 23 Sep 2007 01:40:09 +0530
> From: "Jimby Sharp" <jimbysharpgmail.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: "Kristian Erik Hermansen" <kristian.hermansengmail.com>
> Cc: Dave Korn <dave.kornartimi.com>,
> full-disclosurelists.grok.org.uk,
> dailydavelists.immunitysec.com
> Message-ID:
> <3eab9ed60709221310h7078f394m11dc17da7a4233famail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> > From: Kristian Erik Hermansen <kristian.hermansengmail.com>
> > Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
>
> > You are an idiot.
>
> :-O
>
> > What have you done for the security community
> > lately... yeah now take a seat.
>
> Everyone is discussing their favorite topic. So let me discuss mine too.
>
> > My post had some security content and
>
> Ah ok! I'll rephrase my statements.
>
> I had a wonderful breakfast, two eggs and sandwich. :-) XSS is not
> just about input validation but about output validation too. I am
> flying to New York today. Can anyone tell me any good mall or store
> where I can buy a good sleeping bag?
>
> Watering the plants was fun and so was the GMail point and click demo.
> But wasn't that lame in such a big security con? I mean WTF is so
> great about sniffing and hijacking?
>
> Now my post has some security content too.
>
> > yours was entirely useless...
>
> "Useless" is very subjective + relative + bla bla. Like my post was
> meaningful to me but useless to you. Your post was meaningful to you
> but useless to me.
>
> - Jimby
>
>
>
> ------------------------------
>
> Message: 10
> Date: Sat, 22 Sep 2007 15:21:23 -0500
> From: Leif Ericksen <lericksensbcglobal.net>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: Jimby Sharp <jimbysharpgmail.com>
> Cc: Kristian Erik Hermansen <kristian.hermansengmail.com>,
> full-disclosurelists.grok.org.uk, dailydavelists.immunitysec.com
> ,
> Dave Korn <dave.kornartimi.com>
> Message-ID: <1190492483.2683.31.camelshadrack>
> Content-Type: text/plain
>
> I think I need to get some lunch and eat a bunch of CORNdogs. ;)
>
>
> -
> L
>
> On Sun, 2007-09-23 at 01:40 +0530, Jimby Sharp wrote:
> > > From: Kristian Erik Hermansen <kristian.hermansengmail.com>
> > > Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> >
> > > You are an idiot.
> >
> > :-O
> >
> > > What have you done for the security community
> > > lately... yeah now take a seat.
> >
> > Everyone is discussing their favorite topic. So let me discuss mine too.
> >
> > > My post had some security content and
> >
> > Ah ok! I'll rephrase my statements.
> >
> > I had a wonderful breakfast, two eggs and sandwich. :-) XSS is not
> > just about input validation but about output validation too. I am
> > flying to New York today. Can anyone tell me any good mall or store
> > where I can buy a good sleeping bag?
> >
> > Watering the plants was fun and so was the GMail point and click demo.
> > But wasn't that lame in such a big security con? I mean WTF is so
> > great about sniffing and hijacking?
> >
> > Now my post has some security content too.
> >
> > > yours was entirely useless...
> >
> > "Useless" is very subjective + relative + bla bla. Like my post was
> > meaningful to me but useless to you. Your post was meaningful to you
> > but useless to me.
> >
> > - Jimby
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ------------------------------
>
> Message: 11
> Date: Sat, 22 Sep 2007 16:34:56 -0400
> From: Fabrizio <staticrezgmail.com>
> Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame --
> try medical research...
> To: full-disclosurelists.grok.org.uk
> Message-ID:
> <5d80962a0709221334o3dd67f7an250ae6bf7fd0bb2mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> If you guys could kiss and make-up now, that would be great.
>
> Fabrizio
>
> On 9/22/07, Leif Ericksen <lericksensbcglobal.net> wrote:
> >
> > I think I need to get some lunch and eat a bunch of CORNdogs. ;)
> >
> >
> > -
> > L
> >
> > On Sun, 2007-09-23 at 01:40 +0530, Jimby Sharp wrote:
> > > > From: Kristian Erik Hermansen <kristian.hermansengmail.com>
> > > > Subject: Re: [Full-disclosure] [Dailydave] Hacking software is lame
> --
> > try medical research...
> > >
> > > > You are an idiot.
> > >
> > > :-O
> > >
> > > > What have you done for the security community
> > > > lately... yeah now take a seat.
> > >
> > > Everyone is discussing their favorite topic. So let me discuss mine
> too.
> > >
> > > > My post had some security content and
> > >
> > > Ah ok! I'll rephrase my statements.
> > >
