Full Disclosure mailing list archives
US Governement War3z Server?
From: "Shagghie" <shagghie () gmx net>
Date: Fri, 22 Aug 2003 14:17:48 -0700
yeah http://science.nature.nps.gov/im/apps/npspp/index.htm this is a pretty cool project, hate to see it damaged b/c of such a silly policy. -shag -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of full-disclosure-request () lists netsys com Sent: Friday, August 22, 2003 12:04 PM To: full-disclosure () lists netsys com Subject: Full-disclosure digest, Vol 1 #1058 - 26 msgs Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. Re: US Governement War3z Server? (martin f krafft) 2. RE: US Governement War3z Server? (Ferris, Robin) 3. Re: [FD] (Nik Reiman) 4. Re: Command Injection Vulnerability in stat.qwest.net - OFFTOPIC (Blue Boar) 5. RE: JAP back doored (Rainer Gerhards) 6. Re: Subject prefix changing! READ THIS! SURVEY!! (Gabe Arnold) 7. RE: Google Private IP is 10.7.0.73 !!!!!! (Bassett, Mark) 8. msblast -> mslaugh.exe (rom.k () swissonline ch) 9. RE: Command Injection Vulnerability in stat.qwest.net- OFFTOPIC (MacDougall, Shane) 10. RE: Google Private IP is 10.7.0.73 !!!!!! (MacDougall, Shane) 11. Re: Subject prefix changing! READ THIS! SURVEY!! (ravyn) 12. Re: Subject prefix changing! READ THIS! SURVEY!! (Mathieu) 13. Sobig.F...what took so long (Robert Ahnemann) 14. Sobig has a surprise... (Steve Postma) 15. US Governement War3z Server? (Helmut Hauser) 16. Re: Subject prefix changing! READ THIS! SURVEY!! (Byron Copeland) 17. Sobig-F worm "second wave" (b9 () hushmail com) 18. Re: Popular Net anonymity service back-doored (nordi) 19. Re: Google Private IP is 10.7.0.73 !!!!!! (Gaurav Kumar) 20. Re: Sobig.F...what took so long (Florian Weimer) 21. RE: Administrivia: Testing Emergency Virus Filt er.. (Paul Schmehl) 22. US Governement War3z Server? (Helmut Hauser) 23. === CFP -- Call For Papers for G-Con 2 -- CFP === (El Nahual) 24. RE: JAP back doored (Drew Copley) --__--__-- Message: 1 Date: Fri, 22 Aug 2003 18:02:26 +0200 From: martin f krafft <madduck () madduck net> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Re: US Governement War3z Server? --UugvWAfsgieZRqgk Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable also sprach Kamal N Habayeb <k.habayeb () cox net> [2003.08.22.1727 +0200]:
A honeypot maybe?
Aren't those illegal in the liberal USofA? --=20 martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck =20 keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey =20 "i love deadlines. i like the whooshing sound they make as they fly by." -- douglas adams --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/Rj6SIgvIgzMMSnURAvkkAJ4qYVHfFXtU7dfmVI2WQjD2o72c8wCgiBCL fT+az2CNSGtfmb2oCsZVB5g= =RHNG -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- --__--__-- Message: 2 From: "Ferris, Robin" <R.Ferris () napier ac uk> To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] US Governement War3z Server? Date: Fri, 22 Aug 2003 17:01:00 +0100 definately NOT!! honey pots normally apear like a normal secure machine NOT one that gives the information out for free what information do thewy stand to get from that? ow look there are some warez filz!! mi thinks not. -----Original Message----- From: Kamal N Habayeb [mailto:k.habayeb () cox net] Sent: 22 August 2003 16:28 To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] US Governement War3z Server? A honeypot maybe? -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Glen Freeman Sent: Thursday, August 21, 2003 9:50 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] US Governement War3z Server? Emailed government email again again again. Problem stays after much time passed. So Here. go to FTP.NPS.GOV logon as anonymous want to escalate privileges? download ~readme.now.txt read file and you find a much better user name and password log back in and you can upload whatever~~~ be nice. _________________________________________________________________ MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --__--__-- Message: 3 Date: Fri, 22 Aug 2003 11:12:22 -0500 Subject: Re: [Full-disclosure] [FD] Cc: full-disclosure () lists netsys com To: "barry jaffe" <flaterates () hotmail com> From: Nik Reiman <nik () aboleo net> Can we make it [FUD] instead? =) -Nik On Friday, August 22, 2003, at 10:45 AM, barry jaffe wrote:
[FD] would be OK. 'Else I'll have to unsubscribe this address and pick up the list with a different email client.
--__--__-- Message: 4 Date: Fri, 22 Aug 2003 09:18:58 -0700 From: Blue Boar <BlueBoar () thievco com> To: Kurt Seifried <listuser () seifried org> CC: Dan Daggett <csiwebmaster () csi edu>, Full-Disclosure <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Command Injection Vulnerability in stat.qwest.net - OFFTOPIC Kurt Seifried wrote:
Why are you telling us this? How does it affect anyone, but qwest, who you notified, and who fixed it. Do we now send out a security advisory every time we notify sometime to disable a vulnerable service (sir, you have telnet enabled). This is getting ridiculous.
Couple of points: It may be nice to know the track record of a company even though the problem has been fixed. Also, QWest isn't the only ISP that uses Looking Glass... BB --__--__-- Message: 5 Subject: RE: [Full-disclosure] JAP back doored Date: Fri, 22 Aug 2003 18:28:26 +0200 From: "Rainer Gerhards" <rgerhards () hq adiscon com> To: "Adam Shostack" <adam () homeport org> Cc: <full-disclosure () lists netsys com>
There is no exponential term in MIX traffic. That means that if you try to ensure that all traffic leaves the network quickly (so you can say, web browse), then your attacker only needs to analyze traffic over a few seconds, and that's easy. Simple attacks work really well on real time mix chains of any length that TCP timeouts are likely to allow.
I haven't looked at the actual protocol used by JAP, just followed the postings here. But if they re-route traffic through the mixes *quickly* it may be hard to trace who is an actual user, but it is definitely possible. In the Dresden-Dresden case it is really so easy that it is (again) laughable at what the Germany police is trying over here. They could obtain what the want by "just" running some traffic analysis. Sure, that would be more expensive, but it would have had the benefit of not beeing publically discussed. Bottom line: a real analyzer must randomly *delay* in- and outgoing traffic. In high-volume environments a few (milli) seconds may do. If JAP does this, then it (was) fine. If it didn't, it wasn't any secure in the first place... As another example (being shut down externally), that famous anonymous remailer (pennet.fi or so) introduced random delays by design to circumvent this issue. My (technical;)) 2 cts... Rainer PS: If you would like to run a rant on German gouvernment, its technical incompetence may be a much better target ;) --__--__-- Message: 6 Date: Fri, 22 Aug 2003 12:34:22 -0400 From: Gabe Arnold <f0x () squirrelsoup net> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! I do.... ;-p mutt is the best mail client out there, and you know it! * Glenn_Everhart () bankone com (Glenn_Everhart () bankone com) wrote:
#3. Easy to filter. Nobody uses 40 character text terminals these days. -----Original Message----- From: Chris Cappuccio [mailto:chris () nmedia net] Sent: Thursday, August 21, 2003 3:21 PM To: John Cartwright Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! Len said there needed to be a consensus on the list before he would make a change, but that it would be nice to change! John Cartwright [johnc () grok org uk] wrote:oN tHU, Aug 21, 2003 at 10:43:02AM -0700, Chris Cappuccio wrote:ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO HOW THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING.This has been covered several times... and we certainly *don't* want this mail coming to the list. Feel free to mail myself or Len on the subject. Discussions about subject line prefixes are off-topic for a security list.The subject header is going to change.Speaking as a maintainer of this list, I can assure you that this is currently not the case :) Comments off-list, please. Cheers - John-- Nullum magnum ingenium sine mixtura dementiae fuit -- Seneca _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__-- Message: 7 Subject: RE: [Full-disclosure] Google Private IP is 10.7.0.73 !!!!!! Date: Fri, 22 Aug 2003 11:40:29 -0500 From: "Bassett, Mark" <mbassett () omaha com> To: <full-disclosure () lists netsys com> This is a multi-part message in MIME format. ------_=_NextPart_001_01C368CC.18DA2AA1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I show 10.5.0.74 (I'm sure they have more than one server) =20 =20 -----Original Message----- From: Gaurav Kumar [mailto:gaurav () e2-labs com]=20 Sent: Thursday, August 21, 2003 2:11 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Google Private IP is 10.7.0.73 !!!!!! =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =20 Hello friends! =20 I have found private ip address used by google servers. here are the details. =20 make sure you have google toolbar installed. =20 1. go to www.showmyip.com 2. it will show your ip address. 3. now right click and select Translate Page 4. it will now show your ip address in this format 1.2.3.4, unknown 5. Now again right click and select Translate Page 6. this time you will get google private ip address. the format is 10.7.0.73,1.2.3.4,unknown =20 This 10.7.0.73 is google private ip address. =20 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D Gaurav Kumar Chief Information Security Analyst =20 E2 Labs Information Security Pvt. Ltd. Road no. 3 , Banjara Hills Hyderbad-34 AP India =20 gaurav () e2-labs com www.e2-labs.com =20 PGP public key at- http://mycgiserver.com/~ethicalhackers/pgp.txt =20 Phone(s)- Mobile +91 40 31068650 Tele/Fax +91 40 23555942 (ext-24) =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D =20 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> =20 iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB noQh/WR3ZZz2L2CR0ZxzbNls =3DiryU -----END PGP SIGNATURE----- ************************************************************ Omaha World-Herald Company computer systems are for business use only. This e-mail was scanned by MailSweeper ************************************************************ ------_=_NextPart_001_01C368CC.18DA2AA1 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C368A2.2FE6EE80"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"country-region"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"place"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"time"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"date"/> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:1627421319 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:blue; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>I show 10.5.0.74<span style=3D'mso-spacerun:yes'> </span>(I’m sure = they have more than one server)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original = Message-----<br> <b><span style=3D'font-weight:bold'>From:</span></b> Gaurav Kumar [mailto:gaurav () e2-labs com] <br> <b><span style=3D'font-weight:bold'>Sent:</span></b> = </span></font><st1:date Month=3D"8" Day=3D"21" Year=3D"2003"><font size=3D2 face=3DTahoma><span = style=3D'font-size: 10.0pt;font-family:Tahoma'>Thursday, August 21, = 2003</span></font></st1:date><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time Hour=3D"14" Minute=3D"11"><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt; font-family:Tahoma'>2:11 PM</span></font></st1:time><font size=3D2 = face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'><br> <b><span style=3D'font-weight:bold'>To:</span></b> full-disclosure () lists netsys com<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> = [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!</span></font></p> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP SIGNED = MESSAGE-----<br> Hash: SHA1</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Hello = friends!</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>I have found private ip = address used by google servers. here are the<br> details.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>make sure you have google = toolbar installed.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>1. go to <a href=3D"http://www.showmyip.com">www.showmyip.com</a><br> 2. it will show your ip address.<br> 3. now right click and select Translate Page<br> 4. it will now show your ip address in this format 1.2.3.4, unknown<br> 5. Now again right click and select Translate Page<br> 6. this time you will get google private ip address. the format is<br> 10.7.0.73,1.2.3.4,unknown</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>This 10.7.0.73 is google = private ip address.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br> Gaurav Kumar<br> Chief Information Security Analyst</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>E2 Labs Information = Security Pvt. Ltd.