lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: xyberpix at xyberpix.com (xyberpix)
Subject: Multiple Backdoors found in eEye Products
	(IRISand SecureIIS)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bwahahaha, thanks Marc, nicely put.
If people on here could please get their facts correct before posting 
FD's on here it would save everyone a load of time. C'mon people we're 
all here for one reason or another, and if it's to annoy people, do it 
somewhere else, this really isn't the place.
Most of us on here are serious about what we do, whatever that may be 
;-)
It's a great list, let's keep it that way, and while we're at it, can 
we put this thread to sleep now, it's gone on long enough.

xyberpix


On 30 Dec 2004, at 01:33, Marc Maiffret wrote:

> Hi Lance Gusto,
>
> It is really interesting that someone with such a disdain for my 
> company
> would go out of their way to spam out an email about a supposed 
> backdoor
> within our products, choose not to contact us ahead of time, and then
> provide no real details to prove your claim... Ahhh but wait, you chose
> not to provide any details because you're a "good guy". As you said:
> "Unfortunately, we can't release the "exploits" publicly due to the
> severity of these flaws." Right.
>
> The reason you could not provide any real details about these backdoors
> are because there are no backdoors in Iris nor SecureIIS.
>
> While I would not wish to give someone like you the time of day nor 15
> minutes of infamy, eEye does take every security claim very seriously.
> We have performed an audit of SecureIIS and Iris code to re-verify what
> we already knew, that there are no backdoors in either of them.
>
> It is quite possible that you downloaded fake warez versions of our
> products from peer-to-peer networks which someone might have put there
> to trick people and put backdoors on their systems. However, if such
> warez product versions existed they would not be from eEye as we do not
> distribute our software on peer-to-peer networks nor recommend people
> downloading warez versions from there.  Get your warez from a trusted
> distributor. ;-) If you would have contacted us we could have saved you
> the embarrassment... But then you are sending emails from Hotmail
> through a proxy at a university in Germany so I seriously doubt you 
> care
> if your persona "Lance Gusto" gets embarrassed on public mailing lists.
>
>
> These backdoors are as much of a reality as Santa Claus but then you
> seem to be childish enough that you probably still believe in the jolly
> red man. Maybe next you can follow-up your humors eMail with a spoofed
> advisory about a backdoor you found in Rudolph "the red nosed 
> reindeer".
> At least then you could promote yourself from being a coward to a
> comedian.
>
> Thank you, please drive through.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Blink - End-Point Vulnerability Prevention
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
>
> Important Notice: This email is confidential, may be legally 
> privileged,
> and is for the intended recipient only. Access, disclosure, copying,
> distribution, or reliance on any of it by anyone else is prohibited and
> may be a criminal offense.  Please delete if obtained in error and 
> email
> confirmation to the sender. P.S. I'm going to tell you this for your 
> own
> benefit, your email was dope as hell especially since you faked 90
> percent of it. What you need to do is practice on your freestyle before
> you come up missing like triple m's police file.
>
>
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB4e4icRMkOnlkwMERAiiEAJsF/svsADIHRj6yAvh9eV09qQ9DjQCeIGoO
mQfY4KClb9V75BsdTWvKcdk=
=mUTu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