[Emerging-Sigs] Discussion + Proposed Signature; Submit to TDWTF

Matthew Jonkman jonkman at emergingthreatspro.com
Fri Oct 29 06:15:26 EDT 2010


I love this one! Thanks EG. Posting now.

Matt

On Oct 27, 2010, at 8:22 PM, evilghost at packetmail.net wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I like the DailyWTF greatly, but there's a potential for code leakage here
> and/or policy violation.  I'm opening up for discussion a better signature than
> what's current proposed; I don't use Visual Studio (egcs/gcc please).
> 
> http://thedailywtf.com/Articles/Submit-WTF-Code-Directly-From-Your-IDE.aspx
> http://code.google.com/p/submittotdwtf/source/browse/trunk/
> http://thedailywtf.com/SubmitWTF.asmx?WSDL
> 
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY
> SubmitToTDWTF.asmx DailyWTF Potential Source Code Leakage";
> flow:established,to_server; content:"/SubmitWTF.asmx"; http_uri;
> content:"codeSubmission"; classtype:policy-violation;
> reference:url,thedailywtf.com/Articles/Submit-WTF-Code-Directly-From-Your-IDE.aspx;
> reference:url,code.google.com/p/submittotdwtf/source/browse/trunk/; sid:2010xxx;
> rev:1;)
> 
> Someone help me out on the packet captures/SOAP.
> 
> Alex -- I love the site and read it daily, be kind, you know we have to wear a
> security hat too.
> 
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQIcBAEBAgAGBQJMyMJZAAoJENgimYXu6xOH/O4QAJd+3QpGieD1InE76/Im25G2
> xnelI+6TarG49egyAGpGDo7FW2HoUGugeYZBiJyZBFwRJaWkL+AZdwc3jUBeO3uJ
> EIE0lLEZCBfi7swTL2PQ8ZGUrm8iFT7m6QauT4M6EMyC/qXN7XeU2lCaDz2t6Wf5
> 7DVH4GYiGQwhpN70ljiDkYdHMn4VdBUnCpE44pGqrHao1XBq+rtC4OCvOpEP8YLo
> uFeU1yavFwtL3810ZVWk7I2KulW3+0wuAqMhrQbTneJt0F9vLx5euirI3RvJ0kZi
> a9g3kUDHiYoAnlfbI0b8Up0PqsMZv2lUOaEi8uEnRJ8pnWZ/cj6sA7ZwNkPHskZX
> 88jY1UDaB5guyctwuazURGluKKTABcofSS4P7D1tc23Y7Ff4uwy0jYDiTZO01i0g
> 7wC53wUrGHXJQFvbZCZUTsDIgmnbF7e+ZTmWETlpwGMSbtDi6vEqJaepls8qkczr
> hb8mAgJvBJQ+/FSSX35oBfN8VXENDZFOPgGDCmBBaeETBC7+xwVinfty5RvFQZEl
> bQBoTA4TEsfXWtVJxNje5KV3hTAYEBUmOi0q6il4AArwh50Rm1yG5PTl/FQ0AXXF
> pVSSs/LySZVIGoZcr5ObW6ZYV7EDJn6drd49DLBFowHw5SckxCpDpTsCinRL+hvX
> tf6EjttEYB8jj5nxHrxe
> =JVWz
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-sigs mailing list