Full Disclosure mailing list archives
Gay Security Industry Experts Exposed! 2nd Issue! What has James Lohman (DigiEbola) been up to lately? FIND OUT HERE!
From: <ibash () hushmail com>
Date: Mon, 27 Feb 2006 16:28:09 -0500
Hello FD Readers! With the impressive feedback from issue #1, we were pushed to get out issue #2. Thanks for all of the great e-mail. By the way, if any of the good people here can back up our James Lohman issue with stories of their own, we encourage you to post them here. ti/infi/infidel when you were his roommate you made several public comments about him downloading gay porn, and being openly gay in your presence. We would love to hear your input. Thanks! Regards, ibash Coming Out.. Gay Computer Security Experts Exposed! Volume #1 Issue #2 - The Digi Digi Ebola! We decided to investigate the James Lohman aka the Digital Ebola after a strange incident at Defcon. As you may know about a hamburger joint near the hotel where Defcon used to be held called Hambuger Maryâs. Upon realizing this place was a gay restaurant, most of the Defcon regulars stopped patronizing this establishment. However, it was noticed that the Digital Ebola started going there more often, sometimes up to five times a day. Let us step back and give our readers a brief background on this security professional. James Lohman offers his expertise hacker services to the public at a reasonable cost. Really anything is reasonable when you have the skill level this guy has. In fact, we have a special example for you showcasing his most excellent skills: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x http://www.rent-a-hacker.com/CPU_Magazine/Default.htm xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x Digital Fortress: No Hack Job This The site supplied for the hack was a friendly and happy place. White hat hacker James "Digital Ebola" Lohman was kind enough to volunteer to take a whack at a site we set up at http://63.70.164.127. We'd hoped that he could dig into the Web server, copy out the graphic of our beloved editor, and replace it with something, umm, more interesting. Perhaps it wasn't a fair test. Whereas many Web sites run on a Windows system with IIS 5, our test config ran Red Hat 8 with Apache 2.0.40, which is regarded as very secure. Moreover, the box was current on patches and sat behind a firewall, all of which, in Lohman's estimation, made it far more hack-proof than the bulk of servers on the Internet. Still, the system wasn't a complete brick wall. Lohman used the popular Nmap open-source scanner to determine the host's services, OS, and other characteristics. When the system first went live, only the Web service on port 80 was open, which is the ideal configuration for a box like this. You only want to open the barest essentials. However, the server went down after a couple of days, and following a reboot the configuration looked like this: PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 113/tcp filtered auth 123/tcp filtered ntp 161/tcp filtered snmp 162/tcp filtered snmptrap 443/tcp filtered https 1993/tcp filtered snmp-tcp-port Discovering this much took Lohman two minutes. The open SSH service (version 3.4 patch level 1) looked like a possible hack candidate because every version under 3.7 is known to be vulnerable provided you have the right code tailored for that system's configuration. He consulted about 100 different resources for suitable existing code but came up empty. He is confident that he could custom write the necessary code, but it would likely take two full days of work provided he built a nearly identical config on which to practice his attacks in order to gain an all-rights account. While tame compared to most Web site defacements, we'd hoped to replace our test site's original image with something more racy. Another day, perhaps. "After exploiting the SSL (443) vulnerability," says Lohman, "I would be given the rights of the user running the Apache service. If I could break that, I'd look at your kernel versionbecause I know the 2.4 series kernels have major vulnerabilities I can gain root with. If the kernel had been patched, I would turn around and start looking for every file on the system set for a user ID of root. I would start banging on those and see if there was exploit code available for any of them. If not, I would hit each one individually and start checking for possible buffer overflows that could crash that binary and dump you out as root." Lohman notes that a secure system today may not be so tomorrow. One possible attack vector in our machine could be leaving the SSL port (443) wide open for any hacker to waltz through, except we had it filtered. However, a poorly executed configuration change in our filtering or failure of our Linux firewall to start would leave the box very vulnerable. Additionally, all it takes is one hacker somewhere in the world to discover a weakness in our software, post it into a forum or site such as packetstormsecurity.org, and the site could be hacked within hours. In network security, the word "safe" does not apply. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x Ok, now that we proved he is indeed a security expert it is time to prove that he is a homosexual gay faggot. Recalling the Hamburger Mary's incident, we sent our undercover investigative journalist angie to undernet to find the Digital Ebola. Realizing IRC logs are not the best evidence, we have included timestamps in case anyone decides to doubt the legitimacy of these particular logs. *** d_e is ~lerfty () norge freeshell ORG (James Bradley) *** on channels: #guitar @#boomerang *** on irc via server *.undernet.org (The Undernet Underworld) *** d_e has been idle 2 minutes, signed on at Wed Nov 21 20:07:30 2005 *** d_e :End of /WHOIS list. [Wed Nov 23 10:44:11 2005] <d_e> depends [Wed Nov 23 10:44:17 2005] <angie> On???? [Wed Nov 23 10:45:14 2005] <d_e> who else was there [Wed Nov 23 10:45:21 2005] <angie> Me, you.. and another hot guy [Wed Nov 23 10:45:56 2005] <d_e> and who is paying for my plane ticket out there [Wed Nov 23 10:45:59 2005] <angie> LOL [Wed Nov 23 10:46:01 2005] <angie> You can afford it Mr. Bigshot [Wed Nov 23 10:46:04 2005] <angie> Have you ever done anything like this before? [Wed Nov 23 10:46:26 2005] <d_e> yah. [Wed Nov 23 10:46:32 2005] <angie> With another guy? [Wed Nov 23 10:48:19 2005] <d_e> ... [Wed Nov 23 10:48:24 2005] <angie> Well? [Wed Nov 23 10:48:54 2005] <d_e> yeah [Wed Nov 23 10:49:02 2005] <angie> Mmmm hot [Wed Nov 23 10:49:05 2005] <angie> Did you do anything with him? [Wed Nov 23 10:49:49 2005] <d_e> Do you need to know everything? [Wed Nov 23 10:49:57 2005] <angie> Yes! LOL. I need to know how experienced you are [Wed Nov 23 10:50:23 2005] <d_e> Lets just say I am experienced. [Wed Nov 23 10:50:27 2005] <angie> Well now I am somewhat worried [Wed Nov 23 10:50:31 2005] <angie> You will be paying more attention to the other guy and none to me :( [Wed Nov 23 10:55:12 2005] <angie> Hello??? [Wed Nov 23 10:55:19 2005] <d_e> hey [Wed Nov 23 10:55:24 2005] <angie> Are you touching yourself right now? [Wed Nov 23 10:55:36 2005] <d_e> no [Wed Nov 23 10:55:39 2005] <angie> Will you? [Wed Nov 23 10:55:49 2005] <d_e> why? [Wed Nov 23 10:55:57 2005] <angie> I am looking at gay porn and thinking of you. [Wed Nov 23 10:56:43 2005] <d_e> link me Thats it for issue number 2! Here is how to get in contact with the DigiEbola: James Lohman's private cell phone number: 817 919 5470 d_e @ Undernet #boomerang Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Gay Security Industry Experts Exposed! 2nd Issue! What has James Lohman (DigiEbola) been up to lately? FIND OUT HERE! ibash (Feb 27)