                             ==Phrack Inc.==

               Volume 0x0b, Issue 0x3f, Phile #0x06 of 0x0f

|=-------------------------[ Eye on the Spy ]---------------------------=|
|=----------------------------------------------------------------------=|
|=----------------------------[ daemon10 ]------------------------------=|



1 - Introduction

2 - The Apex Intrusion Detection Solution (TM)
	2.1 - Introduction
	2.2 - What It Has
	2.3 - Is There Anything Else?

3 - Counterpoint




--[ 1. Introduction

AHH, one of our favorite security companies in the whole wide world -
SNOSoft. In case you don't know what that stands for, it's short for
"Secure Network Operations, Inc." whose motto is apparently "Embracing the
future of technology, protecting you." SNOSoft has worked hard to embrace
the future in several ways, including 'for loop engineering.'


--- http://www.segfault.net/ouch/codingmadness/KF_programming_abc.txt ----
My question is does anyone know how to programatically do this? Do i 
need to make use of bit shifting or something? I need only a program to 
print the list to the screen or something simple. Example output would 
be ...

AAAA
BBBBB
....
AAAB
AAAC
...
and so on but ONLY unique posibilities.

-KF
------------------------------- CUT CUT CUT ------------------------------

But the Keystone seCOPS have come up with some interesting business ploys,
spearheaded by the charismatic KF, who has been referred to as the "Donald
Trump of Infosec." 

Check out the latest offer on their webpage:

"Preliminary External Security Audit starting at $1000.00.
(We guarentee that we will discover at least one vulnerability or the audit
is free..)"

Roughly speaking, that translates directly to "SNOSOFT BANKRUPTCY."
However, I'm sure that if snosoft works on it hard enough, they'll be able
to find at least one misspelling in their ad.

Some of their claims are alarming.
See what they write about their ANVIL Forensic Collection System:

"ANVIL FCS collects enough evidence to identify and potentially prosecute
an intruder."

It becomes rather difficult to gauge exactly what SNO's motives are, as
they have hired some much lesser members of the hacking community, who have
apparently collectively channeled their cumulative 80 IQ into entrapping
other hackers and making life hell for them.

Here is another enticing claim by SnoSOFT:
"Our highly qualified Strategic Reconnaissance Team (recon) has over 70
years cumulitive industry expereince in network and systems security.
While vulnerability scanners areuseful and do protect you from the majority
of vulnerabilities, they are incapable of matching the abilities of an
experienced human team. (Scanners are static, humans are dynamic). Our
Strategic Reconnaissance Team is one of the most respected and trusted
teams in the industry and has been responsible for identifying critical
security threats in major software packages on nearly all platforms."

Phrack Staff would like to remind SnoSOFT that in 80 tests conducted
worldwide, entire classrooms of Algebra I students were unable, even with
their combined hundreds of years of mathematical experience, to solve even
the most basic of differential equations. All platforms? Oh yeah, Digital
UNIX and Linux and SCO.

When we look at client testimonials for SNO's services, we see that none
of the entries have signatures to them OR the company references are
protected by the old "NDA" trick.

I'm not going to go on too much longer about all this bullshit, as all of
their code is out there to be looked at and laughed at.

However, this article has one major bone to pick, and this is the part of
SNOSoft's propaganda to which we will respond violently:

"SNO has successfully developed, deployed and implemented highly secure
network architectures utilizing multiple firewalls, Intrusion Detection
Systems (IDS), and proprietary network and system intrusion detection tools.
Some of these secure network architectures have included honey pots
designed specifically to attract, track and trap malicious hackers and
crackers. The information thus collected can then be used to prosecute
the attacker or to learn about the most current methods used to compromise
networks and then defend against similar attacks in the future."




--[ 2. The Apex Intrusion Detection Solution (TM)


----[ 2.1 Background

From this point on I'll try to cut out the rhetoric and let the facts speak
for themselves.

Here's the Apex Readme. (this is actually the largest original file in
the entire product)

---------------------------------------------------------------------------
Apex Intrusion Detection Solution (TM)
Copyright (C) 2003, Secure Network Operations, Inc.  All rights reserved.
-------------------------------------------------------------------------
http://www.secnetops.com

very beta README!!!

README          - This File
bin             - the bin directory for apex controls
conf            - the RSN configuration directory
required        - all required software to make an RSN
shells		- recorder patches, shell source, and binary pre-patched shells

How to install your RSN:

In order to have a fully operational Remote Sensory Node ("RSN") on your network 
you need to:

-) Configure a and install dedicated system at the highest level of your \
network and install either linux or FreeBSD on that system. That system's IP 
address needs to be sent to apex@secnetops.com in an e-mail that contains the 
below information.

Primary Contact First Name: 
Primary Contact Last Name :
Company Name              :
Desired login		  :
Desired password          :
email address for contact :        
State                     :
Country                   :

List of IP addresses for all systems who's logs and file systems are
being recorded/monitored.  System logs are stored for a period of 
6 months and then deleted from the database. If you wish to have a 
dump of your older logs to be archived before they are deleted please
make a note in your e-mail to apex@secnetops.com.


-) Once you have sent the email to apex@secnetops.com you can begin the 
setup of your Remote Sensory Node ("RSN"). 

Steps:
-1) copy GSS.pkg.tar.gz to the / directory of your RSN
-2) rsn# tar -zxvf GSS.pkg.tar.gz
-3) rsn# mv GSS.pkg /GSS
-4) Check for required software:

	In order to run an RSN properly you need to have the following
	software pre-installed.  If the software is not installed it can
	be found in the /GSS/required directory.

	Package:			md5sum: 
	--------			-------
	DBD-mysql-2.1026.tar.gz		bf423505ebe8c799299e707b9efbba31
	DBI-1.34.tar.gz			f0056760bea3d5697c21d64358617895
	Digest-MD5-2.22.tar.gz		8f628250bb0d0fedaa686d4d30cf71f3
	libol-0.3.3.tar.gz		abb7bf9b3cdce1ebee527571da2bf5b9
	openssl-0.9.7b.tar.gz		fae4bec090fa78e20f09d76d55b6ccff
	screen-3.9.15.tar.gz		0dff6fdc3fbbceabf25a43710fbfe75f
	snort-2.0.0.tar.gz		b7d374655c4390c07b2e38a2d381c2bd
	stunnel-4.04.tgz		7490eb4f8544ca976ef7ccc14358b613
	syslog-ng-1.5.23.tar.gz		fe7c30773af99ab0198181cea436849d

Now that you have made sure that your system has the above installed 
you can continue.
 
-5) rsn# cd /GSS/conf/snort/config
-6) rsn# vi snort-mysql.conf  
	
	-Make sure that your snort-mysql.conf is configured properly. If you 
	 are doing this on your own and run into issues please contact us
	 at 978-263-3829 and have your account information ready. 	  

-7) rsn# cd /GSS/conf/stunnel
-8) rsn# vi stunnel.conf make sure that you have the right database configured.	
	- Make certain that your "connect = 66.51.71.210:3307" (or whatever 
	  the database IP and Port are that you were given). If this is incorrect
	  your RSN will not work.

-9) Generating your stunnel.pem file:

	In your /GSS/conf/stunnel directory there is an stunnel.pem file.  That 
	is an example file which will work, but should be changed. To generate 
	your own stunnel.pem file use the openssl package and follow the format
	in the manual page for stunnel.

-10) rsn# cd /GSS/bin
-11) rsn# vi query.pl
	
	Edit the configuration section of the query.pl script. Insert your RSN's 
	IP address and your user's DB password in the right area. Your database
	will be identified by the RSN's IP address.  

	Once you have this done and have the packages installed properly your RSN 
	should be ready to run.  

-12)  	Your RSN scripts will assume that you have the correct files installed
	in the following areas.  (in the next release everything will be installed
	in the /GSS tree.)

	a-) /usr/bin/killall
	b-) /usr/local/sbin/syslog-ng 
	c-) /GSS/conf/syslog-ng.conf
	d-) /GSS/bin/stunnel
	e-) /GSS/bin/start_ng.sh
	f-) /GSS/bin/query.pl

	If everything is installed in the right area, you should be able to exectue:

		
    	rsn# ./apexctl
	Would you like to start or stop your RSN? (start/stop): 
	start
	Apex Intrusion Detection Solution (TM)	
	--------------------------------------
	Copyright (C) 2003 Secure Network Operations, Inc.
	All rights reserved.
 
