lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 20 Jul 2009 09:51:26 -0400
From: Ben Greenfield <bcg@...uxural.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: anti-sec: OpenSSH <= 5.2 zero day exploit
	code - 48 hours until it is publicly released!

Are people viewing this as a credible threat, or just FUD?

This claim that ANTI-SEC has a 0-day remote exploit for OpenSSH
spanning multiple versions is consistent with the logs that have been
released documenting these attacks.

Many people seem to have written those off as brute force attacks, but
as far as I'm concerned the jury is still out.



On Mon, Jul 20, 2009 at 2:52 AM, Gichuki John
Chuksjonia<chuksjonia@...il.com> wrote:
> hahaha, now u r releasing it........
>
> I thought u guyz dont release or disclose vulnerabilities.
>
> ./Chuks
>
> On 7/20/09, Ant-Sec Movement <anti.sec.movement@...il.com> wrote:
>> Dear Reader,
>> In 48 hours, the anti-sec movement will publicly unveil working exploit code
>> and full details for the zero-day OpenSSH vulnerability we discovered. It
>> will be posted to the Full-Disclosure security list.
>>
>> Soon, the very foundations of Information Technology and Information
>> Security will be unearthed as millions upon million of systems running ANY
>> version of OpenSSH are compromised by wave after wave of script-kiddie and
>> malicious hacker.
>>
>> Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
>> anti-sec will be unleashing powerful computer worm source code with the
>> ability to auotmatically find and compromise systems running any and all
>> versions of OpenSSH.
>>
>> This is an attack against all White Hat Hackers who think that running a
>> Penetration Test simply searching for known vulnerabilities is all they have
>> to do in order to receive their payment. Anti-sec will savor the moment when
>> White Hat Hackers are made to look like fools in the eyes of their clients.
>>
>> Sincerely,
>>
>> -anti-sec
>>
>
>
> --
> --
> Gichuki John Ndirangu,
> I.T Security Analyst and Penetration Tester
> infosigmer@...ox.com
>
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://nspkenya.blogspot.com/
> http://chuksjonia.blogspot.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