From owner-freebsd-security@FreeBSD.ORG Thu May 12 09:18:05 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A949C16A4D0 for ; Thu, 12 May 2005 09:18:05 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3113743D5C for ; Thu, 12 May 2005 09:18:05 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so27580rne for ; Thu, 12 May 2005 02:18:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=IyzA5uHg2ly35nBYk/McVdC5RBeCOhsENi5p+DI0TfqDRr28EFRV27jqxFExx/v79WWph7FoNLS1o+fOcgIxxWJhvMgpbWE5qgKHtgAB2WPAP0h0Hntu0hPUUEC5/XZ3YHJXYNR1ikN08lrcRRO6y0nqXSzpO+Gpu+w676DmlvA= Received: by 10.38.208.18 with SMTP id f18mr109339rng; Thu, 12 May 2005 02:18:04 -0700 (PDT) Received: by 10.38.101.18 with HTTP; Thu, 12 May 2005 02:18:04 -0700 (PDT) Message-ID: <245f0df10505120218730440a4@mail.gmail.com> Date: Thu, 12 May 2005 19:18:04 +1000 From: "Drew B. [Security Expertise/Freelance Security research]." To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: RE: Mozilla 1.0.4 security update (Just install it, will keep all settings) + Important note from me,please read,those uninterested,please dont flame ;) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Drew B. \[Security Expertise/Freelance Security research\]." List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 09:18:05 -0000 Update to the mozilla vulnerabilities wich were not Publicly reported (To MY standard, for BSD/Cros platform users) , so i performed my own research,PoC's etc, and have submitted all my results. I wont say i had ANYTHING atall todo with the Update, BUT please Update a.s.a.p to mozilla v1.0.4 , that should stop atleast ONE exploit, the other may be a simple matter oif not allowing your Javascript to 'perform certain commands' , atm,my setting is to 'allow window resizing' only, wich seems all it needs to function, and it is 'handy', (unfortunately). http://mozilla.mirrors.tds.net/pub/mozilla.org/firefox/releases/1.0.4/ ^^ thats one mirror. This was the first 'major' exploitation, so it is trying to be kept under relative control. If i had some more 'company' support, as my recent Isp has become tired with amount of work I have had to putin (Hence =3D $$ basically to pay me). ~~~~ Some comments from Me personally to ANYONE interested (I will work seriously on this,at a Very LOW fee(If any..), only if certain things are met), but anyhow this is the stuff wich is iportant. First 2 Points, 1. No one seems to give a rats bum about spamming, and i have got a non public scanner+exploiter wich infects BSD mailservers,and can massmail, i receive this 2 weeks ago, but dues to my limited knowledge, was only able to have the place shutdown,however, not before a colleague had to sit down and manually deleye about 40,000 emails. So it is NOT just a small prolem, the real problem, is educating Admins and Techs, and I will tel you right now, it does NOT matter about where you come from, it is what you know, so ignore people from symantec thinking they have a "solution to everything" , say one word to them "Mophine by Holy-Father", and that should shutup 99% of the A/V. 2. The situation is now beyond just a "joke" , it is now for profit,I have intercepted unpacked binaries,unfortately,as I have limited support,I can only trace the major attackers,using the attackers equipment,sire,i could find many "roots' etc. I mean the actual "offender address/details". I dont think this has ever been successfully done,I am willing to start a project, anti-spam or similar, and will start with Victoria. Asin - Remote disinfection, well,if people WONT secure, then i will secure theyre machine for them, or , spit me ideas..im waiting,have been along time. Note also, I am not nor, have ever been a "hacker", so you can make whatever presumptions you like. I am a 30yr old, who was compromised about 10times,then tried to attack the comromisers,but realised they were MUCH more powerful than me, so i had to backoff...heres a quick ref if you like, one small example:: http://www.airscanner.com/pubs/hacked1.pdf http://www.airscanner.com/pubs/hacked2.pdf This is what i mean by ... educating people, the people who this happens to, it shouldnt be happening to, and some of that is not updating due to piracy etc,BUT alo is done on purpose, and for many reasons wich i cannot draw into here nor now, it is much larger than this,although xdcc wrezkits will be a focus,as i can easily find these,logins,passwords,and complete info, only because I have personally developed MY OWN app for that.So i can confidentally say, I have done my homework. However it is time to open up, ive had enough seeing silly spams everyday and reporting to spoof@ebay.com etc. I am offering to shutdown MAJOR hacking orgs,such as makers of these exploits, but i have ONE problem, who do i speak to, who do i trust,who will indeed work with me to try and legalise a section for "sertain experienced people"?!?! This is a NEW area, wich should really be inputted by some people who have done 'extensive' testing, to point of stuff i cannot mention here even,these people will understand my post,and know what i am saying. Please Note:: I can supply much more simple searches etc wich have yielded me extremnely sensitive info, yes i had to poke about on hackers websites,but err, isnt that what they are doing? This is the major problem, I need authority to 'investigate' , and in this area,it is not really funded,however,imagine if all .au dns and normal servers were running @ Peak. I think , alot more Isps would get success,as with the users mainly,connection and everything would be improved majorly.Just remember, you can maybe ignore it, but the problem is no longer ignoreable to system admins, so I am acting,those with me, are welcome to join me and we will register it as a project etc. I am currently looking through the ports to find a better security feature for FreeBSD,i thikk it should be bettered/improved. So ANY offers to aid me in my research, would be welcomed greatly, Regards, Drew B. --=20 ------------------------------------------ Drew B. /* Security researcher/expert,threat-focus,Freelance */ ------------------------------------------