==Phrack Inc.== Volume 0x0b, Issue 0x3f, Phile #0x06 of 0x0f |=-------------------------[ Eye on the Spy ]---------------------------=| |=----------------------------------------------------------------------=| |=----------------------------[ daemon10 ]------------------------------=| 1 - Introduction 2 - The Apex Intrusion Detection Solution (TM) 2.1 - Introduction 2.2 - What It Has 2.3 - Is There Anything Else? 3 - Counterpoint --[ 1. Introduction AHH, one of our favorite security companies in the whole wide world - SNOSoft. In case you don't know what that stands for, it's short for "Secure Network Operations, Inc." whose motto is apparently "Embracing the future of technology, protecting you." SNOSoft has worked hard to embrace the future in several ways, including 'for loop engineering.' --- http://www.segfault.net/ouch/codingmadness/KF_programming_abc.txt ---- My question is does anyone know how to programatically do this? Do i need to make use of bit shifting or something? I need only a program to print the list to the screen or something simple. Example output would be ... AAAA BBBBB .... AAAB AAAC ... and so on but ONLY unique posibilities. -KF ------------------------------- CUT CUT CUT ------------------------------ But the Keystone seCOPS have come up with some interesting business ploys, spearheaded by the charismatic KF, who has been referred to as the "Donald Trump of Infosec." Check out the latest offer on their webpage: "Preliminary External Security Audit starting at $1000.00. (We guarentee that we will discover at least one vulnerability or the audit is free..)" Roughly speaking, that translates directly to "SNOSOFT BANKRUPTCY." However, I'm sure that if snosoft works on it hard enough, they'll be able to find at least one misspelling in their ad. Some of their claims are alarming. See what they write about their ANVIL Forensic Collection System: "ANVIL FCS collects enough evidence to identify and potentially prosecute an intruder." It becomes rather difficult to gauge exactly what SNO's motives are, as they have hired some much lesser members of the hacking community, who have apparently collectively channeled their cumulative 80 IQ into entrapping other hackers and making life hell for them. Here is another enticing claim by SnoSOFT: "Our highly qualified Strategic Reconnaissance Team (recon) has over 70 years cumulitive industry expereince in network and systems security. While vulnerability scanners areuseful and do protect you from the majority of vulnerabilities, they are incapable of matching the abilities of an experienced human team. (Scanners are static, humans are dynamic). Our Strategic Reconnaissance Team is one of the most respected and trusted teams in the industry and has been responsible for identifying critical security threats in major software packages on nearly all platforms." Phrack Staff would like to remind SnoSOFT that in 80 tests conducted worldwide, entire classrooms of Algebra I students were unable, even with their combined hundreds of years of mathematical experience, to solve even the most basic of differential equations. All platforms? Oh yeah, Digital UNIX and Linux and SCO. When we look at client testimonials for SNO's services, we see that none of the entries have signatures to them OR the company references are protected by the old "NDA" trick. I'm not going to go on too much longer about all this bullshit, as all of their code is out there to be looked at and laughed at. However, this article has one major bone to pick, and this is the part of SNOSoft's propaganda to which we will respond violently: "SNO has successfully developed, deployed and implemented highly secure network architectures utilizing multiple firewalls, Intrusion Detection Systems (IDS), and proprietary network and system intrusion detection tools. Some of these secure network architectures have included honey pots designed specifically to attract, track and trap malicious hackers and crackers. The information thus collected can then be used to prosecute the attacker or to learn about the most current methods used to compromise