Full Disclosure mailing list archives
DMCA & Source Tree Abuse
From: Jack Ahz <anoncoder () yahoo com>
Date: Tue, 31 Dec 2002 18:44:28 -0800 (PST)
Alert: Due to all the talk about the DMCA lately, I feel obligated to publish this. For reasons which I would not like to discuss, but which should become apparent due to the nature of this memo, I should like to remain anonymous. I am a former member of the hacking/warez courier group known as HERT, the Hacker Emergency Response Team. Though we used to be the largest worldwide hacking group in existence, we had to disband due to a cache of electronic munitions (in the form of proprietary source code) which was being traded by our members. One of these 'source codes' was the somewhat mutilated source tree of Cisco's IOS, version 11.3. I have been involved in many source code 'transactions' (hi divineint!) and most of these were done under-the-table. Unfortunately, all of the source code on the HERT repository was leaked to thousands of people on irc, and fell into the wrong hands. I am alarmed that certain individuals have used these source codes (including ISS research developers who shamelessly use proprietary CDE, Solaris, BSDI, and AIX bundles to publish information about obscure RPC-related buffer overflows, which would take months and years to wade through the binary disassembly) for their own selfish purposes. The latest striking example is this Phrack article entitled "Burning the bridge: Cisco IOS exploits" by the german hacker FX. While the author makes several bold claims that he relied purely on the powers of the Force to reverse engineer IOS internals, it is quite apparent that the coincidence that IOS 11.3 is the only known version to have leaked widely to the computer underground and IOS 11.3 is the only version his exploit works on is slim indeed! I'm sure he figured out malloc chunk fields such as 'Last deallocation address' purely on his own, just by tinkering around on the serial line. Anyhow, I wanted to note these abuses by so called 'whitehats' who smash these obscure architectures' stacks for their own profit! Yours truly, Anonymous __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DMCA & Source Tree Abuse Jack Ahz (Dec 31)
- <Possible follow-ups>
- Re: DMCA & Source Tree Abuse FX (Jan 01)