	Starting RSN
	System Acitve
	rsn0# 



	Validate that your RSN is running properly:
#########################SNIP##################################################	
rsn# ps auwwx | grep snort
root   13305 42.2 46.4 40792 27904  ??  Rs    4:19PM   0:01.82 /usr/local/bin/snort -i ed1 -D -c /usr/local/etc/snort-mysql.conf
root   13316  0.0  0.3   388  196  p1  DL+   4:19PM   0:00.00 grep snort
rsn# ps auwwx | grep stunnel
nobody 13307  0.0  1.4  2728  848  ??  Ss    4:19PM   0:00.05 /GSS/bin/stunnel
root   13318  0.0  0.8  1000  488  p1  DL+   4:19PM   0:00.01 grep stunnel
rsn# ps auwwx | grep query.pl 
root   13309  0.0  0.3  1612  152  ??  Ss    4:19PM   0:00.02 /GSS/bin/screen -d -m /GSS/bin/query.pl
root   13313  0.8  2.6  3168 1548  p3  Ss+   4:19PM   0:00.38 /usr/bin/perl /GSS/bin/query.pl
rsn# ps auwwx | grep syslog-ng
root   13314  0.0  0.7  1016  412  ??  Ss    4:19PM   0:00.02 /usr/local/sbin/syslog-ng -f /GSS/conf/syslog-ng.conf
rsn#
##############################################################################

At this point your RSN should be fully operational.




------------------------------------------------------------------------------------------------

Installing system monitoring utilities on target systems...
---------------------------------------------------------------------------


----[ 2.2 What It Has

Here's a complete file listing of Apex. I'm sure those of you who bought
this product haven't felt as rewarded since you purchased the commercial
version of Commander Keen.

total 60
drwxr-x---  6  route   phc    512 Jan 15 15:15 .
drwxrwx---  6  route   phc    512 Jan 15 15:12 ..
-rw-r-----  1  route   phc   5597 xxx xx  xxxx README
drwxr-x---  2  route   phc    512 xxx xx  xxxx bin
drwxr-x---  4  route   phc    512 xxx xx  xxxx conf
drwxr-x---  2  route   phc    512 xxx xx  xxxx required
drwxr-x---  4  route   phc    512 xxx xx  xxxx system-watch-tools

./bin:
total 956
drwxr-x---  2  route  phc     512 xxx xx  xxxx .
drwxr-x---  6  route  phc     512 Jan 15 15:15 ..
-rwxr-x---  1  route  phc    1087 xxx xx  xxxx apexctl
-rw-r-----  1  route  phc     981 xxx xx  xxxx ip-to-hex.c
-rwxr-x---  1  route  phc    5110 xxx xx  xxxx iptohex
-rwxr-x---  1  route  phc      75 xxx xx  xxxx killall
-rwxr-x---  1  route  phc    5467 xxx xx  xxxx query.pl
-rwxr-x---  1  route  phc  261676 xxx xx  xxxx screen
-rwxr-x---  1  route  phc     104 xxx xx  xxxx start_ng.sh
-rwxr-x---  1  route  phc  183125 xxx xx  xxxx stunnel
-rw-------  1  route  phc    1636 xxx xx  xxxx stunnel.pem

./conf:
total 24
drwxr-x---  4  route  phc   512 xxx xx  xxxx .
drwxr-x---  6  route  phc   512 Jan 15 15:15 ..
drwxr-x---  4  route  phc   512 xxx xx  xxxx snort
drwxr-x---  2  route  phc   512 xxx xx  xxxx stunnel
-rwx------  1  route  phc  3869 xxx xx  xxxx syslog-ng.conf

./conf/snort:
total 16
drwxr-x---  4  route  phc   512 xxx xx  xxxx .
drwxr-x---  4  route  phc   512 xxx xx  xxxx ..
drwxr-x---  2  route  phc   512 xxx xx  xxxx config
drwxr-x---  2  route  phc  1536 xxx xx  xxxx rules

./conf/snort/config:
total 52
drwxr-x---  2  route  phc    512 xxx xx  xxxx .
drwxr-x---  4  route  phc    512 xxx xx  xxxx ..
-r--r-----  1  route  phc  21688 xxx xx  xxxx snort-mysql.conf

./conf/snort/rules:
total 1012
drwxr-x---  2  route  phc   1536 xxx xx  xxxx .
drwxr-x---  4  route  phc    512 xxx xx  xxxx ..
-r--r-----  1  route  phc   4283 xxx xx  xxxx attack-responses.rules
-r--r-----  1  route  phc  10973 xxx xx  xxxx backdoor.rules
-r--r-----  1  route  phc   2047 xxx xx  xxxx bad-traffic.rules
-r--r-----  1  route  phc   4426 xxx xx  xxxx chat.rules
-r--r-----  1  route  phc   3455 xxx xx  xxxx classification.config
-r--r-----  1  route  phc   3455 xxx xx  xxxx classification.config-sample
-r--r-----  1  route  phc   6600 xxx xx  xxxx ddos.rules
-r--r-----  1  route  phc  24499 xxx xx  xxxx deleted.rules
-r--r-----  1  route  phc   4882 xxx xx  xxxx dns.rules
-r--r-----  1  route  phc   4183 xxx xx  xxxx dos.rules
-r--r-----  1  route  phc    417 xxx xx  xxxx experimental.rules
-r--r-----  1  route  phc  10065 xxx xx  xxxx exploit.rules
-r--r-----  1  route  phc   3131 xxx xx  xxxx finger.rules
-r--r-----  1  route  phc  11809 xxx xx  xxxx ftp.rules
-r--r-----  1  route  phc  15913 xxx xx  xxxx icmp-info.rules
-r--r-----  1  route  phc   4569 xxx xx  xxxx icmp.rules
-r--r-----  1  route  phc   3998 xxx xx  xxxx imap.rules
-r--r-----  1  route  phc   1447 xxx xx  xxxx info.rules
-r--r-----  1  route  phc    150 xxx xx  xxxx local.rules
-r--r-----  1  route  phc   8852 xxx xx  xxxx misc.rules
-r--r-----  1  route  phc   1543 xxx xx  xxxx multimedia.rules
-r--r-----  1  route  phc    773 xxx xx  xxxx mysql.rules
-r--r-----  1  route  phc   4832 xxx xx  xxxx netbios.rules
-r--r-----  1  route  phc    725 xxx xx  xxxx nntp.rules
-r--r-----  1  route  phc   6081 xxx xx  xxxx oracle.rules
-r--r-----  1  route  phc   1329 xxx xx  xxxx other-ids.rules
-r--r-----  1  route  phc   2902 xxx xx  xxxx p2p.rules
-r--r-----  1  route  phc   4330 xxx xx  xxxx policy.rules
-r--r-----  1  route  phc    954 xxx xx  xxxx pop2.rules
-r--r-----  1  route  phc   2683 xxx xx  xxxx pop3.rules
-r--r-----  1  route  phc   4970 xxx xx  xxxx porn.rules
-r--r-----  1  route  phc    548 xxx xx  xxxx reference.config
-r--r-----  1  route  phc    548 xxx xx  xxxx reference.config-sample
-r--r-----  1  route  phc  25577 xxx xx  xxxx rpc.rules
-r--r-----  1  route  phc   2382 xxx xx  xxxx rservices.rules
-r--r-----  1  route  phc   4594 xxx xx  xxxx scan.rules
-r--r-----  1  route  phc   4276 xxx xx  xxxx shellcode.rules
-r--r-----  1  route  phc   6310 xxx xx  xxxx smtp.rules
-r--r-----  1  route  phc   3916 xxx xx  xxxx snmp.rules
-r--r-----  1  route  phc  11608 xxx xx  xxxx sql.rules
-r--r-----  1  route  phc   3404 xxx xx  xxxx telnet.rules
-r--r-----  1  route  phc   2139 xxx xx  xxxx tftp.rules
-r--r-----  1  route  phc  14996 xxx xx  xxxx virus.rules
-r--r-----  1  route  phc  10306 xxx xx  xxxx web-attacks.rules
-r--r-----  1  route  phc  79080 xxx xx  xxxx web-cgi.rules
-r--r-----  1  route  phc   1698 xxx xx  xxxx web-client.rules
-r--r-----  1  route  phc   8898 xxx xx  xxxx web-coldfusion.rules
-r--r-----  1  route  phc   8397 xxx xx  xxxx web-frontpage.rules
-r--r-----  1  route  phc  29207 xxx xx  xxxx web-iis.rules
-r--r-----  1  route  phc  70177 xxx xx  xxxx web-misc.rules
-r--r-----  1  route  phc   6072 xxx xx  xxxx web-php.rules
-r--r-----  1  route  phc    524 xxx xx  xxxx x11.rules

