Full Disclosure mailing list archives
RE: Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard)
From: "Simon Lorentsen" <s.lorentsen () iracks com>
Date: Sun, 30 May 2004 01:05:11 +0100
In reply As per your link.... I apologise for the paste.....
It happened again today. Another one sold out, sacrificing their dreams to the corporate security machine.
Yeah sold out to prove there peers on irc that they are better then anyone else, does it make you feel good ? your part of a dream, nothing more then an interperation......
Damn whitehats, noone believes in a cause anymore.
Yawn..... heard this before......
Another bug was released today to the security mailing lists.
Sorry was using this bug to your own advantage..... like a kid being ratted on by his friend for having his hand in the cookie jar.... heard of the term grow up ?
Damn Whitehats, they know not what they do.
Is there a parrot in the house ?
Another potential computer genius was relegated to an existence of nothing more than than a 9-5 cubicle-dwelling promotional tool.
Really ? you have first hand experience of this ? shouting out the link for this ? what experience do you have ? I'm guessing none....
Damn whitehats, putting money before discovery.
Your getting repetitive.......
Another family was ravaged by cooperations and governments bent on instituting control over individuality, monitoring every action..
Ever heard of life ?
Another kid was sentenced today for searching for a way to understand the world. Convicted and imprisoned, not because of what he did, but because of what others thought he could do.
Don't you mean another kid was comparing the size of his penis on irc and got caught because he was trying to be 'elite'..........
Damn Whitehats - Fear keeps them in business.
No, it's people like you that that keep white hats in business, now tell me, if you and your kind wasn't around, white hats wouldn't be around either.....
The public, believing anything it hears from "reputed experts". Screaming for blood. Looking for something to blame for their lost hope. Their lost ability to seek out new knowledge. Fear consumes them. They cannot let go of their uncertainty and doubt because there is no meaning. They seek to destroy explorers, outlaws, curiosity seekers because they are told too. They are told these people that seek information are evil. Individuality is evil. Judgment should be made based upon a moral standard set in conformity rather than resistance. Lives are ruined in the name of corporate profit and information is hoarded as a commodity.
Now your just ranting.......
Damn Whitehats, you were once like us.
Maybe some were, but they grow up, they realized the damage that's caused to innocent individuals and business, does the word terrorist spring to mind ?
I was a Whitehat. I had an awakening. I saw the security industry for what is really is. I saw the corruption, the lies, the deceit, the extortion of protection money in the form of subscription services and snake-oil security consultants.
I doubt you were a white hat, or if you were, you felt you couldn't cut the grade with your peers.......
I wanted to know, I wanted to understand, I wanted to go further then the rest. I never want to be held down by contracts and agreements.
Does that mean causing damage to peoples files ? to peoples lively hoods ?
You say I should grow up. You say I should find better things to do with my time. You say I should put my talent to better use. You're saying I should fall in line with the other zombies and forget everything I believe in and shun those with my drive, my curiosity, tell them it's not worth it, deny them of the greatest journey they will ever experience in their lives.
No one is asking you to forget, no one is asking you to fall in line, are you saying you can't be unique ? are you saying you don't have a mind ? what this is saying is you can't follow the lines of a white hat, but you can follow the lines of a black hat ? different people, different rules... but at the end of the day, your following an ideal, your following the ideals set down by your peers..... hypocrite....
I am not a blackhat. The term is insulting, it implies I am the opposite of you. You think i seek to defeat security, when I seek something greater. I will write exploits, travel through networks, explore where you are afraid to go. I will not put myself in the spotlight and release destructive tools to the public to attract business. I will not feed the fear and hysteria created by the security industry to increase stock prices. I can, and will, code and hack and find out everything I can for the same reasons I did years ago.
What are you then, a rainbow warrior ? I think you should really read this the whole way through, before your starting linking to it..... just shows more of your ignorance....
I am a Hacker, dont try to understand me, you lost all hope of that when you crossed the line. You fail to see the lies and utter simplicity behind the computer security industry. Once, you may have shared my ideals. You fail to see the fact that security is a maintenance job. Youve given up hope for something better. You fail to see yourself as worthless, fueling an industry whose cumulative result is nothing. I dont hate you, I dont even really care about you - If you try to stop me, you will fail, because I do this out of love -- you do it for money.
Most people can see you for what you are, it's not a pretty picture and I am guessing that at the end of the day, your be another face that is never remembered......
This is our world now.. the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat and lie to us and try to make us belive it is for our own good, yet we're the ciminals.
