lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Jul 2009 15:12:51 -0700
From: "frank^2" <frank2@...49.org>
To: saphex <saphex@...il.com>
Cc: Ant-Sec Movement <anti.sec.movement@...il.com>,
	full-disclosure@...ts.grok.org.uk
Subject: Re: Ant-Sec - We are going to terminate
	Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered

Well... this assumes that all they're trying to do is take down the
websites and cause disruption with no ultimate purpose.

Let's say milw0rm gets owned. There are multiple backups of the site--
intentional or not-- that exist around the Internet. If milw0rm was
owned, the actual defacement and destruction of the site would really
be insignificant-- the database of vulnerabilities would still exist
in one way or another. Meaning in the grand scheme of things, they've
done absolutely nothing for their movement. Or, if they have done
something, it was only for $HOURS, or $DAYS even. Even moreso, let's
assume they're successful and milw0rm never returns. Much like
filesharing sites and applications, three would rise in their place.
Again, this assumes the sole purpose of the take-down of milw0rm is to
do just that-- take it down and disrupt the public dissemination of
exploit code.

However, just think about the power of the statement alone if the
event actually happens: "milw0rm got owned." Remember the outcry that
happened when milw0rm was *intentionally* going offline? How much more
powerful a message do you think it would be, how much *quicker* would
the message spread if instead of intentional disconnection it was
malicious defacement?

Granted, I feel I may be romanticizing the situation more than it
really merits (mainly because I find this entire situation just so
goddamn entertaining). But tearing down an effigy of the opposition--
even if temporarily-- can be significant for how a movement appears in
the eyes of others.

...the verbosity of this e-mail makes me feel like an InfoSec flunky. Gross.

On Wed, Jul 15, 2009 at 1:17 PM, saphex<saphex@...il.com> wrote:
> Hi,
>
> I generally don't answer to this *kind of stuff* (read netdev soap
> operas alike), but this is becoming funny. I want to point out some
> flaws in your logic/strategy, I'm not going to put a twist to your
> words to infer that you wrote something absurd, rather, I will really
> just point out some flaws.
> If I was about to own a web site, which have very capable people
> behind it (like str0ke) I wouldn't come to brag about it because of
> two reasons (there are many more but...):
>
> 1) If the site administrator took my threats seriously I would have to
> expect that some kind of counter-measures would be put in place:
>   - Packet sniffer with a SSH traffic filter (0-day exploit not so 0-day now)
>   - Backups in other remote servers (if not already done)
>   - ....
>
> 2) Yet again, if the site administrator took me seriously, I would
> expect retaliations. I wouldn't take as granted the *confidentiality*
> of the Internet or of any the hosts already compromised by me in order
> to make the attack.
>
> There is other flaws, but there is no need to point them out.
>
> Be good, peace,
> saphex
>
> On Wed, Jul 15, 2009 at 6:02 PM, str0ke<str0ke@...w0rm.com> wrote:
>> Ant-Sec Movement wrote:
>>> Once we have dealt with Hackforums.net, we will terminate Milw0rm.
>>> Better you had quit and left it at that, Str0ke, for now milw0rm.com
>>> <http://milw0rm.com> will be completely and utterly wiped. It is the
>>> second highest target after Hackforums.net.
>>>
>>
>> I would like to opt out on the milw0rm termination / wipage.  Secondly
>> when hackforums.net comes back online and are owned by anti-sec, can I
>> be moved to the bottom of the list if opting out isn't possible?  If
>> there are only 2 targets on the list, can you insert 5 to 6 targets in
>> between hackforums and milw0rm bumping it down a few notches.  If
>> hackforums.net doesn't ever come back online, do I get stuck in limbo
>> waiting until they get wiped free card?  If so hackforums.net please
>> stay offline, thanks.
>>
>> /str0ke
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