Re: Possible German Governmental Backdoor found ("R2D2")

[xD 0x41 <secn3t () gmail com>]

Ah, i can see why now :)
That is, against FD lists rules, and, as they say, can be *updated* every
month if need be, for even ONE person.
Also, i queried the amount of n3td3v posts, and found almost every one, he
was VERY sarcastic and acting like he was king-of-the-kids,when, i think he
isnt.. but, maybe he is stupid and cannot follow the rules wich he has even
showed, are UK Law, so, i wonder then, who is breaching any *secunia*
atall.. coz, it cant be Fd but, it CAN be easily tracked thru the emails,
and, i guess that would be a ban.
i would not send a public, when i have been asked NOT to. i think i did
once, whilst i was in a hurry and did not see the follwng mail wich was to
NOT cc it to the list,....
I see now, the way kids can spam also...
It is good outline valdis, thankyou.
It answers many things about not just n3td3v, but also, how oneself should
be acting here, and, what is even an acceptable Offtopic 'topic', to
*unmoderate* hehe...
I seriously, would bore any admin sometimes, coz, i have to cram 30000 words
into 5 paragraphs, or more..
So, i only learnt a few things wich are invaluable.
1. Do NOT piss off the list by shitty spamming, and cc'ing or bcc'ing
ANYONES personal emails, this is just a breach of, usually trusted privacy.
2. Do NOT try to help this cause for n3td3v , he has breached, about 99.1 of
the laws , since fd started, and probably even laws they did not know they
had, until he joined.
3. You live and learn, and, i look to the elders, and gurus, like
george/Valdis/thor/MadIrish/Joro/Thor/HD and slowly by watching, and using
rss feeds to my irc channel, have found the lists to be great but, you
should learn from the above people to :>
4. Do not eat popcorn.
5. No, I am NOT laurelia.
6. Cristian , you still look like, the absolute geek-of-the-world-2011 :)
/me hands you your bougette of flowers :P~~
    (am kidding with u :P~~)
Enjoy, and, I guess, it is learning, when new to here, so, I am happy to
stfu, and let others outline things, when i need those answered. Otherwise,
i am capable to make a good thread, i just have to remember, some people
will always try to destroy it, unless it is like, exact PoC code to shut
them up so they can go exploit themselves in root :;)
But anyhow, i enjoy FD, I dont enjoy Political talk on the list, nor racism,
and, am slightly embarrassed that this is being kept alive, by the ones who
should be NOT contributing to those threads,and *driving* them, thats a
hte-thread, nomatter how you like to call it, so, why theyre not
stopped,and, some subjects, like politics/religin, and race, should be NOT
allowed, in ANY form, opinions are fine, but, this is not the means and ends
to discuss them, daily, for somuch that, i had to disable rsss, because the
socalled gurus, wont stfu about racism, and, passing links around, i dont
think is making you any more popular.
You are silly people, to use ANYONES race/color and religion/cultures...on
ANY list, this should also, be etiquette.
Nomatter what list, what has the color of Obama, todo with shit on FD ?
NOTHING.
Yet, the socalled gurus, are flaming it.
Kill it, and, move on to more security-related things,w ich, i have watched
somuch on, and, just helpd back because, the main contributors, are to busy
still discussing cross seas politics and comparing, well, seriously go fk
yourself and make your own list for politcs-arseholes.org,m then go post
there.
Hows that sound for you ?
Now, please, stop that bs race crap, it is NOT NICE for anyone in any
country, quit it, pack it up, make your fucking final speeches, and fuck it
oFF.
Is that to much, to get you guys, thining on the RIGHT stuff, wich, i could
post now, 3 0day local root expoits, and was tempted to, one also, for bsd,
and, i just, have not seen the list used for this for solong, i dont want to
post crap :s.
But, i will b happy to share1
once things are back to normal maybe :P
xd


On 14 October 2011 13:09, <Valdis.Kletnieks () vt edu> wrote:

