[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] You shady bastards.
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <fdlist@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] You shady bastards.
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Wed, 06 Jun 2007 11:24:21 -0400
This is clearly a forged electronic mail trolling attempt and
attempt at assassinating the character of HD. The real HD Moore
(famous inventor of the Millerpreter and Skapesploit) would not be
so naive/ignorant in a matter like this.
Grow up list, don't feed the trolls.
J
On Wed, 06 Jun 2007 09:47:12 -0400 H D Moore
<fdlist@xxxxxxxxxxxxxxxxxx> wrote:
>Hello,
>
>Some friends and I were putting together a contact list for the
>folks
>attending the Defcon conference this year in Las Vegas. My friend
>sent
>out an email, with a large CC list, asking people to respond if
>they
>planned on attending. The email was addressed to quite a few
>people, with
>one of them being David Maynor. Unfortunately, his old SecureWorks
>
>address was used, not his current address with ErrattaSec.
>
>Since one of the messages sent to the group contained a URL to our
>phone
>numbers and names, I got paranoid and decided to determine whether
>
>SecureWorks was still reading email addressed to David Maynor. I
>sent an
>email to David's old SecureWorks address, with a subject line
>promising
>0-day, and a link to a non-public URL on the metasploit.com web
>server
>(via SSL). Twelve hours later, someone from a Comcast cable modem
>in
>Atlanta tried to access the link, and this someone was (confirmed)
>not
>David. SecureWorks is based in Atlanta. All times are CDT.
>
>I sent the following message last night at 7:02pm.
>
>---
>From: H D Moore <hdm[at]metasploit.com>
>To: David Maynor <dmaynor[at]secureworks.com>
>Subject: Zero-day I promised
>Date: Tue, 5 Jun 2007 19:02:11 -0500
>User-Agent: KMail/1.9.3
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>Message-Id: <200706051902.11544.hdm[at]metasploit.com>
>Status: RO
>X-Status: RSC
>
>https://metasploit.com/maynor.tar.gz
>---
>
>Approximately 12 hours later, the following request shows up in my
>Apache
>log file. It looks like someone at SecureWorks is reading email
>addressed
>to David and tried to access the link I sent:
>
>71.59.27.152 - - [05/Jun/2007:19:16:42 -0500] "GET /maynor.tar.gz
>HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X;
>en)
>AppleWebKit/419 (KHTML, like Gecko) Safari/419.3"
>
>This address resolves to:
>c-71-59-27-152.hsd1.ga.comcast.net
>
>The whois information is just the standard Comcast block
>boilerplate.
>
>---
>
>Is this illegal? I could see reading email addressed to him being
>within
>the bounds of the law, but it seems like trying to download the
>"0day"
>link crosses the line.
>
>Illegal or not, this is still pretty damned shady.
>
>Bastards.
>
>-HD
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
--
Click here for free information on consolidating your debt.
http://tagline.hushmail.com/fc/CAaCXv1QPxZtJrSWfizeiMOCW4rzwcnw/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/