HP insider with "0day to sell"?
31 May 2007
Vulnerability Information Managers Mailing List
It appears someone within Hewlett-Packard is soliciting the sale of
zero day exploits. The original e-mail from "toto toto" appears at
the bottom showing the message originated from an internal HP address.
Rogue employee? Corporate conspiracy?
Update: "The Black Market Code Industry" by Adam Penenberg explains it.
---------- Forwarded message ----------
From: security curmudgeon (jericho@attrition.org)
To: vim@attrition.org
Date: Thu, 31 May 2007 08:57:59 +0000 (UTC)
Reply-To: Vulnerability Information Managers
Subject: [VIM] 0day to sell (fwd)
Notice the X-Originating-IP:
forced ~$ whois 192.6.111.74
OrgName: Hewlett-Packard Company
OrgID: HP
Address: 3000 Hanover Street
City: Palo Alto
StateProv: CA
PostalCode: 94304
Country: US
NetRange: 192.6.22.0 - 192.6.142.255
CIDR: 192.6.22.0/23, 192.6.24.0/21, 192.6.32.0/19, 192.6.64.0/18,
192.6.128.0/21, 192.6.136.0/22, 192.6.140.0/23, 192.6.142.0/24
NetName: HP-3
NetHandle: NET-192-6-22-0-1
Parent: NET-192-0-0-0-0
NetType: Direct Allocation
NameServer: PALOALTO.AMERICAS.HP.NET
NameServer: ATLANTA.AMERICAS.HP.NET
Comment:
RegDate:
Updated: 2003-01-23
RAbuseHandle: NAR-ARIN
RAbuseName: Network Abuse Response
RAbusePhone: +1-650-857-5120
RAbuseEmail: abuse@hp.com
RTechHandle: AI2-ORG-ARIN
RTechName: Hewlett Packard Company
RTechPhone: +1-800-524-7638
RTechEmail: ipaddr@hp.com
OrgTechHandle: HH15-ORG-ARIN
OrgTechName: Hewlett-Packard Company
OrgTechPhone: +1-800-524-7638
OrgTechEmail: hostmaster@hp.com
---------- Forwarded message ----------
From: toto toto (snacker@linuxmail.org)
X-Originating-IP: 192.6.111.74
To: full-disclosure@lists.grok.org.uk
Date: Thu, 31 May 2007 16:55:00 +0800
Subject: [Full-disclosure] 0day to sell
hi,
some 0day to sell : sap, excel, linux and many other (0day vulns and/or
exploits too)
contact by mail
regards,
t0t0 t0t0
=
