Full Disclosure mailing list archives

Re: How to become a Computer Security Professional ?

From: "XSS Worm XSS Security Information Portal" <cross-site-scripting-security () xssworm com>
Date: Mon, 19 Nov 2007 18:43:37 +1100

#!/bin/sh

# 0day exploit for Paul Schmehl
# based on information provided by Paul Schmehl
# pauls () utdallas edu
#

echo pauls > /hack/edu/utdallas.edu/known.addresses

googledump.pl --email-addresses --context-links  --referers --extended-links
-keywords "Paul","Schmehl","utdallas.edu", "pauls@", "pauls@utdallas","
paul.schmehl@" --verbose

socialgrab.pl --known-address "pauls () utdallas edu" --real-name "Paul
Schmehl" --tags=security,hacking,utdallas,vulnerability
--search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress
--verbose --dump-links

infopull.pl --pgp-search --whois --domaintools --usenet --trackers --irclog
--mirrors --listserv --known-addresses="pauls () utdallas edu"

echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu

# http://xssworm.com





On 11/19/07, Paul Schmehl <pauls () utdallas edu> wrote:


--On November 19, 2007 3:34:23 AM +0000 worried security
<worriedsecurity () googlemail com> wrote:


The forth most important rule to becoming a security professional,
always use a throw-away e-mail account so it doesn't matter of script
kids hi-jack your e-mail account with the next cross-site scripting
vulnerablity that gets posted to the public mailing lists.

You forgot the most important rule of all.  Pay no heed to bozos who post
anonymously and don't even have a job in security.  Their advice is
usually worth just as much as their reputation.

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher
mailto:vaj () nospam xssworm com
aim: XSS Cross Site
------
XSS Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog (tm) 2007
http://www.XSSworm.com/
------
"Vaj, bella vaj."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

How to become a Computer Security Professional ? Meef (Nov 17)
- Re: How to become a Computer Security Professional ? Fabio Pietrosanti (Nov 17)
- Re: How to become a Computer Security Professional ? M. Shirk (Nov 18)
- Re: How to become a Computer Security Professional ? Dude VanWinkle (Nov 18)
- Re: How to become a Computer Security Professional ? worried security (Nov 18)
  - Re: How to become a Computer Security Professional ? Paul Schmehl (Nov 18)
    - Re: How to become a Computer Security Professional ? Richard Golodner (Nov 18)
    - Re: How to become a Computer Security Professional ? rchrafe (Nov 19)
    - Message not available
    - Re: so gay huh? rchrafe (Nov 19)
    - Message not available
    - Re: so gay huh? rchrafe (Nov 19)
    - Re: How to become a Computer Security Professional ? XSS Worm XSS Security Information Portal (Nov 18)
    - Re: How to become a Computer Security Professional ? rchrafe (Nov 19)
  - Re: How to become a Computer Security Professional ? rchrafe (Nov 19)