In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.
Anyone think there's some credibility in this claim? Or do they just troll for amusement value?
Name:
Anonymous2009-07-20 8:31
>>2 I thought they were anti full-disclosure. Assuming they do it, doesn't that make them hypocrites?
I think they are going to demonstrate why full disclosure can be bad.
Well whatever, I'll just drop ssh packets and employ port knocking for now. I'll be rather annoyed when this whole thing turns out fake, since I wasted about two hours of my time on this.
Name:
Anonymous2009-07-20 8:47
>>8
That's the idea, but I still think it's hypocritical.
Something's seriously off with these guys. To begin with, if I had an undiscovered SSH remote exploit, I'd be making millions with it right now, instead of playing child games by rm -rf'ing unimportant targets.
Name:
Anonymous2009-07-20 11:57
>>12 I'd be making millions with it right now
And just how would you do that? Also, I bet it'd be illegal.
Name:
Anonymous2009-07-20 12:09
iptables -L
ACCEPT tcp -- 1.1.1.1 anywhere
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP icmp -- anywhere anywhere