Full Disclosure mailing list archives
Re: You shady bastards.
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Wed, 06 Jun 2007 11:24:21 -0400
This is clearly a forged electronic mail trolling attempt and attempt at assassinating the character of HD. The real HD Moore (famous inventor of the Millerpreter and Skapesploit) would not be so naive/ignorant in a matter like this. Grow up list, don't feed the trolls. J On Wed, 06 Jun 2007 09:47:12 -0400 H D Moore <fdlist () digitaloffense net> wrote:
Hello, Some friends and I were putting together a contact list for the folks attending the Defcon conference this year in Las Vegas. My friend sent out an email, with a large CC list, asking people to respond if they planned on attending. The email was addressed to quite a few people, with one of them being David Maynor. Unfortunately, his old SecureWorks address was used, not his current address with ErrattaSec. Since one of the messages sent to the group contained a URL to our phone numbers and names, I got paranoid and decided to determine whether SecureWorks was still reading email addressed to David Maynor. I sent an email to David's old SecureWorks address, with a subject line promising 0-day, and a link to a non-public URL on the metasploit.com web server (via SSL). Twelve hours later, someone from a Comcast cable modem in Atlanta tried to access the link, and this someone was (confirmed) not David. SecureWorks is based in Atlanta. All times are CDT. I sent the following message last night at 7:02pm. --- From: H D Moore <hdm[at]metasploit.com> To: David Maynor <dmaynor[at]secureworks.com> Subject: Zero-day I promised Date: Tue, 5 Jun 2007 19:02:11 -0500 User-Agent: KMail/1.9.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200706051902.11544.hdm[at]metasploit.com> Status: RO X-Status: RSC https://metasploit.com/maynor.tar.gz --- Approximately 12 hours later, the following request shows up in my Apache log file. It looks like someone at SecureWorks is reading email addressed to David and tried to access the link I sent: 71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3" This address resolves to: c-71-59-27-152.hsd1.ga.comcast.net The whois information is just the standard Comcast block boilerplate. --- Is this illegal? I could see reading email addressed to him being within the bounds of the law, but it seems like trying to download the "0day" link crosses the line. Illegal or not, this is still pretty damned shady. Bastards. -HD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Click here for free information on consolidating your debt. http://tagline.hushmail.com/fc/CAaCXv1QPxZtJrSWfizeiMOCW4rzwcnw/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: You shady bastards., (continued)
- Re: You shady bastards. John Lowry (Jun 06)
- Re: You shady bastards. Kradorex Xeron (Jun 06)
- Re: You shady bastards. security curmudgeon (Jun 06)
- Re: You shady bastards. Larry Seltzer (Jun 06)
- Re: You shady bastards. security curmudgeon (Jun 06)
- Re: You shady bastards. security curmudgeon (Jun 06)
- Re: You shady bastards. M . B . Jr . (Jun 08)
- Re: You shady bastards. evilrabbi (Jun 08)
- Re: You shady bastards. Morning Wood (Jun 08)
- Re: You shady bastards. Dude VanWinkle (Jun 08)
- Re: You shady bastards. Peter Dawson (Jun 06)
- Re: You shady bastards. evilrabbi (Jun 06)
- Re: You shady bastards. blah (Jun 06)
- Re: You shady bastards. Tim (Jun 06)
- Re: You shady bastards. Dragos Ruiu (Jun 07)
- Re: You shady bastards. Michal Zalewski (Jun 06)