Full Disclosure mailing list archives
An urgent warning to all concerning ~el8 / project mayhem (fwd)
From: full-disclosure () lists netsys com (Ron DuFresne)
Date: Thu, 15 Aug 2002 05:23:46 -0500 (CDT)
It seems that the whitehat community is under a new attack, putting fear
into the souls of some reputed security experts, leaving them to now,
rather then admonish these spoiled children, to rather brag them up and
promote what some are referring to as their fine skillsets and tools. I'm
sure this comes as dismal to many in our community, as well as myself,
that not only is such an attack sending some into this position of
subcumming to the whims of minor-terrorists and in a fashion, condoning
them to some point in an attempt to avoid becoming ridiculed with attacks
upon the systems and servers the fellow security folks are running and
finding compromised repeatedly in recent weeks. In other words, like the
quotes cited in the article mentioned in the forwared posting below, some
are paying a verbal ransom to these little brats. At least one security
related list is being pretty much held hostage to the onslaught of spew
mentioned in the posting and article it cites.
Now if we were managaing the list, and trying to maintain the policy of
un-moderation, we'd at least unsubscribe each spamming spewer to it. For
there's one thing anyone that has raised children come to understand, it's
that they tire quickly of having to put forth too much effort into their
games. Certainly we see the tendency to pay homage to their rants and
nasty little hacking ventures into the systems of others as feeding right
into what many of Marcus' recent comments to the reportings of the SANS
weekly security digests highlight;
[Editor's Note (Ranum): It doesn't matter what the maximum is, when
the minimum is the slap on the wrist that hackers usually get.
[Editor's Note (Ranum: A violation of the public trust in the US:
1-2 years. A $360 stolen credit card transaction in Indonesia: up to
11 years. No wonder we have so many problems like this.]
<see the most recent SANS digest; SANS NewsBites Vol. 4 Num. 33, from this
week for the related stories to these comments>
Seems folks are doing just what Marcus has long been promoting against,
rewarding these silly little kids for their games and intrusions and
minor-terroistic rantings. This only serves to encourage not to train
them to potty properly as they must have been mistrained in their earliest
years. Rather the community bands together to publically spank the little
fewls with some deserved time-outs from society. Articles like the one
citing a number of 'security professionals' like te one mentioned in the
forwarded post does diminish some respect for these folks feeding the kids
in their attempts at public tantrums and rantings for attention...
Thanks,
Ron DuFresne
---------- Forwarded message ----------
From: dev-null () no-id com
Subject: [Full-disclosure] An urgent warning to all concerning ~el8 / project
mayhem
Date: 15 Aug 2002 03:45:24 -0000
To: full-disclosure () lists netsys com
I will not disclose my name for obvious reasons. However, as much as it pains me to do so, I need to issue a grave
warning to all subscribers who are loosely antagonizing these ~el8 / project mayhem / #phrack high council individuals.
When I called them kids, I meant in the sense of their behavior as being childish, not in regards to their technical
abilities (if any).
It would appear the sole publicly accessible machine on my company's network has been compromised using a remote Apache
exploit (Apache is the only daemon running on the machine and it was installed after performing a Net install of
FreeBSD-current). An obscene note was left in my webroot that I will not enclose here. The version of Apache I am
running is 1.3.26. It was installed weeks ago in response to the "Apache chunking" vulnerability. Unfortunately I do
not have the data available to reconstruct the attack, but I have since taken steps that will hopefully thwart all
future attacks, and I urge subscribers to this list to do the same (via chroot mechanisms).
They sit on #phrack on the EFNet irc network. I have joined there incognito, but as far as I can see, no mention has
been made of any such vulnerability or exploit. They are using "handles" that are rather self-deprecating and appear to
be feigning technical incompetence for whatever reasons. It seems they are deliberately trying to be underestimated,
but the connection to ~el8 is very obvious. A friend of mine who has more underground know-how, so to speak, has told
me that among their ranks are known exploit coders. There are also connections to blackhat groups such as ADM and TESO.
In the topic of the channel is this wired.com article:
http://www.wired.com/news/culture/0,1284,54400,00.html
Current thread:
- An urgent warning to all concerning ~el8 / project mayhem (fwd) Ron DuFresne (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) hellNbak (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) Ron DuFresne (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) hellNbak (Aug 15)
- player hating full-disclosure () lists netsys com (Aug 16)
- Ron D. is so cool. full-disclosure () lists netsys com (Aug 16)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) Ron DuFresne (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) hellNbak (Aug 15)
- <Possible follow-ups>
- An urgent warning to all concerning ~el8 / project mayhem (fwd) Ron DuFresne (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) bacano (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) James Martin (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) Schmehl, Paul L (Aug 15)
- An urgent warning to all concerning ~el8 / project mayhem (fwd) full-disclosure () lists netsys com (Aug 15)