[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] How to become a Computer Security Professional ?

XSS Worm XSS Security Information Portal wrote:
> #!/bin/sh
>
> # 0day exploit for Paul Schmehl
> # based on information provided by Paul Schmehl
> # pauls@xxxxxxxxxxxx <mailto:pauls@xxxxxxxxxxxx>
> #
>
> echo pauls > /hack/edu/utdallas.edu/known.addresses
>
> googledump.pl --email-addresses --context-links 
>  --referers --extended-links -keywords "Paul","Schmehl","utdallas.edu 
> <http://utdallas.edu>", "pauls@", "pauls@utdallas 
> ","paul.schmehl@" --verbose 
>
> socialgrab.pl --known-address "pauls@xxxxxxxxxxxx 
> <mailto:pauls@xxxxxxxxxxxx>" --real-name "Paul Schmehl" 
> --tags=security,hacking,utdallas,vulnerability 
> --search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,digg,bebo,ebay,blogger,wordpress
>  
> --verbose --dump-links
>
> infopull.pl --pgp-search --whois --domaintools --usenet --trackers 
> --irclog --mirrors --listserv --known-addresses="pauls@xxxxxxxxxxxx 
> <mailto:pauls@xxxxxxxxxxxx>"
>
> echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu
>
> # http://xssworm.com
HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA
 

>
>
>
>
>
> On 11/19/07, *Paul Schmehl* <pauls@xxxxxxxxxxxx 
> <mailto:pauls@xxxxxxxxxxxx>> wrote:
>
>     --On November 19, 2007 3:34:23 AM +0000 worried security
>     <worriedsecurity@xxxxxxxxxxxxxx
>     <mailto:worriedsecurity@xxxxxxxxxxxxxx>> wrote:
>     >
>     > The forth most important rule to becoming a security professional,
>     > always use a throw-away e-mail account so it doesn't matter of
>     script
>     > kids hi-jack your e-mail account with the next cross-site scripting
>     > vulnerablity that gets posted to the public mailing lists.
>     >
>     You forgot the most important rule of all.  Pay no heed to bozos
>     who post
>     anonymously and don't even have a job in security.  Their advice is
>     usually worth just as much as their reputation.
>
>     Paul Schmehl ( pauls@xxxxxxxxxxxx <mailto:pauls@xxxxxxxxxxxx>)
>     Senior Information Security Analyst
>     The University of Texas at Dallas
>     http://www.utdallas.edu/ir/security/
>     <http://www.utdallas.edu/ir/security/>
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     <http://lists.grok.org.uk/full-disclosure-charter.html>
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> -- 
> Francesco Vaj [CISSP - GIAC]
> CSS Security Researcher
> mailto: vaj@xxxxxxxxxxxxxxxxxx <mailto:vaj@xxxxxxxxxxxxxxxxxx>
> aim: XSS Cross Site
> ------
> XSS Cross Site Scripting Attacks
> Web 2.0 Application Security Information Blog (tm) 2007
> http://www.XSSworm.com/
> ------
> "Vaj, bella vaj.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/