<br> Road no. 3 , Banjara Hills<br> Hyderbad-34<br> AP<br> </span></font><st1:country-region><st1:place><font size=3D2 = face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>India</span></font></st1:pla= ce></st1:country-region><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'><a = href=3D"mailto:gaurav () e2-labs com">gaurav () e2-labs com</a><br> <a = href=3D"http://www.e2-labs.com">www.e2-labs.com</a></span></font><o:p></o= :p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>PGP public key at-<br> <a = href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve= r.com/~ethicalhackers/pgp.txt</a></span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Phone(s)-<br> Mobile +91 40 31068650<br> Tele/Fax +91 40 23555942 (ext-24)<br> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP = SIGNATURE-----<br> Version: PGPfreeware 7.0.3 for non-commercial use <<a href=3D"http://www.pgp.com">http://www.pgp.com</a>></span></font><o:p>= </o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>iQA/AwUBP0UZKP7pOx+pP+hiEQK3= mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB<br> noQh/WR3ZZz2L2CR0ZxzbNls<br> =3DiryU<br> -----END PGP SIGNATURE-----</span></font><o:p></o:p></p> </div> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><br> <br> ************************************************************<br> Omaha World-Herald Company computer systems are for business use = only.<br> This e-mail was scanned by MailSweeper<br> ************************************************************<o:p></o:p></= span></font></p> </div> </body> </html> =00 ------_=_NextPart_001_01C368CC.18DA2AA1-- --__--__-- Message: 8 Date: Fri, 22 Aug 2003 18:38:25 +0200 From: rom.k () swissonline ch To: se_cur_ity () hotmail com Cc: full-disclosure () lists netsys com Subject: [Full-disclosure] msblast -> mslaugh.exe just in case no one has mailed this already. i am on a friends computer in italy and i noticed, that he is infected with the msblast virus, but a newer version located in c:\windows\system32\mslaugh.exe. trendmicro was able to detect the virus trough online-scan. cheers roman PS: i normaly send from roman.kunz () juliusbaer com PPS: wood, if my mail doesn't find it's way to FD could you please forward it... thx --__--__-- Message: 9 Subject: RE: [Full-disclosure] Command Injection Vulnerability in stat.qwest.net- OFFTOPIC Date: Fri, 22 Aug 2003 10:20:07 -0700 From: "MacDougall, Shane" <smacdougall () idanalytics com> To: "Full-Disclosure" <full-disclosure () lists netsys com> IIRC Level 3 also uses looking glass... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Shane MacDougall Lead Security Officer ID Analytics San Diego, California USA Direct: (858) 427-2860 Toll Free: 866-240-4484 x 2860 Fax: 858-427-2899 -----Original Message----- From: Blue Boar [mailto:BlueBoar () thievco com] Sent: Friday, August 22, 2003 9:19 AM To: Kurt Seifried Cc: Dan Daggett; Full-Disclosure Subject: Re: [Full-disclosure] Command Injection Vulnerability in stat.qwest.net- OFFTOPIC Kurt Seifried wrote:
Why are you telling us this? How does it affect anyone, but qwest, who
you
notified, and who fixed it. Do we now send out a security advisory
every
time we notify sometime to disable a vulnerable service (sir, you have telnet enabled). This is getting ridiculous.
Couple of points: It may be nice to know the track record of a company even though the problem has been fixed. Also, QWest isn't the only ISP that uses Looking Glass... BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --__--__-- Message: 10 Subject: RE: [Full-disclosure] Google Private IP is 10.7.0.73 !!!!!! Date: Fri, 22 Aug 2003 10:23:37 -0700 From: "MacDougall, Shane" <smacdougall () idanalytics com> To: "Bassett, Mark" <mbassett () omaha com>, <full-disclosure () lists netsys com> This is a multi-part message in MIME format. ------_=_NextPart_001_01C368D2.1F563EE1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Yeah I'm a top poster - deal with it... =20 While people are piling on Gaurav, we should consider that the issue here is that an attacker could map out Google's internal network. Not earth shattering but not a completely useless finding.=20 =20 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Shane MacDougall Lead Security Officer ID Analytics San Diego, California USA Direct: (858) 427-2860 Toll Free: 866-240-4484 x 2860 Fax: 858-427-2899 =20 =20 -----Original Message----- From: Gaurav Kumar [mailto:gaurav () e2-labs com]=20 Sent: Thursday, August 21, 2003 2:11 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Google Private IP is 10.7.0.73 !!!!!! =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =20 Hello friends! =20 I have found private ip address used by google servers. here are the details. =20 make sure you have google toolbar installed. =20 1. go to www.showmyip.com 2. it will show your ip address. 3. now right click and select Translate Page 4. it will now show your ip address in this format 1.2.3.4, unknown 5. Now again right click and select Translate Page 6. this time you will get google private ip address. the format is 10.7.0.73,1.2.3.4,unknown =20 This 10.7.0.73 is google private ip address. =20 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D Gaurav Kumar Chief Information Security Analyst =20 E2 Labs Information Security Pvt. Ltd. Road no. 3 , Banjara Hills Hyderbad-34 AP India =20 gaurav () e2-labs com www.e2-labs.com =20 PGP public key at- http://mycgiserver.com/~ethicalhackers/pgp.txt =20 Phone(s)- Mobile +91 40 31068650 Tele/Fax +91 40 23555942 (ext-24) =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D =20 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> =20 iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB noQh/WR3ZZz2L2CR0ZxzbNls =3DiryU -----END PGP SIGNATURE----- ************************************************************ Omaha World-Herald Company computer systems are for business use only. This e-mail was scanned by MailSweeper ************************************************************ ------_=_NextPart_001_01C368D2.1F563EE1 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C36897.7231E9D0"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"time"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"date"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"country-region"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"State"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"City"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"place"/> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:1627421319 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:blue; text-decoration:underline; text-underline:single;} p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} span.EmailStyle17 {mso-style-type:personal; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.EmailStyle18 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Yeah I’m a top poster – = deal with it…<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>While people are piling on <span class=3DSpellE>Gaurav</span>, we should consider that the issue here is = that an attacker could map out <span class=3DSpellE>Google’s</span> = internal network.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Not earth shattering but not a = completely useless finding. <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p> <div> <p class=3DMsoAutoSig><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy;mso-no-proof:yes'>=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D</span></font><font color=3Dnavy><span = style=3D'color:navy;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Shane = MacDougall<o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Lead Security = Officer<o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>ID = Analytics<o:p></o:p></span></font></p> <p class=3DMsoAutoSig><st1:place><st1:City><font size=3D3 color=3Dnavy face=3D"Times New Roman"><span = style=3D'font-size:12.0pt;color:navy;mso-no-proof: yes'>San Diego</span></font></st1:City><font color=3Dnavy><span style=3D'color:navy;mso-no-proof:yes'>, </span></font><st1:State><font color=3Dnavy><span = style=3D'color:navy;mso-no-proof:yes'>California</span></font></st1:State=
