<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1250">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>While I’m not normally one to reply
to this list… I can’t stand to see this go on any further. Don’t
expect another response as I don’t have the time (other than late Friday night)
to sit and respond to this drivel.. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>n3td3v:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>How do you figure on this single user
Microsoft Windows XP computer?? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Last time I checked Windows XP was a
multi-user environment… Also… if it’s not a botnet it must be
Windows… that’s a rather childish thought…. Also a botnet has
negative connotations.. That is to say, it’s a group of PCs under the
control of a single individual or group. This group of PCs (Zombies) are used
mostly for illegal purposes, or on IRC networks (different sort of botnet…
where the name was derived from). <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>What makes you think that RSA has a single
IP… that’s a pretty foolhardy belief. They aren’t some kid on
a cable modem. In fact, a quick search of ARIN, assuming only RSA Security
shows they have several net blocks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>---SNIP---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security Inc. RSA-SECURITY-C1
(NET-192-80-211-0-1) 192.80.211.0 - 192.80.211.255<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security Inc. RSA-SECURITY
(NET-216-162-240-0-1) 216.162.240.0 - 216.162.255.255<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security Inc. UU-63-84-35-192-D4
(NET-63-84-35-192-1) 63.84.35.192 - 63.84.35.223<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA SECURITY UU-65-216-28-32-D7
(NET-65-216-28-32-1) 65.216.28.32 - 65.216.28.39<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA SECURITY UU-65-214-232-56-D3
(NET-65-214-232-56-1) 65.214.232.56 - 65.214.232.63<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security UU-65-221-107
(NET-65-221-107-0-1) 65.221.107.0 - 65.221.107.255<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Rsa Security Inc SBC066123220136030905
(NET-66-123-220-136-1) 66.123.220.136 - 66.123.220.143<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security, Inc. QWEST-IAD-RSA1
(NET-63-150-186-0-1) 63.150.186.0 - 63.150.186.255<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>RSA Security, Inc. QWEST-IAD-RSA
(NET-66-77-65-208-1) 66.77.65.208 - 66.77.65.223<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>---SNIP---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The odds are that others involved in this
will contribute machines on their networks.. and that RSA owns blocks not listed
above… servers setup on these blocks running the software will submit
information to the pages… This is not a botnet… If this is a botnet
then the worlds SMTP servers are a huge botnet… oh yeah and the Root DNS
servers must be a botnet… <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>We’re not asking a lot here.. just
that you think a little and approach this from at least somewhat of a technical
understanding… <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Others have already pointed out why this
will work from a banks point-of-view and others on why phishers are not
automated… I’m now showing you why this isn’t some big
illegal botnet… and how it’s a completely legal operation…. I’d
bet that by inviting hackers… RSA is saying run the software… Think
of it as distributed computing… Is that a big illegal botnet as well?? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Peace,<br>
HT<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] <b><span style='font-weight:
bold'>On Behalf Of </span></b>n3td3v<br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, March 31, 2006 11:50
PM<br>
<b><span style='font-weight:bold'>To:</span></b> Morning Wood;
full-disclosure@lists.grok.org.uk<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Full-disclosure]
n3td3v group calls on RSA to clarify theirstance</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>If the RSA aren't using a
bot network, then are you suggesting they are sending garbage data from one
single user Microsoft Windows XP computer.... to all the worlds phishing
logins? Wake up mr se cur ity at hotmail dot com <o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><span class=gmailquote><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>On 4/1/06, <b><span style='font-weight:bold'>Morning
Wood</span></b> <<a href="mailto:se_cur_ity@hotmail.com">se_cur_ity@hotmail.com</a>>
wrote:</span></font></span> <o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>>*while RSA are carrying out these attacks, is it legally OK for
hackers to<br>
>"HELP OUT" the RSA by pointing a few of our bot net's at some
Yahoo and <br>
>eBay<br>
>fake login web pages that we know about and feed them with fake username<br>
>and<br>
>password data. We don't want to end up in jail, but since the RSA are doing<br>
>it, so we can tell our lawyers that the RSA recommended the tactic to us.* <br>
>*Much regards,*<br>
>*n3td3v international security group*<br>
<br>
so... the "n3td3v group" has "a few [of our ]
botnets" did I hear this<br>
right? ( *blink* )<br>
somehow I dont think RSA is using "botnets", which BTW are ILLEGAL in
*most* <br>
countries<br>
( yes, including your precious <st1:country-region w:st="on"><st1:place w:st="on">UK</st1:place></st1:country-region>
)<br>
<br>
I just want to thank the biggest security group ( lol ) for using teh<br>
botz!!!<br>
I am sure Yahoo-Inc, Google, EBay, Microsoft and FooBarBlehCo will thank<br>
you publicly on CNN so we will know how n3td3v group saved us all with <br>
botnets!!!<br>
<br>
thanks b0td3v gr0upz,<br>
MW<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>--<br>
No virus found in this incoming message.<br>
Checked by AVG Free Edition.<br>
Version: 7.1.385 / Virus Database: 268.3.3/298 - Release Date: 3/30/2006</span></font><o:p></o:p></p>
</div>
</body>
</html>
<BR>
<P><FONT SIZE=2>--<BR>
No virus found in this outgoing message.<BR>
Checked by AVG Free Edition.<BR>
Version: 7.1.385 / Virus Database: 268.3.3/298 - Release Date: 3/30/2006<BR>
</FONT> </P>