Lance M. Havok
Born last Thursday circa 100 years ago, at Tarzana, California, of Polish lineage, developed fine skills in the art of trolling and waging drama at different public figures and potentially profitable targets. Among his other less known skills, he was known to jerk left-handed and develop reliable exploits for disruption of life and peace, known to be a fanatical follower of the Cult of the Turkey.
—Lance M. Havok
At the age of 6, he had already blown up his very own toy computer with a BASIC fork bomb, and was hired by Mustafa Al Shadir to wage cyberwar against the Evroni Army and Israel. At 12 he completed a degree in "Geopolitical Trolling", excelling at verbal attacks and written blasphemy.
After being abducted by unknown forces, he landed back on Earth as a Messiah and prepared to lead the resistance against security faggotry, in a war that would span over another 100 years, defeating, causing wreckage in the lifes of figures like Thomas Ptacek, Gadi Evron, David Maynor and several other bitch titted individuals.
During his late pilgrimage, several people could enjoy his humor on the DailyDave list, especially tricking Andre Gironda, Thomas Ptacek (lead of the Anti Havok Defamation League) and other subscribers, trolling the hell out of their careers.
Month of Apple Trollage
In the holy year of 2007, Lance initiated a campaign targeting Apple hipsters and other basement dwellers of the Apple cult. His tactics consisted of releasing exploits and other crap over the utterly flawed, vulnerable and buggy Mac OS X un-operating system (basically a copy of FreeBSD and OpenBSD with added flaws).
Some individuals expressed their discontent with Lance due to his decision of teaming up with Kevin Finisterre, of SNOSOFT infamy (where Simon Smith - Adriel Desautels had his share of interest). Even though this unfortunate relationship has been long lasting, the outcome of their efforts was well received by the Apple fanboy community, who promptly offered to blow their cocks off.
—Lance M. Havok
A proof showing the good reception of the Apple users:
Return-Path: <email@example.com> Received: from goonies.be (shed.goonies.be [126.96.36.199]) Received: from localhost (localhost [127.0.0.1]) (uid 1001) by goonies.be with local; Fri, 05 Jan 2007 13:01:10 -0500 Date: Fri, 5 Jan 2007 13:01:10 -0500 From: Greg Alexander <firstname.lastname@example.org> To: /dev/null,/dev/linenoise Subject: vendor notification Message-ID: <20070105180108.GH372@goonies.be> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) Hello - You are correct, in general vendors are very bad at responding to bug reports. In fact, I've many times been the subject of various disciplinary action for releasing/using exploits because vendors and administrators have refused to resolve the issue. However, we do not know if Apple is very bad at this. You say they are, but yet you specifically refuse to prove that they are. Why not simply give them one week's notice and then publish? It is a short enough time period that it is not "insanely long," yet it is a long enough time period that if they are an excellent vendor they will have a chance to prove it. Microsoft has set the bar for smugness very high, and so far you haven't demonstrated that Apple has even had an opportunity to be smug in the face of vulnerability notifications. There, I managed to get across my point without calling you a dipshit. MOAB must represent the most actual work ever put into a troll. Cheers, - Greg
An elite Princeton student feels insulted:
Received: from [192.168.1.64] (ppp200-144.adsl.forthnet.gr [188.8.131.52]) (authenticated bits=0) by smtpserver1.Princeton.EDU (8.12.9/8.12.9) with ESMTP id l07AuOU0006701 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <pleas>; Sun, 7 Jan 2007 05:56:27 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: <8E810168-D523-47B3-A773-60F797ED3ECE@princeton.edu> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: Mudkips Anti Defamation League From: =?ISO-8859-1?Q?"Vincent_C._M=FCller"?= <vmuller@Princeton.EDU> Subject: MOAB-05-01-2007 - the tone makes the music Date: Sun, 7 Jan 2007 12:56:20 +0200 X-Mailer: Apple Mail (2.752.3) Hi, whatever one might think about your site, surely I don't deserve being insulted just for reading it? "If you still don't understand the concept, please read this again from the beginning or fuck off." http://projects.info-pull.com/moab/MOAB-05-01-2007.html Yours,
