E-mail Comment Del.icio.us Digg Reddit Technorati Furl

anti-sec pwnz windows mobile

Jul 14, 2009 Security News

Those entertaining fellows calling themselves anti-sec claim to have discovered a 0day vulnerability in the Mozilla Fennec Mobile Browser (still trying to figure out how Fennec for Linux has anything to do with Windows Mobile, however):

From: <antisec_at_hushmail.com>
Date: Tue, 14 Jul 2009 03:39:47 -0400

If you have a windows mobile device, it may be bugged.

The government is listening, and we are too.

Blackberries.. poof.

Encryption ciphers.. so last halloween.

We dig and dig until we strike gold.

And here it is.. the one and only…

http://ftp.mozilla.org/pub/mozilla.org/mobile/fennec-1.0a1.en-
US.linux-i686.tar.bz2

We upload where we see fit.

Timestamps.. so Internet-explorerish.

If you look hard enough you’ll find a 0day. 0day source warez.

Like we said, we own a windows mobile device and an ice scream
machine.

Bubbles, bubbles.. float on top of water. Eat hotdogs to win the
lotto.

Buy me a blackberry for christmas pops!

With these guys you never know what is up, but you have to admit that their posting is pretty damned funny: http://seclists.org/fulldisclosure/2009/Jul/0151.html.

This entry was posted on Tuesday, July 14th, 2009 at 13:09 and is filed under Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “anti-sec pwnz windows mobile”

  1. epixoip Says:

    July 18th, 2009 at 08:00

    I highly doubt the person posting to Full-Disclosure as [antisec@hushmail.com] is genuinely affiliated with the anti-sec crew. So far the only email address used by anti-sec to post genuine messages to Full-Disclosure has been [srshaxsir@hushmail.com], and possibly [rxxayywzzr@hush.ai] as the first address is likely to have ‘expired’ by now. I would be highly skeptical of any other source posting to Full-Disclosure.

    Keep in mind, the real anti-sec only publicizes their accomplishments: Astalavista, SSANZ, Imageshack, etc. They never openly discuss their future plans, nor do they brag about what they are capable of doing. They only share what has already been accomplished. They also never share anything that hasn’t already been posted to [romeo.copyandpaste.info]. If you don’t see it there, I would consider it to be a troll.

    Expect to see a lot of imitators in the near future. We’re already seeing quite a few. There are those who wish to imitate for the sake of trolling, and those who wish to imitate because they want to be “in” on it but don’t have the skills to be.


  2. epixoip Says:

    July 18th, 2009 at 08:07

    I might also add that wherever anti-sec tramples, there’s sure to be a flood of public apologies and news articles to follow.

    http://astalavista.com/net-member
    http://news.imageshack.us/blog/?p=83
    http://ssanz.net/

    The real anti-sec group’s feats are well-known and well documented. Had anything been compromised on Mozilla’s site, you’d certainly see something on Mozilla’s site about it.


  3. epixoip Says:

    July 18th, 2009 at 23:37

    And one final thought, anti-sec has no motivation to target Windows mobile. Anti-sec is only after specific individuals who consider themselves security specialists and are far from it, or offer security services they are incapable of providing, or those who profit from publicly available exploits.

    I’m done spamming your blog :)


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>