Re: [Full-disclosure] [NANOG] IOS rootkits
Dumb and outlandish statements like these are why you are not responsible for any networks, outside your own (if even). n3td3v wrote: > On Wed, May 21, 2008 at 5:05 PM, mutiny <[EMAIL PROTECTED]> wrote: > >> A rootkit for Cisco will not damage anything, Cisco has even shown interest >> in the development. A rootkit for Cisco will cause Cisco to look into the >> issue more closely, which in turn will make IOS *more secure.* >> >> > > I'm interested in you saying things will be more secure because of the > presentation, but how long will it > take for things to be more secure and how big an attack window will > the bad guys have after the presentation (A day, a week, a month, a > year?) for putting rootkits into Cisco routers before the problem gets > fixed? I don't want there to be an attack window of any length... even > a day is too long, the bad guys could do a lot in a day. > > I agree things will be more secure eventually, but whats going to > happen between presentation day and some kind of solution for the > problem actually being rolled out is the worrying part for me. > > Cyber armageddon? > > Do we just say, its your own fault your business went down because you > weren't secure... or should the folks who let the presentation go > ahead hold some responsiblity for the pwned routers will evitably be > hacked. > > Let's just hope its networks that don't matter that get pwned, and not > networks that carry anything important on them. > > The problem is, all networks are important to somebody... thanks > EUSecWest for allowing an attack window of carnage... in the name of > making IOS more secure or something. > > So guys, how long will the attack window be, the bad guys have to pwn > routers before things are secure? I am worried about whats going to > happen during the attack window of opportunity... > > This presentation is a bad idea on so many levels which out weigh the > Cisco IOS will eventually end up more secure argument. > > Its the *eventually* part that the bad guys will take advantage of. > > So has anyone got a time frame in mind of how long the bad guys are > going to have? Any estimations? Will Cisco be working to close the > attack window time frame after the presentation to keep it to a > minimal time frame and to limit damage and disruption caused to its > customers? > > I'm scared, worried, paranoid... > > All the best, > > n3td3v > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
Miss Wallace: Why does "n3td3v" hate network security enthusiasts? Why is "n3td3v" being so disruptive? A rootkit for Cisco will not damage anything, Cisco has even shown interest in the development. A rootkit for Cisco will cause Cisco to look into the issue more closely, which in turn will make IOS *more secure.* If "n3td3v" is concerned about the "safety of the internet", they/you should go back to your hole and never come out. Or if you do come out, don't post on any security-related mailing lists or even your google group (which cannot be considered security-related, since you run it). Please, stop trying to make the internet a more dangerous environment. All the best, Your mom's a bloody cunt. n3td3v wrote: > On Wed, May 21, 2008 at 12:08 AM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > >> On Tue, May 20, 2008 at 6:49 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> >>> How can you say the cyber world is unlikely to end when Cisco is the >>> most widely used router on the internet today? Everyone uses Cisco, >>> all the ISP's and everyone. >>> >>> Even if the in the know guys secure their routers, there is still a >>> hell of a lot of people who won't and a rootkit for Cisco will damage >>> the internet, e-commerce and government!!! >>> >> Mr. Wallace, >> >> You seem to be crafting a highly skilled act of social engineering. >> Its meaning and intent must have extensive global reach. Why are you >> "talking up" this vulnerability to the extent that you are? >> > > Tell me, > > Do you want this presentation to go ahead, Yes or No? > > I will link back to your reply and so will historians. > > If you don't listen to n3td3v and Gadi Evron, at least we know we > tried to avert what we see is going to happen. > > It won't be our necks on the line, it will be heads within government > which will be rolling who decided to ignore us and that this > presentation was a good idea. > > All the best, > > b3td3v > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
n3td3v wrote: > I'm interested in you saying things will be more secure because of the > presentation, but how long will it > take for things to be more secure and how big an attack window will > the bad guys have after the presentation (A day, a week, a month, a > year?) for putting rootkits into Cisco routers before the problem gets > fixed? I don't want there to be an attack window of any length... even > a day is too long, the bad guys could do a lot in a day. Ok, I'm painfully aware that I'm feeding a pathetic troll, but I can't resist anymore, and I'll try to keep this non-technical since you don't understand that part. A root kit is unusable unless you already have the access to install it. And _if_ you have access to install a root kit you have access to read, manipulate or install anything you want. A published and well known root kit will actually make it easier to detect that it has been installed on your equipment than something that some evil geezer has written for himself. And you are sadly wrong when it comes to what you call "attack window". An "attack window" is between the point in time that a a piece of software with a given weakness has been installed and until it has been patched or removed. It has nothing to do with when a weakness has been released into the public, much less to do when a utility to use such a weakness has been released into the public. A large amount of all the weaknesses published has been known and been exploited for a long time. Scriptkiddies aren't a threat, they're a blessing. They make any known weakness more than obvious, to the point that not the most stubborn corporate manager can ignore the issue. -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Wed, May 21, 2008 at 5:05 PM, mutiny <[EMAIL PROTECTED]> wrote: > A rootkit for Cisco will not damage anything, Cisco has even shown interest > in the development. A rootkit for Cisco will cause Cisco to look into the > issue more closely, which in turn will make IOS *more secure.* > I'm interested in you saying things will be more secure because of the presentation, but how long will it take for things to be more secure and how big an attack window will the bad guys have after the presentation (A day, a week, a month, a year?) for putting rootkits into Cisco routers before the problem gets fixed? I don't want there to be an attack window of any length... even a day is too long, the bad guys could do a lot in a day. I agree things will be more secure eventually, but whats going to happen between presentation day and some kind of solution for the problem actually being rolled out is the worrying part for me. Cyber armageddon? Do we just say, its your own fault your business went down because you weren't secure... or should the folks who let the presentation go ahead hold some responsiblity for the pwned routers will evitably be hacked. Let's just hope its networks that don't matter that get pwned, and not networks that carry anything important on them. The problem is, all networks are important to somebody... thanks EUSecWest for allowing an attack window of carnage... in the name of making IOS more secure or something. So guys, how long will the attack window be, the bad guys have to pwn routers before things are secure? I am worried about whats going to happen during the attack window of opportunity... This presentation is a bad idea on so many levels which out weigh the Cisco IOS will eventually end up more secure argument. Its the *eventually* part that the bad guys will take advantage of. So has anyone got a time frame in mind of how long the bad guys are going to have? Any estimations? Will Cisco be working to close the attack window time frame after the presentation to keep it to a minimal time frame and to limit damage and disruption caused to its customers? I'm scared, worried, paranoid... All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
Dear n3td3v, the person =) I really appreciate your left wing point of view but you need to understand one thing: FD's a free list and all but it's not a blog. Nothing personal, On 5/17/08, n3td3v <[EMAIL PROTECTED]> wrote: > On Sat, May 17, 2008 at 7:38 PM, n3td3v <[EMAIL PROTECTED]> wrote: > > -- Forwarded message -- > > From: n3td3v <[EMAIL PROTECTED]> > > Date: Sat, May 17, 2008 at 12:08 PM > > Subject: Re: [NANOG] IOS rootkits > > To: [EMAIL PROTECTED] > > > > > > On Sat, May 17, 2008 at 11:12 AM, Suresh Ramasubramanian > > <[EMAIL PROTECTED]> wrote: > >> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft > >> <[EMAIL PROTECTED]> wrote: > >>> If the way of running this isn't out in the wild and it's actually > >>> dangerous then a pox on anyone who releases it, especially to gain > >>> publicity at the expensive of network operators sleep and well being. > >>> May you never find a reliable route ever again. > >> > >> This needs fixing. It doesnt need publicity at security conferences > >> till after cisco gets presented this stuff first and asked to release > >> an emergency patch. > > > > Agreed, > > > > You've got to remember though that a security conference is a > > commercial venture, it makes business sense for this to be publically > > announced at this security conference. > > > > I think security conferences have become something that sucks as its > > all become money making oriented and the people who run these things > > don't really have security in mind, just the £ signs reflecting on > > their eye balls. > > > >> --srs > >> -- > >> Suresh Ramasubramanian ([EMAIL PROTECTED]) > >> > > > > All the best, > > > > n3td3v > > > > > Full-Disclosure, > > I fully believe British Intelligence are the best in the world and > that they will pull the plug on this presentation without hesitation > before it gets to go ahead. > > I don't see anyone disagreeing how wrong it is for this presentation > to go ahead as a business decision. > > I know the national security boys at MI5 are listening, so I suggest > this gets priority and this presentation doesn't go ahead. > > What I want is a high profile pulling the plug of this presentation to > act as a deterrent to any other security conferences across the world > who think they are going to capitalise through high risk > vulnerabilities as this one is. > > I want UK government officials to walk on stage as this presnetation > is about to start, infront of the media, infront of everybody, > including the money makers who thought they were going to use this > presentation as a way to sell tickets and make money and put UK > national security at risk. > > I don't want a behind the scenes pulling the plug of this > presentation, I want it to be high profile, infront of the worlds > media to show that in Britian we don't fuck about with crappy security > conferences trying to become rich by getting high risk talkers to come > to their security conference to guarantee a sell out and thousands of > pounds made, at a cost to UK national security. > > I will be talking with my private contacts to try and get this to > happen, as many of you know I already had a grudge with EUSecWest > spamming the mailing lists, instead of buying advertisement banners on > websites, so the announcement of a IOS rootkit presentation is the > final insult to injury, and the UK national security boys are likely > to pull the plug on this without hesitation to make an example to > these security conference owners to say that national security becomes > before profit and how dare you try to profit and not giving a shit > about the consequences of this presentation. > > Trust me and mark my words EUSecWest, you upset a lot of people > spamming the mailing lists, this is just the worst possible thing you > could have done to keep people on side, you've lost any respect I may > have had for your conference and I guarantee UK government officials > will pull the plug on your business venture of a security conference. > > Blackhat conference with Michael Lynn was under the control of the > American authorities and they were light weight in response to what > was going on, trust me, the British authorities will be coming down a > lot tougher and won't be thinking twice about pulling this > presentation, but will do it on a grand scale infront of the media, to > send a clear signal that these security conferences and their money > making agenda isn't going to get in the way of our national security. > > This is a subject I feel strongly and passionate about because if this > presentation went ahead it would fuck up a lot of ISPs and would put > national security at risk. > > If the British authorites don't pull the plug on this presentation you > will have let your country down and let your British taxpayers down > who fund MI5 in the first place. > > And its not just me saying th
Re: [Full-disclosure] [NANOG] IOS rootkits
Hi, > It won't be our necks on the line, it will be heads within government > which will be rolling who decided to ignore us and that this > presentation was a good idea. eh? have you kept up with UK politics recently. No heads roll with 'new labour' - no matter what massive messes they make of things. petrol prices 2x higher than when they came into power. rail network that still fails a couple of times each season. 10p tax fiasco. no idea about technology. loss of internet for some short time while it all gets fixed up? perhaps they'd lose a by-election over it. nothing more. alan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
Hi, > How can you say the cyber world is unlikely to end when Cisco is the > most widely used router on the internet today? Everyone uses Cisco, > all the ISP's and everyone. I tend to ignore your comments, however this is just ridiculous. The internet is based on CISCO? yes. sure. I'm sure that Juniper would be very surprised to find out that all the ISPs..and everyone..uses Cisco as their router platform. Juniper...and Foundry and Extreme to a lesser extent.. might want to know why the major ISPs etc bought their kit if all they'll do with it is shove it into a store room or use it for a development network. Subtle hint: Cisco isnt the only player in the major ISP market. IOS issues have been reported for years. a rootkit isnt the threat - remote vulnerability to get that rootkit on in the first place is a threat. Your issue with the information being release at this security conference? the fact that people paid to learn this information? Or the release of the information? If the info was released for free to the world then you'd have no issue because you dont want to pay for some info? or you dont want full disclosure and rely on security through obscurity? but surely that goes against what eg this list stands for. Bring on the issues. It'll ensure that Cisco sort their issues out. if they dont then those other vendors will be happy to supply to companies who are properly concerned about such threats. Such issues are what make full disclosure a reasonable practice. alan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, 20 May 2008 23:49:33 BST, n3td3v said: > How can you say the cyber world is unlikely to end when Cisco is the > most widely used router on the internet today? Everyone uses Cisco, > all the ISP's and everyone. Except for the people who use Juniper, or Anyhow - if you can explain how it is *ANY DIFFERENT* than the situation after Lynn's talk, where he basically gave the way to shellcode IOS, and why the existence of cookie-cutter shellcode for IOS didn't break the net, but rootkits will? Hint - to rootkit a Cisco, you first have to shellcode it. And the ability to do *THAT* has been there for years. > Even if the in the know guys secure their routers, there is still a > hell of a lot of people who won't and a rootkit for Cisco will damage > the internet, e-commerce and government!!! Yes, exactly the *SAME* way that the Cisco world fell apart after Lynn's talk. pgp04bgg4ldkS.