Full Disclosure mailing list archives
[Full-Disclosure] RE: [Full-disclosure]UPX-packed body with ROT13 Script Kiddies
From: "Clairmont, Jan" <JMC13 () mail3 cs state ny us>
Date: Fri, 30 Jan 2004 13:57:59 -0500
The code is confirmed also by another source that there is ROT13 UPX code. Another tall-tale proven. I don't get it, not knowing simple exploits and coding techniques of hackers is I think minimum for a Security Pro, I agree with Uncle Scrotum here. Pls for the rest of the communities sake learn something about your adversary and their techniques. I don't like hackers, they have caused me lost production time and rebuilds etc. I don't underestimate them, I hope! They are a clever group of sadistic devils and will bedevil and beguile you. And I am not like Georgy Boy Bush saying bring 'em on, you will eventually lose. The more I teach security and system administration the more exploits I find and it just drives me crazy the Clairmont-Everhardt Index of Vulnerabilities is probably a low ball number. I have worked on PIX, Checkpoint, Raptor, Gauntlet, FWTK, CyberGuard, IDS, Tripwire, SNORT, NATO Security Firewall Specifications etc. etc. and this little sh*t blew thru them like a sh*t thru a goose. Oh, but it was just mail, soooooooo. Spam filters, etc. etc. And to those who are not disclosing their research, full disclosure BS, I'll show you mine when you show me yours. ROT13 was used, how much of an assembler decode do you need to see a forth decoder? Did ya check for TSR's, did ya' check all variants etc etc. I haven't seen yours well you can't see mine. Does this never end I guess we can't share and get along. But stumble on into the night, out, out brief candle life is but a walking shadow, signifying nothing..... And I never read Balzac...maybe I should, might be a clue. Watson, the games afoot or a ball or a toad8-> Ooooo just got my Mydoom.B variant bye. Sorry about the rant Jan Clairmont, KMGO, Paladin of Security -----Original Message----- From: Uncle Scrotora Balzac [mailto:scrotora () hushmail com] Sent: Friday, January 30, 2004 11:24 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Script Kiddies -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I love hearing security people talk about script kiddies. It's the funniest thing to see them walking around with their chests pushed out like peacocks, as they scoff the silly little kiddy. Funny because 99.9 percent of the people using the term so loosely have no idea how to *really* find vulnerabilities in systems, compromise, gain control, hide their presence, then use it for whatever they want. Hell, a significant percent of those "security [engineers/professionals/consultants/researchers]" (circle one) have trouble compiling exploits (if they even know where to find them in the first place), much less figure out offsets, return addresses, etc.. The same exploits those "kiddies" use!! What these people don't realize is that the "kiddies" they so affectionately refer to have learned this practice by reading comments, headers, and cryptic help messages in code and scripts. Not by completely out-of-touch and wickedly outdated texts like their CISSP study guides, vendor whitepapers, and books by aging whitehat hackers. Irony. But like I said, this practice is funny, not annoying. It's funny because of the false sense of superiority these people get from referring to 95%+ of the hacking community as kiddies. It's funny because of how much they *really* don't know - and advertise the fact with huge neon signs by getting on lists like this and asking for things like SSH exploit code so they can "learn how exploits work!" (By the way, to the whitehat who was arguing with everyone after getting char grilled flamed for this - - if you want to learn how exploits work, there's about 1000 of them at www.packetstormsecurity.com.) Funny every time a box on their network gets whacked, and they talk about the script kiddy that did it. How ironic is that, and what does it say about them? But that's right, it's not their fault. Always someone else's, which makes me wonder why any of these people have jobs in the first place. I'm glad they can't hear themselves. Then they might stop. - --- "...we have smuggled a word into the dictionary which ought not to be there at all--Self-Sacrifice. It describes a thing which does not exist... We ignore and never mention the Sole Impulse which dictates and compels a man's every act: the imperious necessity of securing his own approval, in every emergency and at all costs." - Samuel L. Clemens -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkAahQUACgkQpAmIRgfdb/ytTQCfZagWBV6alvBEHpLGKCbQQ3HTvKgA n1dSi3KEF+5gBwJsD6YT4jx5+XpS =++DK -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: [Full-disclosure]UPX-packed body with ROT13 Script Kiddies Clairmont, Jan (Jan 30)