| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Jun 2007 15:57:19 -0400 From: "Aberration State" <sdufresno@...er-rights.net> To: <full-disclosure@...ts.grok.org.uk> Cc: Subject: You STUPID bastards. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 what's more stupid? a bunch of l33+ defcon security conference attendees too stupid to read a distribution list before sending sentive information or stupid rantings about big bad capitalistic corporations? - --- “You don't have to be a man to fight for freedom. All you have to do is to be an intelligent human being.” - Malcolm X On Jun 6, 2007, at 9:47 AM, H D Moore wrote: > Hello, > > Some friends and I were putting together a contact list for the folks > attending the Defcon conference this year in Las Vegas. My friend sent > out an email, with a large CC list, asking people to respond if they > planned on attending. The email was addressed to quite a few > people, with > one of them being David Maynor. Unfortunately, his old SecureWorks > address was used, not his current address with ErrattaSec. > > Since one of the messages sent to the group contained a URL to our > phone > numbers and names, I got paranoid and decided to determine whether > SecureWorks was still reading email addressed to David Maynor. I > sent an > email to David's old SecureWorks address, with a subject line > promising > 0-day, and a link to a non-public URL on the metasploit.com web server > (via SSL). Twelve hours later, someone from a Comcast cable modem in > Atlanta tried to access the link, and this someone was (confirmed) not > David. SecureWorks is based in Atlanta. All times are CDT. > > I sent the following message last night at 7:02pm. > > --- > From: H D Moore <hdm[at]metasploit.com> > To: David Maynor <dmaynor[at]secureworks.com> > Subject: Zero-day I promised > Date: Tue, 5 Jun 2007 19:02:11 -0500 > User-Agent: KMail/1.9.3 > MIME-Version: 1.0 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > Message-Id: <200706051902.11544.hdm[at]metasploit.com> > Status: RO > X-Status: RSC > > https://metasploit.com/maynor.tar.gz > --- > > Approximately 12 hours later, the following request shows up in my > Apache > log file. It looks like someone at SecureWorks is reading email > addressed > to David and tried to access the link I sent: > > 71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz > HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) > AppleWebKit/419 (KHTML, like Gecko) Safari/419.3" > > This address resolves to: > c-71-59-27-152.hsd1.ga.comcast.net > > The whois information is just the standard Comcast block boilerplate. > > --- > > Is this illegal? I could see reading email addressed to him being > within > the bounds of the law, but it seems like trying to download the "0day" > link crosses the line. > > Illegal or not, this is still pretty damned shady. > > Bastards. > > -HD > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkZoYx8ACgkQK43TUsmw8Z650AP+M/d1QSqTtgxRpu0rwP1Jw5Fw8QjU qyfVdtm1IqIGbcQwdq425aBE0o24pVxqtcuYkfrEtSZjfdcEyD1SoTq0Vtb1DYXj4bMe rDO0m2d5ucYIRFoK5339Zgq8TfDMzDyFZBhLhx5fbk2DxGnzg+WDDzC6mRTW3ysX9qko ENVCDM4= =34Y6 -----END PGP SIGNATURE----- Get your free encrypted email at http://www.cyber-rights.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists