This was in my SPI inbox this morning

Hi Billy,

Would it be possible to get a copy of the XSS vuln scanner and the proxy tool for keyword detection?

I enjoyed your talk.

Cheers,

Kevin Mitnick

Toocon is great I am tired. My sploits are 1337. I see Optycs everything time I come to the west coast. West coast scene whores are hot! Ajax lets me do "very bad things"(tm). XSS is underrated. I fucking hate Linux + wireless In this bar, they fucking "REPEL" to reach this 2 story tall licquor cabineate. Its not chick fried steak, it country fried steak! I hate these trendy overprices coffee bars, I want a McDonald's biscuit, not fucking quice (you know that french crap... you know fuck spelling too)..

Dan Kaminsky should stop buy Jager shots. Thai food is great out here. Jill and I need to move here.

Its 4:42 EST, and there are people in my room!

acidus@reload dist]$ java -jar XSSScanner.jar http://zero.webappsecurity.com
--
Crawling...
---
Done (200 OK: 20 404 Not Found: 5)
Checking "http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess
&templateName=prod_sel.forte&source=Freebank
&AD_REFERRING_URL=http://www.Freebank.com"

Using tracer:XSSTracer7699183
checking param "serviceName"
checking param "templateName"
checking param "source"
checking param "AD_REFERRING_URL"
Checking "http://zero.webappsecurity.com/plink.asp?a=b&c=12"
Using tracer:XSSTracer17510567
checking param "a"

*** FOUND TRACER using param "a" in "http://zero.webappsecurity.com/plink.asp?a=XSSTracer17510567&c=12"

checking param "c"

*** FOUND TRACER using param "c" in "http://zero.webappsecurity.com/plink.asp?a=b&c=XSSTracer17510567"

Checking "http://zero.webappsecurity.com/banklogin.asp?err=Invalid+Login:"
Using tracer:XSSTracer27744459
checking param "err"

*** FOUND TRACER using param "err" in "http://zero.webappsecurity.com/banklogin.asp?err=XSSTracer27744459"

---
3 XSS Holes found.
3 unflitered params found
1 vuln form found
--

[acidus@reload dist]$

Yes, it works.
Yes, the throughput is reasonable.
Yes, it runs on Windows, Linux, Mac, and BSD.
Yes, only a browser that understands proxies is needed
Yes, your end users can't screw it up.
Yes, it's 1 of only 2 tools that stop XSS/Phishing attacks (NetCraft being the other)
Yes, it is more powerful than the NetCraft Toolbar
Yes, I'm adding traditional Phishing defenses (backlists, etc)

Yes, I have learned more about HTTP over the last week than I ever imagined!

Line Breaker Sneak Peek (JPG)

MR. BROUSSARD: I'm telling you most importantly I want to thank my public employees...

MR. RUSSERT: All right.

MR. BROUSSARD: ...that have worked 24/7. They're burned out, the doctors, the nurses. And I want to give you one last story and I'll shut up and let you tell me whatever you want to tell me. The guy who runs this building I'm in, emergency management, he's responsible for everything. His mother was trapped in St. Bernard nursing home and every day she called him and said, "Are you coming, son? Is somebody coming?" And he said, "Yeah, Mama, somebody's coming to get you. Somebody's coming to get you on Tuesday. Somebody's coming to get you on Wednesday. Somebody's coming to get you on Thursday. Somebody's coming to get you on Friday." And she drowned Friday night. She drowned Friday night.

MR. RUSSERT: Mr. President...

MR. BROUSSARD: Nobody's coming to get us. Nobody's coming to get us. The secretary has promised. Everybody's promised. They've had press conferences. I'm sick of the press conferences. For God sakes, shut up and send us somebody.

Meet the Press Transcript: Aaron Broussard

In a white lab coat, I mix the unlikely.

It compiles, It runs. It protects against nasties. Its 4:53am.

[Removes White coat, puts on Black hat]

6 more days to finish one hell of a presentation.

[Continues typing]

Mozilla, which coordinates development of Firefox and distributes the software, could not immediately comment on the flaw disclosure. However, a source close to the organization confirmed that Ferris had filed several bug reports, including this specific one.

Since the debut of Firefox 1.0 in November, usage of the open-source browser has grown. Security has been a main selling point for Firefox over Microsoft's Internet Explorer, which has begun to see its market share dip slightly--for the first time in years.

[Sigh]...

The stance people are starting to take is "See, FireFox is insecure too!" You better believe Microsoft is going to pushing this idea.

However, if you actually read the advisory, it becomes perfectly clear with 2 sentences why Firefox is and shall remains the superior browser:

The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox ppends 0 to approxLen and then appends the long string of dashes to the buffer instead.

He discusses specific functions and variable names that are in the human readable format, because this vulnerability was found by examining source code. This is something you can never do with Microsoft code, and is why the Open Source Model can produce a more secure product then Closed Source.

Unpatched Firefox flaw may expose users

Dick Tracy runs a series on Piracy. Feel is MPAA inspired. Starts 8-14 and the story is still

HAHA! The chick's name is "Laptop"

Comics Page: Dick Tracy

ibenez wrote:

You know, if you LIBERALS (aka communists) would let us rational people build refineries, build nuclear power plants, and drill for oil - this problem wouldn't really be so bad because we'd have much greater supply and distribution channels.

Oh well... thanks a lot tree-huggers.

ibenez wrote:

You know, if you LIBERALS (aka communists) would let us rational people build refineries, build nuclear power plants, and drill for oil - this problem wouldn't really be so bad because we'd have much greater supply and distribution channels.

Oh well... thanks a lot tree-huggers.

Tons of new refineries means dick when the two major pipelines for the south go down.

This isn't a manifestation of not having enough refineries. 40% of refineres are on the Gulf Coast for a reason: Thats where the oil tankers come. 40% of the refineries us horrible liberals "stopped" you from building would be damaged as well.

What I, and pretty much all the Liberals I know are against aren't new Nuke plants or refineries or wells. We are against the blind abandonment of reason. We are against the pityful view that if we simply would build more refineries and drill all of Alaska, somehow all our problems will somehow disappear. They won't. Our energy problems are much more severe and require a much larger solution and anything that doesn't try to address more than "oil" is a complete waste of time.

Funny how your misplaced anger isn't directed at the FUCKER in the White House whose energy policy did NOTHING of substance to lower our oil demands.

You blame "Communists." I blame every Presidential Administration from Carter on for failing to act. Did the Embargo's of the 1970s teach us nothing?

Supply has become a problem because we have done nothing to slow the demand.

RE: Atlanta may run out of gas.

Delta has already cancelled 300 flights due to fuel shortages.

I just went to wal-mart for a watch battery. When I went in, gas was 2.75. I came out - didn't even stand it line cause they didn't have my darn battery - and gas was 2.87.

10 minutes. 12 cents.

Jill just filled up my car. Gas is $3.29 in the city (17th @ Northside Dr).

RE: Atlanta may run out of gas.