African ISP SekuritY

Discussion:

(too old to reply)

Kenneth Voort

2010-10-25 09:30:08 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wow. What an effective way to victimize several hundred innocent users to stroke your own ego.

We should all do this... publish password lists every time we come across another XSS bug.

Please, go google "Responsible Disclosure"...

Hej!
Another day another pwn. You can see how they run things on negrolands.
ISP sekuritY = unskilled noob team + broken webfrontends (made in
india) + missing server certificates + high dsl prices.
Millionaire douchebags get 4mbit fiber and the rest is fckd :(
Dear sirs if you see your own name on the list maybe it's time for
switching ISP (in case you have any option) :D

- --
Kenneth Voort
FDF1 6265 EBAB C05C FD06 1AED 158E 14D6 37CD E87F | pgp encrypted email preferred
- --
/**
* This message leverages collective synergy to drive "outside of the box"
* thinking and formulate key objectives into a win-win game plan with a
* quality-driven approach that focuses on empowering key players to drive-up
* their core competencies and increase expectations with an all-around
* initiative to drive down the bottom-line.
*/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzFTiAACgkQFY4U1jfN6H+V9QCeK6vXGicVowUr/0E1vg6CEGe2
8e8An3a2Rh6n0P/ny7aSG4oFdDCI3tBd
=nSn5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Duboucher Thomas

2010-10-25 11:02:21 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hej!
Another day another pwn. You can see how they run things on negrolands.

I stopped reading there.

- --
Thomas.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzFY70ACgkQBV7eXqefhqiR5wCfRPBsbtFTOEnm9D6VN02hImLR
Qi0An1EK4O6SGF6aKfItVFfqnDSVBIYu
=VYmt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

d***@gmail.com

2010-10-25 11:10:54 UTC

Permalink

-----Original Message-----
From: Duboucher Thomas <***@duboucher.eu>
Sent: Monday, October 25, 2010 07:02 AM
To: full-***@lists.grok.org.uk
Subject: Re: [Full-disclosure] African ISP SekuritY

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hej!
Another day another pwn. You can see how they run things on negrolands.

Bill Hicks

2010-10-27 08:13:33 UTC

Permalink

LOL so racist little script kiddy "l33t ***@x0r" over here didn't actually own
anything and just used an admin account with read access and all sql
injection attempts actually failed.

http://mybroadband.co.za/news/general/16113-says-MWEB-security-breach-not-hack.html

Another day and another little tool thinks he's da man. And if you actually
want to complain about high prices of DSL maybe go "hack" the upstream
supplier who charge ridiculous interconnect charges.

Maybe if you "pwn" them then your ego can get bumped up a notch.

[lesh] Ivan Nikolic

2010-10-27 13:27:43 UTC

Permalink

difference between breach and hack is that you say breach when you'd like to sound cool and james-bondy.

a person that breaches has one of those tight microphone-headphone things and is handsome.
while a person that hacks just has a greasy hair.

can you please explain me the definition based difference and the normal difference between two words?

cnn for example likes to use that word in attempt to keep people away from changing the channel.

Isn't it still a hack depending on how the u/p were obtained?
Could someone please explain the definition based difference between a breach and a hack?
Sent from my BlackBerry® wireless device
-----Original Message-----
Date: Wed, 27 Oct 2010 10:13:33
Subject: Re: [Full-disclosure] African ISP SekuritY
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
PGP 0x96085C00 http://lesh.sysphere.org

Christopher Grant

2010-10-27 13:49:15 UTC

Permalink

Loosely speaking a hack could be defined as using a system for
something against its original intention/purpose (e.g SQLi is a hack,
because the search function (or whatever) was not intended to allow
the user drop databases/give away passwords etc). A breach can be
defined as a leak of information to an unauthorized third party.

In this case it can be considered a breach because the system is
acting as intended (i.e. letting the admin login and maintain the
system), however it has been compromised because the admin's username
& pwd have been leaked, thus breaching the system. Now where it gets
really tricky is if he used social engineering to get the password,
some would consider that a hack, others a breach, really they both
amount to the same thing.

- Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/