Full Disclosure mailing list archives
Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched )
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Fri, 24 Oct 2003 14:40:04 +0200
Hi Jody ( and all ), I'm completely sane ;-) Please look at the mail-log in th advisory page , you can see that NASA staff was conected a week ago and they have the systems patched , i sent an email to NASA staff telling that i will publish the report so they know ehat i was doing everytime. My behavior and treatment with NASA staff was fine and their treatment and comm. were fine too. So , don't panic. I'm responding in public because you said things that are wrong. REMEMBER: NASA staff patched the websites and they were contected a week ago and they had 2 dyas of private access to the advisory, it was a really good job between me and NASA staff. Don't worry , and think that when i was little i loved NASA and now i'm really interested in NASA campaigns, so , it's stupid to think that i can do damage aganist them, they are working fine at the momment. Again , read carefully the mail-action-advisory log at: http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt you will be better and fine reading it. NOTE: this is for everybody that thinks that i didn't contacted NASA staff , it is not true ! check the log please and....no important information is disclosed in the advisory , like mail addresses and others. the disclaimer is simple: i will not provide exploiting information nor important info that can be used against NASA websites the information of the advisory is only for educational purpouses and NASA staff knows the existence of the advisory and its contents ( they know the advisory before anybody except me , they know it since 15 of october , 003 ) Thanks to everybody of this Fantastic-Disclosure list ;-) Thanks to John ( NASA Staff ) , the Root of nasa.gov and others of their fantastic communication with me, Best regards, ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ ----- Original Message ----- From: "MELBOURNE,Jody" <Jody.MELBOURNE () dewr gov au> To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com> Sent: Friday, October 24, 2003 8:25 AM Subject: RE: [Full-disclosure] NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched )
Are you insane? Why are you hacking into NASA webservers and making your findings public? Do you think the NASA admins will thank you? I am sure they are thinking of ways to prosecute you right now. Are you just trying to get some publicity for your company (I think so, considering all of your recents XSS posts to full disclosure). Please respond in private. I'm impressed by your work but I worry that you have not considered the actions that NASA might take. The US government is very unfriendly towards hackers at the moment. Cheers .jm -----Original Message----- From: Lorenzo Hernandez Garcia-Hierro [mailto:lorenzohgh () nsrg-security com] Sent: Friday, October 24, 2003 6:53 AM To: Full-Disclosure Cc: BUGTRAQ Subject: [Full-disclosure] NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Hello friends, I'm happy and sad in the same time. The NASA websites are patched but they didn't contacted me after i sent the access instructions to advisories, so, i have now the advisory open and a complete action-mail/advisory log for probe and provide the communication between NASA staff and me. __ ACCESS INFORMATION __ Advisory access: http://advisories.nsrg-security.com/Nasa.gov-MV/ Mail & Action & Advisory Log : http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt ScreenShots: http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/ __ <<<EOF __ That's all , about one week of work and a very short and strange communication between NASA staff and me. NOTE: not all the things are patched but i think that the most important , it's very possible that the NASA staff will ignore some security holes.... Best regards to all people of Full-Disclosure , Nasa staff ( John ! ) ;-) , every body... ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Notice: The information contained in this e-mail message and any attached files
may
be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient any use, disclosure or copying of this e-mail is unauthorised. If you have
received
this e-mail in error, please notify the sender immediately by reply e-mail and delete all copies of this transmission together with any attachments.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 23)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) mcbethh (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Jon Hart (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 24)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) daniel uriah clemens (Oct 24)
- RE: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Mortis (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- Message not available
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Stefan Larsson (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) nosp (Oct 27)
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 27)
- <Possible follow-ups>
- Re: NASA WebSites Multiple Vulnerabilities ADVISORY opened to public access ( NASA websites Patched ) Lorenzo Hernandez Garcia-Hierro (Oct 24)