Firewall Wizards mailing list archives
concerning ~el8 / project mayhem
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 15 Aug 2002 23:30:05 -0400 (EDT)
While not trying to spark a debate on the merits of or against full disclosure, certainly it has been hashed over in this and other lists fairly completely... It seems that the whitehat community is under a new attack, putting fear into the souls of some reputed security experts, leaving them to now, rather then admonish these spoiled children, to rather brag them up and promote what some are referring to as their fine skillsets and tools. I'm sure this comes as dismal to many in our community, as well as myself, that not only is such an attack sending some into this position of subcumming to the whims of minor-terrorists and in a fashion, condoning them to some point in an attempt to avoid becoming ridiculed with attacks upon the systems and servers the fellow security folks are running and finding compromised repeatedly in recent weeks. In other words, like the quotes cited in the article mentioned in the forwared posting below, some are paying a verbal ransom to these little brats. At least one security related list is being pretty much held hostage to the onslaught of spew mentioned in the posting and article it cites. Now if we were managaing the list, and trying to maintain the policy of un-moderation, we'd at least unsubscribe each spamming spewer to it. For there's one thing anyone that has raised children come to understand, it's that they tire quickly of having to put forth too much effort into their games. Certainly we see the tendency to pay homage to their rants and nasty little hacking ventures into the systems of others as feeding right into what many of Marcus' recent comments to the reportings of the SANS weekly security digests highlight; <see the most recent SANS digest; SANS NewsBites Vol. 4 Num. 33, from this week for the related stories to Marcus' recent comments> Seems folks are doing just what Marcus has long been promoting against, rewarding these silly little kids for their games and intrusions and minor-terroistic rantings. This only serves to encourage not to train them to potty properly as they must have been mistrained in their earliest years. Rather the community bands together to publically spank the little fewls with some deserved time-outs from society. Articles like the one citing a number of 'security professionals' like te one mentioned in the forwarded post does diminish some respect for these folks feeding the kids in their attempts at public tantrums and rantings for attention... So, again, while not trying to spark that old full disclosure good/bad debate, I was interested in the comments of others here on this el8 / project mayhem fiasco. Thanks, Ron DuFresne ---------- Forwarded message ---------- From: dev-null () no-id com Subject: [Full-Disclosure] An urgent warning to all concerning ~el8 / project mayhem Date: 15 Aug 2002 03:45:24 -0000 To: full-disclosure () lists netsys com I will not disclose my name for obvious reasons. However, as much as it pains me to do so, I need to issue a grave warning to all subscribers who are loosely antagonizing these ~el8 / project mayhem / #phrack high council individuals. When I called them kids, I meant in the sense of their behavior as being childish, not in regards to their technical abilities (if any). It would appear the sole publicly accessible machine on my company's network has been compromised using a remote Apache exploit (Apache is the only daemon running on the machine and it was installed after performing a Net install of FreeBSD-current). An obscene note was left in my webroot that I will not enclose here. The version of Apache I am running is 1.3.26. It was installed weeks ago in response to the "Apache chunking" vulnerability. Unfortunately I do not have the data available to reconstruct the attack, but I have since taken steps that will hopefully thwart all future attacks, and I urge subscribers to this list to do the same (via chroot mechanisms). They sit on #phrack on the EFNet irc network. I have joined there incognito, but as far as I can see, no mention has been made of any such vulnerability or exploit. They are using "handles" that are rather self-deprecating and appear to be feigning technical incompetence for whatever reasons. It seems they are deliberately trying to be underestimated, but the connection to ~el8 is very obvious. A friend of mine who has more underground know-how, so to speak, has told me that among their ranks are known exploit coders. There are also connections to blackhat groups such as ADM and TESO. In the topic of the channel is this wired.com article: http://www.wired.com/news/culture/0,1284,54400,00.html -- This message has been sent via an anonymous mail relay at www.no-id.com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- concerning ~el8 / project mayhem R. DuFresne (Aug 16)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 16)
- Re: concerning ~el8 / project mayhem ark (Aug 16)
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem ark (Aug 16)
- <Possible follow-ups>
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Re: concerning ~el8 / project mayhem Anton A. Chuvakin (Aug 21)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 21)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 16)