Full Disclosure mailing list archives
Full-disclosure] Why the IPS product designers
From: Srinivas Naik <naik.srinu () gmail com>
Date: Wed, 2 Jun 2010 00:44:07 +0530
Mr. Nelson has brought a good point, Host IPS should also be running even if there is Nework IPS. There are Client end Attacks which has got many Evasion techniques and almost the recent research presents us the proof of such Attacks. Apart these there exist other exploits/malware which cannot be detected over the network. Regards, Srinivas Naik (Certified Hacker and Forensic Investigator) IPS Evaluator http://groups.google.com/group/nforceit On Tue, Jun 1, 2010 at 9:16 PM, <full-disclosure-request () lists grok org uk>wrote:
Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists grok org uk You can reach the person managing the list at full-disclosure-owner () lists grok org uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Nelson Brito) 2. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Valdis.Kletnieks () vt edu) 3. DoS vulnerability in Internet Explorer (MustLive) 4. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (rajendra prasad) 5. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Cor Rosielle) 6. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Nelson Brito) 7. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Nelson Brito) 8. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie) 9. Re: DoS vulnerability in Internet Explorer (Laurent Gaffie) 10. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Cor Rosielle) 11. Re: DoS vulnerability in Internet Explorer (PsychoBilly) 12. Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection (Nelson Brito) 13. Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework (Onapsis Research Labs) 14. Re: The_UT is repenting (T Biehn) ---------------------------------------------------------------------- Message: 1 Date: Tue, 1 Jun 2010 08:50:05 -0300 From: Nelson Brito <nbrito () sekure org> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: rajendra prasad <rajendra.palnaty () gmail com> Cc: "full-disclosure () lists grok org uk" <full-disclosure () lists grok org uk> Message-ID: <E01DF83F-4EB0-4212-8866-76DDB5C3B55B () sekure org> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs). No security solution/technology is the miracle protection alone, so that's the reason everybody is talking about defense in depth. Cheers. Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Please, help me to develop the ENG? SQL Fingerprint? downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an ? iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 4:38 AM, rajendra prasad <rajendra.palnaty () gmail com> wrote:Hi List, I am putting my thoughts on this, please share your thoughts, comments. Request length is less than the response length.So, processing small amount of data is better than of processing bulk data. Response may have encrypted data. Buffering all the client-server transactions and validating signatures on them is difficult. Even though buffered, client data may not be in the plain text. Embedding all the client encryption/decryption process on the fly is not possible, even though ips gathered key values of clients.Most of the client protection is done by anti-virus. So, concentrating client attacks at IPS level is not so needed. Thanks Rajendra _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/------------------------------ Message: 2 Date: Tue, 01 Jun 2010 08:34:22 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: rajendra prasad <rajendra.palnaty () gmail com> Cc: full-disclosure () lists grok org uk Message-ID: <14206.1275395662@localhost> Content-Type: text/plain; charset="us-ascii" On Tue, 01 Jun 2010 13:08:32 +0530, rajendra prasad said:Request length is less than the response length.So, processing smallamountof data is better than of processing bulk data. Response may haveencrypteddata. Buffering all the client-server transactions and validatingsignatureson them is difficult.All of that is total wanking. The *real* reason why IPS product designers concentrate on servers is because hopefully the server end is run by some experienced people with a clue, and maybe even hardened to last more than 35 seconds when a hacker attacks. Meanwhile, if anybody designed an IPS for the client end, it would just get installed on an end-user PC running Windows, where it will have all the issues and work just as well as any other anti-malware software on an end-user PC. Oh - and there's also the little detail that a site is more likely to buy *one* software license to run on their web server (or whatever), rather than the hassle of buying and administering 10,000 end-user licenses. Especially when an IPS on the client end doesn't actually tell you much about attacks against the valuable target (the server) from machines you haven't installed the end-user IPS on (like the entire rest of the Internet). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/0896c76b/attachment-0001.bin ------------------------------ Message: 3 Date: Tue, 1 Jun 2010 15:42:58 +0300 From: "MustLive" <mustlive () websecurity com ua> Subject: [Full-disclosure] DoS vulnerability in Internet Explorer To: <full-disclosure () lists grok org uk> Message-ID: <005e01cb0188$162059b0$010000c0@ml> Content-Type: text/plain; format=flowed; charset="windows-1251"; reply-type=response Hello Full-Disclosure! I want to warn you about Denial of Service vulnerability in Internet Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But recently I made new tests concerning this vulnerability, so I decided to remind you about it. I know this vulnerability for a long time - it's well-known DoS in IE. It works in IE6 and after release of IE7 I hoped that Microsoft fixed this hole in seventh version of the browser. But as I tested at 29.09.2008, IE7 was also vulnerable to this attack. And as I tested recently, IE8 is also vulnerable to this attack. Also I informed Microsoft at 01.10.2008 about it, but they ignored and didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8. That time I published about this vulnerability at SecurityVulns (http://securityvulns.com/Udocument636.html). DoS: Vulnerability concerned with handling by browser of expression in styles, which leads to blocking of work of IE. http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and previous versions. To Susan Bradley from Bugtraq: This is one of those cases, which I told you before, when browser vendors ignore to fix DoS holes in their browsers for many years. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ------------------------------ Message: 4 Date: Tue, 1 Jun 2010 18:28:03 +0530 From: rajendra prasad <rajendra.palnaty () gmail com> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: full-disclosure () lists grok org uk Message-ID: <AANLkTinFeCKoKUNI59k2citWgTJlytqjRiZ8Ze8oM1rp () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi List, I have started this discussion with respect to Network IPS. Thanks Rajendra On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <rajendra.palnaty () gmail com>wrote:Hi List, I am putting my thoughts on this, please share your thoughts, comments. Request length is less than the response length.So, processing smallamountof data is better than of processing bulk data. Response may haveencrypteddata. Buffering all the client-server transactions and validatingsignatureson them is difficult. Even though buffered, client data may not be in the plain text. Embedding all the client encryption/decryption process on the fly is not possible, even though ips gathered key values of clients.Mostofthe client protection is done by anti-virus. So, concentrating client attacks at IPS level is not so needed. Thanks Rajendra-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/0cb18940/attachment-0001.html ------------------------------ Message: 5 Date: Tue, 1 Jun 2010 14:52:51 +0200 From: "Cor Rosielle" <cor () outpost24 com> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: "'Nelson Brito'" <nbrito () sekure org> Cc: full-disclosure () lists grok org uk Message-ID: <003001cb0189$5962ddf0$0c2899d0$@com> Content-Type: text/plain; charset="UTF-8" Nelson,You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs).Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.No security solution/technology is the miracle protection alone,That's true.so that's the reason everybody is talking about defense in depth.Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control). This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try. Regards, Cor Rosielle w: www.lab106.com ------------------------------ Message: 6 Date: Tue, 1 Jun 2010 10:27:48 -0300 From: Nelson Brito <nbrito () sekure org> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: rajendra prasad <rajendra.palnaty () gmail com> Cc: "full-disclosure () lists grok org uk" <full-disclosure () lists grok org uk> Message-ID: <76444513-375E-472C-A3CA-8F4A9776EDD4 () sekure org> Content-Type: text/plain; charset="utf-8" Okay, but why did you mention AV as a client-side protection? It leads to a discussion about client-side protection, anyways. Cheers. Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Please, help me to develop the ENG? SQL Fingerprint? downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an ? iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 9:58 AM, rajendra prasad <rajendra.palnaty () gmail com> wrote:Hi List, I have started this discussion with respect to Network IPS. Thanks Rajendra On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad <rajendra.palnaty () gmail comwrote:Hi List, I am putting my thoughts on this, please share your thoughts, comments. Request length is less than the response length.So, processing small amount of data is better than of processing bulk data. Response may have encrypted data. Buffering all the client-server transactions and validating signatures on them is difficult. Even though buffered, client data may not be in the plain text. Embedding all the client encryption/decryption process on the fly is not possible, even though ips gathered key values of clients.Most of the client protection is done by anti-virus. So, concentrating client attacks at IPS level is not so needed. Thanks Rajendra _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/d583f90d/attachment-0001.html ------------------------------ Message: 7 Date: Tue, 1 Jun 2010 10:23:31 -0300 From: Nelson Brito <nbrito () sekure org> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: Cor Rosielle <cor () outpost24 com> Cc: "<full-disclosure () lists grok org uk>" <full-disclosure () lists grok org uk> Message-ID: <6AAECC36-E447-497D-BA87-D7C5EFB18E43 () sekure org> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Comments are inline! Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Please, help me to develop the ENG? SQL Fingerprint? downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an ? iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor () outpost24 com> wrote:Nelson,You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs).Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.That's so 1990! NIPS and/or Firewall just protect you if you're inside the "borders"... But, come on. Who doesn't have a laptop nowadays? So, multiple protection layers is better than none, anyways. You have choices when adopting a security posture or, if you prefer, risk posture. I believe that it's quite difficult and almost impossible you stay updated with all the threads, due to exponential growth of them.No security solution/technology is the miracle protection alone,That's true.so that's the reason everybody is talking about defense in depth.Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control).Woowoo.. I cannot agree with you, because AV has nothing to do protecting end-point against network attacks. AV will alert and protect only when the thread already reached your end-point. Besides, there are other layers, such as: buffer overflow protection inside HIPS. Look that I am not talking abous IDS. 8)This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try.It always is a risk decision, and I not basing MHO on any "standard", that's based on my background... And, AFAIK, nodoby can expect that users and/or server systems will be able to apply all or any update in a huge environment.Regards, Cor Rosielle w: www.lab106.com------------------------------ Message: 8 Date: Tue, 01 Jun 2010 23:54:33 +1000 From: Laurent Gaffie <laurent.gaffie () gmail com> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer To: full-disclosure () lists grok org uk Message-ID: <4C051119.1010702 () gmail com> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Full-Disclosure! I want to warn you about a Denial of Service in every browser finaly !!! It actually affect every browser with a javascript engine build in !!! Adobe may be vulnerable to !!!! PoC : <html> <head><title>0n0z</title></head> <body> <script type="text/javascript"> for (i=0;i<65535;i++) { alert('0n0z mustlive got you, now you're fucked, the only solution is to restart your browser or be faster than JS !!!'); } </script> </body> </html> Greetz to Mustlive () oswap com ua On 01/06/10 22:42, MustLive wrote:Hello Full-Disclosure! I want to warn you about Denial of Service vulnerability in Internet Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But recently I made new tests concerning this vulnerability, so I decided to remind you about it. I know this vulnerability for a long time - it's well-known DoS in IE. It works in IE6 and after release of IE7 I hoped that Microsoft fixed thisholein seventh version of the browser. But as I tested at 29.09.2008, IE7 was also vulnerable to this attack. And as I tested recently, IE8 is also vulnerable to this attack. Also I informed Microsoft at 01.10.2008 about it, but they ignored and didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8. That time I published about this vulnerability at SecurityVulns (http://securityvulns.com/Udocument636.html). DoS: Vulnerability concerned with handling by browser of expression in styles, which leads to blocking of work of IE. http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and previous versions. To Susan Bradley from Bugtraq: This is one of those cases, which I told you before, when browser vendors ignore to fix DoS holes in their browsers for many years. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE 7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0 l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv mpMV1kIb911r6Ps4UhGp =n3v/ -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x09D391F0.asc Type: application/pgp-keys Size: 3130 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0003.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x09D391F0.asc Type: application/pgp-keys Size: 3130 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0004.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x09D391F0.asc Type: application/pgp-keys Size: 3129 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/6908f1f7/attachment-0005.bin ------------------------------ Message: 9 Date: Wed, 02 Jun 2010 00:00:05 +1000 From: Laurent Gaffie <laurent.gaffie () gmail com> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer To: MustLive <mustlive () websecurity com ua>, full-disclosure () lists grok org uk Message-ID: <4C051265.1050207 () gmail com> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry Mustlive, i understand you need to see this in clear text finaly. I guess ascii is the best to communicate with you; Hello Full-Disclosure! I want to warn you about a Denial of Service in every browser finaly !!! It actually affect every browser with a javascript engine build in !!! Adobe may be vulnerable to !!!! PoC : <html> <head><title>0n0z</title></head> <body> <script type="text/javascript"> for (i=0;i<65535;i++) { alert('0n0z mustlive got you, now you're fucked, the only solution