Full Disclosure mailing list archives
Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released!
From: Ben Greenfield <bcg () struxural com>
Date: Mon, 20 Jul 2009 09:51:26 -0400
Are people viewing this as a credible threat, or just FUD? This claim that ANTI-SEC has a 0-day remote exploit for OpenSSH spanning multiple versions is consistent with the logs that have been released documenting these attacks. Many people seem to have written those off as brute force attacks, but as far as I'm concerned the jury is still out. On Mon, Jul 20, 2009 at 2:52 AM, Gichuki John Chuksjonia<chuksjonia () gmail com> wrote:
hahaha, now u r releasing it........ I thought u guyz dont release or disclose vulnerabilities. ./Chuks On 7/20/09, Ant-Sec Movement <anti.sec.movement () gmail com> wrote:Dear Reader, In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list. Soon, the very foundations of Information Technology and Information Security will be unearthed as millions upon million of systems running ANY version of OpenSSH are compromised by wave after wave of script-kiddie and malicious hacker. Within 10 hours of the initial release of the OpenSSH 0-day exploit code, anti-sec will be unleashing powerful computer worm source code with the ability to auotmatically find and compromise systems running any and all versions of OpenSSH. This is an attack against all White Hat Hackers who think that running a Penetration Test simply searching for known vulnerabilities is all they have to do in order to receive their payment. Anti-sec will savor the moment when White Hat Hackers are made to look like fools in the eyes of their clients. Sincerely, -anti-sec-- -- Gichuki John Ndirangu, I.T Security Analyst and Penetration Tester infosigmer () inbox com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Ant-Sec Movement (Jul 19)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Gichuki John Chuksjonia (Jul 19)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Ben Greenfield (Jul 20)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Charles Majola (Jul 20)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Ben Greenfield (Jul 20)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! BlackHawk (Jul 20)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Gichuki John Chuksjonia (Jul 19)