lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Jul 2009 12:41:02 +0100
From: mrx <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Ant-Sec - We are going to
 terminate	Hackforums.net and Milw0rm.com - New Apache 0-day exploit
 uncovered

Well if I was able to take down hackforums and mil0worm and intended to
do so, I certainly wouldn't brag about it on a full disclosure list and
warn my targets.

Just in case:
i) They believed the threat was real and took mitigating action.
ii) Backed up and mirrored the content so that they could be back up in
24 hours.


I can see anti-sec's point regarding script kiddies, however, full
disclosure levels the playing field somewhat.
Full disclosure serves and aids hat's of all colours.
without full disclosure we would have a handful of real experts able to
compromise, control and abuse regardless of motive.
Knowledge is power and when that knowledge is in the hands of the few,
abuse is the usual result.

Full disclosure not only feeds skiddies, it serves to warn us all.
Indeed a double edged sword.

But hey what does this noob know?



Ant-Sec Movement wrote:
> Dear members of Hackforums.net, Jesse Labrocca (AKA Omniscient),
> Milw0rm.com, str0ke, and Reader,
> We are the Ant-Sec movement, and we are dedicated
> to eradicating full-disclosure of vulnerabilities and exploits and free
> discussion on hacking related topics. We are dedicated to stalling the ocean
> of script-kiddies currently trawling the Internet, and those so called
> "White Hat Hackers" who benefit financially from full-disclosure; employing
> scare-tactics in order to con people into buying their firewalls and
> anti-virus software.
>
> Thus, our new targets are Hackforums.net and Milw0rm.com. Both are notable
> within the hacking underground and the computer security world, and both
> violate what the Anti-Sec movement is fighting for. Such as it is, both must
> be terminated...utterly.
>
> Let us first discuss Hackforums.net. It is run by a man named Jesse
> Labrocca, also known as "Omniscient" within the hacker underground. Although
> he, himself, claims to not know a thing about penetrating computer systems.
> Hackforums.net is perhaps one of the largest communities of hackers and
> script-kiddies alike currently at large in cyber space. The beginner
> section, alone, is flooded every single day with messages by script-kiddies.
> The "Hacking Tutorials" section is a diamond mine of full-disclosure
> information. And that is not the entirety of it. As a result, this community
> MUST be terminated.
>
> Recently, the Anti-Sec movement became aware that some unknown entity has
> been launching successfully crippling denial of service attacks against
> Hackforums.net. Whoever you are, we of the Anti-Sec movement extend our
> warmest gratitude to you and we ask that, if you're reading this email,
> please do not cease your attack against Hackforums.net. By bringing it down,
> you are helping to recover the health of the Internet. Hackforums.net is a
> hive of knowledge that should only be known by a select few. It MUST be
> terminated. In addition, we also encourage any and all who can to launch
> denial of service attacks against Hackforums.net in order to support us in
> furthering our goals.
>
> We would like to stress that we will not be participating in DDOSing
> Hackforums.net. The reasons for this bring us to our next topic of
> discussion.
>
> In addition to our OpenSSH 0-day exploit, the Anti-Sec movement have also
> unearthed an Apache 0-day vulnerability and  we have subsequently developed
> exploit code in order to take advantage of this vulnerability. It affects
> ALL versions. We will be using this as well as our OpenSSH exploit to hack
> into Hackforums.net and rm its contents, thus terminating it.
>
> As soon as, if ever, the recent crippling DDOS attacks against
> Hackforums.net cease, we will strike. And in that moment, Hackforums.net
> will be history. Your only hope, Hackforums, is for the heavy DDOS attacks
> to never stop.
>
> Once we have dealt with Hackforums.net, we will terminate Milw0rm. Better
> you had quit and left it at that, Str0ke, for now milw0rm.com will be
> completely and utterly wiped. It is the second highest target after
> Hackforums.net.
>
> This is our message to all. You have seen what the Anti-Sec movement can do.
> We will do it again, and again, and again, until our goals are achieved.
>
> This we promise.
>
> Sincerely,
>
> Anti-Sec
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