is to restart your browser or be faster than JS !!!'); } </script> </body> </html> Greetz to Mustlive () oswap com ua -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH g+1w9Kvgr12i+aEmD2Me =v3oL -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x09D391F0.asc Type: application/pgp-keys Size: 3129 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100602/47b07336/attachment-0001.bin ------------------------------ Message: 10 Date: Tue, 1 Jun 2010 16:20:10 +0200 From: "Cor Rosielle" <cor () outpost24 com> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: "'Nelson Brito'" <nbrito () sekure org> Cc: full-disclosure () lists grok org uk Message-ID: <001b01cb0195$8c21a080$a464e180$@com> Content-Type: text/plain; charset="utf-8" Nelson, I put my comments inline as well Regards, Cor ...snip...Nelson,You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs).Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.That's so 1990! NIPS and/or Firewall just protect you if you're inside the "borders"... But, come on. Who doesn't have a laptop nowadays? So, multiple protection layers is better than none, anyways.Even one layer is better than none :-). Multiple layers are even better, especially when they are different types of protection. But applying security without thinking is bad. Even if you have enough money and hardware to spent, you should at least think about the balance between the amount security you get and the amount of risk you run when installing another piece of software. Then you can decide if it is worth the money or hardware you need to spend.You have choices when adopting a security posture or, if you prefer, risk posture. I believe that it's quite difficult and almost impossible you stay updated with all the threads, due to exponential growth of them.You have a point here. That's why it is better not to base security on defenses to known and existing threats alone, but use defense mechanisms that protect you both against known and existing threats and against unknown and future threats as well. I can't help to mention the OSSTMM again, because this is pretty much what it is about.No security solution/technology is the miracle protection alone,That's true.so that's the reason everybody is talking about defense in depth.Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control).Woowoo.. I cannot agree with you, because AV has nothing to do protecting end-point against network attacks. AV will alert and protect only when the thread already reached your end-point. Besides, there are other layers, such as: buffer overflow protection inside HIPS. Look that I am not talking abous IDS. 8)Sure you're right about that. There is a lot of other threats AV doesn't protect you to. Just like an IPS doesn't protect you against all threats. But that doesn't mean it is a wise decision to install each and every part of security software you can get, because software comes with costs and risks too. This is true for IPS's too.This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try.It always is a risk decision, and I not basing MHO on any "standard", that's based on my background... And, AFAIK, nodoby can expect that users and/or server systems will be able to apply all or any update in a huge environment.Of course you don't have to agree, but I think it is better to be critical about the software you install. And if you don't agree and rather spend your money on things that were useful for someone else at another time and under different circumstances, then just do that. But I wish you wouldn't write that others must (you wrote it even in capitals) deploy an IPS. Regards, Cor ------------------------------ Message: 11 Date: Tue, 01 Jun 2010 16:26:37 +0200 From: PsychoBilly <zpamh0l3 () gmail com> Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer To: fdisclo <full-disclosure () lists grok org uk> Message-ID: <4C05189D.7050200 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed This had already been published http://www.pewy.fr/hamster.html ************************ Cluster #[[ Laurent Gaffie ]] possibly emitted, @Time [[ 01/06/2010 16:00 ]] The Following #String **********************-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry Mustlive, i understand you need to see this in clear text finaly. I guess ascii is the best to communicate with you; Hello Full-Disclosure! I want to warn you about a Denial of Service in every browser finaly !!! It actually affect every browser with a javascript engine build in !!! Adobe may be vulnerable to !!!! PoC : <html> <head><title>0n0z</title></head> <body> <script type="text/javascript"> for (i=0;i<65535;i++) { alert('0n0z mustlive got you, now you're fucked, the only solution is to restart your browser or be faster than JS !!!'); } </script> </body> </html> Greetz to Mustlive () oswap com ua -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMBRJkAAoJEEESJ0AJ05HwJpYQAI84bDG8fNbq4lYjomqD3+Wf 29VzhaQt39FF2ERwh7sDYkc5wdw/DWfAC5SpwdVtr/0wDW0dyZV36RfJyUixysce weKx5wztjjwzk4yQF61v8DXz7MEWLhuYv9fTGcw9LKpnDm9/Z0YZ6ObKp8dE9A11 1E4xzAByLYpEdTQyxosMsJ336oJgTc3NrjDiPJGoxOb65epLlc07aEaP7ZA7jE/J i+M0ukNl8CKAryGs8DhDf+5fkJf1wcqOUoxK4mJ4nPe0IhhoQ+FUizB04E7MpK8P OisvgW8I6tdGurJTfux14Jj6NZXBuL0ww65e3vfgOrm8WRtKPrbwiRd1nk8NqsCC Nz5UBxEr32YhEUdgoXPj8ZleBbvLL0z0PVoRtbBSyKABih8OUwPMUpa0WkpMno+x