<font
color=3Dnavy><span style=3D'color:navy;mso-no-proof:yes'> = </span></font><st1:country-region><font color=3Dnavy><span = style=3D'color:navy;mso-no-proof:yes'>USA</span></font></st1:country-regi= on></st1:place><font color=3Dnavy><span = style=3D'color:navy;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Direct: (858) = 427-2860<o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Toll Free: = 866-240-4484 x 2860<o:p></o:p></span></font></p> <p class=3DMsoAutoSig><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy;mso-no-proof:yes'>Fax: = 858-427-2899<o:p></o:p></span></font></p> </div> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p> <p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 = color=3Dnavy face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p>= </span></font></p> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original = Message-----<br> <b><span style=3D'font-weight:bold'>From:</span></b> Gaurav Kumar [mailto:gaurav () e2-labs com<span class=3DGramE>] <br> <b><span style=3D'font-weight:bold'>Sent</span></b></span><b><span style=3D'font-weight:bold'>:</span></b> </span></font><st1:date = Month=3D"8" Day=3D"21" Year=3D"2003"><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt;font-family: Tahoma'>Thursday, August 21, 2003</span></font></st1:date><font = size=3D2 face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> = </span></font><st1:time Hour=3D"14" Minute=3D"11"><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt; font-family:Tahoma'>2:11 PM</span></font></st1:time><font size=3D2 = face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'><br> <b><span style=3D'font-weight:bold'>To:</span></b> full-disclosure () lists netsys com<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> = [Full-Disclosure] Google Private IP is <span class=3DGramE>10.7.0.73 = !!!!!!</span></span></font><o:p></o:p></p> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP SIGNED = MESSAGE-----<br> Hash: SHA1</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Hello = friends!</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>I have found private ip = address used by google servers. here are the<br> details.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>make sure you have google = toolbar installed.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>1. go to <a href=3D"http://www.showmyip.com">www.showmyip.com</a><br> 2. it will show your ip address.<br> 3. now right click and select Translate Page<br> 4. it will now show your ip address in this format 1.2.3.4, unknown<br> 5. Now again right click and select Translate Page<br> 6. this time you will get google private ip address. the format is<br> 10.7.0.73,1.2.3.4,unknown</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>This 10.7.0.73 is google = private ip address.</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br> Gaurav Kumar<br> Chief Information Security Analyst</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>E2 Labs Information = Security Pvt. Ltd.<br> Road no. 3 , Banjara Hills<br> Hyderbad-34<br> AP<br> </span></font><st1:country-region><st1:place><font size=3D2 = face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>India</span></font></st1:pla= ce></st1:country-region><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'><a = href=3D"mailto:gaurav () e2-labs com">gaurav () e2-labs com</a><br> <a = href=3D"http://www.e2-labs.com">www.e2-labs.com</a></span></font><o:p></o= :p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>PGP public key at-<br> <a = href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve= r.com/~ethicalhackers/pgp.txt</a></span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Phone(s)-<br> Mobile +91 40 31068650<br> Tele/Fax +91 40 23555942 (ext-24)<br> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D</span></font><o:p></o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>-----BEGIN PGP = SIGNATURE-----<br> Version: PGPfreeware 7.0.3 for non-commercial use <<a href=3D"http://www.pgp.com">http://www.pgp.com</a>></span></font><o:p>= </o:p></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p> </div> <div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>iQA/AwUBP0UZKP7pOx+pP+hiEQK3= mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB<br> noQh/WR3ZZz2L2CR0ZxzbNls<br> =3DiryU<br> -----END PGP SIGNATURE-----</span></font><o:p></o:p></p> </div> <p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 = face=3D"Times New Roman"><span style=3D'font-size:12.0pt'><br> <br> ************************************************************<br> Omaha World-Herald Company computer systems are for business use = only.<br> This e-mail was scanned by MailSweeper<br> ************************************************************<o:p></o:p></= span></font></p> </div> </body> </html> =00 ------_=_NextPart_001_01C368D2.1F563EE1-- --__--__-- Message: 11 Date: Fri, 22 Aug 2003 10:24:52 -0700 (MST) From: ravyn <ravyn () omega2 com> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! On Thu, 21 Aug 2003, Chris Cappuccio wrote:
The subject header is going to change.
i vote for #2, second choice being #1. --ravyn --__--__-- Message: 12 Date: Fri, 22 Aug 2003 19:31:45 +0200 From: Mathieu <mathieu () gougle net> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 22, 2003 at 11:15:07AM -0400, Damian Gerow wrote:
Thus spake Daniele Muscetta (daniele () muscetta com) [22/08/03 10:59]:ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO HOW THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING.=20[FD] would be fine.=20 If it has to be short for those who use text based MUA, at least leave this short one. It should not be such a deal to pass from extra 18 chars in the subject to just 5, should it?=20 I used a text-based MUA. And I find that I get a few words of the subjec=
t,
after I see '[Full-Disclosure]'. =20 Personally, I /like/ subject tags, but short ones. So something like [fd] or [fud] would be fine with me. But I think that the bulk of this decisi=
on ^^^^^ i don't think it's a _really_ good idea to tag the subject like that :)
[...]
imho, i think [FD] Tag is really nice... i do procmail filtering on the List-Id criteria ... =20 -=20 -- Mathieu <mathieu () gougle net> BOFH excuse #137: User was distributing pornography on server; system seized by FBI. --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/RlOABQx8URTbH9QRAoFkAJwPbSGMwbrwHvbWQ9AXRy8T2fFpaACeL5H4 6AWPQ5XH1osdD+yBb8usmR0= =/eOq -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- --__--__-- Message: 13 Date: Fri, 22 Aug 2003 12:50:19 -0500 From: "Robert Ahnemann" <rahnemann () affinity-mortgage com> To: <full-disclosure () lists netsys com> Subject: [Full-disclosure] Sobig.F...what took so long This is a multi-part message in MIME format. ------_=_NextPart_001_01C368D5.DA7707E4 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable So its 4 days after the virus was found, and they just discover that its got a list of 20 machines that it will pull from to create a massive DDoS across the net? What took them so long to find it? ------_=_NextPart_001_01C368D5.DA7707E4 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable <html> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>So its 4 days after the virus was found, and they = just discover that its got a list of 20 machines that it will pull from to = create a massive DDoS across the net? What took them so long to find = it?</span></font></p> </div> </body> </html> ------_=_NextPart_001_01C368D5.DA7707E4-- --__--__-- Message: 14 From: Steve Postma <spostma () travizon com> To: "'full-disclosure () lists netsys com'" <full-disclosure () lists netsys com> Date: Fri, 22 Aug 2003 14:27:38 -0400 Subject: [Full-disclosure] Sobig has a surprise... This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C368DB.10CE2DE0 Content-Type: text/plain Taken from f-secure web site "A potentially massive Internet attack starts today F-Secure Corporation is warning about a new level of attack to be unleashed by the Sobig.F worm today. Helsinki, Finland - August 22, 2003 Windows e-mail worm Sobig.F, which is currently the most widespread worm in the world, has created massive e-mail outages globally since it was found on Tuesday the 18th of August - four days ago. The worm spreads itself via infected e-mail attachments in e-mails with a spoofed sender address. Total amount of infected e-mails seen in the Internet since this attack started is close to 100 million. However, the Sobig.F worm has a surprise attack in its sleeve." http://www.f-secure.com/news/items/news_2003082200.shtml ------_=_NextPart_001_01C368DB.10CE2DE0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C368B9.AC5B7820"> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"City"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"country-region"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"place"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"date"/> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} h1 {mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; mso-outline-level:1; font-size:14.0pt; font-family:Arial; color:#000040; font-weight:bold;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:blue; text-decoration:underline; text-underline:single;} p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} p {mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} span.EmailStyle18 {mso-style-type:personal; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.EmailStyle19 {mso-style-type:personal; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.EmailStyle20 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>Taken from f-secure web = site<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>"A potentially massive Internet attack starts today<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'><span = style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>F-Secure Corporation is warning = about a new level of attack to be unleashed by the <span = class=3DSpellE>Sobig.F</span> worm today. <o:p></o:p></span></font></p> <p class=3DMsoNormal><st1:place><st1:City><font size=3D3 color=3Dnavy face=3D"Times New Roman"><span = style=3D'font-size:12.0pt;color:navy'>Helsinki</span></font></st1:City><= font color=3Dnavy><span style=3D'color:navy'>, = </span></font><st1:country-region><font color=3Dnavy><span = style=3D'color:navy'>Finland</span></font></st1:country-region></st1:pla= ce><font color=3Dnavy><span style=3D'color:navy'> - </span></font><st1:date = Month=3D"8" Day=3D"22" Year=3D"2003"><font color=3Dnavy><span = style=3D'color:navy'>August 22, 2003</span></font></st1:date><font color=3Dnavy><span style=3D'color:navy'><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>Windows e-mail worm <span = class=3DSpellE>Sobig.F</span>, which is currently the most widespread worm in the world, has created = massive e-mail outages globally since it was found on Tuesday the 18th of = August - four days ago. The worm spreads itself via infected e-mail = attachments in e-mails with a spoofed sender address. <span class=3DGramE>Total = amount of infected e-mails seen in the Internet since this attack started is = close to 100 million.</span> <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>However, the <span = class=3DSpellE>Sobig.F</span> worm has a surprise attack in its sleeve." = <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p=
<p class=3DMsoNormal><font size=3D3 color=3Dnavy face=3D"Times New = Roman"><span style=3D'font-size:12.0pt;color:navy'>http://www.f-secure.com/news/items= /news_2003082200.shtml<o:p></o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C368DB.10CE2DE0-- --__--__-- Message: 15 From: "Helmut Hauser" <helmut.hauser () intraplan de> To: <full-disclosure () lists netsys com> Reply-To: "Helmut Hauser" <helmut.hauser () intraplan de> Date: Fri, 22 Aug 2003 19:59:46 +0200 Subject: [Full-disclosure] US Governement War3z Server? I informed the National Park Service per phone (it was hard to get through) and i had a nice converence with the admins. So NPS is informed and ´ll take action right now so this ftp compromise will be stopped. For the Sobig.F worm - the IP Adresses for the malicious code download are decrypted: http://www.heise.de/newsticker/data/pab-22.08.03-000/ Helmut Hauser Systemadministration EDV Intraplan Consult GmbH Orleansplatz 5a 81667 München (089) 45911-123 http://www.intraplan.de --__--__-- Message: 16 Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! From: Byron Copeland <nodialtone () comcast net> To: Gabe Arnold <f0x () squirrelsoup net> Cc: full-disclosure () lists netsys com Date: 22 Aug 2003 13:12:55 -0400 I dunno. I am partial to Ximian Revolution myself. On Fri, 2003-08-22 at 12:34, Gabe Arnold wrote:
I do.... ;-p mutt is the best mail client out there, and you know it! * Glenn_Everhart () bankone com (Glenn_Everhart () bankone com) wrote:#3. Easy to filter. Nobody uses 40 character text terminals these days. -----Original Message----- From: Chris Cappuccio [mailto:chris () nmedia net] Sent: Thursday, August 21, 2003 3:21 PM To: John Cartwright Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Subject prefix changing! READ THIS! SURVEY!! Len said there needed to be a consensus on the list before he would make a change, but that it would be nice to change! John Cartwright [johnc () grok org uk] wrote:oN tHU, Aug 21, 2003 at 10:43:02AM -0700, Chris Cappuccio wrote:ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO
HOW
THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING.This has been covered several times... and we certainly *don't* want this mail coming to the list. Feel free to mail myself or Len on the subject. Discussions about subject line prefixes are off-topic for a security list.The subject header is going to change.Speaking as a maintainer of this list, I can assure you that this is currently not the case :) Comments off-list, please. Cheers - John-- Nullum magnum ingenium sine mixtura dementiae fuit -- Seneca _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__-- Message: 17 Date: Fri, 22 Aug 2003 10:28:13 -0700 To: full-disclosure () lists netsys com Cc: From: <b9 () hushmail com> Subject: [Full-disclosure] Sobig-F worm "second wave" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sobig-F worm has twist in tail - Sophos warns of possible "Trojan horse" download Sophos has today warned that the mass-mailing W32/Sobig-F worm, which has flooded computer users this week, could attempt to download a Trojan horse between 8pm and 11pm BST today. At 19:00-22:00 GMT (which is 8-11pm in the UK) on Fridays and Sundays, the worm has been programmed to automatically direct infected PCs to a server controlled by the virus writer from which a malicious program could be downloaded. At the moment, it is not known what the download material will do, but possibilities include launching another virus or spam attack, collecting sensitive information, a denial of service attack, or deleting files stored on an infected computer or network. "The main effect of Sobig-F to date has been to slow down the internet with the sheer quantity of emails it has generated," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "At 8pm tonight, most British companies will have left the office for the bank holiday weekend, but any infected computers that are left on have the potential to become zombies, doing whatever the virus writer wants. If the writer of Sobig succeeds in installing a Trojan on infected PCs, users could be in for a nasty shock when they return to work next week. The message is simple: ensure your anti-virus is up-to-date, run your anti-virus to check for infection, disinfect if necessary and ensure your computer's firewall is properly configured." "What the worm downloads will not be known until this evening - it could display an offensive but largely harmless message or launch a malicious attack. But the download is timed to coincide with the regular business afternoon in the United States, so users should be concerned about unauthorised code running on their computers. On Monday morning businesses in the Far East and Australia will be beginning their working day when the worm tries a second time to download unknown code from the net," continued Cluley. Sophos advises that the download can be avoided by configuring firewalls to block outgoing connection attempts to UDP port 8998. In addition, anti-virus software should be updated, and any infected PCs disinfected. Sophos has published information about how to disinfect computers and prevent the Trojan download. See also: F-Secure: http://www.f-secure.com/news/items/news_2003082200.shtml -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9GUlwACgkQp0G6PzWyWD/cegCgg6u46owckZanaj9K/WcmFdwVq9gA n1nKi7UAPzpZ0ljHzj59VnCzCpSf =/8SL -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 --__--__-- Message: 18 From: nordi <nordi () addcom de> Reply-To: nordi () addcom de To: bugtraq () securityfocus com, full-disclosure () lists netsys com Date: Fri, 22 Aug 2003 09:34:27 +0200 Subject: [Full-disclosure] Re: Popular Net anonymity service back-doored On Thursday, 21. August 2003 14:05, Thomas C. Greene wrote:
It's not secure, and claiming that it is taints anything else they may be doing on behalf of users. They're *still* saying it's impossible for
anyone
to intercept users' traffic or identify them.
Actually, this is absolutely not what they are saying. When you visit the website of the JAP project http://anon.inf.tu-dresden.de/ it says in big, red letters: "Aus aktuellem Anlass weisen wir noch einmal ausdrücklich daraufhin, dass sich die JAP Software in Entwicklung befindet und noch nicht maximale Sicherheit bietet. (siehe unten ... )" In English this means something like "Due to recent events we explicitly inform you of the fact that the JAP software is still being developed and does not yet provide maximum security. (see below ...)" As I said: big, red letters at the top of their main page. And when you click that "see below" link it says there "Attention! [...] This version does NOT yet implement the security features described above and desired by us. But it does alread protect you against atackers that control the net only locally at one place such as [...] the owner of a mix." So by the time you download that software you should have already read _two_ statements telling you that JAP is not as secure as it could be. It also tells you that in the current configuration, the JAP people can see all your traffic if they want to: Note that it says it will protect you against "the owner of _A_ mix". But if you take the Dresden-Dresden cascade, the JAP people obviously control _all_ of them. And the above statement already implies that in this case, JAP cannot protect you. If you still want to use JAP, http://www.heise.de/newsticker/data/uma-20.08.03-000/ (in German) tells you how to do it securely: simply use just a single mix that is not controlled by the JAP project and you'll be fine. The court order is only valid for the JAP people, so everybody else in Germany (and elsewhere of course) can offer a non-backdoored mix which will make the cascade secure. This actually means that all cascades but the Dresden-Dresden one are secure. MfG nordi -- Denn der Menschheit drohen Kriege, gegen welche die vergangenen wie armselige Versuche sind, und sie werden kommen ohne jeden Zweifel, wenn denen, die sie in aller Öffentlichkeit vorbereiten, nicht die Hände zerschlagen werden. Bertolt Brecht, 1952 --__--__-- Message: 19 From: "Gaurav Kumar" <gaurav () e2-labs com> To: <full-disclosure () lists netsys com> Date: Sat, 23 Aug 2003 00:18:15 +0530 Subject: [Full-disclosure] Re: Google Private IP is 10.7.0.73 !!!!!! This is a multi-part message in MIME format. ------=_NextPart_000_00D1_01C3690C.0C090E70 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I never said its a great finding. i just found it interesting and posted it.=20 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello friends! I have found private ip address used by google servers. here are the details. make sure you have google toolbar installed. 1. go to www.showmyip.com 2. it will show your ip address. 3. now right click and select Translate Page 4. it will now show your ip address in this format 1.2.3.4, unknown 5. Now again right click and select Translate Page 6. this time you will get google private ip address. the format is 10.7.0.73,1.2.3.4,unknown This 10.7.0.73 is google private ip address. =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D Gaurav Kumar Chief Information Security Analyst E2 Labs Information Security Pvt. Ltd. Road no. 3 , Banjara Hills Hyderbad-34 AP India gaurav () e2-labs com www.e2-labs.com PGP public key at- http://mycgiserver.com/~ethicalhackers/pgp.txt Phone(s)- Mobile +91 40 31068650 Tele/Fax +91 40 23555942 (ext-24) =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D - -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB noQh/WR3ZZz2L2CR0ZxzbNls =3DiryU - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBP0ZlbP7pOx+pP+hiEQJIDACg9l7YTL2ll1/S49CArORRThMwfjsAn3jU Ub9XloVez86WquD1xrNb/G4T =3D384f -----END PGP SIGNATURE----- ------=_NextPart_000_00D1_01C3690C.0C090E70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED = MESSAGE-----<BR>Hash:=20 SHA1</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I never said its a great finding. i = just found it=20 interesting and<BR>posted it. </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>- -----BEGIN PGP SIGNED = MESSAGE-----<BR>Hash:=20 SHA1</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Hello friends!