Full Disclosure mailing list archives
Re: Possible German Governmental Backdoor found ("R2D2")
From: xD 0x41 <secn3t () gmail com>
Date: Fri, 14 Oct 2011 14:50:20 +1100
Ah, i can see why now :) That is, against FD lists rules, and, as they say, can be *updated* every month if need be, for even ONE person. Also, i queried the amount of n3td3v posts, and found almost every one, he was VERY sarcastic and acting like he was king-of-the-kids,when, i think he isnt.. but, maybe he is stupid and cannot follow the rules wich he has even showed, are UK Law, so, i wonder then, who is breaching any *secunia* atall.. coz, it cant be Fd but, it CAN be easily tracked thru the emails, and, i guess that would be a ban. i would not send a public, when i have been asked NOT to. i think i did once, whilst i was in a hurry and did not see the follwng mail wich was to NOT cc it to the list,.... I see now, the way kids can spam also... It is good outline valdis, thankyou. It answers many things about not just n3td3v, but also, how oneself should be acting here, and, what is even an acceptable Offtopic 'topic', to *unmoderate* hehe... I seriously, would bore any admin sometimes, coz, i have to cram 30000 words into 5 paragraphs, or more.. So, i only learnt a few things wich are invaluable. 1. Do NOT piss off the list by shitty spamming, and cc'ing or bcc'ing ANYONES personal emails, this is just a breach of, usually trusted privacy. 2. Do NOT try to help this cause for n3td3v , he has breached, about 99.1 of the laws , since fd started, and probably even laws they did not know they had, until he joined. 3. You live and learn, and, i look to the elders, and gurus, like george/Valdis/thor/MadIrish/Joro/Thor/HD and slowly by watching, and using rss feeds to my irc channel, have found the lists to be great but, you should learn from the above people to :> 4. Do not eat popcorn. 5. No, I am NOT laurelia. 6. Cristian , you still look like, the absolute geek-of-the-world-2011 :) /me hands you your bougette of flowers :P~~ (am kidding with u :P~~) Enjoy, and, I guess, it is learning, when new to here, so, I am happy to stfu, and let others outline things, when i need those answered. Otherwise, i am capable to make a good thread, i just have to remember, some people will always try to destroy it, unless it is like, exact PoC code to shut them up so they can go exploit themselves in root :;) But anyhow, i enjoy FD, I dont enjoy Political talk on the list, nor racism, and, am slightly embarrassed that this is being kept alive, by the ones who should be NOT contributing to those threads,and *driving* them, thats a hte-thread, nomatter how you like to call it, so, why theyre not stopped,and, some subjects, like politics/religin, and race, should be NOT allowed, in ANY form, opinions are fine, but, this is not the means and ends to discuss them, daily, for somuch that, i had to disable rsss, because the socalled gurus, wont stfu about racism, and, passing links around, i dont think is making you any more popular. You are silly people, to use ANYONES race/color and religion/cultures...on ANY list, this should also, be etiquette. Nomatter what list, what has the color of Obama, todo with shit on FD ? NOTHING. Yet, the socalled gurus, are flaming it. Kill it, and, move on to more security-related things,w ich, i have watched somuch on, and, just helpd back because, the main contributors, are to busy still discussing cross seas politics and comparing, well, seriously go fk yourself and make your own list for politcs-arseholes.org,m then go post there. Hows that sound for you ? Now, please, stop that bs race crap, it is NOT NICE for anyone in any country, quit it, pack it up, make your fucking final speeches, and fuck it oFF. Is that to much, to get you guys, thining on the RIGHT stuff, wich, i could post now, 3 0day local root expoits, and was tempted to, one also, for bsd, and, i just, have not seen the list used for this for solong, i dont want to post crap :s. But, i will b happy to share1 once things are back to normal maybe :P xd On 14 October 2011 13:09, <Valdis.Kletnieks () vt edu> wrote:
On Thu, 13 Oct 2011 17:51:24 PDT, "andrew.wallace" said:I'm not moderated, I was completely brick walled. I rely on the industryto post my stuff on my behalf. Let's see. "not moderated, completely brick walled". How well does that hold up? The note you replied to left the full-disclosure site at this time: Received: from lists.grok.org.uk (EHLO lists.grok.org.uk) ([77.66.26.37]) by zidane.cc.vt.edu (MOS 4.2.2-FCS FastPath queued) with ESMTP id QWF63339; Thu, 13 Oct 2011 17:40:50 -0400 (EDT) Received: from lists.grok.org.uk (localhost [127.0.0.1]) by lists.grok.org.uk (Postfix) with ESMTP id B28BF3D3; Thu, 13 Oct 2011 22:40:46 +0100 (BST) The timestamp on zidane is reliable, it's NTP synced. So I have a high degree of confidence that the following line (4 seconds before) is also a reliable timestamp of when Postfix enqueued Byron's mail. So pretty much nobody should be in posession of a copy much before that timestamp. Your reply stating the list was moderated has: Received: from localhost (localhost [127.0.0.1]) by rikku.cc.vt.edu(MOS 3.10.10a-GA) id LLD06213; Thu, 13 Oct 2011 17:44:34 -0400 (EDT) Received: from steiner.cc.vt.edu (steiner.cc.vt.edu [198.82.163.51]) by rikku.cc.vt.edu (MOS 3.10.10a-GA) with ESMTP id LLD06212; Thu, 13 Oct 2011 17:44:33 -0400 (EDT) (a few omitted) Received: (qmail 73517 invoked by uid 60001); Thu, 13 Oct 2011 21:44:32 +0000 Received: from [82.40.88.173] by web59615.mail.ac4.yahoo.com via HTTP; Thu, 13 Oct 2011 14:44:32 -0700 (PDT) X-mailer: YahooMailWebService/0.8.114.317681 Message-id: <1318542272.69082.YahooMailNeo () web59615 mail ac4 yahoo com> So you replied to it from Yahoo a whole 3 minutes and 46 seconds after it was posted, which means that you had a copy even earlier (given that it takes at least a little time to compose and send a reply in Yahoo's webmail interface - even longer if the message isn't in a Yahoo mailbox already (this becomes relevant further on). Now how could this have come to pass? Conclusion: One of the following explanations of how you got a copy is true: 0) The message doesn't show any cc: fields, but Byron *could* have included a Bcc: field to include you, or somebody else who then followed step (2) below. Personally, I'm doubtful, as there's no obvious *reason* for Byron to have done so on this particular message (in particular, no reason to have used a bcc: instead of a cc:) But I'll let him speak to that himself. There's also the minor breach of netiquette of replying to a bcc:'ed note, thus revealing the fact you were on the bcc:. Overall likelyhood: Doubtful. 1) You have control of an account that is subscribed to the list (and thus receives messages) that eventually ends up at Yahoo, but are unable to post from that address, and did a "reply" the instant it showed up in your Yahoo mailbox. This goes somewhat against your claim that you're totally "brick walled". But other than that, it holds up remarkably well. Plenty of time to get a "You have new mail" notification, open it, pop in a one-line reply, and hit send. 1a) Some address is subscribed to the list, and acting as a "list exploder" by forwarding to multiple addresses not on the original list, including an address you control at Yahoo. Fairly unlikely, as these have fallen out of favor in the last few years, precisely because the semantics of "reply" and bounce messages through a list exploder are very hard to get right (this is only easy to do in walled-garden scenarios like an Exchange cluster where you control the horizontal and vertical - once you let an outside MUA like YahooMail get involved, it goes pear-shaped very quickly). 2) Somebody else received the post, thought of you, forwarded it to you so you could receive it, and you replied to it, all within less than 4 minutes. If so, please speak to the person you received it from, as their forward incorrectly re-used this from Byron's post: Message-id: <4E975936.9010507 () gmail com> resulting in your message containing this: In-reply-to: <4E975936.9010507 () gmail com> See RFC5322, section 3.6.4 for details. Manual forwarding of a message is quite clearly a "new" message, so the Message-ID: should be regenerated. Since the vast majority of MUA's get this right, I rank this as low-probability. 3) You spend *far* too much time hitting refresh on list archive web pages and then hand-composing a reply into Yahoo Mail. Congrats on figuring out how to get Yahoo Mail to include the In-Reply-To: header, that takes some doing. 4) You have some other reasonable explanation of how you came to be in posession of a copy just a few minutes after it was posted. Overall: (1) is highly likely, (3) is very sad if true, jury's still out on (4) till we hear something plausible, rest are unlikely.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Possible German Governmental Backdoor found ("R2D2"), (continued)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 09)
- Re: Possible German Governmental Backdoor found ("R2D2") Valdis . Kletnieks (Oct 09)
- Re: Possible German Governmental Backdoor found ("R2D2") Byron Sonne (Oct 10)
- Re: Possible German Governmental Backdoor found ("R2D2") Byron Sonne (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") Jeffrey Walton (Oct 13)
- Message not available
- Re: Possible German Governmental Backdoor found ("R2D2") Valdis . Kletnieks (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") Ivan . (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 13)
- Message not available
- Message not available
- Message not available
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 09)
- Message not available
- Re: Possible German Governmental Backdoor found ("R2D2") Valdis . Kletnieks (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 13)
- Message not available
- Re: Possible German Governmental Backdoor found ("R2D2") Valdis . Kletnieks (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 13)
- Re: Possible German Governmental Backdoor found ("R2D2") james (Oct 09)
- Re: Possible German Governmental Backdoor found ("R2D2") You Got Pwned (Oct 10)
- Re: Possible German Governmental Backdoor found ("R2D2") xD 0x41 (Oct 09)