gcG7vmO/bIr5wEjRGlK9NglCMqKNWzRk2f03KGIM2MMetB7KLvR/Kir3rL2n8a4k nLj/EYRm4orHzIDtR/Fr8LixJPr1wwpi53OOPJEcpjDvud4sOKcfUPSb7cckc7wQ vBPCNjPZ1D8V3GzJhE7+NHVVl8wUDwKodu0ejDmzJ2K7L1nLDiI9GStA8Xof98ne 4ZBLA3lCRsbcYDdE0cvqwMa+xyx7KUcMy5M8vimyTGpIhnFF2+ScdFgFzrDIEtNH g+1w9Kvgr12i+aEmD2Me =v3oL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/------------------------------ Message: 12 Date: Tue, 1 Jun 2010 11:49:28 -0300 From: Nelson Brito <nbrito () sekure org> Subject: Re: [Full-disclosure] Why the IPS product designers concentrate on server side protection? why they are missing client protection To: Cor Rosielle <cor () outpost24 com> Cc: "<full-disclosure () lists grok org uk>" <full-disclosure () lists grok org uk> Message-ID: <ABDDB41B-4F4E-4A6D-8E75-09DC9ACCFB8E () sekure org> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes I still keep in capital: anyone MUST deploy Host IPS when adopting Network IPS. If you don't do so you MUST keep in mind that you are just approaching some threads, even because Host and Network IPS have different approaches. Otherwise you will THINK you're protected... But nobody can guarantee that. Regarding the aquisition of those solutions, of course it cannot be done without a deep looking inside the corporate, but it doesn't mean you don't have to... When you decided to aquire a security solution you have to be careful and have well designed criterias to do so, but, again, it doesn't mean you don't have to aquire them. About the known and unknown threads, I will not enter into this, because it is kind of a phylosofical discussion. Cheers. Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Please, help me to develop the ENG? SQL Fingerprint? downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an ? iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 11:20 AM, "Cor Rosielle" <cor () outpost24 com> wrote:Nelson, I put my comments inline as well Regards, Cor ...snip...Nelson,You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs).Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.That's so 1990! NIPS and/or Firewall just protect you if you're inside the "borders"... But, come on. Who doesn't have a laptop nowadays? So, multiple protection layers is better than none, anyways.Even one layer is better than none :-). Multiple layers are even better, especially when they are different types of protection. But applying security without thinking is bad. Even if you have enough money and hardware to spent, you should at least think about the balance between the amount security you get and the amount of risk you run when installing another piece of software. Then you can decide if it is worth the money or hardware you need to spend.You have choices when adopting a security posture or, if you prefer, risk posture. I believe that it's quite difficult and almost impossible you stay updated with all the threads, due to exponential growth of them.You have a point here. That's why it is better not to base security on defenses to known and existing threats alone, but use defense mechanisms that protect you both against known and existing threats and against unknown and future threats as well. I can't help to mention the OSSTMM again, because this is pretty much what it is about.No security solution/technology is the miracle protection alone,That's true.so that's the reason everybody is talking about defense in depth.Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control).Woowoo.. I cannot agree with you, because AV has nothing to do protecting end-point against network attacks. AV will alert and protect only when the thread already reached your end-point. Besides, there are other layers, such as: buffer overflow protection inside HIPS. Look that I am not talking abous IDS. 8)Sure you're right about that. There is a lot of other threats AV doesn't protect you to. Just like an IPS doesn't protect you against all threats. But that doesn't mean it is a wise decision to install each and every part of security software you can get, because software comes with costs and risks too. This is true for IPS's too.This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try.It always is a risk decision, and I not basing MHO on any "standard", that's based on my background... And, AFAIK, nodoby can expect that users and/or server systems will be able to apply all or any update in a huge environment.Of course you don't have to agree, but I think it is better to be critical about the software you install. And if you don't agree and rather spend your money on things that were useful for someone else at another time and under different circumstances, then just do that. But I wish you wouldn't write that others must (you wrote it even in capitals) deploy an IPS. Regards, Cor------------------------------ Message: 13 Date: Tue, 01 Jun 2010 11:31:19 -0300 From: Onapsis Research Labs <research () onapsis com> Subject: [Full-disclosure] Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework To: full-disclosure () lists grok org uk Message-ID: <4C0519B7.8050403 () onapsis com> Content-Type: text/plain; charset=UTF-8 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear colleague, We are proud to announce the release of Onapsis Bizploit, the first opensource ERP Penetration Testing framework. Presented at the renowned