</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I have found private ip address used by = google=20 servers. here are the<BR>details.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>make sure you have google toolbar=20 installed.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>1. go to <A=20 href=3D"http://www.showmyip.com">www.showmyip.com</A><BR>2. it will show = your ip=20 address.<BR>3. now right click and select Translate Page<BR>4. it will = now show=20 your ip address in this format 1.2.3.4, unknown<BR>5. Now again right = click and=20 select Translate Page<BR>6. this time you will get google private ip = address.=20 the format is<BR>10.7.0.73,1.2.3.4,unknown</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>This 10.7.0.73 is google private ip=20 address.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D<BR>Gaurav Kumar<BR>Chief=20 Information Security Analyst</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>E2 Labs Information Security Pvt. = Ltd.<BR>Road no.=20 3 , Banjara Hills<BR>Hyderbad-34<BR>AP<BR>India</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"mailto:gaurav () e2-labs com">gaurav () e2-labs com</A><BR><A=20 href=3D"http://www.e2-labs.com">www.e2-labs.com</A></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>PGP public key at-<BR><A=20 href=3D"http://mycgiserver.com/~ethicalhackers/pgp.txt">http://mycgiserve= r.com/~ethicalhackers/pgp.txt</A></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Phone(s)-<BR>Mobile = +91 40=20 31068650<BR>Tele/Fax +91 40 23555942=20 (ext-24)<BR>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>- -----BEGIN PGP = SIGNATURE-----<BR>Version:=20 PGPfreeware 7.0.3 for non-commercial use<BR><<A=20 href=3D"http://www.pgp.com">http://www.pgp.com</A>></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>iQA/AwUBP0UZKP7pOx+pP+hiEQK3mACdFKQE1ZW8ugMpxgOdjpaMYRayI6UAoOEB= <BR>noQh/WR3ZZz2L2CR0ZxzbNls<BR>=3DiryU<BR>-=20 -----END PGP SIGNATURE-----</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>-----BEGIN PGP = SIGNATURE-----<BR>Version:=20 PGPfreeware 7.0.3 for non-commercial use <<A=20 href=3D"http://www.pgp.com">http://www.pgp.com</A>></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>iQA/AwUBP0ZlbP7pOx+pP+hiEQJIDACg9l7YTL2ll1/S49CArORRThMwfjsAn3jU= <BR>Ub9XloVez86WquD1xrNb/G4T<BR>=3D384f<BR>-----END=20 PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML> ------=_NextPart_000_00D1_01C3690C.0C090E70-- --__--__-- Message: 20 To: "Robert Ahnemann" <rahnemann () affinity-mortgage com> Cc: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Sobig.F...what took so long From: Florian Weimer <fw () deneb enyo de> Date: Fri, 22 Aug 2003 20:48:44 +0200 "Robert Ahnemann" <rahnemann () affinity-mortgage com> writes:
So its 4 days after the virus was found, and they just discover that its got a list of 20 machines that it will pull from to create a massive DDoS across the net? What took them so long to find it?
The AV vendors deliberately held back this information. --__--__-- Message: 21 From: Paul Schmehl <pauls () utdallas edu> Reply-To: Paul Schmehl <pauls () utdallas edu> To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Administrivia: Testing Emergency Virus Filt er.. Date: Wed, 20 Aug 2003 20:41:25 -0500 --On Thursday, August 21, 2003 11:56:15 +1200 Nick FitzGerald <nick () virus-l demon co uk> wrote:
2. I suspect that Mr Turing and a his halting problem will intervene in any attempt to devise a foolproof "this message contains an attachment" mechanism. The obvious choice to break any such system is steganographic encoding of a binary stream into a text message. It may be grossly inefficient, but do you think that really matters?
Dammit, Nick, you just *had* to interrupt my reverie, didn't you? :-) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ --__--__-- Message: 22 From: "Helmut Hauser" <helmut_hauser () hotmail com> To: <full-disclosure () lists netsys com> Date: Fri, 22 Aug 2003 20:35:25 +0200 Organization: Intraplan Consult GmbH Subject: [Full-disclosure] US Governement War3z Server? I informed the National Park Service per phone (it was hard to get through) and i had a nice converence with the admins. So NPS is informed and they ´ll take action right now so this ftp compromise will be stopped. New Infos about Sobig.F worm - the IP Adresses for the malicious trojan (or whatever) code download are decrypted (block these ip´s): http://www.heise.de/newsticker/data/pab-22.08.03-000/ PS Try to send Messages in ASCII only, i hate to read HTML tags ;) Helmut Hauser Systemadministrator --__--__-- Message: 23 From: "El Nahual" <nahual () g-con org> To: <full-disclosure () lists netsys com> Date: Fri, 22 Aug 2003 13:43:09 -0500 Subject: [Full-disclosure] === CFP -- Call For Papers for G-Con 2 -- CFP === === CFP -- Call For Papers for G-Con 2 -- CFP === [ + ] General Information: Kelsi Siler / G-Con Security is proud to invite you participate in G-Con 2: Nothing is safe. This con will have workshops and conferences. The main focus is security in general, and the techniques used to break current security technology. Papers for talk proposals should be written with technical content in mind and must have examples of the techniques shown. [ + ] Timeline: - Online proposals are the only ones that can be submited. - Proposals are due October 1st. - Confirmation of accepted proposals will be on October 5th. [ + ] Presentations: - All presentations are 60 minutes long - Workshops can be up to 3 hours long In the case that you believe more time would be valuable, please specify that in your proposal along with how many computers, projectors and microphones you will need for the presentation. Slides and presentation with notes should be included in the proposal (They can change up to October 10th). [ + ] Topics to submit: - Exploit generation - Artificial Inteligence - IDS Bypassing techniques - Telephone security - Advanced Hacking techniques on any Operating System - Virii - Encryption and Steganography Any other speech can be added but please let us know the topic you would categorize it. [ + ] Help to the speakers (AkA What you get out of this) - For speakers we can pay the hotel for up to a week and round trip plane ticket. We will also have someone available to help you travel around the city or into another nearby areas (the local pyramids, etc.). [ + ] Requirements - We ask the submitters to check the passport and VISA requirements to enter Mexico. We can help by sending you a letter of invitation in case you need it for a VISA but we would prefer that the speaker already has a VISA to enter Mexico on their own. [ + ] Where to submit - Submit to info () g-con org or cfp () g-con org. --__--__-- Message: 24 From: "Drew Copley" <dcopley () eeye com> To: <full-disclosure () lists netsys com> Subject: RE: [Full-disclosure] JAP back doored Date: Fri, 22 Aug 2003 11:47:05 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The US really has absolutely nothing to do with this... Anymore than Sudan does, or Indonesia. If the US forces developers to trojanize their applications, and then be silent about it... Then, yes, let's condemn that. But, they don't.