> > > I had a wonderful breakfast, two eggs and sandwich. :-) XSS is not
> > > just about input validation but about output validation too. I am
> > > flying to New York today. Can anyone tell me any good mall or store
> > > where I can buy a good sleeping bag?
> > >
> > > Watering the plants was fun and so was the GMail point and click demo.
> > > But wasn't that lame in such a big security con? I mean WTF is so
> > > great about sniffing and hijacking?
> > >
> > > Now my post has some security content too.
> > >
> > > > yours was entirely useless...
> > >
> > > "Useless" is very subjective + relative + bla bla. Like my post was
> > > meaningful to me but useless to you. Your post was meaningful to you
> > > but useless to me.
> > >
> > > - Jimby
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070922/9482ca89/attachment-0001.html
>
> ------------------------------
>
> Message: 12
> Date: Sat, 22 Sep 2007 17:28:02 -0400
> From: "Randal T. Rioux" <randyprocyonlabs.com>
> Subject: Re: [Full-disclosure] Security contact in at&t
> To: full-disclosurelists.grok.org.uk
> Message-ID: <46F588E2.7020806procyonlabs.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> minor float wrote:
> > hi
> >
> > has anybody security contact in at&t?
>
> http://www.nsa.gov/contacts/index.cfm
>
>
>
> ------------------------------
>
> Message: 13
> Date: Sat, 22 Sep 2007 04:45:41 -0700 (PDT)
> From: George Papandreou <kostaskaramanlisyahoo.com>
> Subject: [Full-disclosure] Greek Web Election System Sucks - Remote
> File Inclusion?
> To: full-disclosurelists.grok.org.uk
> Message-ID: <992985.60479.qmweb44906.mail.sp1.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> There is no wonder why in hell Kostas Karamanlis is still our prime
> minister!
>
> http://www.ekloges.ypes.gr/pages/index.html?http://www.secunia.com
>
> http://www.ekloges.ypes.gr/pages/index.html?../lib/../lib/jslib.js
>
> http://www.ekloges.ypes.gr/pages/index.html?../lib/default.css
>
>
> *Well done guys at Singular...Nice coding..
>
> http://www.singularlogic.eu/
>
> **Greetz to Secfreaks (www.secfreaks.gr) where first mentioned that bug.
>
>
> ---------------------------------
> Tonight's top picks. What will you watch tonight? Preview the hottest
> shows on Yahoo! TV.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070922/7506bfeb/attachment-0001.html
>
> ------------------------------
>
> Message: 14
> Date: Sun, 23 Sep 2007 09:45:06 +1000
> From: silky <michaelslistsgmail.com>
> Subject: Re: [Full-disclosure] 0day: PDF pwns Windows
> To: Geo. <geoincidentsnls.net>
> Cc: full-disclosurelists.grok.org.uk
> Message-ID:
> <5e01c29a0709221645g23e9966dya9a660538402b129mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 9/22/07, Geo. <geoincidentsnls.net> wrote:
> > > pa> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
> > > Is this the way responsible disclosure works these days ?
> > > "Adobe?s representatives can contact me from the usual place."
> > >
> > > Wow, now that's coordinated release. Knowing the bugs that you found
> > > previously it should take 10 minutes to rediscover this one. Which
> > > makes this even worse.
> >
> > I just saw his video showing the exploit fireing up calculator, it looks
> > like the same stuff (feature/exploit call it what you want) that's been
> > around for years. See www.nthelp.com/test.pdf (warning, it won't damage
> > anything but it may scare you)
>
> ps, if anyone cares, this exploit does not work on foxit pdf reader v1.3.
>
> foxit rocks.
>
> so lets not call it a 'pdf' vuln, but a 'adobe acrobat' vuln.
>
>
>
>
> > Geo.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> --
> mike
> http://lets.coozi.com.au/
>
>
>
> ------------------------------
>
> Message: 15
> Date: Sun, 23 Sep 2007 02:07:46 +0200
> From: "Slythers Bro" <slythersgmail.com>
> Subject: Re: [Full-disclosure] Greek Web Election System Sucks -
> Remote File Inclusion?
> To: "George Papandreou" <kostaskaramanlisyahoo.com>
> Cc: full-disclosurelists.grok.org.uk
> Message-ID:
> <8f6a58a30709221707q70734973y6e1f886138cb5522mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> there isn't an RFI ...
> where is the vuln ?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070923/e39cd6d7/attachment-0001.html
>
> ------------------------------
>
> Message: 16
> Date: Sun, 23 Sep 2007 00:36:45 +0100
> From: "worried security" <worriedsecuritygooglemail.com>
> Subject: Re: [Full-disclosure] Keep Gadi Evron off Bugtraq
> To: full-disclosurelists.grok.org.uk
