Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] n3td3v's year in brief: 2006
From: n3td3v (crewxsecuritygooglemail.com)
Date: Fri Dec 29 2006 - 16:46:01 CST
The year was pretty sober in terms of mass drama or global security
incidents, no router or mail server exploitation threatened
The year saw tension between microsoft and its patch tuesday policy
become less as strong as the security community kept pushing for
critical zero-day to be patched ahead of a pending Tuesday.
Zero-day code was put onto Full-Disclosure mailing list where we seen
an individual trying to do a live auction via e-mail
We saw word and powerpoint applications being exploited as hackers
look for unique zero-day to draw attention to previously unearthed
2006 saw because of this the start of a new trend of Mac tiger OS
vulnerabilities to lever vulnerabilities onto mailing lists.
We saw a new move by microsoft to try and profit from its security
flaws, by protecting its vista kernal from security firms Symantec and
We saw laptop security, both socially and technically being brought
into the media arena where both the theft of a laptop or the
electronic hi-jacking of a device could allow a company to be
compromised and have its trade secrets revealed.
security industry began to post ways to use JS in port scanning, via
We saw a new trend started by H D Moore to blackmail software vendors,
microsoft to take security more seriously and to respond to their
e-mail more seriously.
The month of bugs trend now carries on with LMH threatening Apple by
an upcoming month of Apple bugs, a trend n3td3v has told LMH not to
2006 saw the second Myspace worm appear, with a conflict between Apple
and Myspace in its introduction of a patch for Apple's movie viewer
2006 saw Securityfocus push its media agenda towards encouraging a
"social network" threat.
2006 saw Securityfocus report that n3td3v was a group of 3 people, two
guys and a girl... all false and unfounded. A mailing list post on the
Funsec mailing list was taken by "editor-at-large" robert lemos in his
increasing personal grudge against n3td3v to damage his reputation
further by reporting on the n3td3v agenda.
What robert lemos failed to report is that every single message sent
to the Full-Disclosure mailing list is approved by the list owner John
Robert Lemos failed to report that, adding to the robert lemos agenda
to make n3td3v look like a malicious blackhat
Robert Lemos also got quotes from peopel within the industry to try
and suggest n3td3v is withholding Windows XP zero-day, to hint further
that n3td3v is blackhat and mailicious.
Robert Lemos in his report also tried to suggest n3td3v was hiding and
was a bad person.
The nature of the article was designed to try and lever the true
indent of n3td3v, even though n3td3v has broken no moral, ethical or
Due to the Robert Lemos grudge, Lemos carried the headline "Security
Troll" to suggest that n3td3v was posting untrue security information
to Full-Disclosure list to get a reaction.
Little is Lemos aware John Cartwright and n3td3v would communicate via
e-mail to discuss which content should be accepted to the mailing
No where in the article does it mention anything about John Cartwright.
Little did Lemos report that the companies n3td3v helps have the full
name, photos and geographical location of n3td3v.
n3td3v is not anonymous, but for obvious personal saftey measures
which all internet users should take is never to post such contact
information to a public discussion on the internet.
Not only is this wise from a personal saftey angle, but is a good idea
in terms of indentity theft and stalker like activites and blackmail
The article suggested it was wrong to post to a security mailing list
as an anonymous user and that it was morally and unethical to do so.
Little does Lemos know the underground connections and helpful
information is passed to high-profile security consultants within the
security industry and n3td3v's on-going commitments to pass on
intelligence tips on the bad guys in the blackhat community.
All the bad was talked of n3td3v, other than the true valued service
n3td3v and its intelligence sources offer to vendors... such as the
ones mentioned in the article as Google, Yahoo and Microsoft.
In 2006 we saw the slow down in mailing list postings of critical
zero-day and the increased posting of XSS (cross-site scripting).
In 2006, we saw the introduction of a splinter group called ZERT, who
released patches for critical flaws ahead of Microsoft's patch tuesday
In 2006, we saw further reporting of RFID as a real threat to consumer
privacy and its use by the intelligence services to spy on terrorist
And of course in 2006 Steve Irwin died, the celebrity Crocodile
Hunter, which also got a mention on the Full-Dislcosure mailing list.
In 2006 we saw the media increasingly finding it difficult to bring
fresh news to technical users within the security community, so much
so both news.com and securityfocus.com started publishing "suggestive"
potential security incidents which could happen, instead of a balanced
out "risk assessment" of the reality of a threat.
We saw Symantec's Norton software get a bad feedback by average AV
users on news.com as being a "memory hog" application.
We saw microsoft's introduction of Microsoft OneCare at low pricing,
shaking up others such as Symantec
We saw security companies begin to roll out free security software
which anger further the profit margins of Symantec
We saw Google add credit's to its security site giving thanks to
noticed security researchers within the industry who have helped GOOG.
We saw the break-down of Yahoo's executive structure and admitted its
current business strategy and framework have failed with high-profile
employee shake-ups and firing.
In 2006, there was no real threat to security in terms of new methodology.
Generally, 2006 was slow, and has confirmed to hackers that the
industry is in need of new technique in the hacker-agenda and that
current advisories are just the "same old" attack vectors.
Hackers are now focusing on "brand new" than "same old" and 2007 is
sure to show security professionals that the old is out and the new is
A pending public release of Vista won't bring up anything new in terms
of unique attack technique, but we're expecting the news of vista
kernal protection being cracked by security firms and the underground
elite to be released to media outlets in timing with the consumer
version of vista being made avaliable to the world market.
IE7 is not trusted yet by corporate networks as its default browser,
as testing is on-going, and with that it could be up till 2008 before
the software is fully implemented and trusted by e-commerce. Same goes
for Vista, hence the reason for business getting Vista become the
public, if only to give businesses a head-start for compatibility
2006 will see high-profile hacker Gary Mckinnon being sent to U.S on
charges of breaking into dot-mil infrasturcture. Media outlets suggest
he was a hacker, however the individual only used script kid-like
tactics to compromise systems with default passwords not changed by
U.S government network admins.
Digg-dot-com saw an increase presence in 2006 as a source of breaking
security news and invaluable average user feedback of news events in
relation to the comments section under Digg submissions, both useful
for e-commerce and government to shape its security policy and media
response agenda and network posture.
2006 saw the DHS (department of homeland security) attempt to become
increased with its cyber security alerts and advisory, although the
world already has made its mind -up in respect of the DHS and its
"incident response" lack of readiness in both the real world and
2006 saw the intelligence services require further funding to continue
needed efforts to combat both cyber terrorism and mainland terrorism
2006 saw the continued use og blogging as a way to comunicate coverage
to the internet in terms of security research and media coverage
2006 saw SANS for example continue to use its Internet Storm Blog as a
commentry media of whats posted to the Full-Disclosure mailing lsit,
as did SecuriTeam, with noted comment from Gadi Evron conitnued.
Funsec remained a favorite for some to post outage and misc media
reports to the media and professional scene,,, where the likes of
Lemos hangs out for "treat bites" to fuel his securityfocus news feed.
Overall, the trend of "money" or/and "career benefits" for zero-day
continues with hackers/researchers not wanting to give exploit code
for free. Generally, researchers want something in return, either
something to be done within a corporation in terms of security policy,
money given for exploit/vulnerability intelligence, a career
opportunity, or a promise of the affected vendor letting and crediting
the researcher to the media for Lemos or/and Evers to pick-up and
broadcast on its productivity news outlet homepage.
Script kiddie hood continues to be a real threat with the zone-h scene
still being exploited, with continued defacements of dot-mil and
dot-com targets falling victim.
The Yahoo Finance portal web just one victim of the zone-h scene, as
well as nasa sites were noted by n3td3v in 2006.
The priority of "what should we patch first" is an increased problem
behind the scenes within corporations, with money-over-moral playing a
key role in how long vulnerabilities are left live on software and
2007 is sure to bring suprises that none of us are able to predict
apart from folks like n3td3v who continue its dialog between security
consultants and its contacts working within corporate social circles.
Finally, the article on n3td3v won't be laid to rest... it has been
taken very seriously and n3td3v holds the article as a blantant abuse
of journalistic policy to bring a personal grudge by a news editor
towards an individual who only has whitehat values.
n3td3v will get justice for "that article" by lawful means, and holds
Robert Lemos personally responsible for any personal saftey or career
damage which may be caused by his media report to blantantly ruin
n3td3v's reputation and career prospects if the true indent was ever
to be revealed through the article published and authorised by the
securityfocus news editor.
[media dork reference]
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/