doxpara logo
doxpara logo

Well, you knew that it wasn’t all just a set of unrelated events.

Mitnick, Matasano, Gmail weirdness…

As it turns out, anti-sec has been at it again… and briefly tonight (approx 7:15pm EDT) it was noticed that Doxpara – the homebase of Dan Kaminsky was now hosting a large (1.2mb) file outlining the pwnage of a ton of security industry sites.

dakami-flickr

0. Intro
1. Kevin Mitnick
2. 0x000000
3. Industry check
4. Dan Kaminsky
5. Hacking in gitmo
6. darkmindz
7. Robert Lemos II
8. Interlude
9. PerlMonks
10. elitehackers.info
11. Binary Revolution
12. Pwnie Awards
13. hak5
14. CF0
15. cr0.org
16. Scene check
17. blackhat-forums
18. Last Words

From the intro…

It’s July 28th, 2009! Welcome one and all to the real Black Hat Briefings. Live
from the underground, coming right at you free of charge. You don’t have to pay
to come, and you don’t get paid to be featured. Presented by real blackhats,
this is a must-see event!

This is a big one. We hacked notable whitehats Kevin Mitnick, Dan Kaminsky, and
Julien Tinnes, among others. We continued the skiddie holocaust with darkmindz,
elitehackers, hak5, binrev, and blackhat-forums. Along the way we created mass
mayhem. There are more rm’s in this zine than you can count on a hand. Just from
targets shown here we collected about 75,000 passwords. Passes, not hashes. If
you are reading this, then your browser probably did not crash, so you know we
couldn’t include all of our passwords, let alone hashes. The first version of
this was ten times the size of ZF04.

> lol yeah I’m gonna have to trim
> and by “trim” I mean “remove everything”

Let’s get warmed up with the first song from the zf05 mix tape, Search & Destroy
by classic Iggy Pop. Look for the rest of the songs in the article headers.

~ I’m a street walking cheetah
with a hide full of napalm
I’m a runaway son of the nuclear A-bomb
I am a world’s forgotten boy
The one who searches and destroys
Honey gotta help me please
Somebody gotta save my soul
Baby detonate for me
Look out honey, ’cause I’m using technology
Ain’t got time to make no apology
Soul radiation in the dead of night
Love in the middle of a fire fight
Honey gotta strike me blind
Somebody gotta save my soul
Baby penetrate my mind
And I’m the world’s forgotten boy
The one who’s searchin’, searchin’ to destroy
And honey I’m the world’s forgotten boy
The one who’s searchin’, searchin’ to destroy ~

Are you ready?

And this closing remark…

It’s been a long time since ZF01. Our owns and releases get better. We would
not consider releasing ZF01 and ZF02 if we were to do it again. Yet doing so
taught us a lot, it threw us out there. We didn’t really know what we were
capable of, and we wanted to find out. We were really lucky in how it worked
out, so far.

In the next few months we will do what we did last time. We will chill. Fresh
start. We will have the time to audit some more code and write some code that
we have been meaning to write. Research more hobby projects of ours. That kind
of thing.

Thanks to everyone who sent us mail, there was some great stuff. Sorry we let
the account expire.

The longer we spend on a zine (and the observant reader will notice that the
interim period has grown between each release), the more we are sick of it by
the end. Maybe we will come back, maybe we won’t. We can always just hack
silently, join our forefathers in the zine-writers afterlife; that place where
you have already said what you wanted to say, and if you feel like it you just
own and control.

You guys still don’t get it. What you see in ZF0 and geist and elsewhere isn’t
the end of worldwide ownage, it’s the beginning. This is the rule, not the
exception. We don’t publish everything, and we publish more hacks than our
cohorts do. We’re in every loop. If you aren’t keeping your local blackhat rep
informed, you damn well better, or we’ll take your spools.

Shoutz to Ac1dB1tch3z bringing ruquz to ’09.

~~~~~~~~~~~~~~~~~~~~~~~~~~ Hope you enjoyed the show ~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~ ~~~~~~~~~
~~~~~~ Summer isn’t over yet ~~~~~~
~~~ ~~~

Note that Dan has cleaned up his site and there are a limited number of people who have copies of what was posted. Ask around if you need one.

Comments

  1. Yes, I saw the file and read parts of it. After realizing what it contained, removed it. What gets on the internet, stays on the internet and the file might appear on other sites. But since the file contains unencrypted passwords of a lot of users and even private (intimate) conversations of people, how can you suggest forwarding it to others? To me that’s bad form. Just my opinion.

  2. @security4all

    Agreed. Any potential distro of the aforementioned has been curtailed. We discussed it amongst ourselves and were of the opinion that there was no value to be had in sharing it. Thanks for the comment.

  3. Good move to delete the local copy. Otherwise we might be “trafficking passwords” which I guess everybody has already done by forwarding the list or by subscribing to dailydave anway.

  4. What difference does it make to post the zine if everybody already has a copy? Yeah I know the PerlMonks had their user passwords published. But those passwords have all been reset.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.