Full-disclosure] Why the IPS product designers

[Srinivas Naik <naik.srinu () gmail com>]

Mr. Nelson has brought a good point, Host IPS should also be running even if
there is Nework IPS.

There are Client end Attacks which has got many Evasion techniques and
almost the recent research presents us the proof of such Attacks.
Apart these there exist other exploits/malware which cannot be detected over
the network.

Regards,
Srinivas Naik (Certified Hacker and Forensic Investigator)
IPS Evaluator
http://groups.google.com/group/nforceit

On Tue, Jun 1, 2010 at 9:16 PM,
<full-disclosure-request () lists grok org uk>wrote:

> Send Full-Disclosure mailing list submissions to
>        full-disclosure () lists grok org uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>        full-disclosure-request () lists grok org uk
>
> You can reach the person managing the list at
>        full-disclosure-owner () lists grok org uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your
> post appropriately. Thank you.
>
>
> Today's Topics:
>
>   1. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (Nelson Brito)
>   2. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection
>      (Valdis.Kletnieks () vt edu)
>   3. DoS vulnerability in Internet Explorer (MustLive)
>   4. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (rajendra prasad)
>   5. Re: Why the IPS product designers concentrate     on      server side
>      protection? why they are missing client protection (Cor Rosielle)
>   6. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (Nelson Brito)
>   7. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (Nelson Brito)
>   8. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
>   9. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie)
>  10. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (Cor Rosielle)
>  11. Re: DoS vulnerability in Internet Explorer (PsychoBilly)
>  12. Re: Why the IPS product designers concentrate on  server side
>      protection? why they are missing client protection (Nelson Brito)
>  13. Onapsis Research Labs: Onapsis Bizploit - The opensource ERP
>      Penetration Testing framework (Onapsis Research Labs)
>  14. Re: The_UT is repenting (T Biehn)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 1 Jun 2010 08:50:05 -0300
> From: Nelson Brito <nbrito () sekure org>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: rajendra prasad <rajendra.palnaty () gmail com>
> Cc: "full-disclosure () lists grok org uk"
>        <full-disclosure () lists grok org uk>
> Message-ID: <E01DF83F-4EB0-4212-8866-76DDB5C3B55B () sekure org>
> Content-Type: text/plain;       charset=utf-8;  format=flowed;  delsp=yes
>
> You're missing one point: Host IPS MUST be deployed with any Network
> Security (Firewalls os NIPSs).
>
> No security solution/technology is the miracle protection alone, so
> that's the reason everybody is talking about defense in depth.
>
> Cheers.
>
> Nelson Brito
> Security Researcher
> http://fnstenv.blogspot.com/
>
> Please, help me to develop the ENG? SQL Fingerprint? downloading it
> from Google Code (http://code.google.com/p/mssqlfp/) or from
> Sourceforge (https://sourceforge.net/projects/mssqlfp/).
>
> Sent on an ? iPhone wireless device. Please, forgive any potential
> misspellings!
>
> On Jun 1, 2010, at 4:38 AM, rajendra prasad
> <rajendra.palnaty () gmail com> wrote:
>
> > Hi List,
> >
> > I am putting my thoughts on this, please share your thoughts,
> > comments.
> >
> > Request length is less than the response length.So, processing small
> > amount of data is better than of processing bulk data. Response may
> > have encrypted data. Buffering all the client-server transactions
> > and validating signatures on them is difficult. Even though
> > buffered, client data may not be in the plain text. Embedding all
> > the client encryption/decryption process on the fly is not possible,
> > even though ips gathered key values of clients.Most of the client
> > protection is done by anti-virus. So, concentrating client attacks
> > at IPS level is not so needed.
> >
> >
> > Thanks
> > Rajendra
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 01 Jun 2010 08:34:22 -0400
> From: Valdis.Kletnieks () vt edu
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: rajendra prasad <rajendra.palnaty () gmail com>
> Cc: full-disclosure () lists grok org uk
> Message-ID: <14206.1275395662@localhost>
> Content-Type: text/plain; charset="us-ascii"
>
> On Tue, 01 Jun 2010 13:08:32 +0530, rajendra prasad said:
>
> > Request length is less than the response length.So, processing small
> amount
> > of data is better than of processing bulk data. Response may have
> encrypted
> > data. Buffering all the client-server transactions and validating
> signatures
> > on them is difficult.
>
> All of that is total wanking.  The *real* reason why IPS product designers
> concentrate on servers is because hopefully the server end is run by some
> experienced people with a clue, and maybe even hardened to last more than
> 35 seconds when a hacker attacks.  Meanwhile, if anybody designed an IPS
> for
> the client end, it would just get installed on an end-user PC running
> Windows,
> where it will have all the issues and work just as well as any other
> anti-malware software on an end-user PC.
>
> Oh - and there's also the little detail that a site is more likely to buy
> *one* software license to run on their web server (or whatever), rather
> than
> the hassle of buying and administering 10,000 end-user licenses.
>  Especially
> when an IPS on the client end doesn't actually tell you much about attacks
> against the valuable target (the server) from machines you haven't
> installed
> the end-user IPS on (like the entire rest of the Internet).
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 227 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/0896c76b/attachment-0001.bin
>
> ------------------------------
>
> Message: 3
> Date: Tue, 1 Jun 2010 15:42:58 +0300
> From: "MustLive" <mustlive () websecurity com ua>
> Subject: [Full-disclosure] DoS vulnerability in Internet Explorer
> To: <full-disclosure () lists grok org uk>
> Message-ID: <005e01cb0188$162059b0$010000c0@ml>
> Content-Type: text/plain; format=flowed; charset="windows-1251";
>        reply-type=response
>
> Hello Full-Disclosure!
>
> I want to warn you about Denial of Service vulnerability in Internet
> Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But
> recently I made new tests concerning this vulnerability, so I decided to
> remind you about it.
>
> I know this vulnerability for a long time - it's well-known DoS in IE. It
> works in IE6 and after release of IE7 I hoped that Microsoft fixed this
> hole
> in seventh version of the browser. But as I tested at 29.09.2008, IE7 was
> also vulnerable to this attack. And as I tested recently, IE8 is also
> vulnerable to this attack.
>
> Also I informed Microsoft at 01.10.2008 about it, but they ignored and
> didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8.
>
> That time I published about this vulnerability at SecurityVulns
> (http://securityvulns.com/Udocument636.html).
>
> DoS:
>
> Vulnerability concerned with handling by browser of expression in styles,
> which leads to blocking of work of IE.
>
> http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
>
> Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
> Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
> previous versions.
>
> To Susan Bradley from Bugtraq:
>
> This is one of those cases, which I told you before, when browser vendors
> ignore to fix DoS holes in their browsers for many years.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 1 Jun 2010 18:28:03 +0530
> From: rajendra prasad <rajendra.palnaty () gmail com>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: full-disclosure () lists grok org uk
> Message-ID:
>        <AANLkTinFeCKoKUNI59k2citWgTJlytqjRiZ8Ze8oM1rp () mail gmail com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi List,
>
> I have started this discussion with respect to Network IPS.
>
> Thanks
> Rajendra
>
> On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad
> <rajendra.palnaty () gmail com>wrote:
>
> > Hi List,
> >
> > I am putting my thoughts on this, please share your thoughts, comments.
> >
> > Request length is less than the response length.So, processing small
> amount
> > of data is better than of processing bulk data. Response may have
> encrypted
> > data. Buffering all the client-server transactions and validating
> signatures
> > on them is difficult. Even though buffered, client data may not be in the
> > plain text. Embedding all the client encryption/decryption process on the
> > fly is not possible, even though ips gathered key values of clients.Most
> of
> > the client protection is done by anti-virus. So, concentrating client
> > attacks at IPS level is not so needed.
> >
> >
> > Thanks
> > Rajendra
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/0cb18940/attachment-0001.html
>
> ------------------------------
>
> Message: 5
> Date: Tue, 1 Jun 2010 14:52:51 +0200
> From: "Cor Rosielle" <cor () outpost24 com>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate     on      server side protection? why they are missing
> client
>        protection
> To: "'Nelson Brito'" <nbrito () sekure org>
> Cc: full-disclosure () lists grok org uk
> Message-ID: <003001cb0189$5962ddf0$0c2899d0$@com>
> Content-Type: text/plain;       charset="UTF-8"
>
> Nelson,
>
> > You're missing one point: Host IPS MUST be deployed with any Network
> > Security (Firewalls os NIPSs).
> Please be aware this is a risk decision and not a fact. I don't use an host
> IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe.
> This is because I do critical thinking about security measures and don't
> copy behavior of others (who often don't think for themselves and just
> copies other peoples behavior). Please note I'm not saying you're not
> thinking. If you did some critical thinking and an host IPS is a good
> solution for you, then that's OK> It just doesn't mean it is a good solution
> for everybody else and everybody MUST deploy an host IPS.
>
> > No security solution/technology is the miracle protection alone,
> That's true.
>
> > so that's the reason everybody is talking about defense in depth.
> Defense in depth is often used for another line of a similar defense
> mechanism as the previous already was. Different layers of defense works
> best if the defense mechanism differ. So if you're using anti virus software
> (which gives you an authentication control and an alarm control according to
> the OSSTMM), then an host IDS is not the best additional security measure
> (because this also gives you an authentication and an alarm control).
> This would also be a risk decision, but based on facts and the rules
> defined in the OSSTMM and not based on some marketing material. You should
> give it a try.