So your not criminals ? so the dDoS'ing, the hacking, the rooting, it's legal, it's fine to cause havoc on a machine that's used for business ? are are you an ethical hacker, do you have morals ? or are you one of those that just want to make a name for themselves,
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
So you are a criminal ? nah your crime is causing damage, your crime is trying to be the best, maybe when you have grown up, your understand, every action has a consequence, you think too small, yeah you may hit a vendor, what happens to the guy who relys on the vendor to provide a service ? does he deserve that ? are you that narrow minded ?
I am a hacker, and this is my manifesto. You can't stop me, and you certainly can't stop us all.
No your another elite plank who needs to start thinking, who needs to start seeing the consequences of his actions......... Oh and regards to your tag line "Destroying something good has always been damn easy compared to creating new work which obsiously requires much more knowledge, talent and brain!". I don't think that fits with the above manifesto........ maybe you should read it all the way through... Greetz.... -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Aycan iRiCAN Sent: 29 May 2004 23:50 To: Murat Balaban; full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: [Full-disclosure] Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard) You are the fucking kid! You're the fucking security industry! There will be no public exploits according to my conversation with virulent. Next time use authors e-mail for thanksgiving please. "Destroying something good has always been damn easy compared to creating new work which obsiously requires much more knowledge, talent and brain!". Well, gaining shell requires extra understanding and imagination! http://www.phrack.nl/phrack62/p62-0x0b.txt Murat Balaban wrote:
______________________________________________________________ Package : isoqlog Date : Affected products : isoqlog is available for a wide variety of products, and distrubuted as a FreeBSD port/package. Vulnerability type : both local and remote 1. Isoqlog Isoqlog is an MTA log analysis program written in C. It designed to scan qmail, postfix, sendmail and exim logfile and produce usage statistics in HTML format for viewing through a browser. It produces Top domains output according to Sender, Receiver, Total mails and bytes; it keeps your main domain mail statistics with regard to Days Top Domain, Top Users values for per day, per month and years. 2. Problem Description There are several stack and heap overflows in several routines in Parser.c, loadconfig.c, LandCfg.c, Dir.c and Html.c files. 2.1 Parser.c There are several remote buffer overflows in
parseQmailFromBytesLine,
parseQmailToRemoteLine, parseQmailToLocalLine,
parseSendmailFromBytesLine,
parseSendmailToLine, parseEximFromBytesLine, parseEximToLine
functions.
There are several local buffer overflows in lowercase and
check_syslog_date
functions. 2.2 loadconfig.c loadconfig and removespaces function has some code which result in buffer overflows. 2.3 LangCfg.c loadLang function has some code which result in buffer overflows. 2.4 Html.c has some functions which doesn't do bounds checking. 2.5 Dir.c has some code which result in local buffer overflows. 3. Solution Those who are using isoqlog 2.1.1 and isoqlog-devel before May 16, 2004 should download and install isoqlog 2.2. Package source can be downloaded from http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz 4. Contact Please feel free to contact bug-report % enderunix dot org for anything. 5. THANKS Nicolas Fran?ois for reporting check_syslog_date bug on "May 15,
2004!!!"
on isoqlog mailing list. ______________________________________________________________ Package : spamguard Date : Affected products : spamguard is available for a wide variety of products, and distrubuted as a FreeBSD port/package. Vulnerability type : both local and remote 1. spamguard spamGuard scans your MTA log files within fixed intervals, which can be defined by yourself, say 10 minutes, and if an expression " from " is matched more than a predefined value, which is of course can be cofigured by yourself, spamGuard adds the mail address to $BADMAILER file. Therefore any further mails by this user will be rejected by your MTA. 2. Problem Description There are several stack and heap overflows in several routines in parser.c, functions.c loadconfig.c, files. 2.1 parser.c There are several remote buffer overflows in qmail_parseline and sendmail_parseline functions. 2.2 loadconfig.c loadconfig and removespaces function has some code which result in buffer overflows. 3. Solution Those who are using spamguard 1.6 and spamguard-devel before May 16,
2004
should download and install spamguard 1.7-BETA. Package source can be downloaded from http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz 4. Contact Please feel free to contact bug-report % enderunix dot org for anything. <-- Thougts --> "Destroying something good has always been damn easy compared to
creating
new work which obsiously requires much more knowledge, talent and
brain!".
This part is dedicated to those newbie lamers vomitting idiotic exploits
which
need to be run as root to get root ;). Turkish people, especially kidz @ core.gen.tr and karatakke.org should
read
this: http://www.enderunix.org/isoqlog/advisory-extension.txt
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard) Aycan iRiCAN (May 29)
- RE: Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard) Simon Lorentsen (May 29)