Full Disclosure mailing list archives
RE: n3td3v group calls on RSA to clarify theirstance
From: "HTRegz" <htregz () aoaddicts net>
Date: Sat, 1 Apr 2006 00:45:43 -0500
While I’m not normally one to reply to this list… I can’t stand to see this go on any further. Don’t expect another response as I don’t have the time (other than late Friday night) to sit and respond to this drivel.. n3td3v: How do you figure on this single user Microsoft Windows XP computer?? Last time I checked Windows XP was a multi-user environment… Also… if it’s not a botnet it must be Windows… that’s a rather childish thought…. Also a botnet has negative connotations.. That is to say, it’s a group of PCs under the control of a single individual or group. This group of PCs (Zombies) are used mostly for illegal purposes, or on IRC networks (different sort of botnet… where the name was derived from). What makes you think that RSA has a single IP… that’s a pretty foolhardy belief. They aren’t some kid on a cable modem. In fact, a quick search of ARIN, assuming only RSA Security shows they have several net blocks ---SNIP--- RSA Security Inc. RSA-SECURITY-C1 (NET-192-80-211-0-1) 192.80.211.0 - 192.80.211.255 RSA Security Inc. RSA-SECURITY (NET-216-162-240-0-1) 216.162.240.0 - 216.162.255.255 RSA Security Inc. UU-63-84-35-192-D4 (NET-63-84-35-192-1) 63.84.35.192 - 63.84.35.223 RSA SECURITY UU-65-216-28-32-D7 (NET-65-216-28-32-1) 65.216.28.32 - 65.216.28.39 RSA SECURITY UU-65-214-232-56-D3 (NET-65-214-232-56-1) 65.214.232.56 - 65.214.232.63 RSA Security UU-65-221-107 (NET-65-221-107-0-1) 65.221.107.0 - 65.221.107.255 Rsa Security Inc SBC066123220136030905 (NET-66-123-220-136-1) 66.123.220.136 - 66.123.220.143 RSA Security, Inc. QWEST-IAD-RSA1 (NET-63-150-186-0-1) 63.150.186.0 - 63.150.186.255 RSA Security, Inc. QWEST-IAD-RSA (NET-66-77-65-208-1) 66.77.65.208 - 66.77.65.223 ---SNIP--- The odds are that others involved in this will contribute machines on their networks.. and that RSA owns blocks not listed above… servers setup on these blocks running the software will submit information to the pages… This is not a botnet… If this is a botnet then the worlds SMTP servers are a huge botnet… oh yeah and the Root DNS servers must be a botnet… We’re not asking a lot here.. just that you think a little and approach this from at least somewhat of a technical understanding… Others have already pointed out why this will work from a banks point-of-view and others on why phishers are not automated… I’m now showing you why this isn’t some big illegal botnet… and how it’s a completely legal operation…. I’d bet that by inviting hackers… RSA is saying run the software… Think of it as distributed computing… Is that a big illegal botnet as well?? Peace, HT _____ From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v Sent: Friday, March 31, 2006 11:50 PM To: Morning Wood; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] n3td3v group calls on RSA to clarify theirstance If the RSA aren't using a bot network, then are you suggesting they are sending garbage data from one single user Microsoft Windows XP computer.... to all the worlds phishing logins? Wake up mr se cur ity at hotmail dot com On 4/1/06, Morning Wood <HYPERLINK "mailto:se_cur_ity () hotmail com"se_cur_ity () hotmail com> wrote:
*while RSA are carrying out these attacks, is it legally OK for hackers to "HELP OUT" the RSA by pointing a few of our bot net's at some Yahoo and eBay fake login web pages that we know about and feed them with fake username and password data. We don't want to end up in jail, but since the RSA are doing it, so we can tell our lawyers that the RSA recommended the tactic to us.* *Much regards,* *n3td3v international security group*
so... the "n3td3v group" has "a few [of our ] botnets" did I hear this right? ( *blink* ) somehow I dont think RSA is using "botnets", which BTW are ILLEGAL in *most* countries ( yes, including your precious UK ) I just want to thank the biggest security group ( lol ) for using teh botz!!! I am sure Yahoo-Inc, Google, EBay, Microsoft and FooBarBlehCo will thank you publicly on CNN so we will know how n3td3v group saved us all with botnets!!! thanks b0td3v gr0upz, MW _______________________________________________ Full-Disclosure - We believe in it. Charter: HYPERLINK "http://lists.grok.org.uk/full-disclosure-charter.html"http://lists.grok.org .uk/full-disclosure-charter.html Hosted and sponsored by Secunia - HYPERLINK "http://secunia.com/"http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.3/298 - Release Date: 3/30/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.3/298 - Release Date: 3/30/2006
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- n3td3v group calls on RSA to clarify their stance n3td3v (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance Morning Wood (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance n3td3v (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance Valdis . Kletnieks (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance n3td3v (Mar 31)
- RE: n3td3v group calls on RSA to clarify theirstance HTRegz (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance n3td3v (Mar 31)
- Re: n3td3v group calls on RSA to clarify their stance Morning Wood (Mar 31)