./conf/stunnel:
total 16
drwxr-x---  2  route  phc   512 xxx xx  xxxx .
drwxr-x---  4  route  phc   512 xxx xx  xxxx ..
-rw-r-----  1  route  phc   330 xxx xx  xxxx stunnel.conf
-rw-------  1  route  phc  1636 xxx xx  xxxx stunnel.pem

./required:
total 13660
drwxr-x---  2  route  phc      512 xxx xx  xxxx .
drwxr-x---  6  route  phc      512 Jan 15 15:15 ..
-rw-r-----  1  route  phc    97845 xxx xx  xxxx DBD-mysql-2.1026.tar.gz
-rw-r-----  1  route  phc   290116 xxx xx  xxxx DBI-1.34.tar.gz
-rw-r-----  1  route  phc    42057 xxx xx  xxxx Digest-MD5-2.22.tar.gz
-rw-r-----  1  route  phc   197103 xxx xx  xxxx libol-0.3.3.tar.gz
-rw-r-----  1  route  phc  2784331 xxx xx  xxxx openssl-0.9.7b.tar.gz
-rw-r-----  1  route  phc   829248 xxx xx  xxxx screen-3.9.15.tar.gz
-rw-r-----  1  route  phc  1556540 xxx xx  xxxx snort-2.0.0.tar.gz
-rw-r-----  1  route  phc   733726 xxx xx  xxxx stunnel-4.04.tgz
-rw-r-----  1  route  phc   279699 xxx xx  xxxx syslog-ng-1.5.23.tar.gz

./system-watch-tools:
total 16
drwxr-x---  4  route  phc  512 xxx xx  xxxx .
drwxr-x---  6  route  phc  512 Jan 15 15:15 ..
drwxr-x---  2  route  phc  512 xxx xx  xxxx faudit.1.0a
drwxr-x---  4  route  phc  512 xxx xx  xxxx shells

./system-watch-tools/faudit.1.0a:
total 908
drwxr-x---  2  route  phc     512 xxx xx  xxxx .
drwxr-x---  4  route  phc     512 xxx xx  xxxx ..
-rw-r-----  1  route  phc   97845 xxx xx  xxxx DBD-mysql-2.1026.tar.gz
-rw-r-----  1  route  phc  290116 xxx xx  xxxx DBI-1.34.tar.gz
-rw-r-----  1  route  phc   42057 xxx xx  xxxx Digest-MD5-2.22.tar.gz
-rwx------  1  route  phc    7451 xxx xx  xxxx faudit

./system-watch-tools/shells:
total 16
drwxr-x---  4  route  phc  512 xxx xx  xxxx .
drwxr-x---  4  route  phc  512 xxx xx  xxxx ..
drwxr-x---  3  route  phc  512 xxx xx  xxxx BINARIES
drwxr-x---  4  route  phc  512 xxx xx  xxxx SOURCES

./system-watch-tools/shells/BINARIES:
total 12
drwxr-x---  3  route  phc  512 xxx xx  xxxx .
drwxr-x---  4  route  phc  512 xxx xx  xxxx ..
drwxr-x---  2  route  phc  512 xxx xx  xxxx FreeBSD-4.8

./system-watch-tools/shells/BINARIES/FreeBSD-4.8:
total 1672
drwxr-x---  2  route  phc     512 xxx xx  xxxx .
drwxr-x---  3  route  phc     512 xxx xx  xxxx ..
-rwxr-x---  1  route  phc  531908 xxx xx  xxxx bash
-rwxr-x---  1  route  phc  274588 xxx xx  xxxx tcsh

./system-watch-tools/shells/SOURCES:
total 16
drwxr-x---  4  route  phc  512 xxx xx  xxxx .
drwxr-x---  4  route  phc  512 xxx xx  xxxx ..
drwxr-x---  2  route  phc  512 xxx xx  xxxx BASH
drwxr-x---  2  route  phc  512 xxx xx  xxxx TCSH

./system-watch-tools/shells/SOURCES/BASH:
total 4296
drwxr-x---  2  route  phc      512 xxx xx  xxxx .
drwxr-x---  4  route  phc      512 xxx xx  xxxx ..
-rw-r-----  1  route  phc  1807947 xxx xx  xxxx bash-2.05a.tar.gz
-rw-r-----  1  route  phc   339816 xxx xx  xxxx bash-bofh-2.05a-0.0.1