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Wed, May 21, 2008 at 12:08 AM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2008 at 6:49 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> How can you say the cyber world is unlikely to end when Cisco is the >> most widely used router on the internet today? Everyone uses Cisco, >> all the ISP's and everyone. >> >> Even if the in the know guys secure their routers, there is still a >> hell of a lot of people who won't and a rootkit for Cisco will damage >> the internet, e-commerce and government!!! > > Mr. Wallace, > > You seem to be crafting a highly skilled act of social engineering. > Its meaning and intent must have extensive global reach. Why are you > "talking up" this vulnerability to the extent that you are? Tell me, Do you want this presentation to go ahead, Yes or No? I will link back to your reply and so will historians. If you don't listen to n3td3v and Gadi Evron, at least we know we tried to avert what we see is going to happen. It won't be our necks on the line, it will be heads within government which will be rolling who decided to ignore us and that this presentation was a good idea. All the best, b3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, May 20, 2008 at 6:49 PM, n3td3v <[EMAIL PROTECTED]> wrote: > How can you say the cyber world is unlikely to end when Cisco is the > most widely used router on the internet today? Everyone uses Cisco, > all the ISP's and everyone. > > Even if the in the know guys secure their routers, there is still a > hell of a lot of people who won't and a rootkit for Cisco will damage > the internet, e-commerce and government!!! Mr. Wallace, You seem to be crafting a highly skilled act of social engineering. Its meaning and intent must have extensive global reach. Why are you "talking up" this vulnerability to the extent that you are? I wonder after reading this email of yours from two years past. * From: xploitable at gmail.com (n3td3v) * Subject: [Full-disclosure] Securityfocus fall for n3td3v agenda to show up the security company * Date: Fri Jul 28 16:16:15 2006 * The only worm ever to appear with XSS was a harmless Myspace worm, yet * both companies are saying things are critical and that the internet is * rife with wormable XSS flaws, just to advertise to any would-be * attacker who didn't know, to make sure they know now. * * There wasn't originally a threat in reality, but you can be sure * they've just created a threat by talking up the attack vector of XSS * worms on social network sites. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, May 20, 2008 at 11:53 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > Mr. Wallace, > > In your rush to reply, you failed to actually respond to my post. > > Again, you use the technique of "Supressed Evidence" to forcefully > reply while not actually responding to the point that was made. > > On Tue, May 20, 2008 at 6:31 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> On Tue, May 20, 2008 at 11:25 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: >>> Mr. Wallace, >>> >>> 1. HD Moore long ago released a kit that could be used to rootkit >>> Cisco boxes. This is an obvious statement of fact. >>> 2. In-the-wild Cisco rootkits have been known to non-eponymous >>> security researchers for a considerable time. >>> 3. You have said that HD More is a global threat. >>> 4. You have repeatedly defamed/slandered/libeled HD Moore among a >>> global community of peers and coworkers. >>> >>> I am providing this opportunity for you to show a correlation between >>> the current existence of rootkits for Cisco systems and the current >>> existence of tools from HD Moore. >> >> >> So can you guarantee the HD Moore's of the world won't work out how to >> do Cisco rootkits after the EUSecWest presentation and won't release a >> tool to the mailing lists? > No guarantee is required. Rootkits and tools already exist. If you can't guarantee it, then the presentation shouldn't go ahead. >> >> You are delusional if you think this presentation won't lead to >> someone releasing a tool to the script kids, the presentation can't go >> ahead. > 1. It is obvious to security researchers, Mr. Wallace, that a number > of such tools already exist. > 2. There exist a number of Cisco rootkits that are known to security > researchers. > Mr. Wallace, I am sure that you are thoroughly versed in these things > because of your standing in the security community and your > affiliation with Global Intelligence Services. So, why do you > repeatedly cast aspersions on HD Moore? > Because in my opinion it is highly skilled people like HD Moore who would release a tool for Cisco rootkits after watching or reading the presentation. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
Mr. Wallace, In your rush to reply, you failed to actually respond to my post. Again, you use the technique of "Supressed Evidence" to forcefully reply while not actually responding to the point that was made. On Tue, May 20, 2008 at 6:31 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2008 at 11:25 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: >> Mr. Wallace, >> >> 1. HD Moore long ago released a kit that could be used to rootkit >> Cisco boxes. This is an obvious statement of fact. >> 2. In-the-wild Cisco rootkits have been known to non-eponymous >> security researchers for a considerable time. >> 3. You have said that HD More is a global threat. >> 4. You have repeatedly defamed/slandered/libeled HD Moore among a >> global community of peers and coworkers. >> >> I am providing this opportunity for you to show a correlation between >> the current existence of rootkits for Cisco systems and the current >> existence of tools from HD Moore. > > > So can you guarantee the HD Moore's of the world won't work out how to > do Cisco rootkits after the EUSecWest presentation and won't release a > tool to the mailing lists? No guarantee is required. Rootkits and tools already exist. > > Whoever ends up working out how to do Cisco rootkits and releases a > tool to the mailing lists for it, would be a global threat. Backpedaling is meaningless. You have numerous times violated UK and international law. > > You are delusional if you think this presentation won't lead to > someone releasing a tool to the script kids, the presentation can't go > ahead. 1. It is obvious to security researchers, Mr. Wallace, that a number of such tools already exist. 2. There exist a number of Cisco rootkits that are known to security researchers. Mr. Wallace, I am sure that you are thoroughly versed in these things because of your standing in the security community and your affiliation with Global Intelligence Services. So, why do you repeatedly cast aspersions on HD Moore? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, May 20, 2008 at 11:44 PM, <[EMAIL PROTECTED]> wrote: > On Tue, 20 May 2008 23:31:46 BST, n3td3v said: > >> You are delusional if you think this presentation won't lead to >> someone releasing a tool to the script kids, the presentation can't go >> ahead. > > Oddly enough, the world didn't fall apart when Michael Lynn did *his* > presentation on IOS 3 years ago. > > Yes, somebody will release a script kiddie tool. Yes, some sites that haven't > been following the BCP's for securing their routers will learn the hard way. > No, the world is unlikely to end. > How can you say the cyber world is unlikely to end when Cisco is the most widely used router on the internet today? Everyone uses Cisco, all the ISP's and everyone. Even if the in the know guys secure their routers, there is still a hell of a lot of people who won't and a rootkit for Cisco will damage the internet, e-commerce and government!!! All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, 20 May 2008 23:31:46 BST, n3td3v said: > You are delusional if you think this presentation won't lead to > someone releasing a tool to the script kids, the presentation can't go > ahead. Oddly enough, the world didn't fall apart when Michael Lynn did *his* presentation on IOS 3 years ago. Yes, somebody will release a script kiddie tool. Yes, some sites that haven't been following the BCP's for securing their routers will learn the hard way. No, the world is unlikely to end. pgpTQcMVxILmD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, May 20, 2008 at 11:25 PM, Dr. J Swift <[EMAIL PROTECTED]> wrote: > Mr. Wallace, > > 1. HD Moore long ago released a kit that could be used to rootkit > Cisco boxes. This is an obvious statement of fact. > 2. In-the-wild Cisco rootkits have been known to non-eponymous > security researchers for a considerable time. > 3. You have said that HD More is a global threat. > 4. You have repeatedly defamed/slandered/libeled HD Moore among a > global community of peers and coworkers. > > I am providing this opportunity for you to show a correlation between > the current existence of rootkits for Cisco systems and the current > existence of tools from HD Moore. So can you guarantee the HD Moore's of the world won't work out how to do Cisco rootkits after the EUSecWest presentation and won't release a tool to the mailing lists? Whoever ends up working out how to do Cisco rootkits and releases a tool to the mailing lists for it, would be a global threat. You are delusional if you think this presentation won't lead to someone releasing a tool to the script kids, the presentation can't go ahead. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
Mr. Wallace, 1. HD Moore long ago released a kit that could be used to rootkit Cisco boxes. This is an obvious statement of fact. 2. In-the-wild Cisco rootkits have been known to non-eponymous security researchers for a considerable time. 3. You have said that HD More is a global threat. 4. You have repeatedly defamed/slandered/libeled HD Moore among a global community of peers and coworkers. I am providing this opportunity for you to show a correlation between the current existence of rootkits for Cisco systems and the current existence of tools from HD Moore. On Tue, May 20, 2008 at 5:45 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Mon, May 19, 2008 at 7:39 AM, I M <[EMAIL PROTECTED]> wrote: >> Your name doesn't even deserve to sit on the same email as HD Moore.As you >> said it yourself: >> "I'm not technically gifted so I can't join in the technical discussion >> but I see a threat when I see one." >> You really aren't so stop making accusations and zero grounded >> declarations.Now you are going on my filter too.I had enough of your >> > stupid characters all over my screen. >> > > Me and Gadi Evron aren't technically gifted and we can't join in the > technical discussion but we aren't stupid people. > > HD Moore is the biggest threat in the security world today and I stand > by those words, we can't allow the presentation to go ahead. > > It will be a cyber disaster if HD Moore works out how to do Cisco > rootkits, he will release a tool to the script kids. > > All the best, > > n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, May 20, 2008 at 11:03 PM, <[EMAIL PROTECTED]> wrote: > On Tue, 20 May 2008 22:45:23 BST, n3td3v said: >> HD Moore is the biggest threat in the security world today and I stand >> by those words, we can't allow the presentation to go ahead. > > It certainly would be nice to work in a world where HD Moore was the biggest > threat. How can you say HD Moore isn't the biggest threat in the security world today? > It will be a cyber disaster if HD Moore works out how to do Cisco > rootkits, he will release a tool to the script kids. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Tue, 20 May 2008 22:45:23 BST, n3td3v said: > HD Moore is the biggest threat in the security world today and I stand > by those words, we can't allow the presentation to go ahead. It certainly would be nice to work in a world where HD Moore was the biggest threat. Unfortunately, those of us who actually do security for a living have to deal with much bigger threats - for instance, the ever-changing laws and proposed laws having to deal with data retention (some data you have to keep, some data you are not allowed to keep, sometimes you have data that one country says you have to keep and another country says you're not allowed to keep). And some blogger going by the name of n3td3v keeps whining about MI5/6: http://www.google.com/search?hl=en&lr=&as_qdr=all&q=n3td3v+mi5+OR+mi6&btnG=Search and Chinese cyber-terrorists: http://www.google.com/search?sourceid=mozclient&scoring=d&ie=utf-8&oe=utf-8&q=n3td3v+chinese pgpNKFVtpYaRD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Mon, May 19, 2008 at 7:39 AM, I M <[EMAIL PROTECTED]> wrote: > Your name doesn't even deserve to sit on the same email as HD Moore.As you > said it yourself: > "I'm not technically gifted so I can't join in the technical discussion > but I see a threat when I see one." > You really aren't so stop making accusations and zero grounded > declarations.Now you are going on my filter too.I had enough of your > > stupid characters all over my screen. > Me and Gadi Evron aren't technically gifted and we can't join in the technical discussion but we aren't stupid people. HD Moore is the biggest threat in the security world today and I stand by those words, we can't allow the presentation to go ahead. It will be a cyber disaster if HD Moore works out how to do Cisco rootkits, he will release a tool to the script kids. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
LOL ... You are so funny! and stupid at the same time.The only thing needed to be placed under the secrecy act is your fucked up brain.Give up on movies like Spy Games,Syriana,Ronin,The Breach,Charlies War or any other movie that made you go ranting everywhere about secret services or intelligence services.Your name doesn't even deserve to sit on the same email as HD Moore.As you said it yourself: "I'm not technically gifted so I can't join in the technical discussion but I see a threat when I see one. " You really aren't so stop making accusations and zero grounded declarations.Now you are going on my filter too.I had enough of your stupid characters all over my screen. - Original Message From: n3td3v <[EMAIL PROTECTED]> To: full-disclosure@lists.grok.org.uk Sent: Monday, May 19, 2008 1:40:51 AM Subject: Re: [Full-disclosure] [NANOG] IOS rootkits " As soon as this presentation is done, someone like HD Moore will work out whats going on and code something and do what he normally does and release some kind of point and click disaster for the script kids to use. Sebastian Muniz, he isn't planning to release any source code, but with brain boxes like HD Moore around he won't need to. He will pretty much hint to the HD Moore's of the world how its all happening, and then its going to be script kiddie hell as soon as the HD Moore's of the world release a point and click disaster. Folks like HD Moore are desperate for new things to leverage to get a name for themselves that will shock and awe the security world so that they will go down in the history books as some great hero of info sec. Trust me, I don't want the HD Moore's of the world working out how to do Cisco rootkits, because he will only code something and throw it out to the masses. This kind of Cisco rootkit should be placed under the secrecy act so its illegal to release this kind of thing that should only be used by the intelligence services. I think me and Gadi are right in saying, if this presentation goes ahead its going to be an absolute disaster as soon as HD Moore catches on how its done. I'm not technically gifted so I can't join in the technical discussion but I see a threat when I see one. All the best, n3td3v" ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
On Sun, May 18, 2008 at 7:45 PM, Kurt Dillard <[EMAIL PROTECTED]> wrote: > Apparently Gadi doesn't understand either. Rootkits don't need to exploit > vulnerabilities in an OS, they leverage the design of the OS or the > underlying hardware platform. You don't 'patch' the design of something. You > want to stop rootkits in IOS? Don't allow it to run arbitrary code, run the > OS in firmware rather than from writable storage. Go study up on rootkits > for a few weeks before you complain about someone demonstrating one. Unlike > you guys I happen to know what I am talking about as I've been studying > malware including rootkits for over 10 years. By studying I mean taking them > apart, figuring out how they work, and finding tools to deal with them; not > reading some half-assed article on CNET or Ziff-Davis full of technical > errors. > > Over the past few years Cisco, Apple, and Oracle have behaved an awful lot > like Microsoft did 10 years ago, trying to pretend that their platforms are > immune to malware and refusing to approach vulnerabilities head-on with an > attitude of rational pragmatism. Dave Litchfield and his team have dragged > Oracle kicking and screaming to the world of reality, the same has yet to > happen with the other two firms. As soon as this presentation is done, someone like HD Moore will work out whats going on and code something and do what he normally does and release some kind of point and click disaster for the script kids to use. Sebastian Muniz, he isn't planning to release any source code, but with brain boxes like HD Moore around he won't need to. He will pretty much hint to the HD Moore's of the world how its all happening, and then its going to be script kiddie hell as soon as the HD Moore's of the world release a point and click disaster. Folks like HD Moore are desperate for new things to leverage to get a name for themselves that will shock and awe the security world so that they will go down in the history books as some great hero of info sec. Trust me, I don't want the HD Moore's of the world working out how to do Cisco rootkits, because he will only code something and throw it out to the masses. This kind of Cisco rootkit should be placed under the secrecy act so its illegal to release this kind of thing that should only be used by the intelligence services. I think me and Gadi are right in saying, if this presentation goes ahead its going to be an absolute disaster as soon as HD Moore catches on how its done. I'm not technically gifted so I can't join in the technical discussion but I see a threat when I see one. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Keep in mind that rootkit functionality itself isn't all bad, take anti-virus software for example. Its like a shark trawling the bottom of the sea floor, looking up at its next meal on high; how deeply can you hook the OS core... Elazar On Sun, 18 May 2008 14:45:48 -0400 Kurt Dillard <[EMAIL PROTECTED]> wrote: >Apparently Gadi doesn't understand either. Rootkits don't need >to exploit >vulnerabilities in an OS, they leverage the design of the OS or >the >underlying hardware platform. You don't 'patch' the design of >something. You >want to stop rootkits in IOS? Don't allow it to run arbitrary >code, run the >OS in firmware rather than from writable storage. Go study up on >rootkits >for a few weeks before you complain about someone demonstrating >one. Unlike >you guys I happen to know what I am talking about as I've been >studying >malware including rootkits for over 10 years. By studying I mean >taking them >apart, figuring out how they work, and finding tools to deal with >them; not >reading some half-assed article on CNET or Ziff-Davis full of >technical >errors. > >Over the past few years Cisco, Apple, and Oracle have behaved an >awful lot >like Microsoft did 10 years ago, trying to pretend that their >platforms are >immune to malware and refusing to approach vulnerabilities head-on >with an >attitude of rational pragmatism. Dave Litchfield and his team have >dragged >Oracle kicking and screaming to the world of reality, the same has >yet to >happen with the other two firms. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >n3td3v >Sent: Sunday, May 18, 2008 12:50 PM >To: full-disclosure@lists.grok.org.uk >Subject: Re: [Full-disclosure] [NANOG] IOS rootkits > >On Sun, May 18, 2008 at 4:37 PM, Kurt Dillard ><[EMAIL PROTECTED]> wrote: >> NETDOVE, >> Obviously you have no idea how a rootkit works much less how to >defend >> against them, your rants make no sense. >> >> Kurt > >Dude, > >Gadi Evron is punching into this guy as well, check this out: > >-- Forwarded message -- >From: Gadi Evron <[EMAIL PROTECTED]> >Date: Sun, May 18, 2008 at 3:48 PM >Subject: Re: [NANOG] IOS rootkits >To: Dragos Ruiu <[EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], >[EMAIL PROTECTED] > > >On Sun, 18 May 2008, Dragos Ruiu wrote: >> >> On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: >> >>> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >>> <[EMAIL PROTECTED]> wrote: >>>> If the way of running this isn't out in the wild and it's >actually >>>> dangerous then a pox on anyone who releases it, especially to >gain >>>> publicity at the expensive of network operators sleep and well >being. >>>> May you never find a reliable route ever again. >>> >>> This needs fixing. It doesnt need publicity at security >conferences >>> till after cisco gets presented this stuff first and asked to >release >>> an emergency patch. >> >> Bullshit. >> >> There is nothing to patch. >> >> It needs to be presented at conferences, exactly because people >will >> play ostrich and stick their heads in the sand and pretend it >can't >> happen to them, and do nothing about it until someone shows >them, "yes >> it can happen" and here is how >> >> Which is exactly why we've accepted this talk. We've all known >this is >> a possibility for years, but I haven't seen significant motion >forward >> on this until we announced this talk. So in a fashion, this has >> already helped make people more realistic about their >infrastructure >> devices. And the discussions, and idea interchange that will >happen >> between the smart folks at the conference will undoubtedly usher >forth >> other related issues and creative solutions. Problems don't get >fixed >> until you talk about them. > >Dragus, while I hold full disclosure very close and it is dear to >my >heart, I admit the fact that it can be harmful. Let me link that >to >network operations. > >People forget history. A few years back I had a chat with Aleph1 >on the >first days of bugtraq. He reminded me how things are not always >black and >white. > >Full disclosure, while preferable in my ideology, is not the best >solution >for all. One of the reasons bugtraq was created is because vendors >did not >care about
