| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 06 Jun 2007 11:24:21 -0400 From: "Joey Mengele" <joey.mengele@...hmail.com> To: <full-disclosure@...ts.grok.org.uk>,<fdlist@...italoffense.net> Subject: Re: You shady bastards. This is clearly a forged electronic mail trolling attempt and attempt at assassinating the character of HD. The real HD Moore (famous inventor of the Millerpreter and Skapesploit) would not be so naive/ignorant in a matter like this. Grow up list, don't feed the trolls. J On Wed, 06 Jun 2007 09:47:12 -0400 H D Moore <fdlist@...italoffense.net> wrote: >Hello, > >Some friends and I were putting together a contact list for the >folks >attending the Defcon conference this year in Las Vegas. My friend >sent >out an email, with a large CC list, asking people to respond if >they >planned on attending. The email was addressed to quite a few >people, with >one of them being David Maynor. Unfortunately, his old SecureWorks > >address was used, not his current address with ErrattaSec. > >Since one of the messages sent to the group contained a URL to our >phone >numbers and names, I got paranoid and decided to determine whether > >SecureWorks was still reading email addressed to David Maynor. I >sent an >email to David's old SecureWorks address, with a subject line >promising >0-day, and a link to a non-public URL on the metasploit.com web >server >(via SSL). Twelve hours later, someone from a Comcast cable modem >in >Atlanta tried to access the link, and this someone was (confirmed) >not >David. SecureWorks is based in Atlanta. All times are CDT. > >I sent the following message last night at 7:02pm. > >--- >From: H D Moore <hdm[at]metasploit.com> >To: David Maynor <dmaynor[at]secureworks.com> >Subject: Zero-day I promised >Date: Tue, 5 Jun 2007 19:02:11 -0500 >User-Agent: KMail/1.9.3 >MIME-Version: 1.0 >Content-Type: text/plain; > charset="us-ascii" >Content-Transfer-Encoding: 7bit >Content-Disposition: inline >Message-Id: <200706051902.11544.hdm[at]metasploit.com> >Status: RO >X-Status: RSC > >https://metasploit.com/maynor.tar.gz >--- > >Approximately 12 hours later, the following request shows up in my >Apache >log file. It looks like someone at SecureWorks is reading email >addressed >to David and tried to access the link I sent: > >71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz >HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; >en) >AppleWebKit/419 (KHTML, like Gecko) Safari/419.3" > >This address resolves to: >c-71-59-27-152.hsd1.ga.comcast.net > >The whois information is just the standard Comcast block >boilerplate. > >--- > >Is this illegal? I could see reading email addressed to him being >within >the bounds of the law, but it seems like trying to download the >"0day" >link crosses the line. > >Illegal or not, this is still pretty damned shady. > >Bastards. > >-HD > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Click here for free information on consolidating your debt. http://tagline.hushmail.com/fc/CAaCXv1QPxZtJrSWfizeiMOCW4rzwcnw/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists