[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200602272128.k1RLSDdU053835@mailserver2.hushmail.com>
Date: Mon Feb 27 21:28:29 2006
From: ibash at hushmail.com (ibash@...hmail.com)
Subject: Gay Security Industry Experts Exposed! 2nd Issue!
What has James Lohman (DigiEbola) been up to lately? FIND OUT HERE!
Hello FD Readers!
With the impressive feedback from issue #1, we were pushed to get
out issue #2. Thanks for all of the great e-mail. By the way, if
any of the good people here can back up our James Lohman issue with
stories of their own, we encourage you to post them here.
ti/infi/infidel when you were his roommate you made several public
comments about him downloading gay porn, and being openly gay in
your presence. We would love to hear your input. Thanks!
Regards,
ibash
Coming Out.. Gay Computer Security Experts Exposed!
Volume #1 Issue #2 - The Digi Digi Ebola!
We decided to investigate the James Lohman aka the Digital Ebola
after a strange incident at Defcon. As you may know about a
hamburger joint near the hotel where Defcon used to be held called
Hambuger Mary’s. Upon realizing this place was a gay restaurant,
most
of the Defcon regulars stopped patronizing this establishment.
However, it was noticed that the Digital Ebola started going there
more often, sometimes up to five times a day.
Let us step back and give our readers a brief background on this
security professional. James Lohman offers his expertise hacker
services to the public at a reasonable cost. Really anything is
reasonable when you have the skill level this guy has. In fact, we
have a special example for you showcasing his most excellent skills:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
http://www.rent-a-hacker.com/CPU_Magazine/Default.htm
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
Digital Fortress: No Hack Job This
The site supplied for the hack was a friendly and happy place.
White hat hacker James "Digital Ebola" Lohman was kind enough to
volunteer to take a whack at a site we set up at
http://63.70.164.127.
We'd hoped that he could dig into the Web server, copy out the
graphic
of our beloved editor, and replace it with something, umm, more
interesting.
Perhaps it wasn't a fair test. Whereas many Web sites run on a
Windows
system with IIS 5, our test config ran Red Hat 8 with Apache
2.0.40,
which is regarded as very secure. Moreover, the box was current on
patches and sat behind a firewall, all of which, in Lohman's
estimation, made it far more hack-proof than the bulk of servers on
the Internet.
Still, the system wasn't a complete brick wall. Lohman used the
popular Nmap open-source scanner to determine the host's services,
OS, and other characteristics. When the system first went live,
only
the Web service on port 80 was open, which is the ideal
configuration
for a box like this. You only want to open the barest essentials.
However, the server went down after a couple of days, and following
a reboot the configuration looked like this:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
113/tcp filtered auth
123/tcp filtered ntp
161/tcp filtered snmp
162/tcp filtered snmptrap
443/tcp filtered https
1993/tcp filtered snmp-tcp-port
Discovering this much took Lohman two minutes. The open SSH service
(version 3.4 patch level 1) looked like a possible hack candidate
because every version under 3.7 is known to be vulnerable provided
you have the right code tailored for that system's configuration.
He
consulted about 100 different resources for suitable existing code
but came up empty. He is confident that he could custom write the
necessary code, but it would likely take two full days of work
provided he built a nearly identical config on which to practice
his
attacks in order to gain an all-rights account.
While tame compared to most Web site defacements, we'd hoped to
replace our test site's original image with something more racy.
Another day, perhaps.
"After exploiting the SSL (443) vulnerability," says Lohman, "I
would
be given the rights of the user running the Apache service. If I
could break that, I'd look at your kernel versionbecause I know the
2.4 series kernels have major vulnerabilities I can gain root with.
If the kernel had been patched, I would turn around and start
looking
for every file on the system set for a user ID of root. I would
start
banging on those and see if there was exploit code available for
any
of them. If not, I would hit each one individually and start
checking
for possible buffer overflows that could crash that binary and dump
you out as root."
Lohman notes that a secure system today may not be so tomorrow. One
possible attack vector in our machine could be leaving the SSL port
(443) wide open for any hacker to waltz through, except we had it
filtered. However, a poorly executed configuration change in our
filtering or failure of our Linux firewall to start would leave the
box very vulnerable. Additionally, all it takes is one hacker
somewhere in the world to discover a weakness in our software, post
it into a forum or site such as packetstormsecurity.org, and the
site could be hacked within hours. In network security, the word
"safe" does not apply.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
Ok, now that we proved he is indeed a security expert it is time to
prove that he is a homosexual gay faggot. Recalling the Hamburger
Mary's incident, we sent our undercover investigative journalist
angie to undernet to find the Digital Ebola. Realizing IRC logs are
not the best evidence, we have included timestamps in case anyone
decides to doubt the legitimacy of these particular logs.
*** d_e is ~lerfty@...ge.freeshell.ORG (James Bradley)
*** on channels: #guitar @#boomerang
*** on irc via server *.undernet.org (The Undernet Underworld)
*** d_e has been idle 2 minutes, signed on at Wed Nov 21 20:07:30
2005
*** d_e :End of /WHOIS list.
[Wed Nov 23 10:44:11 2005] <d_e> depends
[Wed Nov 23 10:44:17 2005] <angie> On????
[Wed Nov 23 10:45:14 2005] <d_e> who else was there
[Wed Nov 23 10:45:21 2005] <angie> Me, you.. and another hot guy
[Wed Nov 23 10:45:56 2005] <d_e> and who is paying for my plane
ticket
out there
[Wed Nov 23 10:45:59 2005] <angie> LOL
[Wed Nov 23 10:46:01 2005] <angie> You can afford it Mr. Bigshot
[Wed Nov 23 10:46:04 2005] <angie> Have you ever done anything like
this before?
[Wed Nov 23 10:46:26 2005] <d_e> yah.
[Wed Nov 23 10:46:32 2005] <angie> With another guy?
[Wed Nov 23 10:48:19 2005] <d_e> ...
[Wed Nov 23 10:48:24 2005] <angie> Well?
[Wed Nov 23 10:48:54 2005] <d_e> yeah
[Wed Nov 23 10:49:02 2005] <angie> Mmmm hot
[Wed Nov 23 10:49:05 2005] <angie> Did you do anything with him?
[Wed Nov 23 10:49:49 2005] <d_e> Do you need to know everything?
[Wed Nov 23 10:49:57 2005] <angie> Yes! LOL. I need to know how
experienced you are
[Wed Nov 23 10:50:23 2005] <d_e> Lets just say I am experienced.
[Wed Nov 23 10:50:27 2005] <angie> Well now I am somewhat worried
[Wed Nov 23 10:50:31 2005] <angie> You will be paying more attention
to the other guy and none to me :(
[Wed Nov 23 10:55:12 2005] <angie> Hello???
[Wed Nov 23 10:55:19 2005] <d_e> hey
[Wed Nov 23 10:55:24 2005] <angie> Are you touching yourself right
now?
[Wed Nov 23 10:55:36 2005] <d_e> no
[Wed Nov 23 10:55:39 2005] <angie> Will you?
[Wed Nov 23 10:55:49 2005] <d_e> why?
[Wed Nov 23 10:55:57 2005] <angie> I am looking at gay porn and
thinking of you.
[Wed Nov 23 10:56:43 2005] <d_e> link me
Thats it for issue number 2! Here is how to get in contact with the
DigiEbola:
James Lohman's private cell phone number: 817 919 5470
d_e @ Undernet #boomerang
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Powered by blists - more mailing lists