Full Disclosure mailing list archives
SecurityFocus.com unavailable...
From: misha () cerber no (Mikhail Iakovlev)
Date: Tue, 10 Sep 2002 16:50:41 +0200 (CEST)
Hello I think this drastic measure is an overkill to the problem. Seems like Securityfocus is just DDoS'ed, which any kid on planet in theory can perform. Securing your boxes is another issue, and it should have been done _before_ you put it on the net in the first place. Strangely, none of my contacts (including known groups over long time) ever heard of such group, neither about what you call "Black Boar". It seems to me that someone is trying to advertise for some lowleve script-kiddie which will than can tell all his friends - "Hey, th3y 4re 4fR4iD 0ff m3 0ñ tHaT m4iLiNg Li$T!!!Eye'm l33t!!!" etc etc in g00bl3z n00bish style. It could be after all as simple as securityfocus has some problems with upgrades, or _their_ ISP in fact is under attack. Maybe it happened as well because of Elias Levy was abroad last few days (he held conference in Stockholm 3-4 days ago), and time for attack was picked because of that. WHO KNOWS - there could be thousands of reasons why securityfocus.com is down. Didn't we all experience it once in a while with _your_ provider when the link is down or ISP DDoSed? I seriously doubt that people from securityfocus.com have their boxes THAT vulnerable and have not taken necessary measures against attacks like what have been discussed here on linux kernel issues, etc. There are plenty of tools, starting from LIDS, stack protection in kernels, chrooted environments, specific OS tweaks you can do - up to various anti-scanning/syncookies/firewall triggers, etc etc etc - that you can use to protect yourself. Expect unexpected, do your homework and intensive reading, than you should be fine :) And you don't even need to be a hardcore coder to be able to protect yourself - your best friend is www.google.com, assuming you know what you are looking for. Cheers, Mik- On Tue, 10 Sep 2002 isergevsky () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello again dear friends, My underground contacts have told me that the group I have been talking about ('Ac1dB1tch3z') is to be held responsible for the outage of secfocus within the last two weeks. Also, trustowrthy source which wills to remain anonymous, stated that Ac1dB1tch3z have recruited the Blue Boar and in fact he is behind all this. This twilight blackhat hacking group is making rounds already and people are fearly speaking about them. I think we should all secure our boxes as soon as possible. I myself am going to disconnect my box from internet until the storm passes. Yours Truly, IvanNeither have I. Strange, but all of their listserv traffic appe ars to be coming through just fine.-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of securityguru () hushmail com Sent: Monday, September 09, 2002 12:49 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] SecurityFocus.com unavailable... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 haven't been able to hit 'em ALL day. SG -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.comwmEEARECACEFAj180GgaHHNlY3VyaXR5Z3VydUBodXNobWFpbC5jb20ACgkQns+IF5jRp673hQCfUWfTLuxnS3MTHd9VjQ/7x6suWRMAnilh3jq6MtMHfk2/Yom6MlMtuEOf=XsN/ -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl8EARECAB8FAj19/KYYHGlzZXJnZXZza3lAaHVzaG1haWwuY29tAAoJEMfRnqqodk8T WqYAnjzW3nzRuQQ2XjVsPnLli3emyr/sAKCitvU23u0VSkXkVga2mQ+fEkVsDg== =gw8d -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SecurityFocus.com unavailable... securityguru () hushmail com (Sep 09)
- SecurityFocus.com unavailable... Ken Pfeil (Sep 09)
- <Possible follow-ups>
- SecurityFocus.com unavailable... isergevsky () hushmail com (Sep 10)
- SecurityFocus.com unavailable... Mikhail Iakovlev (Sep 10)
- SecurityFocus.com unavailable... Blue Boar (Sep 10)
- SecurityFocus.com unavailable... KF (Sep 10)
- SecurityFocus.com unavailable... isergevsky () hushmail com (Sep 11)
- SecurityFocus.com unavailable... Thiago Conde (Sep 11)