Full Disclosure mailing list archives
You STUPID bastards.
From: "Aberration State" <sdufresno () cyber-rights net>
Date: Thu, 07 Jun 2007 15:57:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 what's more stupid? a bunch of l33+ defcon security conference attendees too stupid to read a distribution list before sending sentive information or stupid rantings about big bad capitalistic corporations? - --- “You don't have to be a man to fight for freedom. All you have to do is to be an intelligent human being.” - Malcolm X On Jun 6, 2007, at 9:47 AM, H D Moore wrote:
Hello, Some friends and I were putting together a contact list for the
folks
attending the Defcon conference this year in Las Vegas. My friend
sent
out an email, with a large CC list, asking people to respond if
they
planned on attending. The email was addressed to quite a few people, with one of them being David Maynor. Unfortunately, his old SecureWorks address was used, not his current address with ErrattaSec. Since one of the messages sent to the group contained a URL to
our
phone numbers and names, I got paranoid and decided to determine whether SecureWorks was still reading email addressed to David Maynor. I sent an email to David's old SecureWorks address, with a subject line promising 0-day, and a link to a non-public URL on the metasploit.com web
server
(via SSL). Twelve hours later, someone from a Comcast cable modem
in
Atlanta tried to access the link, and this someone was
(confirmed) not
David. SecureWorks is based in Atlanta. All times are CDT. I sent the following message last night at 7:02pm. --- From: H D Moore <hdm[at]metasploit.com> To: David Maynor <dmaynor[at]secureworks.com> Subject: Zero-day I promised Date: Tue, 5 Jun 2007 19:02:11 -0500 User-Agent: KMail/1.9.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200706051902.11544.hdm[at]metasploit.com> Status: RO X-Status: RSC https://metasploit.com/maynor.tar.gz --- Approximately 12 hours later, the following request shows up in
my
Apache log file. It looks like someone at SecureWorks is reading email addressed to David and tried to access the link I sent: 71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X;
en)
AppleWebKit/419 (KHTML, like Gecko) Safari/419.3" This address resolves to: c-71-59-27-152.hsd1.ga.comcast.net The whois information is just the standard Comcast block
boilerplate.
--- Is this illegal? I could see reading email addressed to him being
within the bounds of the law, but it seems like trying to download the
"0day"
link crosses the line. Illegal or not, this is still pretty damned shady. Bastards. -HD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkZoYx8ACgkQK43TUsmw8Z650AP+M/d1QSqTtgxRpu0rwP1Jw5Fw8QjU qyfVdtm1IqIGbcQwdq425aBE0o24pVxqtcuYkfrEtSZjfdcEyD1SoTq0Vtb1DYXj4bMe rDO0m2d5ucYIRFoK5339Zgq8TfDMzDyFZBhLhx5fbk2DxGnzg+WDDzC6mRTW3ysX9qko ENVCDM4= =34Y6 -----END PGP SIGNATURE----- Get your free encrypted email at http://www.cyber-rights.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- You STUPID bastards. Aberration State (Jun 07)