lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Jul 2009 16:04:07 +0200 From: Charles Majola <charles.lists@...il.com> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! FUD as it seems to be synonymous with FTW these days. Stupid kids, they are all alike. On Mon, Jul 20, 2009 at 3:51 PM, Ben Greenfield<bcg@...uxural.com> wrote: > Are people viewing this as a credible threat, or just FUD? > > This claim that ANTI-SEC has a 0-day remote exploit for OpenSSH > spanning multiple versions is consistent with the logs that have been > released documenting these attacks. > > Many people seem to have written those off as brute force attacks, but > as far as I'm concerned the jury is still out. > > > > On Mon, Jul 20, 2009 at 2:52 AM, Gichuki John > Chuksjonia<chuksjonia@...il.com> wrote: >> hahaha, now u r releasing it........ >> >> I thought u guyz dont release or disclose vulnerabilities. >> >> ./Chuks >> >> On 7/20/09, Ant-Sec Movement <anti.sec.movement@...il.com> wrote: >>> Dear Reader, >>> In 48 hours, the anti-sec movement will publicly unveil working exploit code >>> and full details for the zero-day OpenSSH vulnerability we discovered. It >>> will be posted to the Full-Disclosure security list. >>> >>> Soon, the very foundations of Information Technology and Information >>> Security will be unearthed as millions upon million of systems running ANY >>> version of OpenSSH are compromised by wave after wave of script-kiddie and >>> malicious hacker. >>> >>> Within 10 hours of the initial release of the OpenSSH 0-day exploit code, >>> anti-sec will be unleashing powerful computer worm source code with the >>> ability to auotmatically find and compromise systems running any and all >>> versions of OpenSSH. >>> >>> This is an attack against all White Hat Hackers who think that running a >>> Penetration Test simply searching for known vulnerabilities is all they have >>> to do in order to receive their payment. Anti-sec will savor the moment when >>> White Hat Hackers are made to look like fools in the eyes of their clients. >>> >>> Sincerely, >>> >>> -anti-sec >>> >> >> >> -- >> -- >> Gichuki John Ndirangu, >> I.T Security Analyst and Penetration Tester >> infosigmer@...ox.com >> >> {FORUM}http://lists.my.co.ke/pipermail/security/ >> http://nspkenya.blogspot.com/ >> http://chuksjonia.blogspot.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists