Brian McWilliams, SecurityFocus 2002-06-20
Tool makes it easy to hack vulnerable Apache servers under OpenBSD.
Colapse all |
Post comment
Gobbles Releases Apache Exploit
2002-06-20
Anonymous (1 replies)
Anonymous (1 replies)
Hackers
2002-06-20
Anonymous (2 replies)
Anonymous (2 replies)
This recent bunch of advisories and exploits indicates gobbles is directly responsible for the backdooring of dsniff and irssi. When are the authorities going to step in and make some big busts?...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers
2002-06-21
The Clone (7 replies)
The Clone (7 replies)
Why should the authorities bust Gobbles? Gobbles happens to be one of the few security researchers out there who:
1. publishes more useful advisories to the community than anyone I've ever seen
2. doesn't do it for profit, like those ISS bastards
3. has one hell of a good sense of humour. W...
[ more ] [ reply ]
1. publishes more useful advisories to the community than anyone I've ever seen
2. doesn't do it for profit, like those ISS bastards
3. has one hell of a good sense of humour. W...
[ more ] [ reply ]
Hackers
2002-06-21
Anonymous (2 replies)
Anonymous (2 replies)
Yeah, we need more people like these people at Gobbles to give all the script kiddies the tools to break into other peoples servers. Although I am not especially impressed with ISS and the like, I would say that people that release exploits for malicious purposes are criminals and should be treated ...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers
2002-06-24
Anonymous Cowardess
Anonymous Cowardess
At the same level, companies who release advisories to gain personal/financial profit from it, endangering the community and then making lukewarm statements, should be shut down, too. At least Gobbles does not make dough with their advisories, ISS makes lots of money by selling inferior software pat...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers-GO
2002-06-24
omikorn (at) yahoo (dot) com [email concealed] (1 replies)
omikorn (at) yahoo (dot) com [email concealed] (1 replies)
No, you should be treated like lowlifes, you netowrk admins receive a monthly salary instead a single payment for installing a default configuration for a system or some kind of software...and as a result sites are hacked. So who`s guilty? The one who forgot a bug in some software? the guys who rele...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Hackers-GO
2005-10-26
a Nocturnal student
a Nocturnal student
i agree with on almost every premise, but a difference is the lines of code each program has think what it would be like if you were an admin who was told to make a "unhackable network"(an impossibility i might add), you would have to go over zillions of lines of code the reason its an impossibility...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers
2002-06-21
paralyse
paralyse
I totally agree with 'The Clone', why bust the ones that make us realise the threats ? While they are in jail for your idiotic statements, hackers and other malicious users can get into private systems with sensitive information. I dont think you have enough experience with break-ins and the damage ...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers
2002-06-21
Anonymous (1 replies)
Anonymous (1 replies)
I applaud Gobbles for finding the vulnerability and reporting it so that it can be fixed. However, I find it highly unethical to pass the exploit around to their friends for a few weeks before reporting it. That is the kind of action that can lead to legal action.
In another exploit found by Go...
[ more ] [ reply ]
In another exploit found by Go...
[ more ] [ reply ]
Hackers
2002-06-22
Anonymous
Anonymous
There is a perfectly good reason to use exploits. First, to check if your own system is vulnerable, and two, to verify that the patch worked.
If you know that your system is vulnerable, then you should check it out to see if it has been broken into, and if any damage was done.
If the advisory ...
[ more ] [ reply ]
If you know that your system is vulnerable, then you should check it out to see if it has been broken into, and if any damage was done.
If the advisory ...
[ more ] [ reply ]
Hackers
2002-06-21
Not Really Anonymous
Not Really Anonymous
I don't know, have you looked at the source for this exploit?
This group has some personal goal to try and get one up on theo and his gang. I mean really, whats with the 15yr old attitude, isn't this about making code more secure, not a fame war?
One more question, why doesn't "GOBBLES Securi...
[ more ] [ reply ]
This group has some personal goal to try and get one up on theo and his gang. I mean really, whats with the 15yr old attitude, isn't this about making code more secure, not a fame war?
One more question, why doesn't "GOBBLES Securi...
[ more ] [ reply ]
Hackers
2002-06-25
Anonymous
Anonymous
Well, it seems that ISS thinks that it is the ONE that "discovered" this hole.
taken from
---------- http://www.iss.net/index.php ----------
Remote Compromise Vulnerability in Apache HTTP Server
Internet Security Systems? X- Force? has discovered a serious vulnerability in the default vers...
[ more ] [ reply ]
taken from
---------- http://www.iss.net/index.php ----------
Remote Compromise Vulnerability in Apache HTTP Server
Internet Security Systems? X- Force? has discovered a serious vulnerability in the default vers...
[ more ] [ reply ]
eEye Scanner
2002-06-21
Dirk (1 replies)
Dirk (1 replies)
The scanner is a bit lame. It only seems to look at the version number in the banner, which a) may not be available at all b) be a patched server with same version number.
Dirk...
[ more ] [ reply ]
Dirk...
[ more ] [ reply ]
eEye Scanner
2002-06-21
marc (1 replies)
marc (1 replies)
Yes the current version is using banner information. We are releasing a new version today which performs an active attack to see if it is vulnerable or not since banner searching is not a 100% science, however it is much safer. So it will be optional.
cheers,
marc maiffret...
[ more ] [ reply ]
cheers,
marc maiffret...
[ more ] [ reply ]
eEye Scanner
2002-06-21
lord aambro (1 replies)
lord aambro (1 replies)
then state what your "scanner" does. reading a banner for version number and calling it vulnerable is lame.... ...
[ more ] [ reply ]
[ more ] [ reply ]
eEye Scanner
2002-06-23
Anonymous (1 replies)
Anonymous (1 replies)
eEye Scanner
2002-06-24
Anonymous
Anonymous
I've just downloaded the version available today and found that:
(1) it reports my AIX IBM HTTP Servers as vulnerable - as I expected
(2) every time I scan using the tool an httpd process is killed on the server
This would suggest that the tool does indeed exploit the vulnerability and causes...
[ more ] [ reply ]
(1) it reports my AIX IBM HTTP Servers as vulnerable - as I expected
(2) every time I scan using the tool an httpd process is killed on the server
This would suggest that the tool does indeed exploit the vulnerability and causes...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-21
nologin (1 replies)
nologin (1 replies)
The security world wanted proof so they recieved it. Way to go Gobbles, keep up the great researching =]
First they came for the hackers. But I never did anything illegal with my computer, so I didn't speak up.Then they came for the pornographers. But I thought there was too much smut on the...
[ more ] [ reply ]
First they came for the hackers. But I never did anything illegal with my computer, so I didn't speak up.Then they came for the pornographers. But I thought there was too much smut on the...
[ more ] [ reply ]
Exploit Attemped on FreeBSD
2002-06-24
Anonymous
Anonymous
I just got the warning this morning when I checked my logs. There is apparently an exploit out for FreeBSD now as, unless the log was faked, this is the attack sequence:
XXX.XXX.XXX.XXX - - [24/Jun/2002:06:19:21 +0900] "GET /poweredby.html HTTP/1.1" 200 17339 "http://www.google.com/search?q=powe...
[ more ] [ reply ]
XXX.XXX.XXX.XXX - - [24/Jun/2002:06:19:21 +0900] "GET /poweredby.html HTTP/1.1" 200 17339 "http://www.google.com/search?q=powe...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-21
Anonymous
Anonymous
I haven't seen security reports as clear as gobbles in quite some time, with the commercialization of the security industry it seems to have scared many to do so. I think anyone trying to hide these kind of holes in software instead of informing the public about them is too ignorant to be any part ...
[ more ] [ reply ]
[ more ] [ reply ]
Gobbles on time
2002-06-21
Anonymous (4 replies)
Anonymous (4 replies)
How long would Gobbles kept the vulnerability to themselves? It seems to me that if ISS hadn't found the bug, we would all still sitting in the dark, a target for them and their black hat friends. What a bunch of children. Grow up Gobbles. ...