networks and then defend against similar attacks in the future." --[ 2. The Apex Intrusion Detection Solution (TM) ----[ 2.1 Background From this point on I'll try to cut out the rhetoric and let the facts speak for themselves. Here's the Apex Readme. (this is actually the largest original file in the entire product) --------------------------------------------------------------------------- Apex Intrusion Detection Solution (TM) Copyright (C) 2003, Secure Network Operations, Inc. All rights reserved. ------------------------------------------------------------------------- http://www.secnetops.com very beta README!!! README - This File bin - the bin directory for apex controls conf - the RSN configuration directory required - all required software to make an RSN shells - recorder patches, shell source, and binary pre-patched shells How to install your RSN: In order to have a fully operational Remote Sensory Node ("RSN") on your network you need to: -) Configure a and install dedicated system at the highest level of your \ network and install either linux or FreeBSD on that system. That system's IP address needs to be sent to apex@secnetops.com in an e-mail that contains the below information. Primary Contact First Name: Primary Contact Last Name : Company Name : Desired login : Desired password : email address for contact : State : Country : List of IP addresses for all systems who's logs and file systems are being recorded/monitored. System logs are stored for a period of 6 months and then deleted from the database. If you wish to have a dump of your older logs to be archived before they are deleted please make a note in your e-mail to apex@secnetops.com. -) Once you have sent the email to apex@secnetops.com you can begin the setup of your Remote Sensory Node ("RSN"). Steps: -1) copy GSS.pkg.tar.gz to the / directory of your RSN -2) rsn# tar -zxvf GSS.pkg.tar.gz -3) rsn# mv GSS.pkg /GSS -4) Check for required software: In order to run an RSN properly you need to have the following software pre-installed. If the software is not installed it can be found in the /GSS/required directory. Package: md5sum: -------- ------- DBD-mysql-2.1026.tar.gz bf423505ebe8c799299e707b9efbba31 DBI-1.34.tar.gz f0056760bea3d5697c21d64358617895 Digest-MD5-2.22.tar.gz 8f628250bb0d0fedaa686d4d30cf71f3 libol-0.3.3.tar.gz abb7bf9b3cdce1ebee527571da2bf5b9 openssl-0.9.7b.tar.gz fae4bec090fa78e20f09d76d55b6ccff screen-3.9.15.tar.gz 0dff6fdc3fbbceabf25a43710fbfe75f snort-2.0.0.tar.gz b7d374655c4390c07b2e38a2d381c2bd stunnel-4.04.tgz 7490eb4f8544ca976ef7ccc14358b613 syslog-ng-1.5.23.tar.gz fe7c30773af99ab0198181cea436849d Now that you have made sure that your system has the above installed you can continue. -5) rsn# cd /GSS/conf/snort/config -6) rsn# vi snort-mysql.conf -Make sure that your snort-mysql.conf is configured properly. If you are doing this on your own and run into issues please contact us at 978-263-3829 and have your account information ready. -7) rsn# cd /GSS/conf/stunnel -8) rsn# vi stunnel.conf make sure that you have the right database configured. - Make certain that your "connect = 66.51.71.210:3307" (or whatever the database IP and Port are that you were given). If this is incorrect your RSN will not work. -9) Generating your stunnel.pem file: In your /GSS/conf/stunnel directory there is an stunnel.pem file. That is an example file which will work, but should be changed. To generate your own stunnel.pem file use the openssl package and follow the format in the manual page for stunnel. -10) rsn# cd /GSS/bin -11) rsn# vi query.pl Edit the configuration section of the query.pl script. Insert your RSN's IP address and your user's DB password in the right area. Your database will be identified by the RSN's IP address. Once you have this done and have the packages installed properly your RSN should be ready to run. -12) Your RSN scripts will assume that you have the correct files installed in the following areas. (in the next release everything will be installed in the /GSS tree.) a-) /usr/bin/killall b-) /usr/local/sbin/syslog-ng c-) /GSS/conf/syslog-ng.conf d-) /GSS/bin/stunnel