Comments on: ETA is Leaking, drops a few docs http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/ Thu, 05 Jan 2012 11:44:23 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Vap0r http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-769 Vap0r Tue, 20 Oct 2009 04:20:55 +0000 http://www.mcgrewsecurity.com/?p=609#comment-769 Yeah, I don't have a beef with you either. (ETA members can quote me on that.) Anyways, I would probably post it on securityfocus.com (my preference of security website). But I want to experiment with images made by php that include XSS holes first, that would be cool. Meh, whatever, I still feel you shouldn't be "lurking" the forums. I mean, honestly, you are a titled security expert, drop some input into some of the threads. I'm admin, if someone flames you for no reason, I'll delete the post, but seriously, at least be active, please. Yeah, I don’t have a beef with you either. (ETA members can quote me on that.) Anyways, I would probably post it on securityfocus.com (my preference of security website). But I want to experiment with images made by php that include XSS holes first, that would be cool. Meh, whatever, I still feel you shouldn’t be “lurking” the forums. I mean, honestly, you are a titled security expert, drop some input into some of the threads. I’m admin, if someone flames you for no reason, I’ll delete the post, but seriously, at least be active, please.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-768 Wesley McGrew Mon, 19 Oct 2009 16:07:36 +0000 http://www.mcgrewsecurity.com/?p=609#comment-768 Also, just a heads up: I'll approve pretty much anything you want to post as a comment through the moderation queue, but the last one went into the Spam queue for whatever reason. I'll keep a close eye on the Spam queue too, but if you post something and a lot of time goes by without it showing up, It may be because I overlooked and cleared it. Send me an email and I'll straighten it out. Also, just a heads up: I’ll approve pretty much anything you want to post as a comment through the moderation queue, but the last one went into the Spam queue for whatever reason.

I’ll keep a close eye on the Spam queue too, but if you post something and a lot of time goes by without it showing up, It may be because I overlooked and cleared it. Send me an email and I’ll straighten it out.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-767 Wesley McGrew Mon, 19 Oct 2009 16:01:55 +0000 http://www.mcgrewsecurity.com/?p=609#comment-767 The 0-day might be interesting, I'll give you that. Post it to milw0rm and/or full-d, get the credit you deserve for it, and enjoy it. I agree that's what hacking's all about. I think we're speaking at cross-purposes here, but to straighten it out: We both agree that the information you found isn't really that interesting no matter how you found it, but the exploit itself could be. Is that fair? I honestly don't have a beef with you, or what you've done (otherwise I wouldn't have mirrored it on my own site). It's just interesting to point it out in context, for the folks who follow this site to enjoy and have a laugh at. The 0-day might be interesting, I’ll give you that. Post it to milw0rm and/or full-d, get the credit you deserve for it, and enjoy it. I agree that’s what hacking’s all about.

I think we’re speaking at cross-purposes here, but to straighten it out: We both agree that the information you found isn’t really that interesting no matter how you found it, but the exploit itself could be. Is that fair?

I honestly don’t have a beef with you, or what you’ve done (otherwise I wouldn’t have mirrored it on my own site). It’s just interesting to point it out in context, for the folks who follow this site to enjoy and have a laugh at.

]]> By: Vap0r http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-766 Vap0r Mon, 19 Oct 2009 14:54:26 +0000 http://www.mcgrewsecurity.com/?p=609#comment-766 Since when in the security community was finding an 0-day not a big deal? I was merely stating that while some of the posters dropped stupid pipl.com and google.com searches, even those that were poorly done. I used an interesting 0-day, which, really, is what hacking is all about. The information is not that interesting, the method, is. Especially if it is considered the innovative php that could be devised to exploit this hole. Since when in the security community was finding an 0-day not a big deal? I was merely stating that while some of the posters dropped stupid pipl.com and google.com searches, even those that were poorly done. I used an interesting 0-day, which, really, is what hacking is all about. The information is not that interesting, the method, is. Especially if it is considered the innovative php that could be devised to exploit this hole.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-765 Wesley McGrew Mon, 19 Oct 2009 12:23:37 +0000 http://www.mcgrewsecurity.com/?p=609#comment-765 You may have found my IP address and User Agent by some zero-day exploit in their forum, but what I'm saying is that it's nothing that I have tried to hide. That's the same information that gets provided by the browser to any of hundreds of sites I visit in a day. It's sitting in logs for any webmaster bright enough to read them, and probably for some sites, publicly indexed in Google in folks' aw-stats. I know that finding my IP and UA wasn't your only reason for hacking the eoeta forums, but here you're acting like you deserve props for finding them just because you did it a "harder" way. If you want a cookie for that, you'll have to go elsewhere. You may have found my IP address and User Agent by some zero-day exploit in their forum, but what I’m saying is that it’s nothing that I have tried to hide. That’s the same information that gets provided by the browser to any of hundreds of sites I visit in a day. It’s sitting in logs for any webmaster bright enough to read them, and probably for some sites, publicly indexed in Google in folks’ aw-stats.

