Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Dailydave] ASLR, Mail Spools, and Ego
From: H D Moore (hdm-daily-davedigitaloffense.net)
Date: Mon Nov 01 2004 - 21:20:54 CST
Most people define hacking as something a little more complicated than
downloading a file from a web site. I would be suprised if anyone
bothered to save copy, for threatening purposes or otherwise. I thought
we covered this during our conversation at Defcon, the one where you
seemed content with discussing the issue like the stupid faux pax that it
was. If you there is something you want to talk about, feel free to email
off-list or call. I really need to meet this "Everyone" guy, he seems to
have all exclusive info :-)
On Monday 01 November 2004 20:30, Dave Aitel wrote:
> Grow up spoonm. Everyone knows that you and HD Moore hacked Mailman and
> took the Immunity emails, and then bragged about it at Defcon and
> Blackhat, not to mention sharing them with Optyx, and who knows who
> else. If you think threatening me "subtly" with further release is
> going to do anything, than you clearly don't understand my character.
> For someone who spends so much time working in Redmond and moonlights
> hacking Immunity servers, you sure talk a lot of hypocritical crap
> about ethics, while both here and in 0dd complaining that I don't share
> anything interesting. I'm not sure what reality you're living in.
> And unlike you, I always sign my emails with my name.
> Dave Aitel
> Immunity, Inc.
> compsecsuxhushmail.com wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >Hey dave, sinan
> >On the topic of greg's mail spools:
> >I don't really think it was fair to mention the incident for a lot
> >of reason. First of all, "everyone" didn't get a copy, infact it
> >seems like way more people haven't seen the spools than people who
> >have. All you did was bring to light something that makes a (
> >somewhat) competitor look bad. Congrats.
> >Also, you are publically admitting to not only receiving the spools
> >(meaning you probably have some sort of remote attachment with some
> >people involved in the incident), and you admit to reading them.
> >Even if someone did offer you the achives, it seems to be bad
> >etiquette to not only read their private mails, but then to discuss
> >about how you read them, and even the contents of the email in a
> >public forum.
> >I guess you pretty much set up a standard for yourself. If your
> >email spools ever got leaked, you've spoke with your actions that
> >distributing/reading/talking about/mocking the situation is fair
> >game. This would probably (and hopefully) never happen, but still,
> >what if it were you? Imagine how much everyone in this business
> >has on the line when things like that happen. Some people choose
> >to act ethically.
> >This is something that I'm sure is really hard on Greg, and all you
> >do is stand up in a public forum and quietly rub it in? Fuck you.
> >What did he ever do to deserve it?
> >On the topic of ASLR and Sinan the Supreme Being:
> >I'm sure Immunity's Windows HIPS is much better than that crap
> >everyone else is busting their asses on. Everything has it's
> >weakness, we all know this. And 3rd party vendors working on
> >microsoft products can only do so much, it's a limitation that
> >makes the stuff they are doing even cooler.
> >Yes, you can possibly off-by-one a return address. If you are
> >dealing with string functions, you are mostly likely also going to
> >have to have a null byte somewhere, whether it's the LSB, or not.
> >That limits you a lot, and sometimes you can find some code that
> >works. That's great. But, as I'm sure these "retards" writing
> >HIPS products know, you can also do randomization up to cache
> >alignment, and then, say your alignment is 64 bytes, you waste as
> >most a single page of memory, and then you are going to have a
> >really really tough time making your off-by-one work. Feel free to
> >send your uber-leet-VSC exploits on over, and I'll give you an
> >assesment of how well they actually stand up to current defensive
> >I think these "proud" vendors are probably proud for a reason.
> >Doing a solid HIPS implemtation in windows is probably a decent
> >amount harder than say, slapping a python gui on 3rd-world-labor-
> >exploits. I think if anything, they've come a long way, and are
> >continuing to get better. I'm sure the authors understand their
> >limitations, but just because it isn't 100% (which would be very
> >hard, specially 3rd party), doesn't mean they deserve to get torn
> >at by some arrogant dick. I don't know when you got so high headed,
> > maybe dave is wearing off on you.
> >I know it's current Immunity police to talk leeter than you are,
> >but the people you mock are you doing way more for the security
> >industry than you guys are. Atleast they show up at blackhat and
> >share technical information, instead of just trying to show off
> >their complete superiority.
> >You guys are all really smart, but seriously, fuck you. A lot of
> >the people working on this stuff you bash are spending a lot of
> >hard time and energy, and they are making progress, even if it isn'
> >t up to the Immunity calibre. The offense is always much easier,
> >so don't think you're that fucking awesome.
> >I hope this stupid text could provide you guys enough entropy to
> >take your head's out of your asses and show some respect to the
> >people working in the field around you. This isn't a pissing
> >I know you're much smarter than anyone at Stanford could ever be,
> >but I'm sure I could point out some people that have given some
> >worthwhile contributions. You guys contribute shitty ports of perl
> >disassemblers. Woo hoo, go team.
> >- -css
> >-----BEGIN PGP SIGNATURE-----
> >Note: This signature can be verified at
> > https://www.hushtools.com/verify Version: Hush 2.4
> >-----END PGP SIGNATURE-----
> >Concerned about your privacy? Follow this link to get
> >secure FREE email: http://www.hushmail.com/?l=2
> >Free, ultra-private instant messaging with Hush Messenger
> >Promote security and make money with the Hushmail Affiliate Program:
> >Dailydave mailing list
> Dailydave mailing list
Dailydave mailing list