e-) /GSS/bin/start_ng.sh f-) /GSS/bin/query.pl If everything is installed in the right area, you should be able to exectue: rsn# ./apexctl Would you like to start or stop your RSN? (start/stop): start Apex Intrusion Detection Solution (TM) -------------------------------------- Copyright (C) 2003 Secure Network Operations, Inc. All rights reserved. Starting RSN System Acitve rsn0# Validate that your RSN is running properly: #########################SNIP################################################## rsn# ps auwwx | grep snort root 13305 42.2 46.4 40792 27904 ?? Rs 4:19PM 0:01.82 /usr/local/bin/snort -i ed1 -D -c /usr/local/etc/snort-mysql.conf root 13316 0.0 0.3 388 196 p1 DL+ 4:19PM 0:00.00 grep snort rsn# ps auwwx | grep stunnel nobody 13307 0.0 1.4 2728 848 ?? Ss 4:19PM 0:00.05 /GSS/bin/stunnel root 13318 0.0 0.8 1000 488 p1 DL+ 4:19PM 0:00.01 grep stunnel rsn# ps auwwx | grep query.pl root 13309 0.0 0.3 1612 152 ?? Ss 4:19PM 0:00.02 /GSS/bin/screen -d -m /GSS/bin/query.pl root 13313 0.8 2.6 3168 1548 p3 Ss+ 4:19PM 0:00.38 /usr/bin/perl /GSS/bin/query.pl rsn# ps auwwx | grep syslog-ng root 13314 0.0 0.7 1016 412 ?? Ss 4:19PM 0:00.02 /usr/local/sbin/syslog-ng -f /GSS/conf/syslog-ng.conf rsn# ############################################################################## At this point your RSN should be fully operational. ------------------------------------------------------------------------------------------------ Installing system monitoring utilities on target systems... --------------------------------------------------------------------------- ----[ 2.2 What It Has Here's a complete file listing of Apex. I'm sure those of you who bought this product haven't felt as rewarded since you purchased the commercial version of Commander Keen. total 60 drwxr-x--- 6 route phc 512 Jan 15 15:15 . drwxrwx--- 6 route phc 512 Jan 15 15:12 .. -rw-r----- 1 route phc 5597 xxx xx xxxx README drwxr-x--- 2 route phc 512 xxx xx xxxx bin drwxr-x--- 4 route phc 512 xxx xx xxxx conf drwxr-x--- 2 route phc 512 xxx xx xxxx required drwxr-x--- 4 route phc 512 xxx xx xxxx system-watch-tools ./bin: total 956 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 6 route phc 512 Jan 15 15:15 .. -rwxr-x--- 1 route phc 1087 xxx xx xxxx apexctl -rw-r----- 1 route phc 981 xxx xx xxxx ip-to-hex.c -rwxr-x--- 1 route phc 5110 xxx xx xxxx iptohex -rwxr-x--- 1 route phc 75 xxx xx xxxx killall -rwxr-x--- 1 route phc 5467 xxx xx xxxx query.pl -rwxr-x--- 1 route phc 261676 xxx xx xxxx screen -rwxr-x--- 1 route phc 104 xxx xx xxxx start_ng.sh -rwxr-x--- 1 route phc 183125 xxx xx xxxx stunnel -rw------- 1 route phc 1636 xxx xx xxxx stunnel.pem ./conf: total 24 drwxr-x--- 4 route phc 512 xxx xx xxxx . drwxr-x--- 6 route phc 512 Jan 15 15:15 .. drwxr-x--- 4 route phc 512 xxx xx xxxx snort drwxr-x--- 2 route phc 512 xxx xx xxxx stunnel -rwx------ 1 route phc 3869 xxx xx xxxx syslog-ng.conf ./conf/snort: total 16 drwxr-x--- 4 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. drwxr-x--- 2 route phc 512 xxx xx xxxx config drwxr-x--- 2 route phc 1536 xxx xx xxxx rules ./conf/snort/config: total 52 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -r--r----- 1 route phc 21688 xxx xx xxxx snort-mysql.conf ./conf/snort/rules: total 1012 drwxr-x--- 2 route phc 1536 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -r--r----- 1 route phc 4283 xxx xx xxxx attack-responses.rules -r--r----- 1 route phc 10973 xxx xx xxxx backdoor.rules -r--r----- 1 route phc 2047 xxx xx xxxx bad-traffic.rules -r--r----- 1 route phc 4426 xxx xx xxxx chat.rules -r--r----- 1 route phc 3455 xxx xx xxxx classification.config -r--r----- 1 route phc 3455 xxx xx xxxx classification.config-sample -r--r----- 1 route phc 6600 xxx xx xxxx ddos.rules -r--r----- 1 route phc 24499 xxx xx xxxx deleted.rules -r--r----- 1 route phc 4882 xxx xx xxxx dns.rules -r--r----- 1 route phc 4183 xxx xx xxxx dos.rules -r--r----- 1 route phc 417 xxx xx xxxx experimental.rules -r--r----- 1 route phc 10065 xxx xx xxxx exploit.rules -r--r----- 1 route phc 3131 xxx xx xxxx finger.rules -r--r----- 1 route phc 11809 xxx xx xxxx ftp.rules -r--r----- 1 route phc 15913 xxx xx xxxx icmp-info.rules -r--r----- 1 route phc 4569 xxx xx xxxx icmp.rules -r--r----- 1 route phc 3998 xxx xx xxxx imap.rules -r--r----- 1 route phc 1447 xxx xx xxxx info.rules -r--r----- 1 route phc 150 xxx xx xxxx local.rules -r--r----- 1 route phc 8852 xxx xx xxxx misc.rules -r--r----- 1 route phc 1543 xxx xx xxxx multimedia.rules -r--r----- 1 route phc 773 xxx xx xxxx mysql.rules -r--r----- 1 route phc 4832 xxx xx xxxx netbios.rules -r--r----- 1 route phc 725 xxx xx xxxx nntp.rules -r--r----- 1 route phc 6081 xxx xx xxxx oracle.rules -r--r----- 1 route phc 1329 xxx xx xxxx other-ids.rules -r--r----- 1 route phc 2902 xxx xx xxxx p2p.rules -r--r----- 1 route phc 4330 xxx xx xxxx policy.rules -r--r----- 1 route phc 954 xxx xx xxxx pop2.rules -r--r----- 1 route phc 2683 xxx xx xxxx pop3.rules -r--r----- 1 route phc 4970 xxx xx xxxx porn.rules -r--r----- 1 route phc 548 xxx xx xxxx reference.config -r--r----- 1 route phc 548 xxx xx xxxx reference.config-sample -r--r----- 1 route phc 25577 xxx xx xxxx rpc.rules -r--r----- 1 route phc 2382 xxx xx xxxx rservices.rules -r--r----- 1 route phc 4594 xxx xx xxxx scan.rules -r--r----- 1 route phc 4276 xxx xx xxxx shellcode.rules -r--r----- 1 route phc 6310 xxx xx xxxx smtp.rules -r--r----- 1 route phc 3916 xxx xx xxxx snmp.rules -r--r----- 1 route phc 11608 xxx xx xxxx sql.rules -r--r----- 1 route phc 3404 xxx xx xxxx telnet.rules -r--r----- 1 route phc 2139 xxx xx xxxx tftp.rules -r--r----- 1 route phc 14996 xxx xx xxxx virus.rules -r--r----- 1 route phc 10306 xxx xx xxxx web-attacks.rules -r--r----- 1 route phc 79080 xxx xx xxxx web-cgi.rules -r--r----- 1 route phc 1698 xxx xx xxxx web-client.rules -r--r----- 1 route phc 8898 xxx xx xxxx web-coldfusion.rules -r--r----- 1 route phc 8397 xxx xx xxxx web-frontpage.rules -r--r----- 1 route phc 29207 xxx xx xxxx web-iis.rules -r--r----- 1 route phc 70177 xxx xx xxxx web-misc.rules -r--r----- 1 route phc 6072 xxx xx xxxx web-php.rules -r--r----- 1 route phc 524 xxx xx xxxx x11.rules ./conf/stunnel: total 16 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -rw-r----- 1 route phc 330 xxx xx xxxx stunnel.conf -rw------- 1 route phc 1636 xxx xx xxxx stunnel.pem ./required: total 13660 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 6 route phc 512 Jan 15 15:15 .. -rw-r----- 1 route phc 97845 xxx xx xxxx DBD-mysql-2.1026.tar.gz -rw-r----- 1 route phc 290116 xxx xx xxxx DBI-1.34.tar.gz -rw-r----- 1 route phc 42057 xxx xx xxxx Digest-MD5-2.22.tar.gz -rw-r----- 1 route phc 197103 xxx xx xxxx libol-0.3.3.tar.gz -rw-r----- 1 route phc 2784331 xxx xx xxxx openssl-0.9.7b.tar.gz -rw-r----- 1 route phc 829248 xxx xx xxxx screen-3.9.15.tar.gz -rw-r----- 1 route phc 1556540 xxx xx xxxx snort-2.0.0.tar.gz -rw-r----- 1 route phc 733726 xxx xx xxxx stunnel-4.04.tgz -rw-r----- 1 route phc 279699 xxx xx xxxx syslog-ng-1.5.23.tar.gz ./system-watch-tools: total 16 drwxr-x--- 4 route phc 512 xxx xx xxxx . drwxr-x--- 6 route phc 512 Jan 15 15:15 .. drwxr-x--- 2 route phc 512 xxx xx xxxx faudit.1.0a drwxr-x--- 4 route phc 512 xxx xx xxxx shells ./system-watch-tools/faudit.1.0a: total 908 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -rw-r----- 1 route phc 97845 xxx xx xxxx DBD-mysql-2.1026.tar.gz -rw-r----- 1 route phc 290116 xxx xx xxxx DBI-1.34.tar.gz -rw-r----- 1 route phc 42057 xxx xx xxxx Digest-MD5-2.22.tar.gz -rwx------ 1 route phc 7451 xxx xx xxxx faudit ./system-watch-tools/shells: total 16 drwxr-x--- 4 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. drwxr-x--- 3 route phc 512 xxx xx xxxx BINARIES drwxr-x--- 4 route phc 512 xxx xx xxxx SOURCES ./system-watch-tools/shells/BINARIES: total 12 drwxr-x--- 3 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. drwxr-x--- 2 route phc 512 xxx xx xxxx FreeBSD-4.8 ./system-watch-tools/shells/BINARIES/FreeBSD-4.8: total 1672 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 3 route phc 512 xxx xx xxxx .. -rwxr-x--- 1 route phc 531908 xxx xx xxxx bash -rwxr-x--- 1 route phc 274588 xxx xx xxxx tcsh ./system-watch-tools/shells/SOURCES: total 16 drwxr-x--- 4 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. drwxr-x--- 