[ more ] [ reply ]
[ more ] [ reply ]
Gobbles on time
2002-06-21
The Clone
The Clone
The ISS founder and CTO claims to have contacted Apache at around 9:30am, and then released the advisory sometime in the afternoon. Don't you think that was a little bit irresponsible of Internet Security Systems to release it without at least WAITING for a reply from Apache? It's all about ISS' sad...
[ more ] [ reply ]
[ more ] [ reply ]
Gobbles on time
2002-06-22
Anonymous
Anonymous
Instead of pointing fingers at ppl like Gobbles you'd better hire them instead of your usual freak that writes a bunch of lies on his resumes and knows a friend that knows another friend in the company ...
Else you're going to see more and more ppl like Gobbles that will teach companies such as I...
[ more ] [ reply ]
Else you're going to see more and more ppl like Gobbles that will teach companies such as I...
[ more ] [ reply ]
Gobbles on time
2002-06-22
Anonymous (4 replies)
Anonymous (4 replies)
Not true. Mark Litchfield had already reported it to Apache and they were working on a fix when ISS published. The problem was getting fixed and if ISS would have waited a few days, like the person who discovered it (Mark), everyone would have had a chance to install the fix before the whole world...
[ more ] [ reply ]
[ more ] [ reply ]
Gobbles on time
2002-06-22
Anonymous
Anonymous
I was going over old Gobbles advisories, and I found something very startling. In their 10th advisory released during November of last year, which can be found at
http://www.hackemate.com.ar/advisories/Gobbles/GOBBLES-10.txt
And also mirrored on many other sites (try a google search), they pla...
[ more ] [ reply ]
http://www.hackemate.com.ar/advisories/Gobbles/GOBBLES-10.txt
And also mirrored on many other sites (try a google search), they pla...
[ more ] [ reply ]
Gobbles on time
2002-06-22
Anonymous (1 replies)
Anonymous (1 replies)
"If Goebells is so nobel, why didn't they tell Apache privately months ago when they found the exploit?"
Answer: because they're morons.
The sooner idiots like Gobbles learn to treat the security scene with a slightly mature attitude, the sooner we will see real progress being made.
Fame. P...
[ more ] [ reply ]
Answer: because they're morons.
The sooner idiots like Gobbles learn to treat the security scene with a slightly mature attitude, the sooner we will see real progress being made.
Fame. P...
[ more ] [ reply ]
Gobbles on time
2002-06-24
Anonymous
Anonymous
Out of all the ridiculous things written...
Start treating the security scene with a little more respect?
Pray tell, what is the security scene? Efnet? Securityfocus?
You speak of the scene, and not the industry. Are you jealous of GOBBLES?
The scene and industry are different thi...
[ more ] [ reply ]
Start treating the security scene with a little more respect?
Pray tell, what is the security scene? Efnet? Securityfocus?
You speak of the scene, and not the industry. Are you jealous of GOBBLES?
The scene and industry are different thi...
[ more ] [ reply ]
Gobbles should do time
2002-06-22
Anonymous (2 replies)
Anonymous (2 replies)
Accessory to the crime - its illegal too. He admitted to giving out the exploit and knowing that /his/ exploit was used by the people to whom he gave it to perpetrate a crime. Hiding their names is Obstruction, which again is illegal.
This guy doesn't have much going for him.
...
[ more ] [ reply ]
This guy doesn't have much going for him.
...
[ more ] [ reply ]
Gobbles should do time
2002-06-24
Anonymous
Anonymous
Isn't it a little narrow to assume Gobbles is an American and is thus bound by US laws? Or is this a known fact?
Besides that, I haven't seen any crime committed. I am a lawyer and I can assure you that any prosecution would be thrown out of an American court. There are so many legal defenses at...
[ more ] [ reply ]
Besides that, I haven't seen any crime committed. I am a lawyer and I can assure you that any prosecution would be thrown out of an American court. There are so many legal defenses at...
[ more ] [ reply ]
Gobbles should do time
2002-06-24
Anonymous
Anonymous
Comon people can you really be THAT easy to fool?? It is obvious that Gobbles enjoy's stirring up the pot. Do you really think that they would write an advisory and implicate themselves in a crime? Read all the other advisories. You will then realize that it is just a poke at Dug Song for getting ro...