>
> Regards,
> Cor Rosielle
>
> w: www.lab106.com
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 1 Jun 2010 10:27:48 -0300
> From: Nelson Brito <nbrito () sekure org>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: rajendra prasad <rajendra.palnaty () gmail com>
> Cc: "full-disclosure () lists grok org uk"
>        <full-disclosure () lists grok org uk>
> Message-ID: <76444513-375E-472C-A3CA-8F4A9776EDD4 () sekure org>
> Content-Type: text/plain; charset="utf-8"
>
> Okay, but why did you mention AV as a client-side protection?
>
> It leads to a discussion about client-side protection, anyways.
>
> Cheers.
>
> Nelson Brito
> Security Researcher
> http://fnstenv.blogspot.com/
>
> Please, help me to develop the ENG? SQL Fingerprint? downloading it
> from Google Code (http://code.google.com/p/mssqlfp/) or from
> Sourceforge (https://sourceforge.net/projects/mssqlfp/).
>
> Sent on an ? iPhone wireless device. Please, forgive any potential
> misspellings!
>
> On Jun 1, 2010, at 9:58 AM, rajendra prasad
> <rajendra.palnaty () gmail com> wrote:
>
> > Hi List,
> >
> > I have started this discussion with respect to Network IPS.
> >
> > Thanks
> > Rajendra
> >
> > On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <
> rajendra.palnaty () gmail com
> > > wrote:
> > Hi List,
> >
> > I am putting my thoughts on this, please share your thoughts,
> > comments.
> >
> > Request length is less than the response length.So, processing small
> > amount of data is better than of processing bulk data. Response may
> > have encrypted data. Buffering all the client-server transactions
> > and validating signatures on them is difficult. Even though
> > buffered, client data may not be in the plain text. Embedding all
> > the client encryption/decryption process on the fly is not possible,
> > even though ips gathered key values of clients.Most of the client
> > protection is done by anti-virus. So, concentrating client attacks
> > at IPS level is not so needed.
> >
> >
> > Thanks
> > Rajendra
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/d583f90d/attachment-0001.html
>
> ------------------------------
>
> Message: 7
> Date: Tue, 1 Jun 2010 10:23:31 -0300
> From: Nelson Brito <nbrito () sekure org>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: Cor Rosielle <cor () outpost24 com>
> Cc: "<full-disclosure () lists grok org uk>"
>        <full-disclosure () lists grok org uk>
> Message-ID: <6AAECC36-E447-497D-BA87-D7C5EFB18E43 () sekure org>
> Content-Type: text/plain;       charset=utf-8;  format=flowed;  delsp=yes
>
> Comments are inline!
>
> Nelson Brito
> Security Researcher
> http://fnstenv.blogspot.com/
>
> Please, help me to develop the ENG? SQL Fingerprint? downloading it
> from Google Code (http://code.google.com/p/mssqlfp/) or from
> Sourceforge (https://sourceforge.net/projects/mssqlfp/).
>
> Sent on an ? iPhone wireless device. Please, forgive any potential
> misspellings!
>
> On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor () outpost24 com> wrote:
>
> > Nelson,
> >
> > > You're missing one point: Host IPS MUST be deployed with any Network
> > > Security (Firewalls os NIPSs).
> > Please be aware this is a risk decision and not a fact. I don't use
> > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > perfectly safe. This is because I do critical thinking about
> > security measures and don't copy behavior of others (who often don't
> > think for themselves and just copies other peoples behavior). Please
> > note I'm not saying you're not thinking. If you did some critical
> > thinking and an host IPS is a good solution for you, then that's OK>
> > It just doesn't mean it is a good solution for everybody else and
> > everybody MUST deploy an host IPS.
>
> That's so 1990! NIPS and/or Firewall just protect you if you're inside
> the "borders"... But, come on. Who doesn't have a laptop nowadays? So,
> multiple protection layers is better than none, anyways.
>
> You have choices when adopting a security posture or, if you prefer,
> risk posture. I believe that it's quite difficult and almost
> impossible you stay updated with all the threads, due to exponential
> growth of them.
>
> > > No security solution/technology is the miracle protection alone,
> > That's true.
> >
> > > so that's the reason everybody is talking about defense in depth.
> > Defense in depth is often used for another line of a similar defense
> > mechanism as the previous already was. Different layers of defense
> > works best if the defense mechanism differ. So if you're using anti
> > virus software (which gives you an authentication control and an
> > alarm control according to the OSSTMM), then an host IDS is not the
> > best additional security measure (because this also gives you an
> > authentication and an alarm control).
>
> Woowoo.. I cannot agree with you, because AV has nothing to do
> protecting end-point against network attacks. AV will alert and
> protect only when the thread already reached your end-point. Besides,
> there are other layers, such as: buffer overflow protection inside
> HIPS. Look that I am not talking abous IDS. 8)
>
> > This would also be a risk decision, but based on facts and the rules
> > defined in the OSSTMM and not based on some marketing material. You
> > should give it a try.
>
> It always is a risk decision, and I not basing MHO on any "standard",
> that's based on my background... And, AFAIK, nodoby can expect that
> users and/or server systems will be able to apply all or any update in
> a huge environment.
>
> > Regards,
> > Cor Rosielle
> >
> > w: www.lab106.com
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 01 Jun 2010 23:54:33 +1000
> From: Laurent Gaffie <laurent.gaffie () gmail com>
> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> To: full-disclosure () lists grok org uk
> Message-ID: <4C051119.1010702 () gmail com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Full-Disclosure!
>
> I want to warn you about a Denial of Service in every browser finaly !!!
>
> It actually affect every browser with a javascript engine  build in !!!
>
> Adobe may be vulnerable to !!!!
>
> PoC :
>
> <html>
> <head><title>0n0z</title></head>
> <body>
> <script type="text/javascript">
> for (i=0;i<65535;i++) {
>  alert('0n0z mustlive got you, now you're fucked, the only solution
> is to restart your browser or be faster than JS !!!');
> }
> </script>
> </body>
> </html>
>
> Greetz to Mustlive () oswap com ua
>
>
> On 01/06/10 22:42, MustLive wrote:
> > Hello Full-Disclosure!
> >
> > I want to warn you about Denial of Service vulnerability in
> > Internet Explorer. Which I already disclosed at my site in 2008 (at
> > 29.09.2008). But recently I made new tests concerning this
> > vulnerability, so I decided to remind you about it.
> >
> > I know this vulnerability for a long time - it's well-known DoS in
> > IE. It works in IE6 and after release of IE7 I hoped that Microsoft
> > fixed this
> hole
> > in seventh version of the browser. But as I tested at 29.09.2008,
> > IE7 was also vulnerable to this attack. And as I tested recently,
> > IE8 is also vulnerable to this attack.
> >
> > Also I informed Microsoft at 01.10.2008 about it, but they ignored
> > and didn't fix it. They didn't fix the hole not in IE6, nor in IE7,
> > nor in IE8.
> >
> > That time I published about this vulnerability at SecurityVulns
> > (http://securityvulns.com/Udocument636.html).
> >
> > DoS:
> >
> > Vulnerability concerned with handling by browser of expression in
> > styles, which leads to blocking of work of IE.
> >
> > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> >
> > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180),
> > Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8
> > (8.0.7600.16385) and previous versions.
> >
> > To Susan Bradley from Bugtraq:
> >
> > This is one of those cases, which I told you before, when browser
> > vendors ignore to fix DoS holes in their browsers for many years.
> >
> > Best wishes & regards, MustLive Administrator of Websecurity web
> > site http://websecurity.com.ua
> >
> > _______________________________________________ Full-Disclosure -
> > We believe in it. Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > sponsored by Secunia - http://secunia.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE
> 7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp
> AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB
> JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi
> A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp
> KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd
> XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0
> l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z
> H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK
> kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO
> llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv
> mpMV1kIb911r6Ps4UhGp
> =n3v/
> -----END PGP SIGNATURE-----
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0001.html
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x09D391F0.asc
> Type: application/pgp-keys
> Size: 3130 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0003.bin
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x09D391F0.asc
> Type: application/pgp-keys
> Size: 3130 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0004.bin
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x09D391F0.asc
> Type: application/pgp-keys
> Size: 3129 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0005.bin
>
> ------------------------------
>
> Message: 9
> Date: Wed, 02 Jun 2010 00:00:05 +1000
> From: Laurent Gaffie <laurent.gaffie () gmail com>
> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> To: MustLive <mustlive () websecurity com ua>,
>        full-disclosure () lists grok org uk
> Message-ID: <4C051265.1050207 () gmail com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Sorry Mustlive,
> i understand you need to see this in clear text finaly.
> I guess ascii is the best to communicate with you;
>
>
> Hello Full-Disclosure!
>
> I want to warn you about a Denial of Service in every browser finaly !!!
>
> It actually affect every browser with a javascript engine  build in !!!
>
> Adobe may be vulnerable to !!!!
>
> PoC :
>
> <html>
> <head><title>0n0z</title></head>
> <body>
> <script type="text/javascript">
> for (i=0;i<65535;i++) {
> alert('0n0z mustlive got you, now you're fucked, the only solution is
> to restart your browser or be faster than JS !!!');
> }
> </script>
> </body>
> </html>
>
>
> Greetz to Mustlive () oswap com ua
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> g+1w9Kvgr12i+aEmD2Me
> =v3oL
> -----END PGP SIGNATURE-----
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x09D391F0.asc
> Type: application/pgp-keys
> Size: 3129 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100602/47b07336/attachment-0001.bin
>
> ------------------------------
>
> Message: 10
> Date: Tue, 1 Jun 2010 16:20:10 +0200
> From: "Cor Rosielle" <cor () outpost24 com>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: "'Nelson Brito'" <nbrito () sekure org>
> Cc: full-disclosure () lists grok org uk
> Message-ID: <001b01cb0195$8c21a080$a464e180$@com>
> Content-Type: text/plain;       charset="utf-8"
>
> Nelson,
>
> I put my comments inline as well
>
> Regards, Cor
>
> ...snip...