HITB Dubai security conference, Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems. The term "ERP Security" has been so far understood by most of the IT Security and Auditing industries as a synonym of ?Segregation of Duties?. While this aspect is absolutely important for the overall security of the Organization's core business platforms, there are many other threats that are still overlooked and imply much higher levels of risk. Onapsis Bizploit is designed as an academic proof-of-concept that will help the general community to illustrate and understand this kind of risks. Currently Onapsis Bizploit provides all the features available in the sapyto GPL project, plus several new plugins and connectors focused in the security of SAP business platforms. Updates for other popular ERPs are to be released in the short term. Your can download the software freely from http://www.onapsis.com Best regards, - -------------------------------------------- The Onapsis Research Labs Team Onapsis S.R.L Email: research () onapsis com Web: www.onapsis.com PGP: http://www.onapsis.com/pgp/research.asc - -------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkwFGLQACgkQz3i6WNVBcDVp7wCgktzu7vYVXTBnE9DM5GPYAnGx OjAAn0uVawK36FZMP9DFYye3XX56CN1v =80ir -----END PGP SIGNATURE----- ------------------------------ Message: 14 Date: Tue, 1 Jun 2010 11:46:26 -0400 From: T Biehn <tbiehn () gmail com> Subject: Re: [Full-disclosure] The_UT is repenting To: Anders Klixbull <akl () experian dk> Cc: full-disclosure () lists grok org uk Message-ID: <AANLkTimnEwv9Zy-QYvJ2qn5UxYBEFh3cI0_6tv4TgUX7 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" I don't think UT is anyone's 'boy toy.' The guy is massive. I'm sure he'll meet all kinds of experienced scam artists and criminals and learn all sorts of neat things for use when he gets out. -Travis On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull <akl () experian dk> wrote:I'm so sorry that your friend was retarded enough to get busted. And thank you for the archive! It's always nice to have a personal librarian :) You may be sorry for the repeat material, but please go suck a lemon. Thanks. -----Oprindelig meddelelse----- Fra: ghost [mailto:ghosts () gmail com] Sendt: 1. juni 2010 11:35 Til: Anders Klixbull Cc: full-disclosure () lists grok org uk Emne: Re: [Full-disclosure] The_UT is repenting Anders - i'm very sorry, you must of confused this mailing list with astalavista forums. Please go away... or kill yourself, whichever you prefer...... and in the interest of full-disclosure, I have my fingers crossed for the latter :) Thanks.-----------------------------------------------------------------------------------------Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Please stop stating the obvious. Keep in mind that to us your useless replies are of no importance. Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) But their website graphics is super cool! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) we care we really do From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) take a chill pill wigger Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) shut the fuck up From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) then you gadi and n3td3v should jump off a cliff Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Apology not accepted! Alcohol is required! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) ) If im ever near there i will look you up! Cheers Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Thinking a little highly of yourself arent you? Saving the world lol lol lol Keep your moronic comics to yourself please Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) 0day pictures of Mark's mom for sale From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Keep your talentless tripe to yourself Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) You're obviously retarded Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) You forgot to include MiniMySqlat0r01.jar in your zip file.. Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) ???? ????????! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Free 0day for all!! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Fuck the vendors put them on FD Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Go suck a lemon bitch Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) The hardcore cockgobbler scene of scotland Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) TEH TXT FIEL FORMATTING SI TEH FUCKED From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Religion is nothing more than mental crutches for weakminded people Message Results Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) But isnt that where you feel most at home brother n3td3v? Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Because we are drawn to you like moths to a flame Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) It's safe to assume that it covers the both of you ignorant turds Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Nice teenspeak maybe your mother can invite n3td3v over to hot cocoa and cookies? Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) removing anyone is pointless From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Project chroma project? Welcome to the redundancy department of redundancy.. Mike c aka n3td3v shut the fuck up Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) retardo Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Are you smoking crack? Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Helol n3td3v Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) go suck a lemon From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) OH MY GOD I DONT KNOW BUT DO WE REALLY CARE???? their site was always a crappy piece of shit Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) He's too busy living the good life in a cardboard box in hobotown to answer ) Vi hj?lper dig til at tr?ffe bedre beslutninger. Vi tilbyder analyse og informationsservices der ?ger salget m?lretter markedsf?ringen og reducerer risikoen for ta... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) GO SUCK A LEMON Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) And pigs eat bananas with their ears Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) he's the wino on the corner sucking your lemon Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) I heard he ch0ked on a lemon Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Taunting other people's english skills work better when your own english isn't broken ) Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) So youre whining about a 4 year old post? lol and who uses an exploit without changing the shellcode anyway Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Wow such depth! Such insight! WOW Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) you need to get a job you no good for nothing lazy bum From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) seems to be cropping in? as far as know rainbow tables has been around for years... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) lol they have been useful for years son just because YOU never found a use for them doesn't mean noone else has Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) you'd like to gobble that sausage wouldn't you From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) callate la boca carajo. que la chupes y que la sigas chupando From Rosa Maria Gonzalez Pereira Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) yes the correct answer is 'cheese' From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) you obviously misunderstood since every geek on the planet knows that the answer in numeric form is 42! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Shut up weev Take your fake panama bank accounts and put them where the sun don't shine If you can fit it in while you have that aircraft carrier up there Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Andrew/weev is an amateur troll He has ridden other peoples fame morethanonce Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Nobody cares about a homeless bum Move along Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Learn how to blow old men and live on their couches Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) Thank you shawarma! From fulldisclosurebounces@list... Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) He never said anything profound 140 characters or not Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) bohooo stop crying he can disclose bugs when he feels like it if you dont like that then go suck a lemon Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) lol look who's talking about being professional yeah sure because klixbull is such a russian name right? and oh yeah my email address also ends in .ua julian its time to stop gobbling that cock and shut the fuck up Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) why does it hurt when you suck lemons? does your teeth gets fucked up when you smoke cock all day? Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) yeah sure.. you junkies are alle the same you suck dicks for cheeseburgers and crack Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) dad? is that you? mom says to stop blowing off strangers for free and bring home some money! Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) But aren't gnaa retired anyway? Re: by Anders Klixbull in full-disclosure () lists grok org uk (31613 messages) lol seems to be? you should know better than "seems" since your email is in the gnaa ascii On Tue, Jun 1, 2010 at 1:28 AM, Anders Klixbull <akl () experian dk> wrote:Wouldn't you if you were bubba's boytoy in the can? Fra: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] P? vegne afPsychoBillySendt: 1. juni 2010 10:21 Til: full-disclosure () lists grok org uk Emne: [Full-disclosure] The_UT is repenting http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100601/37bc81bd/attachment.html ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 64, Issue 3 **********************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Full-disclosure] Why the IPS product designers Srinivas Naik (Jun 01)
- Re: Full-disclosure] Why the IPS product designers Cor Rosielle (Jun 01)
- Re: Full-disclosure] Why the IPS product designers Srinivas Naik (Jun 02)
- Re: Full-disclosure] Why the IPS product designers Nelson Brito (Jun 02)
- <Possible follow-ups>
- Re: Full-disclosure] Why the IPS product designers Nelson Brito (Jun 02)
- Re: Full-disclosure] Why the IPS product designers Cor Rosielle (Jun 01)