2 route phc 512 xxx xx xxxx BASH drwxr-x--- 2 route phc 512 xxx xx xxxx TCSH ./system-watch-tools/shells/SOURCES/BASH: total 4296 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -rw-r----- 1 route phc 1807947 xxx xx xxxx bash-2.05a.tar.gz -rw-r----- 1 route phc 339816 xxx xx xxxx bash-bofh-2.05a-0.0.1 ./system-watch-tools/shells/SOURCES/TCSH: total 1392 drwxr-x--- 2 route phc 512 xxx xx xxxx . drwxr-x--- 4 route phc 512 xxx xx xxxx .. -rw-r----- 1 route phc 665733 xxx xx xxxx tcsh-6.10.tar.gz -rw-r----- 1 route phc 19324 xxx xx xxxx tcsh-bofh-6.10-0.0.1a ----[ 2.3. Is There Anything Else? Sadly, the answer to this question is really "no." Unless you want us to make fun of the snort source code some more. As we already saw, a post to full-disclosure dumped the src code to SNO's prized ip-to-hex.c. Here's some of their other files: -------------------------------killall------------------------------------- #/bin/sh ps -ea | grep $1 | awk '$1 ~ /^[^SI]/ { system("kill -9 " $1); }' -------------------------------killall------------------------------------- ----------------------------start_ng.sh------------------------------------ #!/bin/sh /usr/bin/killall -9 syslogd syslog-ng /usr/local/sbin/syslog-ng -f /GSS/conf/syslog-ng.conf ----------------------------start_ng.sh------------------------------------ -------------------------------apexctl------------------------------------- #!/usr/local/bin/bash #Apex Intrusion Detection Solution (TM) #Copyright (C) 2003, Secure Network Operations, Inc. All rights reserved. #------------------------------------------------------------------------- #http://www.secnetops.com until test do echo "Would you like to start or stop your RSN? (start/stop): " read test case $test in start) echo "Apex Intrusion Detection Solution (TM)" echo "--------------------------------------" echo "Copyright (C) 2003 Secure Network Operations, Inc." echo "All rights reserved." echo " " echo "Starting RSN" /usr/local/bin/snort -i ed1 -D -c /usr/local/etc/snort-mysql.conf /GSS/bin/stunnel /GSS/bin/screen -d -m /GSS/bin/query.pl /GSS/bin/start_ng.sh echo "System Acitve" exit 0 ;; stop) echo echo "Apex Intrusion Detection Solution (TM)" echo "--------------------------------------" echo "Copyright (C) 2003 Secure Network Operations, Inc." echo "All rights reserved." /usr/bin/killall -9 snort /usr/bin/killall -9 syslog-ng /usr/bin/killall -9 query.pl /usr/bin/killall -9 stunnel echo "System Inactive" exit 0 ;; esac done -------------------------------apexctl------------------------------------- This leaves 2 more files... I'm not going to bloat this release with their full contents, but if SNO talk any shit about this article I'll drop everything+more. -------------------------------faudit-------------------------------------- #!/usr/bin/perl -w ########################################################################### # Faudit v1.5 - Creates/Compares MD5 checksums of specified files # # Loki # ########################################################################### -------------------------------faudit-------------------------------------- ------------------------------query.pl------------------------------------- #!/usr/bin/perl ############################################################ #Apex Intrusion Detection Solution (TM) #Copyright (C) 2003, Secure Network Operations, Inc. All rights reserved. #------------------------------------------------------------------------- #http://www.secnetops.com # # # - Creates a named pipe of syslogd-ng data # - Converts IPv4 addresses into a hex value # - Based on the host, inserts data to its respective db # - Under no circumstances should this program exit # ############################################################ ------------------------------query.pl------------------------------------- --[ 3. Counterpoint Since Phrack is all about a fair debate model, we will now offer some AIM conversation logs showing exactly what SNOSoft thinks about #phrack magazine, Larry King Style: GreyBrimstone: Hey GreyBrimstone: I need to ask you something jasonzemos: what GreyBrimstone: http://seclists.org/lists/fulldisclosure/2003/Nov/0744.html GreyBrimstone: who posted that? GreyBrimstone: well? jasonzemos: ziplip.com? jasonzemos: lol GreyBrimstone: yes GreyBrimstone: Do you know who sent that. GreyBrimstone: I am askign because Mike Cramp was the only person who knew about that. jasonzemos: i donno, ill discuss with PR and see if a zemos was involved jasonzemos: (they know everything) GreyBrimstone: please do. GreyBrimstone: let me know. GreyBrimstone: I am pretty pissed off. jasonzemos: actually jasonzemos: lemme login to * jasonzemos: and ask them. GreyBrimstone: ok GreyBrimstone: =) jasonzemos: well jasonzemos: does it work? jasonzemos: lol GreyBrimstone: The code is fixed, the vulnerability was real. GreyBrimstone: thats not the issue. GreyBrimstone: the issue is that they ahve internal code, that they released internal code, and that they are spreading lies about SNO and iDefense. jasonzemos: ouch GreyBrimstone: I need to find the source of this. GreyBrimstone: I will pay if I need to. GreyBrimstone: let me know what the deal is when you collect any information please. jasonzemos: ok GreyBrimstone: What is your time worth? jasonzemos: $0 jasonzemos: first off, i have no time GreyBrimstone: lol jasonzemos: second, jasonzemos: i dont really know about that, ill talk to someone who does jasonzemos: or you can wait till mikecc comes home from school jasonzemos: ask him GreyBrimstone: I'd appreciate you talking to people you know, I will talk to folks I know as well. GreyBrimstone: Thank you very much. GreyBrimstone: very much. GreyBrimstone: If you need anything please do not hesitate to ask. jasonzemos: dude, it says PHC did it jasonzemos: right in the post jasonzemos: lol GreyBrimstone: where? jasonzemos: they left their mark jasonzemos: loud and clear GreyBrimstone: lol where GreyBrimstone: am I blind? GreyBrimstone: I must be jasonzemos: Special thanks to iDefense for allowing our "company" to participate in the profiling of the Phrack High Council. In the end, it seems we are the ones that got "reconned", and that there are probably better sources of "intelligence" than either Snosoft or iDefense. GreyBrimstone: lol GreyBrimstone: ok GreyBrimstone: well thats cute. GreyBrimstone: how did I miss that? GreyBrimstone: I want to know who sent the post. jasonzemos: hehe, that was the intention ;-) jasonzemos: phc, obviously GreyBrimstone: yes GreyBrimstone: but who GreyBrimstone: I want the name GreyBrimstone: ;) jasonzemos: dude, PHC is one of the most mysterious satiric active blackhat groups around these days jasonzemos: i dont even have access to that information, lol GreyBrimstone: I do. jasonzemos: right when i read it was PHC jasonzemos: i was like... hrmm.. i think ill leave this one alone ;-) GreyBrimstone: See GreyBrimstone: they made a mistake GreyBrimstone: When I decide that I am going to do something GreyBrimstone: I do it. GreyBrimstone: I don't fail. GreyBrimstone: I will succeed GreyBrimstone: and I will find the individual responsible. jasonzemos: lmao GreyBrimstone: even if I am 90 by the time I do it. GreyBrimstone: lol jasonzemos: thats like saying youre going to find a scratched ferrule in an OC-3072 jasonzemos: its just... not gonna happen jasonzemos: lol GreyBrimstone: We'll see. jasonzemos: dude, nobody knows ANYTHING about PHC GreyBrimstone: I am going to make it one of my side projects. jasonzemos: not even dvdman, nobody jasonzemos: lol GreyBrimstone: I know some people that do. GreyBrimstone: dvdman is my friend. GreyBrimstone: lol jasonzemos: he hates them GreyBrimstone: yes I know jasonzemos: so he is a good friend ;-) jasonzemos: lol GreyBrimstone: lol GreyBrimstone: he was always a good friend. GreyBrimstone: I'll talk to some of the 0dd folks. GreyBrimstone: test, 303 etc. GreyBrimstone: I know people in nearly all of the major groups. GreyBrimstone: I want to know just for the fuck of knowing now. GreyBrimstone: I can tell you how PHC works GreyBrimstone: they are very interesting. GreyBrimstone: Yet, not so organized. |=[ EOF ]=---------------------------------------------------------------=|