Posts Tagged ‘OpenSSH’

The Anti-Sec Non-Movement

Wednesday, July 22nd, 2009
A group calling itself “The Anti-Sec movement” released this statement over 48-hours ago:

“In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.”

A number of people thought it was a joke, yours truly included. Yet there was a “what if” scenario which could have been ugly, so it should not have been completely ignored.

The post to the Full-Disclosure security list may have been done to harm the reputation of the “movement”, something of a disinformation campaign. It also could be that they are just a bunch of script-kiddy kids.

Anyway, for some mid-week entertainment, I put out an open call for Anti-Sec to use their new cool exploit to hack my personal server:

“In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!”

Of course the hack never happened, I had a few people trying to brute-force logins for accounts that did not even exist.

HELPFUL TIP: Look, kiddies, if you’re going to try, at least use the username I provided to start with.


I think anti-sec failed basic logic 1A, I mean… holy flawed logic Batman: In the ImageShack hack, their manifesto demands zero public disclosure on exploits, but then they contradict their own words by saying, “It [their OpenSSH exploit] will be posted to the Full-Disclosure security list.”

As for their OpenSSH exploit: Anti-sec proved they have too much free time on their hands during the summer. The anti-sec movement needs to have a movement back to school. At least some people used it as an opportunity to cleanup their system configs.

Share

Tags: , , , ,
Posted in DDoS, Hackers, Opinion | 3 Comments »

OpenSSH owned?

Monday, July 20th, 2009
A group called “the anti-sec movement” which credits itself for hacking ImageShack about two weeks ago, and astalavista.com, could have possibly found the holy grail of exploit code: A remote exploit for OpenSSH.

OpenSSH is an open source client/server protocol that replaced telnet (an unencrypted remote management tool), it’s what system administrators use to login to their Unix computers, phone switches, power management tools, serial consoles, routers, etc. It’s been running so long in the public that people trust it.

In fact, in many cases it is much like a door to a house, just out there on the street and if you have the right keys, you can come in.

The anti-sec movement has announced that in 48-hours they will release code which allows you to open any door on the Internet (if it’s visible).

“Soon, the very foundations of Information Technology and Information Security will be unearthed as millions upon million of systems running ANY version of OpenSSH are compromised by wave after wave of script-kiddie and malicious hacker.”

This type of hype happens every now and then, especially around the time of DEFCON (a large hacker conference in Las Vegas). It could be, and most likely is — FUD.


In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!

SANS also thinks it is FUD and they just put out a release about the “exploit”. Sounds like they feel it’s most likely a brute force user attack, which is pretty basic, old, and boring.

If it is real, anti-sec said they will also be “unleashing powerful computer worm source code with the ability to automatically find and compromise systems running any and all versions of OpenSSH.”

Meanwhile: Filter SSH, turn it off if you don’t know what it is, change the default port from 22 to something else, or enable TCP Wrappers.

Let’s sit back and enjoy the show… if there is one.

Here are some useful links:

Share

Tags: , , , ,
Posted in Hackers | 2 Comments »