Re: New Source Code Vulnerability Scanner (Free 30 Day Trial)

[netinfinity <netinfinity.securitylab () gmail com>]

So due to weak implemetation of license it has a bug. I'm creating a torrent
for this scanner as we speak, and I will put it on thepritebay, so more
honest people like me can download it for free.

On Thu, Dec 2, 2010 at 9:50 PM, Jens Christian Hillerup
<jens () hillerup net>wrote:

> Dropping a 0day for y'all.
>
> So I found a vulnerability in the license management code in this software.
> It's off the top of my head, and is presented in an untested state. It
> seems, however, that if you continue using the software *after* the free
> 30-day trial it will actually continue working! This is due to a very week
> license management implementation, relying on the user agreeing to remove
> the software after having used it for a total of thirty days.
>
> This flaw affects all known builds of the source code posted, and stands
> currently with no workaround or hotfix. The vendor has yet to be contacted,
> but is expected to push a patch for this vuln any day now.
>
> -jc
>
>
> On Thu, Dec 2, 2010 at 9:30 PM, netinfinity <
> netinfinity.securitylab () gmail com> wrote:
>
> > How much is the commercial version?
> >
> > I'd like to buy it for my hosting company.
> >
> >
> > On Thu, Dec 2, 2010 at 7:18 PM, <vulnscan () hushmail com> wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Esteemed members of the Full Disclosure mailing list,
> > >
> > > In the wake of the recent compromise of the ProFTPd distribution
> > > server and the subsequent root-level backdoor that was placed into
> > > the source[0], we are proud to announce a cutting edge source code
> > > scanner that will help you detect backdoors in your code. This code
> > > is free to use for 30 days, after which time you must pay for it.
> > >
> > >
> > > - ------------- el8 Vuln Scan v.0.1 -------------
> > >
> > > #!/bin/bash
> > >
> > > ###################################################################
> > > #
> > > # Place this script inside the top level directory of your
> > > # source code repo.
> > > #
> > > # Please delete this after 30 days, or purchase a copy from our
> > > # online store.
> > > #
> > > # 50% of all proceeds will go to the victims that have been
> > > # owned by ACIDBITCHES within the past 6 years.
> > > #
> > > ###################################################################
> > >
> > > # main
> > >
> > > export PATH=/bin
> > >
> > > grep -r ACIDBITCHES *
> > >
> > > - ------------- el8 Vuln Scan v.0.1 -------------
> > >
> > >
> > > Thank you for helping us to help you make the Internet a safer
> > > place.
> > >
> > >
> > > [0]
> > > http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-
> > > sigs/7965<http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-%0Asigs/7965>
> > > -----BEGIN PGP SIGNATURE-----
> > > Charset: UTF8
> > > Version: Hush 3.0
> > > Note: This signature can be verified at https://www.hushtools.com/verify
> > >
> > > wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL
> > > Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw
> > > yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h
> > > 7KFZMWU=
> > > =mJJI
> > > -----END PGP SIGNATURE-----
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > www.google.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/


-- 
www.google.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/