[ more ] [ reply ]
[ more ] [ reply ]
Gobbles on time
2002-06-22
Anonymous (1 replies)
Anonymous (1 replies)
Ok, that post was just too stupid for me to ignore.
Gobbles apparently wrote the exploit for one reason: to gain unauthorized access to computers. Can you think of any other reason to write a tool to use to break into a system, other than actually using it in unauthorized intrusions?
Come on...
[ more ] [ reply ]
Gobbles apparently wrote the exploit for one reason: to gain unauthorized access to computers. Can you think of any other reason to write a tool to use to break into a system, other than actually using it in unauthorized intrusions?
Come on...
[ more ] [ reply ]
Hacking -v- cracking
2002-06-25
Anonymous
Anonymous
I'm sorry but for those so obviously new to the technology industry I had to clear something up:
One version of anonymous wrote: "Hackers write exploits so they can use them to _hack_. This is why we call hackers hackers -- because they hack."
In reality CRACKERS write exploits to crack into p...
[ more ] [ reply ]
One version of anonymous wrote: "Hackers write exploits so they can use them to _hack_. This is why we call hackers hackers -- because they hack."
In reality CRACKERS write exploits to crack into p...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-23
Anonymous (2 replies)
Anonymous (2 replies)
1)maybe this will encourage openbsd to move to a(n even) stronger position, but it seems to take the "if you enable it you own it" position, but people run services, not just portmap and inetd (with nothing on) and sshd, but stuff like webservers.
2)this attempts to ridicule openbsd as "theobsd" bu...
[ more ] [ reply ]
2)this attempts to ridicule openbsd as "theobsd" bu...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-23
Anon (1 replies)
Anon (1 replies)
While everyone is wondering is globbles all what they say they are i think not. My own opinion is that they are a group of talented 'Blackhats' who are really just taking the piss out of whitehat security groups and if u look at the apache-nosejob.c exploit it says on it
* Greets to our two new...
[ more ] [ reply ]
* Greets to our two new...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-25
Penile Implant
Penile Implant
'My own opinion is that they are a group of talented 'Blackhats' who are really just taking the piss out of whitehat security groups'
I agree, but I don't think they are limiting themselves to whitehat groups. I don't think they make the distinction between white and black, rather their mindset i...
[ more ] [ reply ]
I agree, but I don't think they are limiting themselves to whitehat groups. I don't think they make the distinction between white and black, rather their mindset i...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-25
Not Really Anonymous
Not Really Anonymous
My only comment is, you don't have to use the OpenBSD software and can code your own secure operating system, then have peers pick at the code all day long.
BTW, the claim is true, but who really cares about that claim when they decide to use OpenBSD. Actually I use it because it is more stable ...
[ more ] [ reply ]
BTW, the claim is true, but who really cares about that claim when they decide to use OpenBSD. Actually I use it because it is more stable ...
[ more ] [ reply ]
Gobbles Releases Apache Exploit
2002-06-24
Anonymous Coward (1 replies)
Anonymous Coward (1 replies)
=)
It's interesting to note the good, hackers can actually perform by creating an exploit and releasing it publicly,
as opposed to someone who would invent it and simply exploit anything they can get their hands on. Be thankful you're not facing a full-blown worm....
Yes there's a downside, i...
[ more ] [ reply ]
It's interesting to note the good, hackers can actually perform by creating an exploit and releasing it publicly,
as opposed to someone who would invent it and simply exploit anything they can get their hands on. Be thankful you're not facing a full-blown worm....
Yes there's a downside, i...
[ more ] [ reply ]
Re: Gobbles Releases Apache Exploit
2007-06-27
Red Teeth
Red Teeth
Wow what a bunch of cry babies.. "when are the authorities going to do something" What pathetic losers. Oh hackers did this hackers did that... My lord people have you not gotten over elementary school yet?
And for ever hacker clan this does get wiped out (Rarly) a new one takes it's place.
Don...
[ more ] [ reply ]
And for ever hacker clan this does get wiped out (Rarly) a new one takes it's place.
Don...
[ more ] [ reply ]
[ more ] [ reply ]