./system-watch-tools/shells/SOURCES/TCSH:
total 1392
drwxr-x---  2  route  phc     512 xxx xx  xxxx .
drwxr-x---  4  route  phc     512 xxx xx  xxxx ..
-rw-r-----  1  route  phc  665733 xxx xx  xxxx tcsh-6.10.tar.gz
-rw-r-----  1  route  phc   19324 xxx xx  xxxx tcsh-bofh-6.10-0.0.1a


----[ 2.3. Is There Anything Else?

Sadly, the answer to this question is really "no." Unless you want us
to make fun of the snort source code some more. As we already saw, a
post to full-disclosure dumped the src code to SNO's prized 
ip-to-hex.c.

Here's some of their other files:

-------------------------------killall-------------------------------------
#/bin/sh
ps -ea | grep $1 | awk '$1 ~ /^[^SI]/ { system("kill -9 " $1); }'
-------------------------------killall-------------------------------------

----------------------------start_ng.sh------------------------------------
#!/bin/sh
/usr/bin/killall -9 syslogd syslog-ng
/usr/local/sbin/syslog-ng -f /GSS/conf/syslog-ng.conf
----------------------------start_ng.sh------------------------------------

-------------------------------apexctl-------------------------------------
#!/usr/local/bin/bash
#Apex Intrusion Detection Solution (TM)
#Copyright (C) 2003, Secure Network Operations, Inc.  All rights reserved.
#-------------------------------------------------------------------------
#http://www.secnetops.com

until test
do
echo "Would you like to start or stop your RSN? (start/stop): "
read test
case $test in
start)
echo "Apex Intrusion Detection Solution (TM)"
echo "--------------------------------------"
echo "Copyright (C) 2003 Secure Network Operations, Inc."
echo "All rights reserved."
echo " "
echo "Starting RSN"
/usr/local/bin/snort -i ed1 -D -c /usr/local/etc/snort-mysql.conf
/GSS/bin/stunnel
/GSS/bin/screen  -d -m /GSS/bin/query.pl
/GSS/bin/start_ng.sh
echo "System Acitve"
exit 0
;;

stop)
echo echo "Apex Intrusion Detection Solution (TM)"
echo "--------------------------------------"
echo "Copyright (C) 2003 Secure Network Operations, Inc."
echo "All rights reserved."
/usr/bin/killall -9 snort
/usr/bin/killall -9 syslog-ng
/usr/bin/killall -9 query.pl
/usr/bin/killall -9 stunnel
echo "System Inactive"
exit 0
;;

esac
done
-------------------------------apexctl-------------------------------------

This leaves 2 more files...
I'm not going to bloat this release with their full contents, but if SNO
talk any shit about this article I'll drop everything+more.

-------------------------------faudit--------------------------------------
#!/usr/bin/perl -w

###########################################################################
# Faudit v1.5 - Creates/Compares MD5 checksums of specified files
#
# Loki <loki@snosoft.com>
#
###########################################################################
-------------------------------faudit--------------------------------------

------------------------------query.pl-------------------------------------
#!/usr/bin/perl
############################################################
#Apex Intrusion Detection Solution (TM)
#Copyright (C) 2003, Secure Network Operations, Inc.  All rights reserved.
#-------------------------------------------------------------------------
#http://www.secnetops.com
#
#
# - Creates a named pipe of syslogd-ng data
# - Converts IPv4 addresses into a hex value
# - Based on the host, inserts data to its respective db
# - Under no circumstances should this program exit
#
############################################################
------------------------------query.pl-------------------------------------




--[ 3. Counterpoint

Since Phrack is all about a fair debate model, we will now offer some AIM
conversation logs showing exactly what SNOSoft thinks about #phrack
magazine, Larry King Style:


