| I remember ftp.openbsd.org being owned around 2002. Possibly this hostname was pointed to the www.openbsd.org machine, which was running Solaris. I have a vague memory that this machine also hosted something else in addition to the OpenBSD site, and that people managed to get root on it via two (chained) 0day exploits of which at least one involved a Solaris daemon related to printing services. (Feel free to correct me if I got it wrong.) I also recall cvs.openbsd.org being owned but I no longer remember how that happened. There's a high chance it was made possible thanks to a remote CVS exploit that was making rounds in some hacker circles[1]. FWIW, cvs.openbsd.org is mentioned under "memorable places I've been" in the Phrack #65 prophile of the UNIX terrorist. 2002 was a particular bad year for OpenSSH and OpenBSD. In March, 2002, it was found that OpenSSH 2.x/3.0.1/3.0.2 had an exploitable (post-auth IIRC) integer overflow in its channels handling. In June, 2002 that preauth Challenge-Response vulnerability was made public and shortly afterwards GOBBLES Security made public an exploit (sshutuptheo) for the vulnerability that among other things targeted OpenBSD 3.1 default installations. Early August, 2002 it was discovered that several OpenSSH packages had been backdoored on ftp.openbsd.org on June 30th, 2002 (google: "openssh 3.4p1 trojan"). Incidently the sshutuptheo exploit was written by the Australia division of GOBBLES Security. Later postings on public mailing lists suggests that this division fell off the earth shortly afterwards (can't link). Some of these things had ties to the community around #phrack and the autonomous Phrack High Council "movement". PHC had nothing to do with the official Phrack magazine and instead was similar (in actions) to the Global Hell (gH) movement that happened earlier (around 2000, I think). PHC kind of spun out of the anti-sec movement that existed at the time, but really it was just a setup to trick kids into thinking they have a common purpose and do damage for the lulz; think early "anonymous" or lulzsec and you'll get the idea. I know FBI had at least one informant in the #phrack and PHC circles at the time: soupnazi a.k.a segvec a.k.a [2]. So perhaps those contacts mentioned in a child post aren't OpenBSD developers but.. other people? The nickname of the Hungarian wasn't pipops but I'll leave it out since you got the reference right the first time: "PaX Team" ;) Regarding the feud, you can find some pointers in this poster defacement[3] attributed to the Micke Mouse Hacking Squadron. The picture is from the OpenBSD tent at the Chaos Communication Camp in Berlin, Germany in August of 2003. MMHS was one of several GOBBLES Security copycats. They generally lacked the effort but MMHS was the only one that, like GOBBLES, produced a few (arguably funny) comic strips. Grsecurity/PaX team did a hell of a job identifying vulnerabilities and working around them or hardening code long before anyone else. It's not surprising that they would've mingled with others interested in that sort of things, possibly sharing hints of vulnerable code paths or having discussions around the vulnerabilities and/or workarounds. [1] https://news.ycombinator.com/item?id=18179805 [2] https://en.wikipedia.org/wiki/Albert_Gonzalez [3] https://web.archive.org/web/20060512113602/http://www.grsecu... |