> > > Nelson,
> > >
> > > > You're missing one point: Host IPS MUST be deployed with any Network
> > > > Security (Firewalls os NIPSs).
> > > Please be aware this is a risk decision and not a fact. I don't use
> > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > perfectly safe. This is because I do critical thinking about
> > > security measures and don't copy behavior of others (who often don't
> > > think for themselves and just copies other peoples behavior). Please
> > > note I'm not saying you're not thinking. If you did some critical
> > > thinking and an host IPS is a good solution for you, then that's OK>
> > > It just doesn't mean it is a good solution for everybody else and
> > > everybody MUST deploy an host IPS.
> >
> > That's so 1990! NIPS and/or Firewall just protect you if you're inside
> > the "borders"... But, come on. Who doesn't have a laptop nowadays? So,
> > multiple protection layers is better than none, anyways.
> Even one layer is better than none :-). Multiple layers are even better,
> especially when they are different types of protection. But applying
> security without thinking is bad. Even if you have enough money and hardware
> to spent, you should at least think about the balance between the amount
> security you get and the amount of risk you run when installing another
> piece of software. Then you can decide if it is worth the money or hardware
> you need to spend.
>
> > You have choices when adopting a security posture or, if you prefer,
> > risk posture. I believe that it's quite difficult and almost
> > impossible you stay updated with all the threads, due to exponential
> > growth of them.
> You have a point here. That's why it is better not to base security on
> defenses to known and existing threats alone, but use defense mechanisms
> that protect you both against known and existing threats and against unknown
> and future threats as well. I can't help to mention the OSSTMM again,
> because this is pretty much what it is about.
>
> > > > No security solution/technology is the miracle protection alone,
> > > That's true.
> > >
> > > > so that's the reason everybody is talking about defense in depth.
> > > Defense in depth is often used for another line of a similar defense
> > > mechanism as the previous already was. Different layers of defense
> > > works best if the defense mechanism differ. So if you're using anti
> > > virus software (which gives you an authentication control and an
> > > alarm control according to the OSSTMM), then an host IDS is not the
> > > best additional security measure (because this also gives you an
> > > authentication and an alarm control).
> >
> > Woowoo.. I cannot agree with you, because AV has nothing to do
> > protecting end-point against network attacks. AV will alert and
> > protect only when the thread already reached your end-point. Besides,
> > there are other layers, such as: buffer overflow protection inside
> > HIPS. Look that I am not talking abous IDS. 8)
> Sure you're right about that. There is a lot of other threats AV doesn't
> protect you to. Just like an IPS doesn't protect you against all threats.
> But that doesn't mean it is a wise decision to install each and every part
> of security software you can get, because software comes with costs and
> risks too. This is true for IPS's too.
>
> > > This would also be a risk decision, but based on facts and the rules
> > > defined in the OSSTMM and not based on some marketing material. You
> > > should give it a try.
> >
> > It always is a risk decision, and I not basing MHO on any "standard",
> > that's based on my background... And, AFAIK, nodoby can expect that
> > users and/or server systems will be able to apply all or any update in
> > a huge environment.
>
> Of course you don't have to agree, but I think it is better to be critical
> about the software you install. And if you don't agree and rather spend your
> money on things that were useful for someone else at another time and under
> different circumstances, then just do that. But I wish you wouldn't write
> that others must (you wrote it even in capitals) deploy an IPS.
>
> Regards,
> Cor
>
>
>
> ------------------------------
>
> Message: 11
> Date: Tue, 01 Jun 2010 16:26:37 +0200
> From: PsychoBilly <zpamh0l3 () gmail com>
> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer
> To: fdisclo <full-disclosure () lists grok org uk>
> Message-ID: <4C05189D.7050200 () gmail com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> This had already been published
> http://www.pewy.fr/hamster.html
>
> ************************  Cluster #[[   Laurent Gaffie   ]] possibly
> emitted, @Time [[   01/06/2010 16:00   ]] The Following #String
>  **********************
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Sorry Mustlive,
> > i understand you need to see this in clear text finaly.
> > I guess ascii is the best to communicate with you;
> >
> >
> > Hello Full-Disclosure!
> >
> > I want to warn you about a Denial of Service in every browser finaly !!!
> >
> > It actually affect every browser with a javascript engine  build in !!!
> >
> > Adobe may be vulnerable to !!!!
