You STUPID bastards.

["Aberration State" <sdufresno () cyber-rights net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

what's more stupid? a bunch of l33+ defcon security conference
attendees too stupid to read a distribution list before sending
sentive information or stupid rantings about big bad capitalistic
corporations?

- ---
“You don't have to be a man to fight for freedom. All you have to
do is to be an intelligent human being.” - Malcolm X

On Jun 6, 2007, at 9:47 AM, H D Moore wrote:
> Hello,
>
> Some friends and I were putting together a contact list for the
folks
> attending the Defcon conference this year in Las Vegas. My friend
sent
> out an email, with a large CC list, asking people to respond if
they
> planned on attending. The email was addressed to quite a few
> people, with
> one of them being David Maynor. Unfortunately, his old SecureWorks
> address was used, not his current address with ErrattaSec.
>
> Since one of the messages sent to the group contained a URL to
our
> phone
> numbers and names, I got paranoid and decided to determine whether
> SecureWorks was still reading email addressed to David Maynor. I
> sent an
> email to David's old SecureWorks address, with a subject line
> promising
> 0-day, and a link to a non-public URL on the metasploit.com web
server
> (via SSL). Twelve hours later, someone from a Comcast cable modem
in
> Atlanta tried to access the link, and this someone was
(confirmed) not
> David. SecureWorks is based in Atlanta. All times are CDT.
>
> I sent the following message last night at 7:02pm.
>
> ---
> From: H D Moore <hdm[at]metasploit.com>
> To: David Maynor <dmaynor[at]secureworks.com>
> Subject: Zero-day I promised
> Date: Tue, 5 Jun 2007 19:02:11 -0500
> User-Agent: KMail/1.9.3
> MIME-Version: 1.0
> Content-Type: text/plain;
>   charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> Message-Id: <200706051902.11544.hdm[at]metasploit.com>
> Status: RO
> X-Status: RSC
>
> https://metasploit.com/maynor.tar.gz
> ---
>
> Approximately 12 hours later, the following request shows up in
my
> Apache
> log file. It looks like someone at SecureWorks is reading email
> addressed
> to David and tried to access the link I sent:
>
> 71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz
> HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X;
en)
> AppleWebKit/419 (KHTML, like Gecko) Safari/419.3"
>
> This address resolves to:
> c-71-59-27-152.hsd1.ga.comcast.net
>
> The whois information is just the standard Comcast block
boilerplate.
> ---
>
> Is this illegal? I could see reading email addressed to him being

> within
> the bounds of the law, but it seems like trying to download the
"0day"
> link crosses the line.
>
> Illegal or not, this is still pretty damned shady.
>
> Bastards.
>
> -HD
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkZoYx8ACgkQK43TUsmw8Z650AP+M/d1QSqTtgxRpu0rwP1Jw5Fw8QjU
qyfVdtm1IqIGbcQwdq425aBE0o24pVxqtcuYkfrEtSZjfdcEyD1SoTq0Vtb1DYXj4bMe
rDO0m2d5ucYIRFoK5339Zgq8TfDMzDyFZBhLhx5fbk2DxGnzg+WDDzC6mRTW3ysX9qko
ENVCDM4=
=34Y6
-----END PGP SIGNATURE-----



Get your free encrypted email at http://www.cyber-rights.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/