Return-Path: <email@example.com> Received: from mta15.adelphia.net (mta15.mail.adelphia.net [184.108.40.206]) Fri, 05 Jan 2007 01:27:36 -0800 (PST) Received: from [192.168.0.11] (really [220.127.116.11]) by mta15.adelphia.net (InterMail vM.6.01.05.04 201-2131-123-105-20051025) with ESMTP id <20070105091558.FIMQ25578.firstname.lastname@example.org>; Fri, 5 Jan 2007 04:15:58 -0500 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <83F470C2-1AA6-4316-8314-5725FED6FF4A@adelphia.net> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: Roflcoptland State Attorney From: Orlando Smith <email@example.com> Subject: Negligence in releasing a vulnerability before Apple has had an opportunity to patch it. Date: Fri, 5 Jan 2007 04:27:30 -0200 X-Mailer: Apple Mail (2.752.2) Dear Messrs. LMH and Finisterre: I certainly hope that you two have taken counsel and have adequate resources to defend against the lawsuits of anyone injured by your joint act of publishing security flaws that exposes users of Mac OS X to security risks, before notifying Apple of those flaws and affording Apple a fair opportunity to patch any such flaws. In society, we owe each other a duty of care. That duty evolves over time as new circumstances, such as new technology, present new risks associated with social behavior. It is now well established that the responsible way to investigate and publish any alleged security flaw in an operating system (OS) is to first inform the maker of that OS and afford them a reasonable period of time to patch the flaw before publishing that flaw and/or any code exploiting that flaw. It is also clear that you must be aware of the responsible way of publishing security flaws and the risks that you pose to others by not adopting it, because of the many emails to you and reports in the press discussing your departure from the responsible method publishing security flaws and the risks that such conduct poses to others. In my opinion, your decision to instantly publish both security flaws and exploits, before affording Apple or any other manufacturer of an OS a reasonable opportunity to patch those flaws, raises a prima facie issue of whether that decision violates your duty of care to others, so that your are liable to anyone injured by that decision under a theory of negligence. Orlando Smith, Esq.
At some point, Lance and David Maynor became one with the Universe. Maynor was proud of his arrogant bitching and ranting to his loyal cyberfriends and finally decided to acknowledge that he and Lance were, in fact, the same person:
From: Lance M. Havok lmh at info-pull.com Date: Thu Jul 19 01:48:51 CDT 2007 Hi, Since the cover is becoming more difficult to maintain, I've decided to stop this. It simply can't stand anymore and I can't let this harm my company and its customers. I am David Maynor. I made up the LMH identity for bashing Apple and appearing on the media while I was preparing for launching Errata Security with Robert. Since my credibility was severely damaged after the wireless driver exploit, I needed a sock puppet. The idea of LMH and the Month of Apple Bugs came a while after I resigned from SecureWorks. I know some malicious people out there (including the Infosec Sellout, also known as Jon Ramsey... my old manager at SecureWorks) claim I was fired, but that's simply false. It seemed like a flawless public relations campaign for boosting the start of Errata and a great opportunity to attack Apple safely. It was also a safe from the standpoint of my old employer, SecureWorks, which had an agreement with Apple. After the Month of Apple bugs, the whole LMH thing became useless and there was no attention from media anymore. Although, the identity behind Infosec Sellout was unknown to me and Robert, thus I thought I could still give it a good use. I attempted to contact Infosec Sellout, writing a fake log of a SILC conversation with a story that seemed to be consistent. Surprisingly I managed to make him believe it was legitimate and he replied enthusiastically about publishing a post about it. Not a long while afterwards, I contacted my friend from StillSecure, Martin McKeay (we met at RSA with some other people) and decided to spread gossip and simulate a 'leak' about LMH's identity. I also feared that some people started to be suspicious, about LMH being, in fact, no other but myself: David Maynor. Again I had a way to cover up and find out who was behind the Infosec Sellout blog. Now the cover is not possible anymore, since Robert McMillan published information quoting H.D. Moore and Thomas Ptacek, stating that 'Infosec Sellout can't be LMH'. It mentions Dave Aitel's unmask.py tool being used to statically analyze the text of the different postings. This represents the inevitable failure of my intentions to maintain the LMH identity secret, and hence my decision to recognize it publicly before it gets back to Errata and our customers. I've been always a responsible professional in the information security industry. Those who have worked with me, including my ISS team: Chris Rouland, Tom Cross and David Dewey, can provide references and information about my skill base, my personal integrity and professionalism throughout my career in the industry. Tom was even sitting right next to me and David is now in a management position. They could explain why I decided to quit ISS to pursue a position at SecureWorks. Also others like Sherrod from the Georgia Institute of Technology. bca2fee517ff50ddd01bb7d6ed9c3043 The above MD5 hash of a text file should serve as a proof in case someone attempts to deny the statements of this message. -- David Maynor aka LMH, CTO, Errata Security
Possibly one of the best episodes of hate ensued after Lance M. Havok released Pwnpress, the exploitation tool for pwnage of blogs. Someone apparently used the efficient Jewish weapon against Gadi Evron, leading to disruption in his weight loss blogging efforts.