GreyBrimstone: Hey
GreyBrimstone: I need to ask you something
jasonzemos: what
GreyBrimstone: http://seclists.org/lists/fulldisclosure/2003/Nov/0744.html
GreyBrimstone: who posted that?
GreyBrimstone: well?
jasonzemos: ziplip.com?
jasonzemos: lol
GreyBrimstone: yes
GreyBrimstone: Do you know who sent that.
GreyBrimstone: I am askign because Mike Cramp was the only person who knew about that.
jasonzemos: i donno, ill discuss with PR and see if a zemos was involved
jasonzemos: (they know everything)
GreyBrimstone: please do.
GreyBrimstone: let me know.
GreyBrimstone: I am pretty pissed off.
jasonzemos: actually
jasonzemos: lemme login to *
jasonzemos: and ask them.
GreyBrimstone: ok
GreyBrimstone: =)
jasonzemos: well
jasonzemos: does it work?
jasonzemos: lol
GreyBrimstone: The code is fixed, the vulnerability was real.
GreyBrimstone: thats not the issue.
GreyBrimstone: the issue is that they ahve internal code, that they released internal code, and that they are spreading 
lies
about SNO and iDefense.
jasonzemos: ouch
GreyBrimstone: I need to find the source of this.
GreyBrimstone: I will pay if I need to.
GreyBrimstone: let me know what the deal is when you collect any information please.
jasonzemos: ok
GreyBrimstone: What is your time worth?
jasonzemos: $0
jasonzemos: first off, i have no time
GreyBrimstone: lol
jasonzemos: second,
jasonzemos: i dont really know about that, ill talk to someone who does
jasonzemos: or you can wait till mikecc comes home from school
jasonzemos: ask him
GreyBrimstone: I'd appreciate you talking to people you know, I will talk to folks I know as well.
GreyBrimstone: Thank you very much.
GreyBrimstone: very much.
GreyBrimstone: If you need anything please do not hesitate to ask.
jasonzemos: dude, it says PHC did it
jasonzemos: right in the post
jasonzemos: lol
GreyBrimstone: where?
jasonzemos: they left their mark
jasonzemos: loud and clear
GreyBrimstone: lol where
GreyBrimstone: am I blind?
GreyBrimstone: I must be
jasonzemos: Special thanks to iDefense for allowing our "company" to participate
in the profiling of the Phrack High Council. In the end, it seems we
are the ones that got "reconned", and that there are probably better
sources of "intelligence" than either Snosoft or iDefense.
GreyBrimstone: lol
GreyBrimstone: ok
GreyBrimstone: well thats cute.
GreyBrimstone: how did I miss that?
GreyBrimstone: I want to know who sent the post.
jasonzemos: hehe, that was the intention ;-)
jasonzemos: phc, obviously
GreyBrimstone: yes
GreyBrimstone: but who
GreyBrimstone: I want the name
GreyBrimstone: ;)
jasonzemos: dude, PHC is one of the most mysterious satiric active blackhat groups around these days
jasonzemos: i dont even have access to that information, lol
GreyBrimstone: I do.
jasonzemos: right when i read it was PHC
jasonzemos: i was like... hrmm.. i think ill leave this one alone ;-)
GreyBrimstone: See
GreyBrimstone: they made a mistake
GreyBrimstone: When I decide that I am going to do something
GreyBrimstone: I do it.
GreyBrimstone: I don't fail.
GreyBrimstone: I will succeed
GreyBrimstone: and I will find the individual responsible.
jasonzemos: lmao
GreyBrimstone: even if I am 90 by the time I do it.
GreyBrimstone: lol
jasonzemos: thats like saying youre going to find a scratched ferrule in an OC-3072
jasonzemos: its just... not gonna happen
jasonzemos: lol
GreyBrimstone: We'll see.
jasonzemos: dude, nobody knows ANYTHING about PHC
GreyBrimstone: I am going to make it one of my side projects.
jasonzemos: not even dvdman, nobody
jasonzemos: lol
GreyBrimstone: I know some people that do.
GreyBrimstone: dvdman is my friend.
GreyBrimstone: lol
jasonzemos: he hates them
GreyBrimstone: yes I know
jasonzemos: so he is a good friend ;-)
jasonzemos: lol
GreyBrimstone: lol
GreyBrimstone: he was always a good friend.
GreyBrimstone: I'll talk to some of the 0dd folks.
GreyBrimstone: test, 303 etc.
GreyBrimstone: I know people in nearly all of the major groups.
GreyBrimstone: I want to know just for the fuck of knowing now.
GreyBrimstone: I can tell you how PHC works
GreyBrimstone: they are very interesting.
GreyBrimstone: Yet, not so organized.



|=[ EOF ]=---------------------------------------------------------------=|
