| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jul 2007 23:48:51 -0700 From: "Lance M. Havok" <lmh@...o-pull.com> To: dailydave@...ts.immunitysec.com, full-disclosure@...ts.grok.org.uk, fuzzing@...testar.linuxbox.org Subject: The truth Hi, Since the cover is becoming more difficult to maintain, I've decided to stop this. It simply can't stand anymore and I can't let this harm my company and its customers. I am David Maynor. I made up the LMH identity for bashing Apple and appearing on the media while I was preparing for launching Errata Security with Robert. Since my credibility was severely damaged after the wireless driver exploit, I needed a sock puppet. The idea of LMH and the Month of Apple Bugs came a while after I resigned from SecureWorks. I know some malicious people out there (including the Infosec Sellout, also known as Jon Ramsey... my old manager at SecureWorks) claim I was fired, but that's simply false. It seemed like a flawless public relations campaign for boosting the start of Errata and a great opportunity to attack Apple safely. It was also a safe from the standpoint of my old employer, SecureWorks, which had an agreement with Apple. After the Month of Apple bugs, the whole LMH thing became useless and there was no attention from media anymore. Although, the identity behind Infosec Sellout was unknown to me and Robert, thus I thought I could still give it a good use. I attempted to contact Infosec Sellout, writing a fake log of a SILC conversation with a story that seemed to be consistent. Surprisingly I managed to make him believe it was legitimate and he replied enthusiastically about publishing a post about it. Not a long while afterwards, I contacted my friend from StillSecure, Martin McKeay (we met at RSA with some other people) and decided to spread gossip and simulate a 'leak' about LMH's identity. I also feared that some people started to be suspicious, about LMH being, in fact, no other but myself: David Maynor. Again I had a way to cover up and find out who was behind the Infosec Sellout blog. Now the cover is not possible anymore, since Robert McMillan published information quoting H.D. Moore and Thomas Ptacek, stating that 'Infosec Sellout can't be LMH'. It mentions Dave Aitel's unmask.py tool being used to statically analyze the text of the different postings. This represents the inevitable failure of my intentions to maintain the LMH identity secret, and hence my decision to recognize it publicly before it gets back to Errata and our customers. I've been always a responsible professional in the information security industry. Those who have worked with me, including my ISS team: Chris Rouland, Tom Cross and David Dewey, can provide references and information about my skill base, my personal integrity and professionalism throughout my career in the industry. Tom was even sitting right next to me and David is now in a management position. They could explain why I decided to quit ISS to pursue a position at SecureWorks. Also others like Sherrod Degrippo from the Georgia Institute of Technology. bca2fee517ff50ddd01bb7d6ed9c3043 The above MD5 hash of a text file should serve as a proof in case someone attempts to deny the statements of this message. -- David Maynor aka LMH, CTO, Errata Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists