Full Disclosure mailing list archives
Re: Multiple Backdoors found in eEye Products (IRISand SecureIIS)
From: xyberpix <xyberpix () xyberpix com>
Date: Mon, 10 Jan 2005 02:53:21 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bwahahaha, thanks Marc, nicely put.If people on here could please get their facts correct before posting FD's on here it would save everyone a load of time. C'mon people we're all here for one reason or another, and if it's to annoy people, do it somewhere else, this really isn't the place. Most of us on here are serious about what we do, whatever that may be ;-) It's a great list, let's keep it that way, and while we're at it, can we put this thread to sleep now, it's gone on long enough.
xyberpix On 30 Dec 2004, at 01:33, Marc Maiffret wrote:
Hi Lance Gusto,It is really interesting that someone with such a disdain for my company would go out of their way to spam out an email about a supposed backdoorwithin our products, choose not to contact us ahead of time, and then provide no real details to prove your claim... Ahhh but wait, you chose not to provide any details because you're a "good guy". As you said: "Unfortunately, we can't release the "exploits" publicly due to the severity of these flaws." Right. The reason you could not provide any real details about these backdoors are because there are no backdoors in Iris nor SecureIIS. While I would not wish to give someone like you the time of day nor 15 minutes of infamy, eEye does take every security claim very seriously. We have performed an audit of SecureIIS and Iris code to re-verify what we already knew, that there are no backdoors in either of them. It is quite possible that you downloaded fake warez versions of our products from peer-to-peer networks which someone might have put there to trick people and put backdoors on their systems. However, if such warez product versions existed they would not be from eEye as we do not distribute our software on peer-to-peer networks nor recommend people downloading warez versions from there. Get your warez from a trusted distributor. ;-) If you would have contacted us we could have saved you the embarrassment... But then you are sending emails from Hotmailthrough a proxy at a university in Germany so I seriously doubt you careif your persona "Lance Gusto" gets embarrassed on public mailing lists. These backdoors are as much of a reality as Santa Claus but then you seem to be childish enough that you probably still believe in the jolly red man. Maybe next you can follow-up your humors eMail with a spoofedadvisory about a backdoor you found in Rudolph "the red nosed reindeer".At least then you could promote yourself from being a coward to a comedian. Thank you, please drive through. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilitiesImportant Notice: This email is confidential, may be legally privileged,and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited andmay be a criminal offense. Please delete if obtained in error and email confirmation to the sender. P.S. I'm going to tell you this for your ownbenefit, your email was dope as hell especially since you faked 90 percent of it. What you need to do is practice on your freestyle before you come up missing like triple m's police file.
For Security And Open Source News And Info Visit: http://www.xyberpix.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFB4e4icRMkOnlkwMERAiiEAJsF/svsADIHRj6yAvh9eV09qQ9DjQCeIGoO mQfY4KClb9V75BsdTWvKcdk= =mUTu -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Multiple Backdoors found in eEye Products (IRISand SecureIIS) Shunryu Suzuki (Dec 31)
- <Possible follow-ups>
- Re: Multiple Backdoors found in eEye Products (IRISand SecureIIS) Peter Besenbruch (Dec 31)
- RE: Multiple Backdoors found in eEye Products (IRISand SecureIIS) Paul Schmehl (Jan 01)
- RE: Multiple Backdoors found in eEye Products (IRISand SecureIIS) Marc Maiffret (Jan 06)
- RE: Multiple Backdoors found in eEye Products (IRISand SecureI Lance Gusto (Jan 06)
- Re: Multiple Backdoors found in eEye Products(IRISand SecureIIS) Roberto Muñoz (Jan 06)
- Re: Multiple Backdoors found in eEye Products (IRISand SecureIIS) xyberpix (Jan 09)
- RE: Multiple Backdoors found in eEye Products (IRISand SecureIIS) Esler, Joel - Contractor (Jan 06)