-----Original Message----- From: gml [mailto:gml () phrick net] Sent: Thursday, August 21, 2003 6:27 PM To: 'Drew Copley'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] JAP back doored Except the US, we have jurisdiction over the world apparently. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Drew Copley Sent: Thursday, August 21, 2003 3:50 PM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] JAP back doored-----Original Message----- From: Florian Weimer [mailto:fw () deneb enyo de] Sent: Thursday, August 21, 2003 12:23 PM To: Drew Copley Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] JAP back doored "Drew Copley" <dcopley () eeye com> writes:Why is the state of Germany trojanizing applications whichmay be runby anyone on the planet?Why is the U.S. government interfering with the publication of security advisories if the corresponding software is being run throughout the world?I haven't had any problem issuing security advisories. What is this in reference to? Pointing the finger elsewhere does not excuse the fact that the German State has trojanized a popular application which was open to the world to download. And, indeed, the world did download. Here are some things I do not care if Germany does: - I don't care if they listen to their own wires - I don't care if they hack into their own criminals systems - I do not care if they use zero day to do this - I do not even care if they hack into criminals systems in other countries if they have some jurisdiction in this and are working with other authorities. For instance, if they were hacking into terrorist networks which spanned across the world and were sharing this information, I would not care. A German cop has no jurisdiction over me. He has no jurisdiction over anyone outside of Germany. This is the same for every country.The German government funds the AN.ON project, but allowed for a great deal of independence. Naturally, this independence does not extend to the law, thanks to separation of powers. Now a judge has forced the operators to implement a surveillance interface, which is possible because of a design weakness. But that's just the beginning of the legal process. The project has announced that it plans to fight, but within the legal system.This does not absolve them, nothing you can say absolves them. I realize you have some patriotism here and are speaking from this... But, I also know you do not want the US government to backdoor US applications from US companies without telling you. I know this to be true.How is it they believe they have a right to trojanizesomeone outsideof Germany?Nobody forces you to use the German service if you don't trust the operators or (thanks to recent events) German law enforcement.That is an empty argument not worth going into.This is blatantly illegal in just about every country outside of Germany. Literally.No, it isn't. Most countries with communication infrastructure have laws that regulate law enforcement access. This is not a "stupid local law" issue.This also is an empty argument. Basically, you are saying if it is discovered the NSA has a backdoor in Windows, that this is okay and no one has a right to complain, even if they are outside of the US. I doubt this would be your case in this situation. I am sure many could say, "Well, this situation is different". No, it is not. Let's be honest here.Your country is eavesdropping foreign communication as well.My country has not installed a trojan on my system, to my own knowledge, all rumors and speculation aside. They have not hacked into my system. As to what wires they listen to, if they listen to their own, that is their business. We have encyption software. If they listen to other people's wires, that is outside of their domain, then yes, this should be illegal. But, is it proven? Does it remove the fact that there are a host of privacy and anonymity tools which we can use? But, Germany has decided that people don't have a right to use these tools. They have not tried to do even the honorable thing and break these things - which is illegal - but they have secretly trojanized the code. You want me to applaud this? Maybe your nation has just given my own nation some new ideas. Did you help stop this trend?Or, do they believe they are superior to other countries,and they mayinvade at will?Please check the facts. Germany doesn't an operate eavesdropping base in the U.S., but the U.S. do in Germany.I won't even go into that. I do not know what they do there, but their rights have been worked out with the German government. If you have an issue with that, you need to take that up with their government. If my government allowed German police to trojanize an application I ran and my government covered this up... I would be furious at my government first, and at Germany second. But, none of this is dealing with the matter at hand. These arguments are all a distraction. I have not intended to offend your patriotic sensibilities. My apologies in this regard. My statements stand for whatever country might do such a thing, my own included. ... With some reflection, I realize this was done out of incompetence rather than out of understanding. I know this. I know it was ignorance, not maliciousness, which inspired this. That, is, I guess it is. It is true, someone that does wrong knowingly is much more guilty then someone that does wrong in ignorance. But, it is also true that they are both still guilty. I hope that you may bring yourself to condemn this action of your government. I hope that you may see it is not something to excuse. For by excusing this, surely, you excuse the same from countries you do not hold allegiance to. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP0ZlKQkWkugjEnC3EQLjCQCfRA97DWS5+aX4aMmKnMZqLzHaifUAoKgW trf4iCdRUFogdsMRwXm0r9oN =2gHj -----END PGP SIGNATURE----- --__--__-- _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure End of Full-Disclosure Digest _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- US Governement War3z Server? Glen Freeman (Aug 21)
- RE: US Governement War3z Server? Kamal N Habayeb (Aug 22)
- Re: US Governement War3z Server? martin f krafft (Aug 22)
- <Possible follow-ups>
- RE: US Governement War3z Server? Ferris, Robin (Aug 22)
- US Governement War3z Server? Helmut Hauser (Aug 22)
- Re: US Governement War3z Server? Byron Copeland (Aug 22)
- US Governement War3z Server? Helmut Hauser (Aug 22)
- US Governement War3z Server? Helmut Hauser (Aug 22)
- US Governement War3z Server? Shagghie (Aug 22)
- RE: US Governement War3z Server? Kamal N Habayeb (Aug 22)