> >
> > PoC :
> >
> > <html>
> > <head><title>0n0z</title></head>
> > <body>
> > <script type="text/javascript">
> > for (i=0;i<65535;i++) {
> > alert('0n0z mustlive got you, now you're fucked, the only solution is
> > to restart your browser or be faster than JS !!!');
> > }
> > </script>
> > </body>
> > </html>
> >
> >
> > Greetz to Mustlive () oswap com ua
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf
> > 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce
> > weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11
> > 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J
> > i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P
> > OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC
> > Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x
> > gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k
> > nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ
> > vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne
> > 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH
> > g+1w9Kvgr12i+aEmD2Me
> > =v3oL
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ------------------------------
>
> Message: 12
> Date: Tue, 1 Jun 2010 11:49:28 -0300
> From: Nelson Brito <nbrito () sekure org>
> Subject: Re: [Full-disclosure] Why the IPS product designers
>        concentrate on  server side protection? why they are missing client
>        protection
> To: Cor Rosielle <cor () outpost24 com>
> Cc: "<full-disclosure () lists grok org uk>"
>        <full-disclosure () lists grok org uk>
> Message-ID: <ABDDB41B-4F4E-4A6D-8E75-09DC9ACCFB8E () sekure org>
> Content-Type: text/plain;       charset=utf-8;  format=flowed;  delsp=yes
>
> I still keep in capital: anyone MUST deploy Host IPS when adopting
> Network IPS. If you don't do so you MUST keep in mind that you are
> just approaching some threads, even because Host and Network IPS have
> different approaches.
>
> Otherwise you will THINK you're protected... But nobody can guarantee
> that.
>
> Regarding the aquisition of those solutions, of course it cannot be
> done without a deep looking inside the corporate, but it doesn't mean
> you don't have to...
>
> When you decided to aquire a security solution you have to be careful
> and have well designed criterias to do so, but, again, it doesn't mean
> you don't have to aquire them.
>
> About the known and unknown threads, I will not enter into this,
> because it is kind of a phylosofical discussion.
>
> Cheers.
>
> Nelson Brito
> Security Researcher
> http://fnstenv.blogspot.com/
>
> Please, help me to develop the ENG? SQL Fingerprint? downloading it
> from Google Code (http://code.google.com/p/mssqlfp/) or from
> Sourceforge (https://sourceforge.net/projects/mssqlfp/).
>
> Sent on an ? iPhone wireless device. Please, forgive any potential
> misspellings!
>
> On Jun 1, 2010, at 11:20 AM, "Cor Rosielle" <cor () outpost24 com> wrote:
>
> > Nelson,
> >
> > I put my comments inline as well
> >
> > Regards, Cor
> >
> > ...snip...
> > > > Nelson,
> > > >
> > > > > You're missing one point: Host IPS MUST be deployed with any
> > > > > Network
> > > > > Security (Firewalls os NIPSs).
> > > > Please be aware this is a risk decision and not a fact. I don't use
> > > > an host IPS and no anti Virus either. Still I'm sure my laptop is
> > > > perfectly safe. This is because I do critical thinking about
> > > > security measures and don't copy behavior of others (who often don't
> > > > think for themselves and just copies other peoples behavior). Please
> > > > note I'm not saying you're not thinking. If you did some critical
> > > > thinking and an host IPS is a good solution for you, then that's OK>
> > > > It just doesn't mean it is a good solution for everybody else and
> > > > everybody MUST deploy an host IPS.
> > >
> > > That's so 1990! NIPS and/or Firewall just protect you if you're
> > > inside
> > > the "borders"... But, come on. Who doesn't have a laptop nowadays?
> > > So,
> > > multiple protection layers is better than none, anyways.
> > Even one layer is better than none :-). Multiple layers are even
> > better, especially when they are different types of protection. But
> > applying security without thinking is bad. Even if you have enough
> > money and hardware to spent, you should at least think about the
> > balance between the amount security you get and the amount of risk
> > you run when installing another piece of software. Then you can
> > decide if it is worth the money or hardware you need to spend.
> >
> > > You have choices when adopting a security posture or, if you prefer,
> > > risk posture. I believe that it's quite difficult and almost
> > > impossible you stay updated with all the threads, due to exponential
> > > growth of them.
> > You have a point here. That's why it is better not to base security
> > on defenses to known and existing threats alone, but use defense
> > mechanisms that protect you both against known and existing threats
> > and against unknown and future threats as well. I can't help to
> > mention the OSSTMM again, because this is pretty much what it is
> > about.
> >
> > > > > No security solution/technology is the miracle protection alone,
> > > > That's true.
> > > >
> > > > > so that's the reason everybody is talking about defense in depth.
> > > > Defense in depth is often used for another line of a similar defense
> > > > mechanism as the previous already was. Different layers of defense
> > > > works best if the defense mechanism differ. So if you're using anti
> > > > virus software (which gives you an authentication control and an
> > > > alarm control according to the OSSTMM), then an host IDS is not the
> > > > best additional security measure (because this also gives you an
> > > > authentication and an alarm control).
