Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched )

["Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>]

Mortis,
is true , the owrd stupid comes but comes from you
you are wrong at all , do you read the link text to nessus ? Miscelaneous
Info about nasa.gov
and the whole report made by me ( not nessus ) ?
i think not
i think its too dificult for youabother thing you said, yo said cell , stay
in cell,
ok , you definately don't know nothing about laws of Spain
i didn't make illegal things but if i did them , a 14 boy in prison ??
hahahahaha
you are reaaallly strange...
i'm not living in your world i think , i'm not living in wonder world i
think too
xD
and how many perssonalities you hyave ? you said Mortis about one hundred
times....
Mortis , Mortis , Mortis , Mortis , Mortis , Mortis.
Mortis !
hahahaha
please don't make this type of insulting spam ,
this type of messages is better to be mailed private if you want
something...
but you want only appear trying to anoid me so you are a little bit stupid
you are not the fantastic people of full-disclosure , you are another boy
that wants to fuck others time and waste it
if you want to try to disturb me , send private mails and don't use the
super-leim mail bomber of the day xD
and of course , try to say real ,  tru and correct things !
best regards -------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453  7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
\x6e\x73\x72\x67
\x73\x65\x63\x75\x72\x69\x74\x79
\x72\x65\x73\x65\x61\x72\x63\x68
http://www.nsrg-security.com
______________________,

----- Original Message ----- 
From: "Mortis" <m0rtis () adelphia net>
To: "Full-Disclosure" <full-disclosure () lists netsys com>
Sent: Monday, October 27, 2003 8:20 AM
Subject: RE: [Full-disclosure] NASA WebSites Multiple Vulnerabilities
ADVISORY opened to public access ( NASA websites Patched )


> > I'm happy and sad in the same time.
> > The NASA websites are patched but they didn't
> > contacted me after i sent the
> > access instructions to advisories, so,
>
> Poor Lorenzo.  You're sad about how NASA treated you?
> You'll be more depressed when you're sitting in a cell next
> to Lame-o.  I should start a colander pool for long it will
> take you to get into trouble with your new hacking hobby.
>
> Did anyone ever tell you it is rude to run a nessus scan
> against someone else's machine and publish it to the whole
> wide world?  It is.  Trust Mortis.  The word stupid comes to
> mind, although I'm sure immature is more proper this time.
> Would you like it if I started probing you like that?  I
> think not.
>
> I don't see a national emergency in the faults you
> published, either.  Maybe I'm just being a mormon^h^h^hon
> again.  It happens.  Did you think up something valuable you
> could do with these vulnerabilities?  Please tell us.  Scare
> us good - here's your chance.
>
> No one seemed to point out that you're playing with an
> informational site hosted by Speedera networks.  That's
> about how Mortis sees it.  Almost nothing at all to do with
> NASA except the bill at the end of the month.
>
> You could rmfr the site and they would restore it from a
> backup.  No one would care too much if it was down.  You
> could mess with my home page settings and the first/last
> name that I entered.  Ouch.
>
> You could break into the weak ssh daemon and 0wn Speedera.
> That's a whole different story.  You didn't point that out,
> but it was more interesting than the rest of the discussion.
> Thanks for the tip.
>
> I guess with the xss and db issues you could cause a
> national media frenzy by announcing a shuttle crash or
> something.  Mortis sees this as being entertaining.  Not
> scary.  The media needs a wake-up call once in a while.
> Right, Dick?
>
> I wish you injected a fake article on the site telling us
> about your trip to Saturn.  Complete with nudie pictures of
> the aliens.  And DING-DING.  That would have been elite.
> Well, maybe not elite, but at least funny.
>
> Were you trying to impress me because you found fault with
> NASA?  I would be a lot more impressed if you published a
> sploit for the recent openssh bugs or a new IIS remote
> control hook.  Not only is it more respectable work, but you
> can do it in the lab without getting yourself in trouble.
>
> ObFD:
>
> NASA facts from a vendor perspective:
> * Some of the people are really bright.  Some of them are
> not.  Just like where you work.
> * Any intelligent dumpster diver could figure his way past
> the main gate.  I wouldn't recommend it - but you could.
> * Vendors could get more access than is appropriate (left
> alone, root on boxen).
> * Was able to bypass security procedures to get the job done
> (ip/network restrictions...)
> * I'm surprised they updated the site without a month of
> code review.
> --
> As a mad man who casteth firebrands, arrows, and death,
> Mortis
>
> P.S.  Since you gave us hints for your game, here's a hint
> for you.  People would never use the same password in more
> than one place, would they?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html