> Message-ID:
> <67ea64530709221636j3fdaf10au6f671c55ffda707amail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> On 9/22/07, Joel R. Helgeson <joelhelgeson.com> wrote:
> >
> > Everyone knows who Gadi is, so by definition, Gadi **is** high profile?
> >
> > I happen to agree with Gadi, that a 0day is the day an EXPLOIT is
> > RELEASED, where such exploit also serves as the ONLY vendor notification
> of
> > a bug being discovered. Every adult on this list understands the
> definition,
> > but the kids can't seem to grasp the not-so-subtle nuance between a
> 0day
> > and the discovery of a bug in someone else's code.
> >
> > This supposedly serious disclosure you refer to is a non-event, there
> was
> > a "press release" about a supposedly serious flaw in PDF, there were no
> > details, so therefore it doesn't even count as disclosure of a
> > vulnerability.
> >
> >
> >
> > -joel
> >
>
> Calling someone a kid who just released a major disclosure isn't helpful
> in
> the bigger picture of extracting relevant information from the person, or
> hearing from others with insightful information on-topic with the
> exploitation of PDF.
>
> Calling someones major disclosure "a non event" isn't helpful in the
> bigger
> picture of extracting relevant information from the person, or hearing
> from
> others with insightful information on-topic with the exploitation of PDF.
>
> Calling someones subject title inappropriate because its called "0day"
> isn't
> helpful in the bigger picture of extracting relevant information from the
> person, or hearing from others with insightful information on-topic with
> the
> exploitation of PDF.
>
> Bugtraq moderators, please keep irrelevant conversation out of important
> disclosures in future, where knowing relevant, on topic information is
> mission critical to why people use your mailing list.
>
> Its not a kiddy flame, I have no grudges with Gadi Evron, there is just a
> time and place for pissy conversation about buzzwords, and putting it in
> that particular thread just to teach the poster a lesson about buzzwords
> isn't cool.
>
> For all you know, because the thread ended up over run with buzzword
> conversation, you could have made the original poster not want to post
> relevant information, or hearing from others with insightful information
> on-topic with the exploitation of PDF.
>
> What the hell are these Bugtraq moderators doing with their day, have they
> simply lost sight and focus themselves? Its funny from a company calling
> themselves "Security + Focus" to allow someone to totally train wreck what
> would of, could of been an interesting, insightful, relevant conversation
> about the topic "We have a PDF flaw which can own Windows".
>
> Instead, it turned into "Why Gadi Evron thinks this disclosure is named
> wrongly", dude no one cares, its Bugtraq man, don't lose focus. Keep your
> industry leading buzzword police conversation for elsewhere.
>
> Keep Gadi Evron off Bugtraq, Unless he comes up with something which helps
> solve the mission critical, a 0-day PDF flaw, which we were all wanting
> more
> information about for whitehat purposes.
>
> What I want from Bugtraq:
>
> Stay mission critical, if someone posts about PDF flaw, then only accept
> reply posts about PDF.
>
> Don't allow someone to go off mission critical just because they are well
> known.
>
> Actually read your list description when moderating Bugtraq, mission
> critical is important to the rest of us who aren't trying to be buzzword
> pioneers, which if you know Gadi from other lists. is his own mission
> critical, but its not everyone elses interest, so keep him off Bugtraq.
>
> I think I have made myself clear, and yes I could have went into the PDF
> thread and ranted and raved about Bugtraq moderators, but my name isn't
> Gadi
> Evron, so I started my own thread to tell him he and his Bugtraq moderator
> supporters are idiots and runing Bugtraq for everyone else.
>
> Whats the point in moderating Bugtraq after that thread, sigh... it didn't
> look like a moderated conversation at all, it looked like a Bugtraq
> moderator was sleeping at the wheel.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070923/0bbd4f72/attachment.html
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 31, Issue 42
> ***********************************************
>

--
Juan B.

Security consultant Und3f

Tel. 1550967618

Cissp Ccna Ccsa Mcse Scsa

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/