lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jul 2009 16:04:07 +0200
From: Charles Majola <charles.lists@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: anti-sec: OpenSSH <= 5.2 zero day exploit
	code - 48 hours until it is publicly released!

FUD as it seems to be synonymous with FTW these days.

Stupid kids, they are all alike.

On Mon, Jul 20, 2009 at 3:51 PM, Ben Greenfield<bcg@...uxural.com> wrote:
> Are people viewing this as a credible threat, or just FUD?
>
> This claim that ANTI-SEC has a 0-day remote exploit for OpenSSH
> spanning multiple versions is consistent with the logs that have been
> released documenting these attacks.
>
> Many people seem to have written those off as brute force attacks, but
> as far as I'm concerned the jury is still out.
>
>
>
> On Mon, Jul 20, 2009 at 2:52 AM, Gichuki John
> Chuksjonia<chuksjonia@...il.com> wrote:
>> hahaha, now u r releasing it........
>>
>> I thought u guyz dont release or disclose vulnerabilities.
>>
>> ./Chuks
>>
>> On 7/20/09, Ant-Sec Movement <anti.sec.movement@...il.com> wrote:
>>> Dear Reader,
>>> In 48 hours, the anti-sec movement will publicly unveil working exploit code
>>> and full details for the zero-day OpenSSH vulnerability we discovered. It
>>> will be posted to the Full-Disclosure security list.
>>>
>>> Soon, the very foundations of Information Technology and Information
>>> Security will be unearthed as millions upon million of systems running ANY
>>> version of OpenSSH are compromised by wave after wave of script-kiddie and
>>> malicious hacker.
>>>
>>> Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
>>> anti-sec will be unleashing powerful computer worm source code with the
>>> ability to auotmatically find and compromise systems running any and all
>>> versions of OpenSSH.
>>>
>>> This is an attack against all White Hat Hackers who think that running a
>>> Penetration Test simply searching for known vulnerabilities is all they have
>>> to do in order to receive their payment. Anti-sec will savor the moment when
>>> White Hat Hackers are made to look like fools in the eyes of their clients.
>>>
>>> Sincerely,
>>>
>>> -anti-sec
>>>
>>
>>
>> --
>> --
>> Gichuki John Ndirangu,
>> I.T Security Analyst and Penetration Tester
>> infosigmer@...ox.com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://nspkenya.blogspot.com/
>> http://chuksjonia.blogspot.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists