[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] How to become a Computer Security Professional ?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] How to become a Computer Security Professional ?
From: "XSS Worm XSS Security Information Portal" <cross-site-scripting-security@xxxxxxxxxxx>
Date: Mon, 19 Nov 2007 18:43:37 +1100

#!/bin/sh

# 0day exploit for Paul Schmehl
# based on information provided by Paul Schmehl
# pauls@xxxxxxxxxxxx
#

echo pauls > /hack/edu/utdallas.edu/known.addresses

googledump.pl --email-addresses --context-links  --referers --extended-links
-keywords "Paul","Schmehl","utdallas.edu", "pauls@", "pauls@utdallas","
paul.schmehl@" --verbose

socialgrab.pl --known-address "pauls@xxxxxxxxxxxx" --real-name "Paul
Schmehl" --tags=security,hacking,utdallas,vulnerability
--search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress
--verbose --dump-links

infopull.pl --pgp-search --whois --domaintools --usenet --trackers --irclog
--mirrors --listserv --known-addresses="pauls@xxxxxxxxxxxx"

echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu

# http://xssworm.com





On 11/19/07, Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:
>
> --On November 19, 2007 3:34:23 AM +0000 worried security
> <worriedsecurity@xxxxxxxxxxxxxx> wrote:
> >
> > The forth most important rule to becoming a security professional,
> > always use a throw-away e-mail account so it doesn't matter of script
> > kids hi-jack your e-mail account with the next cross-site scripting
> > vulnerablity that gets posted to the public mailing lists.
> >
> You forgot the most important rule of all.  Pay no heed to bozos who post
> anonymously and don't even have a job in security.  Their advice is
> usually worth just as much as their reputation.
>
> Paul Schmehl (pauls@xxxxxxxxxxxx)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher
mailto:vaj@xxxxxxxxxxxxxxxxxx
aim: XSS Cross Site
------
XSS Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog (tm) 2007
http://www.XSSworm.com/
------
"Vaj, bella vaj."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] How to become a Computer Security Professional ?
  - From: rchrafe

References:
- [Full-disclosure] How to become a Computer Security Professional ?
  - From: Meef
- Re: [Full-disclosure] How to become a Computer Security Professional ?
  - From: worried security
- Re: [Full-disclosure] How to become a Computer Security Professional ?
  - From: Paul Schmehl

Prev by Date: Re: [Full-disclosure] n3td3v denounces the actions of www.derangedsecurity.com
Next by Date: [Full-disclosure] [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability
Previous by thread: Re: [Full-disclosure] so gay huh?
Next by thread: Re: [Full-disclosure] How to become a Computer Security Professional ?
Index(es):
- Date
- Thread