> > >
> > > Woowoo.. I cannot agree with you, because AV has nothing to do
> > > protecting end-point against network attacks. AV will alert and
> > > protect only when the thread already reached your end-point. Besides,
> > > there are other layers, such as: buffer overflow protection inside
> > > HIPS. Look that I am not talking abous IDS. 8)
> > Sure you're right about that. There is a lot of other threats AV
> > doesn't protect you to. Just like an IPS doesn't protect you against
> > all threats. But that doesn't mean it is a wise decision to install
> > each and every part of security software you can get, because
> > software comes with costs and risks too. This is true for IPS's too.
> >
> > > > This would also be a risk decision, but based on facts and the rules
> > > > defined in the OSSTMM and not based on some marketing material. You
> > > > should give it a try.
> > >
> > > It always is a risk decision, and I not basing MHO on any "standard",
> > > that's based on my background... And, AFAIK, nodoby can expect that
> > > users and/or server systems will be able to apply all or any update
> > > in
> > > a huge environment.
> >
> > Of course you don't have to agree, but I think it is better to be
> > critical about the software you install. And if you don't agree and
> > rather spend your money on things that were useful for someone else
> > at another time and under different circumstances, then just do
> > that. But I wish you wouldn't write that others must (you wrote it
> > even in capitals) deploy an IPS.
> >
> > Regards,
> > Cor
>
>
>
> ------------------------------
>
> Message: 13
> Date: Tue, 01 Jun 2010 11:31:19 -0300
> From: Onapsis Research Labs <research () onapsis com>
> Subject: [Full-disclosure] Onapsis Research Labs: Onapsis Bizploit -
>        The opensource ERP Penetration Testing framework
> To: full-disclosure () lists grok org uk
> Message-ID: <4C0519B7.8050403 () onapsis com>
> Content-Type: text/plain; charset=UTF-8
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear colleague,
>
> We are proud to announce the release of Onapsis Bizploit, the first
> opensource ERP Penetration Testing framework.
>
> Presented at the renowned HITB Dubai security conference, Bizploit is
> expected to provide the security community with a basic framework to support
> the
> discovery, exploration, vulnerability assessment and exploitation of ERP
> systems.
>
> The term "ERP Security" has been so far understood by most of the IT
> Security and Auditing industries as a synonym of ?Segregation of Duties?.
> While
> this aspect is absolutely important for the overall security of the
> Organization's core business platforms, there are many other threats that
> are
> still overlooked and imply much higher levels of risk. Onapsis Bizploit is
> designed as an academic proof-of-concept that will help the general
> community to illustrate and understand this kind of risks.
>
> Currently Onapsis Bizploit provides all the features available in the
> sapyto GPL project, plus several new plugins and connectors focused in the
> security of SAP business platforms. Updates for other popular ERPs are to
> be released in the short term.
>
> Your can download the software freely from http://www.onapsis.com
>
> Best regards,
>
> - --------------------------------------------
> The Onapsis Research Labs Team
>
> Onapsis S.R.L
> Email: research () onapsis com
> Web: www.onapsis.com
> PGP: http://www.onapsis.com/pgp/research.asc
> - --------------------------------------------
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkwFGLQACgkQz3i6WNVBcDVp7wCgktzu7vYVXTBnE9DM5GPYAnGx
> OjAAn0uVawK36FZMP9DFYye3XX56CN1v
> =80ir
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 14
> Date: Tue, 1 Jun 2010 11:46:26 -0400
> From: T Biehn <tbiehn () gmail com>
> Subject: Re: [Full-disclosure] The_UT is repenting
> To: Anders Klixbull <akl () experian dk>
> Cc: full-disclosure () lists grok org uk
> Message-ID:
>        <AANLkTimnEwv9Zy-QYvJ2qn5UxYBEFh3cI0_6tv4TgUX7 () mail gmail com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I don't think UT is anyone's 'boy toy.' The guy is massive.
>
> I'm sure he'll meet all kinds of experienced scam artists and criminals and
> learn all sorts of neat things for use when he gets out.
>
> -Travis
>
> On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull <akl () experian dk> wrote:
>
> > I'm so sorry that your friend was retarded enough to get busted.
> > And thank you for the archive!
> > It's always nice to have a personal librarian :)
> > You may be sorry for the repeat material, but please go suck a lemon.
> > Thanks.
> >
> > -----Oprindelig meddelelse-----
> > Fra: ghost [mailto:ghosts () gmail com]
> > Sendt: 1. juni 2010 11:35
> > Til: Anders Klixbull
> > Cc: full-disclosure () lists grok org uk
> > Emne: Re: [Full-disclosure] The_UT is repenting
> >
> > Anders - i'm very sorry, you must of confused this mailing list with
> > astalavista forums. Please go away... or kill yourself, whichever you
> > prefer...... and in the interest of full-disclosure, I have my fingers
> > crossed for the latter :)
> >
> > Thanks.
