lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Jul 2009 18:30:22 -0400
From: T Biehn <tbiehn@...il.com>
To: mrx <mrx@...pergander.org.uk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Ant-Sec - We are going to terminate
	Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered

You raise valid points, I would like to see you further form your
analogy between the works of great thinkers to a collection of
ready-to-compile or evaluate exploits or YouTube and text based
tutorials on how to hack hotmail accounts.
'Full Disclosure' is defined by your e-mail, and pretentiously (the
pretension is mine) by the anti-sec movement, as these 'script kiddie'
oriented resources. I'm sure no one is advocating the suppression of
legitimate and novel research.
Certainly one would not be pompous enough to imply broad competency in
a field without familiarity with peer works, original research into
the theory of security has always been welcome.
The public dissemination of easy to follow tutorials, public botnet
source-code and public exploits mainly serves to allow a wider lowest
common denominator of the population to wield tremendous destructive
force to the delight and profit of a number of 'information security'
companies. Public availability of this information is never helpful
when you are actually tasked with system defense, and is tantamount to
spoon-feeding when using it to 'learn.'

-Travis

On Wed, Jul 15, 2009 at 6:04 PM, mrx<mrx@...pergander.org.uk> wrote:
> T Biehn wrote:
>> Mr X,
>> Isn't the gaining of expertise, in any field, a labor of love?
>> Going through the process without being spoon-fed usually carries with
>> it a certain amount of wisdom. So much potential talent is wasted
>> because of the ease of access to 'hacking tools and tutorials,' such
>> guides feed into our lethargic tendencies and offer no intellectual
>> challenge. The same is true of University, College, and Certification
>> programs.
>> I happen to pride myself on my ability to self-teach, and largely
>> credit it to my experience as an un-mentored 'hacker'.
>>
>> -Travis
>>
>>
>
> Hi Travis,
>
> Whislt I agree with just about all you have said, I stand by my statement.
>
> Many of those responsible for the security of systems do not have the
> skills and knowledge necessary to protect those said systems against all
> possible threats.
> Not all IT security professionals are in a class of their own.
>
> Yes, spoon feeding allows the most dumb of individuals to own anothers'
> box and I would say such spoon feeding leads to compromises executed by
> those who need help tying shoe laces. Hence I  do have a problem with
> step by step tutorials on how to hack xy and z.
>
> But we all need pointers and help at sometimes, we can not all be
> experts in every field, we are all standing on the shoulders of giants.
> Imagine a world where Plato, Einstein, Dirac and Feynman, kept their
> shit to themselves.
>
> I like to think I am smart... but I really am a dumbfuck compared to the
> true elite. Without documented exploits, reference books and scroogle I
> would likely have my ass handed to me on a regular basis.
>
> I too am un-mentored but what I do know is built upon that which I have
> researched from other sources other than my own imagination, I can't see
> and visualise every possible exploit. perhaps there are those that can.
> However I have yet to meet one.
>
> Regards
> Acr0nym
>
>> On Wed, Jul 15, 2009 at 7:41 AM, mrx<mrx@...pergander.org.uk> wrote:
>>
>>> Well if I was able to take down hackforums and mil0worm and intended to
>>> do so, I certainly wouldn't brag about it on a full disclosure list and
>>> warn my targets.
>>>
>>> Just in case:
>>> i) They believed the threat was real and took mitigating action.
>>> ii) Backed up and mirrored the content so that they could be back up in
>>> 24 hours.
>>>
>>>
>>> I can see anti-sec's point regarding script kiddies, however, full
>>> disclosure levels the playing field somewhat.
>>> Full disclosure serves and aids hat's of all colours.
>>> without full disclosure we would have a handful of real experts able to
>>> compromise, control and abuse regardless of motive.
>>> Knowledge is power and when that knowledge is in the hands of the few,
>>> abuse is the usual result.
>>>
>>> Full disclosure not only feeds skiddies, it serves to warn us all.
>>> Indeed a double edged sword.
>>>
>>> But hey what does this noob know?
>>>
>>>
>>>
>>> Ant-Sec Movement wrote:
>>>
>>>> Dear members of Hackforums.net, Jesse Labrocca (AKA Omniscient),
>>>> Milw0rm.com, str0ke, and Reader,
>>>> We are the Ant-Sec movement, and we are dedicated
>>>> to eradicating full-disclosure of vulnerabilities and exploits and free
>>>> discussion on hacking related topics. We are dedicated to stalling the ocean
>>>> of script-kiddies currently trawling the Internet, and those so called
>>>> "White Hat Hackers" who benefit financially from full-disclosure; employing
>>>> scare-tactics in order to con people into buying their firewalls and
>>>> anti-virus software.
>>>>
>>>> Thus, our new targets are Hackforums.net and Milw0rm.com. Both are notable
>>>> within the hacking underground and the computer security world, and both
>>>> violate what the Anti-Sec movement is fighting for. Such as it is, both must
>>>> be terminated...utterly.
>>>>
>>>> Let us first discuss Hackforums.net. It is run by a man named Jesse
>>>> Labrocca, also known as "Omniscient" within the hacker underground. Although
>>>> he, himself, claims to not know a thing about penetrating computer systems.
>>>> Hackforums.net is perhaps one of the largest communities of hackers and
>>>> script-kiddies alike currently at large in cyber space. The beginner
>>>> section, alone, is flooded every single day with messages by script-kiddies.
>>>> The "Hacking Tutorials" section is a diamond mine of full-disclosure
>>>> information. And that is not the entirety of it. As a result, this community
>>>> MUST be terminated.
>>>>
>>>> Recently, the Anti-Sec movement became aware that some unknown entity has
>>>> been launching successfully crippling denial of service attacks against
>>>> Hackforums.net. Whoever you are, we of the Anti-Sec movement extend our
>>>> warmest gratitude to you and we ask that, if you're reading this email,
>>>> please do not cease your attack against Hackforums.net. By bringing it down,
>>>> you are helping to recover the health of the Internet. Hackforums.net is a
>>>> hive of knowledge that should only be known by a select few. It MUST be
>>>> terminated. In addition, we also encourage any and all who can to launch
>>>> denial of service attacks against Hackforums.net in order to support us in
>>>> furthering our goals.
>>>>
>>>> We would like to stress that we will not be participating in DDOSing
>>>> Hackforums.net. The reasons for this bring us to our next topic of
>>>> discussion.
>>>>
>>>> In addition to our OpenSSH 0-day exploit, the Anti-Sec movement have also
>>>> unearthed an Apache 0-day vulnerability and  we have subsequently developed
>>>> exploit code in order to take advantage of this vulnerability. It affects
>>>> ALL versions. We will be using this as well as our OpenSSH exploit to hack
>>>> into Hackforums.net and rm its contents, thus terminating it.
>>>>
>>>> As soon as, if ever, the recent crippling DDOS attacks against
>>>> Hackforums.net cease, we will strike. And in that moment, Hackforums.net
>>>> will be history. Your only hope, Hackforums, is for the heavy DDOS attacks
>>>> to never stop.
>>>>
>>>> Once we have dealt with Hackforums.net, we will terminate Milw0rm. Better
>>>> you had quit and left it at that, Str0ke, for now milw0rm.com will be
>>>> completely and utterly wiped. It is the second highest target after
>>>> Hackforums.net.
>>>>
>>>> This is our message to all. You have seen what the Anti-Sec movement can do.
>>>> We will do it again, and again, and again, until our goals are achieved.
>>>>
>>>> This we promise.
>>>>
>>>> Sincerely,
>>>>
>>>> Anti-Sec
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>
>>
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