Re: [Full-disclosure] [NANOG] IOS rootkits
Apparently Gadi doesn't understand either. Rootkits don't need to exploit vulnerabilities in an OS, they leverage the design of the OS or the underlying hardware platform. You don't 'patch' the design of something. You want to stop rootkits in IOS? Don't allow it to run arbitrary code, run the OS in firmware rather than from writable storage. Go study up on rootkits for a few weeks before you complain about someone demonstrating one. Unlike you guys I happen to know what I am talking about as I've been studying malware including rootkits for over 10 years. By studying I mean taking them apart, figuring out how they work, and finding tools to deal with them; not reading some half-assed article on CNET or Ziff-Davis full of technical errors. Over the past few years Cisco, Apple, and Oracle have behaved an awful lot like Microsoft did 10 years ago, trying to pretend that their platforms are immune to malware and refusing to approach vulnerabilities head-on with an attitude of rational pragmatism. Dave Litchfield and his team have dragged Oracle kicking and screaming to the world of reality, the same has yet to happen with the other two firms. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Sunday, May 18, 2008 12:50 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [NANOG] IOS rootkits On Sun, May 18, 2008 at 4:37 PM, Kurt Dillard <[EMAIL PROTECTED]> wrote: > NETDOVE, > Obviously you have no idea how a rootkit works much less how to defend > against them, your rants make no sense. > > Kurt Dude, Gadi Evron is punching into this guy as well, check this out: -- Forwarded message -- From: Gadi Evron <[EMAIL PROTECTED]> Date: Sun, May 18, 2008 at 3:48 PM Subject: Re: [NANOG] IOS rootkits To: Dragos Ruiu <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] On Sun, 18 May 2008, Dragos Ruiu wrote: > > On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: > >> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >> <[EMAIL PROTECTED]> wrote: >>> If the way of running this isn't out in the wild and it's actually >>> dangerous then a pox on anyone who releases it, especially to gain >>> publicity at the expensive of network operators sleep and well being. >>> May you never find a reliable route ever again. >> >> This needs fixing. It doesnt need publicity at security conferences >> till after cisco gets presented this stuff first and asked to release >> an emergency patch. > > Bullshit. > > There is nothing to patch. > > It needs to be presented at conferences, exactly because people will > play ostrich and stick their heads in the sand and pretend it can't > happen to them, and do nothing about it until someone shows them, "yes > it can happen" and here is how > > Which is exactly why we've accepted this talk. We've all known this is > a possibility for years, but I haven't seen significant motion forward > on this until we announced this talk. So in a fashion, this has > already helped make people more realistic about their infrastructure > devices. And the discussions, and idea interchange that will happen > between the smart folks at the conference will undoubtedly usher forth > other related issues and creative solutions. Problems don't get fixed > until you talk about them. Dragus, while I hold full disclosure very close and it is dear to my heart, I admit the fact that it can be harmful. Let me link that to network operations. People forget history. A few years back I had a chat with Aleph1 on the first days of bugtraq. He reminded me how things are not always black and white. Full disclosure, while preferable in my ideology, is not the best solution for all. One of the reasons bugtraq was created is because vendors did not care about security, not to mention have a capability to handle security issues, or avoid them to begin with. Full disclosure made a lot of progress for us, and while still a useful tool, with some vendors it has become far more useful to report to them and let them provide with a solution first. In the case of routers which are used for infrastructure as well as critical infrastructure, it is my strong belief that full disclosure is, at least at face value, a bad idea. I'd like to think Cisco, which has shown capability in the past, is as responsible as it should be on these issues. Experience tells me they have a ways to go yet even if they do have good processes in place with good people to employ them. I'd also like to think tier-1 and tier-2 providers get patches first before such releases. This used to somewhat be the case, last I checked it no longer is
Re: [Full-disclosure] [NANOG] IOS rootkits
On Sun, May 18, 2008 at 4:37 PM, Kurt Dillard <[EMAIL PROTECTED]> wrote: > NETDOVE, > Obviously you have no idea how a rootkit works much less how to defend > against them, your rants make no sense. > > Kurt Dude, Gadi Evron is punching into this guy as well, check this out: -- Forwarded message -- From: Gadi Evron <[EMAIL PROTECTED]> Date: Sun, May 18, 2008 at 3:48 PM Subject: Re: [NANOG] IOS rootkits To: Dragos Ruiu <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] On Sun, 18 May 2008, Dragos Ruiu wrote: > > On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: > >> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >> <[EMAIL PROTECTED]> wrote: >>> If the way of running this isn't out in the wild and it's actually >>> dangerous then a pox on anyone who releases it, especially to gain >>> publicity at the expensive of network operators sleep and well being. >>> May you never find a reliable route ever again. >> >> This needs fixing. It doesnt need publicity at security conferences >> till after cisco gets presented this stuff first and asked to release >> an emergency patch. > > Bullshit. > > There is nothing to patch. > > It needs to be presented at conferences, exactly because people will > play ostrich and stick their heads in the sand and pretend it can't > happen to them, and do nothing about it until someone shows them, "yes > it can happen" and here is how > > Which is exactly why we've accepted this talk. We've all known this is > a possibility for years, but I haven't seen significant motion forward > on this until we announced this talk. So in a fashion, this has > already helped make people more realistic about their infrastructure > devices. And the discussions, and idea interchange that will happen > between the smart folks at the conference will undoubtedly usher forth > other related issues and creative solutions. Problems don't get fixed > until you talk about them. Dragus, while I hold full disclosure very close and it is dear to my heart, I admit the fact that it can be harmful. Let me link that to network operations. People forget history. A few years back I had a chat with Aleph1 on the first days of bugtraq. He reminded me how things are not always black and white. Full disclosure, while preferable in my ideology, is not the best solution for all. One of the reasons bugtraq was created is because vendors did not care about security, not to mention have a capability to handle security issues, or avoid them to begin with. Full disclosure made a lot of progress for us, and while still a useful tool, with some vendors it has become far more useful to report to them and let them provide with a solution first. In the case of routers which are used for infrastructure as well as critical infrastructure, it is my strong belief that full disclosure is, at least at face value, a bad idea. I'd like to think Cisco, which has shown capability in the past, is as responsible as it should be on these issues. Experience tells me they have a ways to go yet even if they do have good processes in place with good people to employ them. I'd also like to think tier-1 and tier-2 providers get patches first before such releases. This used to somewhat be the case, last I checked it no longer is -- for legitimate concerns by Cisco. has this changed? So, if we don't patch the infrastructure up first, and clients don't know of problems until they are public "for their own security" (an argument that holds water only so much) perhaps it is the time for full disclosure to be considered a viable alternative. All that aside, this is a rootkit, not a vulnerability. There is no inherent vulnerability to patch (unless it is very local). There is the vulnerability of operators who don't so far even consider trojan horses as a threat, and the fact tools don't exist for them to do something once they do. Gadi. > cheers, > --dr > > > > -- > World Security Pros. Cutting Edge Training, Tools, and Techniques > London, U.K. May 21/22 - 2008http://cansecwest.com > pgpkey http://dragos.com/ kyxpgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NANOG] IOS rootkits
NETDOVE, Obviously you have no idea how a rootkit works much less how to defend against them, your rants make no sense. Kurt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Sunday, May 18, 2008 12:00 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [NANOG] IOS rootkits On Sat, May 17, 2008 at 9:39 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Sat, May 17, 2008 at 7:38 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> -- Forwarded message -- >> From: n3td3v <[EMAIL PROTECTED]> >> Date: Sat, May 17, 2008 at 12:08 PM >> Subject: Re: [NANOG] IOS rootkits >> To: [EMAIL PROTECTED] >> >> >> On Sat, May 17, 2008 at 11:12 AM, Suresh Ramasubramanian >> <[EMAIL PROTECTED]> wrote: >>> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >>> <[EMAIL PROTECTED]> wrote: >>>> If the way of running this isn't out in the wild and it's actually >>>> dangerous then a pox on anyone who releases it, especially to gain >>>> publicity at the expensive of network operators sleep and well being. >>>> May you never find a reliable route ever again. >>> >>> This needs fixing. It doesnt need publicity at security conferences >>> till after cisco gets presented this stuff first and asked to release >>> an emergency patch. >> >> Agreed, >> >> You've got to remember though that a security conference is a >> commercial venture, it makes business sense for this to be publically >> announced at this security conference. >> >> I think security conferences have become something that sucks as its >> all become money making oriented and the people who run these things >> don't really have security in mind, just the £ signs reflecting on >> their eye balls. >> >>> --srs >>> -- >>> Suresh Ramasubramanian ([EMAIL PROTECTED]) >>> >> >> All the best, >> >> n3td3v >> > > Full-Disclosure, > > I fully believe British Intelligence are the best in the world and > that they will pull the plug on this presentation without hesitation > before it gets to go ahead. > > I don't see anyone disagreeing how wrong it is for this presentation > to go ahead as a business decision. > > I know the national security boys at MI5 are listening, so I suggest > this gets priority and this presentation doesn't go ahead. > > What I want is a high profile pulling the plug of this presentation to > act as a deterrent to any other security conferences across the world > who think they are going to capitalise through high risk > vulnerabilities as this one is. > > I want UK government officials to walk on stage as this presnetation > is about to start, infront of the media, infront of everybody, > including the money makers who thought they were going to use this > presentation as a way to sell tickets and make money and put UK > national security at risk. > > I don't want a behind the scenes pulling the plug of this > presentation, I want it to be high profile, infront of the worlds > media to show that in Britian we don't fuck about with crappy security > conferences trying to become rich by getting high risk talkers to come > to their security conference to guarantee a sell out and thousands of > pounds made, at a cost to UK national security. > > I will be talking with my private contacts to try and get this to > happen, as many of you know I already had a grudge with EUSecWest > spamming the mailing lists, instead of buying advertisement banners on > websites, so the announcement of a IOS rootkit presentation is the > final insult to injury, and the UK national security boys are likely > to pull the plug on this without hesitation to make an example to > these security conference owners to say that national security becomes > before profit and how dare you try to profit and not giving a shit > about the consequences of this presentation. > > Trust me and mark my words EUSecWest, you upset a lot of people > spamming the mailing lists, this is just the worst possible thing you > could have done to keep people on side, you've lost any respect I may > have had for your conference and I guarantee UK government officials > will pull the plug on your business venture of a security conference. > > Blackhat conference with Michael Lynn was under the control of the > American authorities and they were light weight in response to what > was going on, trust me, the British authorities will be coming down a > lot tougher and won't be thinking twice about pulling this > prese
Re: [Full-disclosure] [NANOG] IOS rootkits
On Sat, May 17, 2008 at 9:39 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Sat, May 17, 2008 at 7:38 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> -- Forwarded message -- >> From: n3td3v <[EMAIL PROTECTED]> >> Date: Sat, May 17, 2008 at 12:08 PM >> Subject: Re: [NANOG] IOS rootkits >> To: [EMAIL PROTECTED] >> >> >> On Sat, May 17, 2008 at 11:12 AM, Suresh Ramasubramanian >> <[EMAIL PROTECTED]> wrote: >>> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >>> <[EMAIL PROTECTED]> wrote: If the way of running this isn't out in the wild and it's actually dangerous then a pox on anyone who releases it, especially to gain publicity at the expensive of network operators sleep and well being. May you never find a reliable route ever again. >>> >>> This needs fixing. It doesnt need publicity at security conferences >>> till after cisco gets presented this stuff first and asked to release >>> an emergency patch. >> >> Agreed, >> >> You've got to remember though that a security conference is a >> commercial venture, it makes business sense for this to be publically >> announced at this security conference. >> >> I think security conferences have become something that sucks as its >> all become money making oriented and the people who run these things >> don't really have security in mind, just the £ signs reflecting on >> their eye balls. >> >>> --srs >>> -- >>> Suresh Ramasubramanian ([EMAIL PROTECTED]) >>> >> >> All the best, >> >> n3td3v >> > > Full-Disclosure, > > I fully believe British Intelligence are the best in the world and > that they will pull the plug on this presentation without hesitation > before it gets to go ahead. > > I don't see anyone disagreeing how wrong it is for this presentation > to go ahead as a business decision. > > I know the national security boys at MI5 are listening, so