Next Page >>
Gadi Evron
Jim
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, January 15, 2010 10:05 AM
To: Gadi Evron
Cc: bugtraq@securityfocus.com
Subject: RE: All China, All The Time
Inline:
On Fri, Jan 15, 2010 at 12:15 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
>>
>> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>>
> T
>
>
>
>> -----Original Message-----
>> From: Gadi Evron [mailto:ge@linuxbox.org]
>> Sent: Thursday, January 14, 2010 6:27 PM
>> To: Thor (Hammer of God)
>> Cc: bugtraq@securityfocus.com
>> Subject: Re: All China, All The Time
>>
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, November 02, 2007 1:19 AM
To: Roger A. Grimes; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Cc: Alex Eckelberry; Gadi Evron
Subject: RE: mac trojan in-the-wild
That's an interesting figure (86% that is). Can you give us some
insight into what you define as "user interaction"?
> > T
> >
> >
> >
> >> -----Original Message-----
> >> From: Gadi Evron [mailto:ge@linuxbox.org]
> >> Sent: Thursday, January 14, 2010 6:27 PM
> >> To: Thor (Hammer of God)
> >> Cc: bugtraq@securityfocus.com
> >> Subject: Re: All China, All The Time
> >>
---------- Forwarded message ----------
Date: Tue, 4 Dec 2007 00:56:51 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: Rickard Dahlstrand <rickard.dahlstrand@iis.se>
Cc: dns-operations@mail.oarc.isc.org
Subject: Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information
Disclosure
----------
---Matthew
*********** REPLY SEPARATOR ***********
On 10/31/2007 at 6:21 PM Gadi Evron wrote:
>For whoever didn't hear, there is a Macintosh trojan in-the-wild being
>dropped, infecting mac users.
>Yes, it is being done by a regular online gang--itw--it is not yet
>another proof of concept. The same gang infects Windows machines as
these are non-tech savy folks.
----- Original Message -----
From: "Adrian Griffis" <adriang63@gmail.com>
To: "Brian Loe" <knobdy@gmail.com>
Cc: "Gadi Evron" <ge@linuxbox.org>; "Thor (Hammer of God)"
<thor@hammerofgod.com>; <bugtraq@securityfocus.com>; "Chad Perrin"
<perrin@apotheon.com>; "Crispin Cowan" <crispin@novell.com>;
<Casper.Dik@sun.com>; "pdp (architect)" <pdp.gnucitizen@googlemail.com>;
<full-disclosure@lists.grok.org.uk>; "Lamont Granquist"
<lamont@scriptkiddie.org>; "Roland Kuhn" <rkuhn@e18.physik.tu-muenchen.de>
----------
---Matthew
*********** REPLY SEPARATOR ***********
On 10/31/2007 at 6:21 PM Gadi Evron wrote:
>For whoever didn't hear, there is a Macintosh trojan in-the-wild being
>dropped, infecting mac users.
>Yes, it is being done by a regular online gang--itw--it is not yet another
>proof of concept. The same gang infects Windows machines as well, just
>Now, register_globals has defaulted to off ever since PHP 4.2.0.
This is a reasonable argument. However, many hosting sites and
applications still enable or require it. The mass compromises of web
servers for botnets, as described by Gadi Evron [3], were probably
made possible due to this setting (and allow_url_fopen).
>And it would of course be nice if people posting to Bugtraq actually
>tested their PoCs first.
> -----Original Message-----
> From: Roger A. Grimes [mailto:roger@banneretcs.com]
> Sent: Thursday, November 01, 2007 5:37 PM
> To: Alex Eckelberry; Thor (Hammer of God); Gadi Evron;
> bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subject: RE: mac trojan in-the-wild
>
> Actually, on that same note, I recently did an analysis of the last
> three years of published Windows vulnerabilities.
----------
---Matthew
*********** REPLY SEPARATOR ***********
On 10/31/2007 at 6:21 PM Gadi Evron wrote:
>For whoever didn't hear, there is a Macintosh trojan in-the-wild being
>dropped, infecting mac users.
>Yes, it is being done by a regular online gang--itw--it is not yet another
>proof of concept. The same gang infects Windows machines as well, just
-----Original Message-----
From: Gadi Evron [mailto:ge@linuxbox.org]
Sent: Tuesday, May 20, 2008 5:27 PM
To: bugtraq@securityfocus.com
Cc: full-disclosure@lists.grok.org.uk; funsec@linuxbox.org
Subject: An account of the Estonian Internet War
> Juha-Matti
>
> "John C. A. Bambenek, GCIH, CISSP" [bambenek.infosec@gmail.com] kirjoitti:
>> What's the infection vector? URL Link? Rouge Facebook app?
>>
>> On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@linuxbox.org> wrote:
>>
>> > Hi all.
>> >
>> > There's a facebook (possibly worm) something malicious sending fake
>> > messages from real users (friends).
carry the majority of the Internet's traffic.
Sebastian Muniz, a researcher with Core Security Technologies, developed the
software, which he will unveil on May 22 at the EuSecWest conference in London. "
Gadi Evron.
Gadi.
Date: Sun, 25 May 2008 05:27:36 -0500 (CDT)
From: Gadi Evron
To: Joel Jaeggli
Subject: Re: IOS rootkits
On Sun, 18 May 2008, Joel Jaeggli wrote:
> Dragos Ruiu wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- Gadi Evron <ge@linuxbox.org> wrote:
>In the last days news and government web sites in Georgia suffered DDoS
attacks. While these attacks seem to affect the Georgian Internet, it is
still
there.
>
Register for alerts at:
http://www.watchmy.net/
We hope you find it useful,
Avi Freedman, Andrew Fried && Gadi Evron.
I can sum it up in one sentence: OS X is the new Windows 98. Investing in
security ONLY as a last resort losses money, but everyone has to learn it
for themselves.
Gadi Evron.
vulnerabilities, but I at least never had the time to play with it. He
might have, I am CC:ing him.
My best to Adar,
Gadi Evron,
http://www.gadievron.com/
On 9/25/07, Gadi Evron <ge@linuxbox.org> wrote:
> No longer good enough.
>
> We can get a press scare over a public vuln release, or a wake-up call.
>
> I think we can do better as an industry.
>
Who, then, rewrites all of the reference material? And doesn't any new
YOU TOO CAN PREVENT FOREST FIRES! [2]
J
[1] http://www.wslabi.com/wabisabilabi/initPublishedBid.do?
[2] Gadi Evron is a fat fuck who invented DNS
___ BEGIN ___
<html>
<SCRIPT language="javascript">
On 26/09/2007, at 5:02 AM, Gadi Evron wrote:
> Okay. I think we exhausted the different views, and maybe we are
> now able to come to a conlusion on what we WANT 0day to mean.
>
> What do you, as professional, believe 0day should mean, regardless
> of previous definitions?
As a professional, I would be happy to see terms like '0day' banished
from the lexicon entirely. It's an essentially meaningless -- all
They were able to reprogram it to shut down and to deliver jolts of electricity
that would potentially be fatal . if the device had been in a person. In this
case, the researcher were hacking into a device in a laboratory. "
Gadi Evron.
On Thu, Jul 26, 2007 at 11:40:55PM -0500, Gadi Evron wrote:
> This is Paul Vixie's response on this, when I asked him for verification:
>
> -----
> this bug has been reported over and over again for a dozen years. it's
> odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
> de raadt offered me his random number generator to use. bind9 should've
> used that same one but apparently didn't. note that with this fix, the
> difficulty in poisoning someone's cache rises from "a few tens of seconds"
> to "a few minutes". it's a 16-bit field. not a lot of room for
-Amit
Gadi Evron wrote:
> This is Paul Vixie's response on this, when I asked him for verification:
>
> -----
> this bug has been reported over and over again for a dozen years. it's
> odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
Gadi Evron wrote:
> Impressive vulnerability, new. Not a 0day.
>
> Not to start an argument again, but fact is, people stop calling
> everything a 0day unless it is, say WMF, ANI, etc. exploited in the
> wild without being known.
>
> I don't like the mis-use of this buzzword.
I respectfully disagree. By your definition, we have:
On Wed, 26 Sep 2007, Charles Miller wrote:
> On 26/09/2007, at 5:02 AM, Gadi Evron wrote:
>
>> Okay. I think we exhausted the different views, and maybe we are now able
>> to come to a conlusion on what we WANT 0day to mean.
>>
>> What do you, as professional, believe 0day should mean, regardless of
>> previous definitions?
>
> As a professional, I would be happy to see terms like '0day' banished from
Juha-Matti
"John C. A. Bambenek, GCIH, CISSP" [bambenek.infosec@gmail.com] kirjoitti:
> What's the infection vector? URL Link? Rouge Facebook app?
>
> On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> > Hi all.
> >
> > There's a facebook (possibly worm) something malicious sending fake
> > messages from real users (friends).
7 days of seeding to impact.
Gadi.
On Wed, 6 Aug 2008, Gadi Evron wrote:
> Hi all.
>
> There's a facebook (possibly worm) something malicious sending fake
> messages from real users (friends).
Next Page>>
|