I know that finding my IP and UA wasn’t your only reason for hacking the eoeta forums, but here you’re acting like you deserve props for finding them just because you did it a “harder” way. If you want a cookie for that, you’ll have to go elsewhere.

]]> By: Vap0r http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-764 Vap0r Mon, 19 Oct 2009 11:39:05 +0000 http://www.mcgrewsecurity.com/?p=609#comment-764 Actually, the information I got was from an 0-day exploit I found on the SMF forums, before the switch. I don't believe you released the version of your browser and your ip online. I don't know, maybe you did, but I found it using this exploit. Anyways, what I did was in no way illegal, because it's dynamically loaded content that YOU load on your computer, by visiting the website you are agreeing to such scans. For a security expert, you don't seem to know much about your profession. Actually, the information I got was from an 0-day exploit I found on the SMF forums, before the switch. I don’t believe you released the version of your browser and your ip online. I don’t know, maybe you did, but I found it using this exploit. Anyways, what I did was in no way illegal, because it’s dynamically loaded content that YOU load on your computer, by visiting the website you are agreeing to such scans. For a security expert, you don’t seem to know much about your profession.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-763 Wesley McGrew Thu, 08 Oct 2009 12:42:34 +0000 http://www.mcgrewsecurity.com/?p=609#comment-763 If you'd like a current address, why don't you just whois my domain name? It's not like I'm trying to hide it. Do you usually need this much help from the guy you're "dropping docs" on? If you’d like a current address, why don’t you just whois my domain name? It’s not like I’m trying to hide it.

Do you usually need this much help from the guy you’re “dropping docs” on?

]]> By: MR^E http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-762 MR^E Thu, 08 Oct 2009 04:49:39 +0000 http://www.mcgrewsecurity.com/?p=609#comment-762 hey mcgrew is this your real address i wouldn't mind coming over for a beer 7867A HWY 19 N COLLINSVILLE, MS 39325 hey mcgrew is this your real address i wouldn’t mind coming over for a beer
7867A HWY 19 N COLLINSVILLE, MS 39325

]]> By: MR^E http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-761 MR^E Wed, 07 Oct 2009 07:29:50 +0000 http://www.mcgrewsecurity.com/?p=609#comment-761 mcgrew do you actually provide security or do you just bitch all day about nothing mcgrew do you actually provide security or do you just bitch all day about nothing

]]> By: fixer http://www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/#comment-760 fixer Tue, 06 Oct 2009 07:11:34 +0000 http://www.mcgrewsecurity.com/?p=609#comment-760 r00t34d , you are a fucking retarded mogaloid and punk with no respect. Your opinion means jack shit, and little to anyone. And as far as this anonfaggot "dropping dox" You havent done shit ass clown. But here, allow me, my names Benjamin E. Nichols 405 753 7158 1926 N Rockwell #249 Bethany, Ok 73008 awwww snap guess wut anonfag, Im not afraid of you, and I dont give a fuck. r00t34d , you are a fucking retarded mogaloid and punk with no respect. Your opinion means jack shit, and little to anyone. And as far as this anonfaggot “dropping dox” You havent done shit ass clown.

But here, allow me, my names

Benjamin E. Nichols 405 753 7158
1926 N Rockwell #249
Bethany, Ok 73008

awwww snap guess wut anonfag, Im not afraid of you, and I dont give a fuck.

]]>