Posts Tagged ‘Anti-Sec’

The Anti-Sec Non-Movement

Wednesday, July 22nd, 2009
A group calling itself “The Anti-Sec movement” released this statement over 48-hours ago:

“In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.”

A number of people thought it was a joke, yours truly included. Yet there was a “what if” scenario which could have been ugly, so it should not have been completely ignored.

The post to the Full-Disclosure security list may have been done to harm the reputation of the “movement”, something of a disinformation campaign. It also could be that they are just a bunch of script-kiddy kids.

Anyway, for some mid-week entertainment, I put out an open call for Anti-Sec to use their new cool exploit to hack my personal server:

“In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!”

Of course the hack never happened, I had a few people trying to brute-force logins for accounts that did not even exist.

HELPFUL TIP: Look, kiddies, if you’re going to try, at least use the username I provided to start with.


I think anti-sec failed basic logic 1A, I mean… holy flawed logic Batman: In the ImageShack hack, their manifesto demands zero public disclosure on exploits, but then they contradict their own words by saying, “It [their OpenSSH exploit] will be posted to the Full-Disclosure security list.”

As for their OpenSSH exploit: Anti-sec proved they have too much free time on their hands during the summer. The anti-sec movement needs to have a movement back to school. At least some people used it as an opportunity to cleanup their system configs.

Share

Tags: , , , ,
Posted in DDoS, Hackers, Opinion | 3 Comments »