> -----------------------------------------------------------------------------------------
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Please stop stating the obvious. Keep in mind that to us your useless
> > replies are of no importance.
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > But their website graphics is super cool!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > we care we really do From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > take a chill pill wigger
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > shut the fuck up From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > then you gadi and n3td3v should jump off a cliff
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Apology not accepted! Alcohol is required!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > ) If im ever near there i will look you up! Cheers
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Thinking a little highly of yourself arent you? Saving the world lol
> > lol lol Keep your moronic comics to yourself please
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > 0day pictures of Mark's mom for sale From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Keep your talentless tripe to yourself
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > You're obviously retarded
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > You forgot to include MiniMySqlat0r01.jar in your zip file..
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > ???? ????????!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Free 0day for all!!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Fuck the vendors put them on FD
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Go suck a lemon bitch
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > The hardcore cockgobbler scene of scotland
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > TEH TXT FIEL FORMATTING SI TEH FUCKED From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Religion is nothing more than mental crutches for weakminded people
> >
> > Message Results
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > But isnt that where you feel most at home brother n3td3v?
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Because we are drawn to you like moths to a flame
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > It's safe to assume that it covers the both of you ignorant turds
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Nice teenspeak maybe your mother can invite n3td3v over to hot cocoa
> > and cookies?
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > removing anyone is pointless From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Project chroma project? Welcome to the redundancy department of
> > redundancy.. Mike c aka n3td3v shut the fuck up
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > retardo
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Are you smoking crack?
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Helol n3td3v
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > go suck a lemon From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > OH MY GOD I DONT KNOW BUT DO WE REALLY CARE???? their site was always
> > a crappy piece of shit
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > He's too busy living the good life in a cardboard box in hobotown to
> > answer ) Vi hj?lper dig til at tr?ffe bedre beslutninger. Vi tilbyder
> > analyse og informationsservices der ?ger salget m?lretter
> > markedsf?ringen og reducerer risikoen for ta...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > GO SUCK A LEMON
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > And pigs eat bananas with their ears
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > he's the wino on the corner sucking your lemon
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > I heard he ch0ked on a lemon
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Taunting other people's english skills work better when your own
> > english isn't broken )
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > So youre whining about a 4 year old post? lol and who uses an exploit
> > without changing the shellcode anyway
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Wow such depth! Such insight! WOW
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > you need to get a job you no good for nothing lazy bum From
> > fulldisclosurebounces@list...
> >
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > seems to be cropping in? as far as know rainbow tables has been around
> > for years...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > lol they have been useful for years son just because YOU never found a
> > use for them doesn't mean noone else has
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > you'd like to gobble that sausage wouldn't you From
> > fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > callate la boca carajo. que la chupes y que la sigas chupando From
> > Rosa Maria Gonzalez Pereira
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > yes the correct answer is 'cheese' From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > you obviously misunderstood since every geek on the planet knows that
> > the answer in numeric form is 42!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Shut up weev Take your fake panama bank accounts and put them where
> > the sun don't shine If you can fit it in while you have that aircraft
> > carrier up there
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Andrew/weev is an amateur troll He has ridden other peoples fame more
> than
> > once
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Nobody cares about a homeless bum Move along
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Learn how to blow old men and live on their couches
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > Thank you shawarma! From fulldisclosurebounces@list...
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > He never said anything profound 140 characters or not
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > bohooo stop crying he can disclose bugs when he feels like it if you
> > dont like that then go suck a lemon
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > lol look who's talking about being professional yeah sure because
> > klixbull is such a russian name right? and oh yeah my email address
> > also ends in .ua julian its time to stop gobbling that cock and shut
> > the fuck up
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > why does it hurt when you suck lemons? does your teeth gets fucked up
> > when you smoke cock all day?
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > yeah sure.. you junkies are alle the same you suck dicks for
> > cheeseburgers and crack
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > dad? is that you? mom says to stop blowing off strangers for free and
> > bring home some money!
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > But aren't gnaa retired anyway?
> >
> > Re:
> > by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages)
> > lol seems to be? you should know better than "seems" since your email
> > is in the gnaa ascii
> >
> >
> > On Tue, Jun 1, 2010 at 1:28 AM, Anders Klixbull <akl () experian dk> wrote:
> > > Wouldn't you if you were bubba's boytoy in the can?
> > >
> > >
> > >
> > >
> > >
> > > Fra: full-disclosure-bounces () lists grok org uk
> > > [mailto:full-disclosure-bounces () lists grok org uk] P? vegne af
> > PsychoBilly
> > > Sendt: 1. juni 2010 10:21
> > > Til: full-disclosure () lists grok org uk
> > > Emne: [Full-disclosure] The_UT is repenting
> > >
> > >
> > >
> > > http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/37bc81bd/attachment.html
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 64, Issue 3
> **********************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/