Hi! Hrm, well, i guess the best thing then is to maybe re tell them abit about it... maybe I should try adding in a report of report :s , as Im a amazon user, and, it is so big, that somany could be affected for nothing, and really, i am free user so, id loose nothing but, i know my family, has used it for simply books etc...wich, makes me abit paranoid with it.. but, I am sorry, i did not take enough time to read, i was busy, and just saw abit of a laugh at first,without real;ly seeing why :s i can say sorry, and will, and hope that Amazon is bloody listening this time! if not, we can make them :) i know, that it should be rep[aired, if it is not secure,and best way, is always thru discussion and bringing it to places like here to scrutinise..so infact, we prettymuch, agree on this, and then have more power with amazon, as there is then 2 minds on it.. and, this would then be hard to ignore, as, only more people would just privately add theyre own comments im sure, as users that is..(if users0.. I will try to get anything within the system, fixed, so, maybe i should be writing less emails when i am not feeling well :s. I apologise for my rudeness earlier... i was, and have had, a bad day... a blown box, (my best box..) amongst other things :s... anyhow, I do wish only best for amazon, so, any infos on this, and, oonn the earlier reports etc and how they then handled it, i guess is what ill be looking for. i seem to have a good rapport with the staff there, and, they have done me many favors, so, i could always try to speak to them to :s i guess every words count...whe it comes to matters where, one voice just, does not ring thru enough... and, they are so buig, you could just get one lazy ass admin who doesnt want to patch...and, it would take then, persistence... So, if this is the case and, your being ignored, we could easily solve that.. I will ead more on this and your links when i wake... i am now in sleepy land, and , already half asleep..so, all i say is, sorry for the misunderstanding, i am abit of an arsehole at time :s but feel free to kick my butt back :P hehe. take care, and thanks, for being a good spotrt. if you code, pleae feel free to join my competition...and, with that, every donation received by my non profit website, would be shown, as going directly back into competition prizes/hosting. This would be shown, and, i guess it would proove to be very bad, if i werent keepin that word.. but, i have, and will uphold this... and, am forking out the prize (yes a nice Kindle Pad from amazon), the newer models, are very very nice, but, it will be even newer by the first draw... so, i implore people with the extra bux, to read how to donate1 and, this way, i would happilym, run 250-300bux code prizes, ona very regular basis. Thankyou to those who are already participating, feel free to register or email me about it, and, i will add you in...
now taking, skilled coders/pocs,and for more indepth rules, regarding how it will be judged and what will be judged as materials..well, you may want to speak to me or my staff about this, but, it basically is , all for the coders. as it was, always before it was 'popular'.. cheers! xd-- @ #HaxNET,#HaxSHELLS@EFNET http://crazycoders.com/2011/11/craziest-coders-ever-and-links/ <------------ COMPETITION,But for indepth rules and judging,please ask me, orill maybe add that into the online space in next day..but basically d0s is not in, 0days are not what makes the prize and coding skills will be judged, Coding Styles/Methods used/Originality/Unique-exploitation vectors, uses of methods wich are uncommon or, different and ofcourse simply writing the better codes Nomatter what the overflow, all stack based will be ofcourse, judged more indepth,aswith simply a GOOD PC wich, covers all elements of the PoC details, only 2010-2011 will be judged, since, we are NOT in 2009 anymore. Hope this will bring some people fun and, all donates will be saton, tomakesure theyre NOT illegit,so dont even waste time if your a carder :) On 11 Noember 2011 22:32, Sam Johnston <[email protected]> wrote: > On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 <[email protected]> wrote: >> >> about the clouds, dude, i found the whole attacking of amazon as rude, > > So did I, which is why I came to Amazon's defense in pointing out that > those in glass houses shouldn't be throwing stones. The company > (Enomaly) abusing Amazon over a complex SAML XML digsig > vulnerability[1] was/is still using a trivial vulnerable signature > mechanism in their own products that Amazon had fixed years ago[2], > among other issues which I had reported 6+ months earlier (not > validating requests, passing prices to clients in hidden form fields, > etc). Their security response is also appalling[3]. > >> and shit, so, as i said before, your a lamer. and, just stfu and wear >> it, thats MY opinion i did not say the whole list has to follow >> shithead. >> >> stfu and ride your magical carpet thru the clouds... :P~ >> to the others who find cloud bs amusing, or ripping or fucking with >> amazon as amusing, go read what your kids are buying shit from.. then >> maybe you would see, some places, you do not fuck with, you ttreat >> with respect, because they sometimes wont affect you directly, but >> oneday, it wmay well do this, thanks to your silly exploits on things >> that should not be used like this, features manipulated into >> exploits...shit, you should not be disclosing shit with amazon, on Fd, >> fullstop. >> If you cannot see my view then, your just as stupid as i have thought. >> now go play with your cloud formations, and upload some f1les to s0m3 >> l33t 4p4ch3 s3rv3r kid. >> >> eh sorry henri and others, but i had to just get that out to, about >> cloud/sploitcloud... it is fkn ridicuoud...asking for trouble, people >> like that should get knocks on the door, simply to be put into a >> mnental home for theyre own good. > > Sorry for the confusion but that's not at all what I said[4]. No harm > done — others replied off list to say they found it amusing. Anyway I > have a credit card to go cancel (per the subject of this thread). > > Sam > > 1. http://www.theregister.co.uk/2011/11/01/amazon_downplays_cloud_crypto_flaw/ > 2. > http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html > 3. http://samj.net/2011/11/how-not-to-respond-to-vulnerability.html > 4. http://samj.net/2011/10/sploitcloud.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
