[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] CertificationMagazine - Blind SQL Injection Vulnerability



Hi Vulnerability-Copy-Paste-Leech-LAB

You are funny KIDS Vulnerability-Lab

Let's clear something

HISTORY:
1. You had posted first 1 year old BUG - leeched from MY VULNERABLE Sites 
DATABASE
2. i have sent you info / full disclosure that it was very OLD BUG - reported 
YEAR ago. (this wasn’t an attack!)
3. You have posted second 1.5 Year old BUG
4. i have sent you info / full disclosure that it was OLD BUG reported may 2010 
(this wasn’t attack)
5. ATTACK FROM Vulnerability-LAB - 100% lies and fabricated stories in order to 
discredit me and my friends from Ariko-Security. 

You don’t understand simple english – I am not ariko-security member – here is  
this sentence in German:  
Ich bin nicht in einer Gruppe Ariko-Security

You smoke too much:
1.
" then records of the databases that u dumped... because of the fact that you 
guys hack illegal into web-servers and dump the databases and do not notify the 
vendor."  YEAH LOL 
2. 
"Some weeks ago another AS member asked us ...  why we do not work with you 
guys (vs-db.info & AS)? He also asked us multiple times for selling the dumps 
of hacked databases!?" nice children's imagination 
3.
"Also if you view in context what we do vs what you do there is no way we want 
to work with you." LOL AGAIN ,

some facts:
ID: 26 845 6056 2 - IHK - 34125 Kassel (Germany) - Evolution Security - fake 
company - NOT REGISTERED IN GERMANY , NO VAT ID 
5.
DevSec  - nice empty web page – also fake company – no VAT ID in netherlands
Welkom op devsec.nl 

Please DO NOT SPAM MORE FD, if You want something from ME simply mail me.

Tomy / Vulnerable Sites Database



Wiadomość napisana przez research@xxxxxxxxxxxxxxxxxxxxx w dniu 23 gru 2011, o 
godz. 17:57:

> Hi Tomy,
> After you wrote us now the second e-mail we want to make something very clear 
> to u and everyone @ vs-db.info & ariko-security
> 
> 1. Your website is serves no point other then records of the databases that u 
> dumped... because of the fact that you guys hack illegal into web-servers and 
> dump the databases and do not notify the vendor.
> You guys tell the researchers around you that you do some security stuff ... 
> i think you guys are just fucking criminals. Thats why nobody respects the 
> work you do anywhere.
> 
> 2. Some weeks ago another ariko-security member asked us ...  why we do not 
> work with you guys (vs-db.info & ariko-security)? He also asked us multiple 
> times for selling the dumps of hacked databases!?
> To answer that once more we are not interested in selling stolen information 
> as said many times before. 
> Why ?!  Mainly due the fact that this is a criminal offence. 
> And so a no go in our vision for the future of vulnerability-lab.com
> 
> 3. Also if you view in context what we do vs what you do there is no way we 
> want to work with you.
> We
> - Inform vendors
> - Verify vulnerabilities/bugs to ensure validity
> - Disclosure after contact with vendor or after multiple tries to contact the 
> vendor
> - Discolsure policy
> - Try to protect vendors and customers of those vendors
> 
> You
> - Dont inform vendor
> - No Discolsure policy
> - No verfication other then a picture
> - Selling of illegally dumped databases/information to make money
> 
> 4. If so that you say that you are all that good an you are so awsome in what 
> you do why is a 1.5 year old bug (if this infact true) still unpatched when 
> we found it!?
> Sounds to me that u dumped the database then probably sold it off and then 
> forgot all about it. Instead of contacting the vendor/webmaster etc.
> So clearly you have no idea of what working in security is about. Your are 
> only trying to rape the benefits of a trick that you know.
> 
> I hope that you see this as a wake up call and warning as next time we might 
> not be as friendly.
> 
> Best Regards,
> The Vulnerability-lab Team.
> 
> 
> 
> Am 23.12.2011 11:32, schrieb Tomy:
>> 
>> http://www.vs-db.info/?p=593
>> 
>> MAY 2010 - Nice that you can find 1.5 YEARS old hole LOL!
>> 
>> Tomy
>> 
>> Wiadomość napisana przez research@xxxxxxxxxxxxxxxxxxxxx w dniu 20 gru 2011, 
>> o godz. 17:08:
>> 
>>> http://www.certmag.com/
>> 
>> Tomy
>> support@xxxxxxxxxx
>> 
>> 
>> 
> 
> 
> -- 
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@xxxxxxxxxxxxxxxxxxxxx or support@xxxxxxxxxxxxxxxxxxxxx
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Tomy
support@xxxxxxxxxx



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/