Full Disclosure mailing list archives

Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released!

From: Ben Greenfield <bcg () struxural com>
Date: Mon, 20 Jul 2009 09:51:26 -0400

Are people viewing this as a credible threat, or just FUD?

This claim that ANTI-SEC has a 0-day remote exploit for OpenSSH
spanning multiple versions is consistent with the logs that have been
released documenting these attacks.

Many people seem to have written those off as brute force attacks, but
as far as I'm concerned the jury is still out.



On Mon, Jul 20, 2009 at 2:52 AM, Gichuki John
Chuksjonia<chuksjonia () gmail com> wrote:

hahaha, now u r releasing it........

I thought u guyz dont release or disclose vulnerabilities.

./Chuks

On 7/20/09, Ant-Sec Movement <anti.sec.movement () gmail com> wrote:

Dear Reader,
In 48 hours, the anti-sec movement will publicly unveil working exploit code
and full details for the zero-day OpenSSH vulnerability we discovered. It
will be posted to the Full-Disclosure security list.

Soon, the very foundations of Information Technology and Information
Security will be unearthed as millions upon million of systems running ANY
version of OpenSSH are compromised by wave after wave of script-kiddie and
malicious hacker.

Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
anti-sec will be unleashing powerful computer worm source code with the
ability to auotmatically find and compromise systems running any and all
versions of OpenSSH.

This is an attack against all White Hat Hackers who think that running a
Penetration Test simply searching for known vulnerabilities is all they have
to do in order to receive their payment. Anti-sec will savor the moment when
White Hat Hackers are made to look like fools in the eyes of their clients.

Sincerely,

-anti-sec



--
--
Gichuki John Ndirangu,
I.T Security Analyst and Penetration Tester
infosigmer () inbox com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Ant-Sec Movement (Jul 19)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Gichuki John Chuksjonia (Jul 19)
  - Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Ben Greenfield (Jul 20)
    - Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! Charles Majola (Jul 20)
- Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! BlackHawk (Jul 20)
  - Re: anti-sec: OpenSSH <= 5.2 zero day exploit code - 48 hours until it is publicly released! T Biehn (Jul 20)