lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun Jun  4 21:46:17 2006
From: n3td3v at gmail.com (n3td3v)
Subject: Is your security 6/6/6 ready?

On 6/4/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
>
> On Sun, 04 Jun 2006 20:54:37 +0300, analyzerx said:
> > you must be retarted right?
>
> Actually, his question *is* legitimate.  I'm sure that at least a
> few script kiddies will take advantage of "Mark of the Devil Day" to
> cause mischief.  There were similar concerns about hackers doing stuff
> in conjunction with the Y2K rollover (when they could fly under the wire).
>
> Of course, as a co-worker and I pointed out to many people back then,
> launching a hack attack when the target is probably in an 'all-hands'
> alert mode *watching* for the slightest twitchiness in the system was
> a bad idea.  The time to do it was on Jan 3, about 6PM local time at the
> target - at which point the entire IT staff was probably saying "F**k
> this,
> even if it's Monday, we're going out and getting falling-down, shit-faced,
> blowing-chunks(*) drunk. We didn't have a Y2K disaster."
>
> Interestingly enough, the SANS DShield project had a interesting post
> regarding "non-standard incident prediction" just the other day, which
> overlaps the 6/6/06 issue:
>
> http://isc.sans.org/diary.php?storyid=1379
>
> That sort of 'Level 8' thinking *should* be at least thought about as
> part of a reasonable organizational security stance.  And at least *some*
> people think something interesting is going to happen Tuesday:
>
> http://www.cnn.com/2006/US/06/03/hell.party.ap/index.html
>
> "According to the town's semi-official web site..."  Hmm.  Now combine
> that with the SANS article's comment about fake websites targeting
> World Cup fans, and add a dash of paranoia.... ;)
>
> (*) That's *really* drunk: http://www.eforu.com/jokes/bartender/23.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Symantec is the biggest cyber non-government security 'think tank' for the
internet, they have regular meetings to discuss 'cyber security situations'
but they have overlooked 6/6/6, they don't see it as a threat, although it
could be the biggest day since September the 11th 2001 but they think 'if
theres no zero-day on fd or our honey nets then theres no threat', thats
funny. n3td3v group know different. We gather intelligence from the biggest
blackhats on the internet, we have specific intellignece on attacks planned
in less than 48 hours to be launched against network infrastructure.
Blackhat conference was last year but the aftermath of Cisco is still to
rain down on the internet community. SANS, SYMANTEC, CNET thought everything
is safe as long as FD 'chatter' is ok, think again. Theres multiple zero-day
for Cisco systems queued up to launch attacks on the internet for 6/6/6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060604/a82ed587/attachment.html

Powered by blists - more mailing lists