Re: openbse rumours

[pr0ix <pr0ix () def-con org>]

Earlier today, someone calling themselves ``Van Cloude Jandame''
posted a message to VULN-DEV and OpenBSD-misc entitled ``openbse
rumours'' (sic).

> (within the rest of them) talking about the 7350-crocodile.c,
> 7350-obsdftpd.c and the 7350-pf.c exploit code by team teso made with
> support of GOBBLES Security, who gave them the advisories.

With the exception of 7350oftpd (which is public), these exploits do not
exist. Furthermore, GOBBLES is a deliberate joke played out by some
otherwise
avid fans of non-disclosure.

> <m0rgan> ./a.out
> <m0rgan> 7350-crocodile - x86/OpenBSD apache/telnetd/sshd
> *** pr0ix (pr0ix () def-con org) has joined #darknet

These logs are fake. No such conversation ever occurred.

> <m0rgan> ./7350-crocodile [options] [host] [port] [misc-option]
> <m0rgan>
> <m0rgan> -d <daemon> (1= apache, 2= telnetd, 3= sshd)

This, too, is fake.

Conclusion: This is a poor attempt at conjuring up the spectre of
``unreleased OpenBSD exploits'' in people's minds. Don't fall for it.