I suggest > this gets priority and this presentation doesn't go ahead. > > What I want is a high profile pulling the plug of this presentation to > act as a deterrent to any other security conferences across the world > who think they are going to capitalise through high risk > vulnerabilities as this one is. > > I want UK government officials to walk on stage as this presnetation > is about to start, infront of the media, infront of everybody, > including the money makers who thought they were going to use this > presentation as a way to sell tickets and make money and put UK > national security at risk. > > I don't want a behind the scenes pulling the plug of this > presentation, I want it to be high profile, infront of the worlds > media to show that in Britian we don't fuck about with crappy security > conferences trying to become rich by getting high risk talkers to come > to their security conference to guarantee a sell out and thousands of > pounds made, at a cost to UK national security. > > I will be talking with my private contacts to try and get this to > happen, as many of you know I already had a grudge with EUSecWest > spamming the mailing lists, instead of buying advertisement banners on > websites, so the announcement of a IOS rootkit presentation is the > final insult to injury, and the UK national security boys are likely > to pull the plug on this without hesitation to make an example to > these security conference owners to say that national security becomes > before profit and how dare you try to profit and not giving a shit > about the consequences of this presentation. > > Trust me and mark my words EUSecWest, you upset a lot of people > spamming the mailing lists, this is just the worst possible thing you > could have done to keep people on side, you've lost any respect I may > have had for your conference and I guarantee UK government officials > will pull the plug on your business venture of a security conference. > > Blackhat conference with Michael Lynn was under the control of the > American authorities and they were light weight in response to what > was going on, trust me, the British authorities will be coming down a > lot tougher and won't be thinking twice about pulling this > presentation, but will do it on a grand scale infront of the media, to > send a clear signal that these security conferences and their money > making agenda isn't going to get in the way of our national security. > > This is a subject I feel strongly and passionate about because if this > presentation went ahead it would fuck up a lot of ISPs and would put > national security at risk. > > If the British authorites don't pull the plug on this presentation you > will have let your country down and let your British taxpayers down > who fund MI5 in the first place. > > And its not just me saying this, ISPs are calling for this > presentation to be pulled as well. > > All the best, > > n3td3v > -- Forwarded message -- From: Dragos Ruiu <[EMAIL PROTECTED]> Date: Sun, May 18, 2008 at 2:57 PM Subject: Re: [NANOG] IOS rootkits To: Suresh Ramasubramanian <[EMAIL PROTECTED]>
Re: [Full-disclosure] [NANOG] IOS rootkits
On Sat, May 17, 2008 at 7:38 PM, n3td3v <[EMAIL PROTECTED]> wrote: > -- Forwarded message -- > From: n3td3v <[EMAIL PROTECTED]> > Date: Sat, May 17, 2008 at 12:08 PM > Subject: Re: [NANOG] IOS rootkits > To: [EMAIL PROTECTED] > > > On Sat, May 17, 2008 at 11:12 AM, Suresh Ramasubramanian > <[EMAIL PROTECTED]> wrote: >> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >> <[EMAIL PROTECTED]> wrote: >>> If the way of running this isn't out in the wild and it's actually >>> dangerous then a pox on anyone who releases it, especially to gain >>> publicity at the expensive of network operators sleep and well being. >>> May you never find a reliable route ever again. >> >> This needs fixing. It doesnt need publicity at security conferences >> till after cisco gets presented this stuff first and asked to release >> an emergency patch. > > Agreed, > > You've got to remember though that a security conference is a > commercial venture, it makes business sense for this to be publically > announced at this security conference. > > I think security conferences have become something that sucks as its > all become money making oriented and the people who run these things > don't really have security in mind, just the £ signs reflecting on > their eye balls. > >> --srs >> -- >> Suresh Ramasubramanian ([EMAIL PROTECTED]) >> > > All the best, > > n3td3v > Full-Disclosure, I fully believe British Intelligence are the best in the world and that they will pull the plug on this presentation without hesitation before it gets to go ahead. I don't see anyone disagreeing how wrong it is for this presentation to go ahead as a business decision. I know the national security boys at MI5 are listening, so I suggest this gets priority and this presentation doesn't go ahead. What I want is a high profile pulling the plug of this presentation to act as a deterrent to any other security conferences across the world who think they are going to capitalise through high risk vulnerabilities as this one is. I want UK government officials to walk on stage as this presnetation is about to start, infront of the media, infront of everybody, including the money makers who thought they were going to use this presentation as a way to sell tickets and make money and put UK national security at risk. I don't want a behind the scenes pulling the plug of this presentation, I want it to be high profile, infront of the worlds media to show that in Britian we don't fuck about with crappy security conferences trying to become rich by getting high risk talkers to come to their security conference to guarantee a sell out and thousands of pounds made, at a cost to UK national security. I will be talking with my private contacts to try and get this to happen, as many of you know I already had a grudge with EUSecWest spamming the mailing lists, instead of buying advertisement banners on websites, so the announcement of a IOS rootkit presentation is the final insult to injury, and the UK national security boys are likely to pull the plug on this without hesitation to make an example to these security conference owners to say that national security becomes before profit and how dare you try to profit and not giving a shit about the consequences of this presentation. Trust me and mark my words EUSecWest, you upset a lot of people spamming the mailing lists, this is just the worst possible thing you could have done to keep people on side, you've lost any respect I may have had for your conference and I guarantee UK government officials will pull the plug on your business venture of a security conference. Blackhat conference with Michael Lynn was under the control of the American authorities and they were light weight in response to what was going on, trust me, the British authorities will be coming down a lot tougher and won't be thinking twice about pulling this presentation, but will do it on a grand scale infront of the media, to send a clear signal that these security conferences and their money making agenda isn't going to get in the way of our national security. This is a subject I feel strongly and passionate about because if this presentation went ahead it would fuck up a lot of ISPs and would put national security at risk. If the British authorites don't pull the plug on this presentation you will have let your country down and let your British taxpayers down who fund MI5 in the first place. And its not just me saying this, ISPs are calling for this presentation to be pulled as well. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/