lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030101024428.73694.qmail@web14705.mail.yahoo.com>
From: anoncoder at yahoo.com (Jack Ahz)
Subject: DMCA & Source Tree Abuse

Alert: Due to all the talk about the DMCA lately, I feel obligated to publish
this. 

For reasons which I would not like to discuss, but which should become apparent
due to the nature of this memo, I should like to remain anonymous. I am a
former member of the hacking/warez courier group known as HERT, the Hacker
Emergency Response Team. Though we used to be the largest worldwide hacking
group in existence, we had to disband due to a cache of electronic munitions
(in the form of proprietary source code) which was being traded by our members.
One of these 'source codes' was the somewhat mutilated source tree of Cisco's
IOS, version 11.3. 

I have been involved in many source code 'transactions' (hi divineint!) and
most of these were done under-the-table. Unfortunately, all of the source code
on the HERT repository was leaked to thousands of people on irc, and fell into
the wrong hands. I am alarmed that certain individuals have used these source
codes (including ISS research developers who shamelessly use proprietary CDE,
Solaris, BSDI, and AIX bundles to publish information about obscure RPC-related
buffer overflows, which would take months and years to wade through the binary
disassembly) for their own selfish purposes. 

The latest striking example is this Phrack article entitled "Burning the
bridge: Cisco IOS exploits" by the german hacker FX. While the author makes
several bold claims that he relied purely on the powers of the Force to reverse
engineer IOS internals, it is quite apparent that the coincidence that IOS 11.3
is the only
known version to have leaked widely to the computer underground and IOS 11.3 is
the only version his exploit works on is slim indeed! I'm sure he figured out
malloc chunk fields such as 'Last deallocation address' purely on his own, just
by tinkering around on the serial line.

Anyhow, I wanted to note these abuses by so called 'whitehats' who smash these
obscure architectures' stacks for their own profit!

Yours truly,
Anonymous  

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