lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: enigmatic-arcanum at zero-imagination.com (enigmatic-arcanum@...o-imagination.com)
Subject: Re: Linux Kernel Exploits / ABFrag

Hi, 

I've been following these threads and others on full-disclosure list concerning this topic, and in my opinion this isn't anything but another rumour or some infamous project like project mayhem, aimed at creating FUD among the linux and bsd community. 

Besides, I'd like to say that i fully agree with the opinions expressed by Cedric Blancher. I've also heard this so called group 'ac1db1tch3z' had an exploit for snort, guess its safe to assume that this might be just an attempt to alure people to run snort or tcpdump, and because both tcpdump and snort use libpcap this might be some sort of vulnerability, perhaps in the pcap_open_offline() because it is used to save snapshots (dumps) of network packets by both tcpdump and snort, anyway. 

When i first heard about this rumour, it was spreaded on a *private* irc network by 'halfdead' (the recent scene whore, looking for fame and glory) and shiftee (nice guy, sort of a sheep, he doesn't seem to grasp shit of what he does, but anyway, let along), both of them were affirming that they had been warned for spreading the header of this so called ABFrags, and that halflife has even been ?owned? 2 times on Linux, only running an ssh session to his shell server, and another while he was using FreeBSD. What is more interesting now is the fact 
that both shiftee and halfdead belong to PHC (#phrack high council @ 
efnet), if no one knows what this is is, i'd invite you to read el8.3 
since there is all that should be known about this guys and related 
projects / actions. 

Another thing, I'm not trying to make more rumours - we're all tired of 
them, aren't we ?, but i don't believe this guy 'Daniel Roberts' was 
really some guy who had been used as honeypot or had tragicly been ?owned? 
and luckily found a binary which was ABFrags or whatever, what a luck! 
just check his email address (i know this is a freely webmail, but if you 
look at the e-mails used by gobbles, phc, etc, you'll see that they also 
use hushmail, but this is a minor detail and shouldn't be looked as the 
weapon of the crime), but why did this mail was sent to bugtraq, 
linuxsecurity.com and alike maillinglists rather than to incidents or 
FIRST maillinglists? go figure. 

This binary spread is afaik crypted with TESO ELF Encryption Engine (formerly 
known as burneye v1, for more informations see phrack 59 article 5), and if 
anyone out there is trying to reverse this binary, there's this tool, writen 
by byterage which will try to unwrap the encryption layers of the binary by 
means of bruteforce http://www.u-n-f.com/UNFburninhell.html 

Anyway, this are my views and points about this whole FUD, but, I'm 
not even going to say that this isn't possible, and yet i firmly believe that 
this might one day gonna happen, but by looking at all this bragging on IRC 
and maillinglists adjacent to the fact that PHC is some sort of 
wannabe-blackhat group trying to make fame and glory in the recent months, I 
kinda disagree with the existence of such exploit. 


-- 
Enigmatic Arcanum 



--
Personalised email by http://another.com

Powered by blists - more mailing lists