> On Thu, 13 Oct 2011 17:51:24 PDT, "andrew.wallace" said:
> > I'm not moderated, I was completely brick walled. I rely on the industry
> to post my stuff on my behalf.
>
> Let's see. "not moderated, completely brick walled". How well does that
> hold up?
>
> The note you replied to left the full-disclosure site at this time:
>
> Received: from lists.grok.org.uk (EHLO lists.grok.org.uk) ([77.66.26.37])
>       by zidane.cc.vt.edu (MOS 4.2.2-FCS FastPath queued)     with ESMTP
> id QWF63339; Thu, 13 Oct 2011 17:40:50 -0400 (EDT)
> Received: from lists.grok.org.uk (localhost [127.0.0.1])        by
> lists.grok.org.uk (Postfix) with ESMTP id B28BF3D3; Thu,  13 Oct 2011
> 22:40:46 +0100 (BST)
>
> The timestamp on zidane is reliable, it's NTP synced.  So I have a high
> degree
> of confidence that the following line (4 seconds before) is also a reliable
> timestamp of when Postfix enqueued Byron's mail.  So pretty much nobody
> should be in posession of a copy much before that timestamp.
>
> Your reply stating the list was moderated has:
>
> Received: from localhost (localhost [127.0.0.1])        by rikku.cc.vt.edu(MOS 3.10.10a-GA)    id LLD06213; Thu,  13 
> Oct 2011 17:44:34 -0400 (EDT)
> Received: from steiner.cc.vt.edu (steiner.cc.vt.edu [198.82.163.51])    by
> rikku.cc.vt.edu (MOS 3.10.10a-GA)    with ESMTP id LLD06212; Thu,  13 Oct
> 2011 17:44:33 -0400 (EDT)
> (a few omitted)
> Received: (qmail 73517 invoked by uid 60001); Thu, 13 Oct 2011 21:44:32
> +0000
> Received: from [82.40.88.173] by web59615.mail.ac4.yahoo.com via HTTP;
> Thu,  13 Oct 2011 14:44:32 -0700 (PDT)
> X-mailer: YahooMailWebService/0.8.114.317681
> Message-id: <1318542272.69082.YahooMailNeo () web59615 mail ac4 yahoo com>
>
> So you replied to it from Yahoo a whole 3 minutes and 46 seconds after it
> was
> posted, which means that you had a copy even earlier (given that it takes
> at
> least a little time to compose and send a reply in Yahoo's webmail
> interface -
> even longer if the message isn't in a Yahoo mailbox already (this becomes
> relevant further on).  Now how could this have come to pass?
>
> Conclusion:  One of the following  explanations of how you got a copy is
> true:
>
> 0) The message doesn't show any cc: fields, but Byron *could* have included
> a
> Bcc: field to include you, or somebody else who then followed step (2)
> below.
> Personally, I'm doubtful, as there's no obvious *reason* for Byron to have
> done
> so on this particular message (in particular, no reason to have used a bcc:
> instead of a cc:)  But I'll let him speak to that himself.  There's also
> the
> minor breach of netiquette of replying to a bcc:'ed note, thus revealing
> the
> fact you were on the bcc:. Overall likelyhood:  Doubtful.
>
> 1) You have control of an account that is subscribed to the list (and thus
> receives messages) that eventually ends up at Yahoo, but are unable to post
> from that address, and did a "reply" the instant it showed up in your Yahoo
> mailbox. This goes somewhat against your claim that you're totally "brick
> walled".  But other than that, it holds up remarkably well.  Plenty of time
> to
> get a "You have new mail" notification, open it, pop in a one-line reply,
> and
> hit send.
>
> 1a) Some address is subscribed to the list, and acting as a "list exploder"
> by
> forwarding to multiple addresses not on the original list, including an
> address
> you control at Yahoo. Fairly unlikely, as these have fallen out of favor in
> the
> last few years, precisely because the semantics of "reply" and bounce
> messages
> through a list exploder are very hard to get right (this is only easy to do
> in
> walled-garden scenarios like an Exchange cluster where you control the
> horizontal and vertical - once you let an outside MUA like YahooMail get
> involved, it goes pear-shaped very quickly).
>
> 2) Somebody else received the post, thought of you, forwarded it to you so
> you
> could receive it, and you replied to it, all within less than 4 minutes.
>  If so, please
> speak to the person you received it from, as their forward incorrectly
> re-used
> this from Byron's post:
>
> Message-id: <4E975936.9010507 () gmail com>
>
> resulting in your message containing this:
>
> In-reply-to: <4E975936.9010507 () gmail com>
>
> See RFC5322, section 3.6.4 for details.  Manual forwarding of a message
> is quite clearly a "new" message, so the Message-ID: should be regenerated.
> Since the vast majority of MUA's get this right, I rank this as
> low-probability.
>
> 3) You spend *far* too much time hitting refresh on list archive web pages
> and
> then hand-composing a reply into Yahoo Mail.  Congrats on figuring out how
> to
> get Yahoo Mail to include the In-Reply-To: header, that takes some doing.
>
> 4) You have some other reasonable explanation of how you came to be in
> posession of a copy just a few minutes after it was posted.
>
> Overall:  (1) is highly likely, (3) is very sad if true, jury's still out
> on
> (4) till we hear something plausible, rest are unlikely.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/