http://www.antionline.com/cgi-bin/Print?type=antionline&date=05-03-1999&story=l0pht.news [Before you continue, it should be noted that John Vranasevich and the AntiOnline staff did NOT contact anyone at the l0pht about any piece of this story. In fact, Space Rogue mailed Mr. Vranasevich shortly after this piece and said: "It is unfortunate that you chose not to contact us prior to writing your 'article'. We would have been more than happy to provide you with information and clear up the factual inaccuracies that you mention." http://abcnews.go.com/sections/tech/DailyNews/hackers990203.html In this ABC news article, they explicity state that cDc was responsible for Back Orifice, then go on to quote Antionline. JP even links to this article from http://www.antionline.com/information/press The L0pht Dichotomy Wednesday, May 5, 1999 at 15:59:50 by John Vranesevich - Founder of AntiOnline "L0pht to use extensive knowledge of attack signatures to expand filter set for NFR software" A press release sent out by Network Flight Recorder, Inc. in March of this year read. The famed L0pht Heavy Industries Inc. announced the forming of a strategic relationship with Network Flight Recorder Inc. to provide backends for the Network Flight Recorder Intrusion Detection Software. [For those of you not familiar with NFR products, their IDS and their Back Officer products are not the same.] "RUNNING A MICROSOFT OPERATING SYSTEM ON A NETWORK? OUR CONDOLENCES." A press release sent out in July of 1998 by The Deth Vegetable, who is the "Minister of Propaganda" for the cDc, announced the imminent release of Back Orifice. Back Orifice is a windows trojan developed by the cDc which, according to Wired News (Nov-17-98), 79% of Australian ISPs became "infected" with. The correlation? The Deth Vegetable, as well as several other Cult Of The Dead Cow Members (including Mudge and DilDog) are also members of L0pht Heavy Industries (according to membership lists posted on both cultdeadcow.com and l0pht.com). [This is a blatant error. At no time has The Deth Vegetable (sic) been a 'member' of the l0pht. In fact, L0pht Heavy Industries is a COMPANY. It has EMPLOYEES, not MEMBERS. Death Vegetable is not an employee nor a member of the l0pht. Mudge and Dildog are MEMBERS of the cDc group as outlined on http://www.cultdeadcow.com/members/. Notice that Mr. Vranasevich claims the l0pht has a membership list on their site with Deth Vegetable (sic) on it? Yet he doesn't link to that page. On 05-06-99, I asked mudge who is a part of the l0pht to clarify this. His reply? From: "Dr. Mudge" (mudge@l0pht.com) To: jericho@attrition.org Date: Thu, 6 May 1999 07:22:46 -0500 (EST) Subject: Re: hey there.. Our current roster runs: Mudge Dildog Silicosis SpaceRogue Kingpin Brian Oblivion Weld Pond John Tan -eof] Just recently, Network Flight Recorder (NFR) Inc. announced the release of a commercial product called "BackOfficer Friendly", which, at $10/machine, "identifies attacks from Back Orifice, one of the nastier hacking applications currently being perpetrated on the Internet", according to the NFR.net website. "As far as I'm concerned, an ethical problem would exist in people doing security work that are also releasing tools useful to hackers, and if that's the case, its l0pht's problem, not ours." NFR's CEO Marcus J. Ranum told AntiOnline in a phone interview Wednesday afternoon. Marcus Ranum told AntiOnline that L0pht had no direct involvement in the development of "BackOfficer Friendly", but then conceded that they were given a beta version of the software, and that they pointed out several flaws ["conceded"? This implies he was caught in a lie when he clearly was not. Beta testing software often has NOTHING to do with developing it.] which allowed him to "update the software to make it run better". Further, Marcus Ranum forwarded to AntiOnline several e-mail conversations he had with Sir Dystic (the author of Back Orifice), about problems with his BackOfficer Software. [What better resource to tap for a product? Sir Dystic is a member of cDc, not the l0pht.] AntiOnline asked Marcus Ranum if any of the individuals who were involved in the creation of Back Orifice were also working on the Network Flight Recorder Software "Not that I know of, and I don't want to know either. As a matter of courtesy, I play the game, and don't even ask them who they really are. Frankly, I like it that way. Sir Dystic could really be Mudge for all I know." Mr. Ranum concluded, "If you're going to be doing a story about how NFR is doing shady and questionable things, I don't think that would be very nice. If you want to point to egregious things in the security industry, you can find a lot better examples out there than us [...] I've got a business to run, and that means going to the best sources for information, if those sources of information are also involved with part of the source of the problem, then that's unfortunate". [And despite this advice from Mr. Ranum, Antionline still chose to attempt to drag NFR, the l0pht, and cDc through the mud. It is more interesting that Mr. Vranasevich contacted Marcus Ranum, but didn't contact anyone at the l0pht, yet quoted THEIR name in the title of this piece. Also amusing to point out: http://www.antionline.com/archives/editorials/script_kiddies.html "There are groups like l0pht... Those are the true hackers."]