Full Disclosure mailing list archives
Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched )
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Mon, 27 Oct 2003 15:04:07 +0100
Mortis, is true , the owrd stupid comes but comes from you you are wrong at all , do you read the link text to nessus ? Miscelaneous Info about nasa.gov and the whole report made by me ( not nessus ) ? i think not i think its too dificult for youabother thing you said, yo said cell , stay in cell, ok , you definately don't know nothing about laws of Spain i didn't make illegal things but if i did them , a 14 boy in prison ?? hahahahaha you are reaaallly strange... i'm not living in your world i think , i'm not living in wonder world i think too xD and how many perssonalities you hyave ? you said Mortis about one hundred times.... Mortis , Mortis , Mortis , Mortis , Mortis , Mortis. Mortis ! hahahaha please don't make this type of insulting spam , this type of messages is better to be mailed private if you want something... but you want only appear trying to anoid me so you are a little bit stupid you are not the fantastic people of full-disclosure , you are another boy that wants to fuck others time and waste it if you want to try to disturb me , send private mails and don't use the super-leim mail bomber of the day xD and of course , try to say real , tru and correct things ! best regards ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->\x74\x72\x75\x6c\x75\x78 0x02->The truth is out there, 0x03-> outside your mind . __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** \x6e\x73\x72\x67 \x73\x65\x63\x75\x72\x69\x74\x79 \x72\x65\x73\x65\x61\x72\x63\x68 http://www.nsrg-security.com ______________________, ----- Original Message ----- From: "Mortis" <m0rtis () adelphia net> To: "Full-Disclosure" <full-disclosure () lists netsys com> Sent: Monday, October 27, 2003 8:20 AM Subject: RE: [Full-disclosure] NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched )
I'm happy and sad in the same time. The NASA websites are patched but they didn't contacted me after i sent the access instructions to advisories, so,Poor Lorenzo. You're sad about how NASA treated you? You'll be more depressed when you're sitting in a cell next to Lame-o. I should start a colander pool for long it will take you to get into trouble with your new hacking hobby. Did anyone ever tell you it is rude to run a nessus scan against someone else's machine and publish it to the whole wide world? It is. Trust Mortis. The word stupid comes to mind, although I'm sure immature is more proper this time. Would you like it if I started probing you like that? I think not. I don't see a national emergency in the faults you published, either. Maybe I'm just being a mormon^h^h^hon again. It happens. Did you think up something valuable you could do with these vulnerabilities? Please tell us. Scare us good - here's your chance. No one seemed to point out that you're playing with an informational site hosted by Speedera networks. That's about how Mortis sees it. Almost nothing at all to do with NASA except the bill at the end of the month. You could rmfr the site and they would restore it from a backup. No one would care too much if it was down. You could mess with my home page settings and the first/last name that I entered. Ouch. You could break into the weak ssh daemon and 0wn Speedera. That's a whole different story. You didn't point that out, but it was more interesting than the rest of the discussion. Thanks for the tip. I guess with the xss and db issues you could cause a national media frenzy by announcing a shuttle crash or something. Mortis sees this as being entertaining. Not scary. The media needs a wake-up call once in a while. Right, Dick? I wish you injected a fake article on the site telling us about your trip to Saturn. Complete with nudie pictures of the aliens. And DING-DING. That would have been elite. Well, maybe not elite, but at least funny. Were you trying to impress me because you found fault with NASA? I would be a lot more impressed if you published a sploit for the recent openssh bugs or a new IIS remote control hook. Not only is it more respectable work, but you can do it in the lab without getting yourself in trouble. ObFD: NASA facts from a vendor perspective: * Some of the people are really bright. Some of them are not. Just like where you work. * Any intelligent dumpster diver could figure his way past the main gate. I wouldn't recommend it - but you could. * Vendors could get more access than is appropriate (left alone, root on boxen). * Was able to bypass security procedures to get the job done (ip/network restrictions...) * I'm surprised they updated the site without a month of code review. -- As a mad man who casteth firebrands, arrows, and death, Mortis P.S. Since you gave us hints for your game, here's a hint for you. People would never use the same password in more than one place, would they? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 23)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) mcbethh (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Jon Hart (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) daniel uriah clemens (Oct 24)
- RE: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Mortis (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- Message not available
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Stefan Larsson (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) nosp (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- <Possible follow-ups>
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 24)