Covert trolling is part of the strategy followed by Lance and his minions, often sending well written and sound messages to respected mailing lists. One of them produced a fascinating thread about how CISSP certifications are shit and people advertising them are nothing but arrogant fucktards.
From tehshape at info-pull.com Mon Sep 3 10:37:22 2007 From: tehshape at info-pull.com (Michael Myers) Date: Mon, 3 Sep 2007 16:37:22 +0200 Subject: [Dailydave] Information security certifications diversity and getting lost Message-ID: <firstname.lastname@example.org> The CISSP is the undisputed king of information security certifications. Currently, every now and then a security company starts pushing their employees towards certification programs. These are usually known for featuring insanely long exams, absurdly pedantic requirements and other kinds of doubtfully respectable necessities. We all know that there are several other certifications, but CISSP brings, without doubt, the very best. Be it a security operations manager, a field operative or some other kind of consulting freak, a CISSP will always deliver. The problem is that we end with such a diverse, heterogeneous (no sexual connotations here), span of certifications that newcomers really don't know where to start. Thus, most people approaching a prospective career in the information security industry, feel prompted to attempt the long way: getting every certification possible. This is causing disruption by several means, for example with overly intrusive e-mail signatures (not counting the pointless confidentiality disclaimer that plagues us all), wasting quite some expensive network traffic, as well as pine stack-based buffer overruns. My question for people out there, is this madness _that_ necessary? Do we have a good reason for spending loads of budget on certification programs and wasting our companies' money in such investments? Employees feel constrained since they might lose the certification after quitting their jobs, surfing towards another employer as intrusive and wasteful as the previous one, etc. Last but not least, we have the eternal problem of evaluation authorities: How are we supposed to trust a closed organization to evaluate our hard-working employees? Are they skilled enough to determine if our employee is worth his job? Are the operational needs equal to the knowledge that these certifications require? Does a potential attacker need to know what ISO standard describes security guidelines for processing credit card operations? Joseph shouts in the background: "Hey, they just need to know how banks use DES for generating CVV numbers!". I shouldn't hear these details or I will end distrusting my edgy colleagues. But I'm pretty sure the CISSP exam doesn't have such a question. Imagine: "Where does the CVV of credit cards come from?" a) The bank. b) ISO-6667, XYZ-2000, PCI compliant security organization. c) A DES generation system on card series-basis, using a key for each bank branch, which once compromised leaves the poor taxpayers for global fraud and spoliation of their monetary assets, covered by insurance companies who boost these crimes for more profit. Paraphrasing the Christian community, instead of Jesus, What would a CISSP do? If certifications exist for ethical hackers, are we going to see certifications for unethical hackers anytime soon? What if the mob and shady underground organizations needed to certify that they are employing the very best of the federal prison's Module 5? Will a Certified Unethical Software Security Expert (CUSSE) certification ever exist? "My name is Lincoln Six Echo, Certified Information Insecurity Systems Professional". Apparently a company already tried to start such a venture, although it appears to be off-line, probably hacked by Islamic Jihad crackers: http://18.104.22.168/search?q=cache:fItEgjbgRZQJ:cusse.org/+cusse.org http://www.cusse.org Regards, -- Michael Myers - CISSP, CISA, HIV, GCIA, GSEC Chief Security Officer (CSO) - Info-pull.com Inc. "Serious business since the night I came home." +1 (305) 374-8431 - Haddonfield, Illinois (USA).
Rumored to be the final piece of work from this prolific man, no one has truly seen it yet. Apparently, it is something Theo de Raadt will be proud of, since it involves ASCII animations of a cock jizzing on OpenBSD.
Death and resurrection
Unverified sightings from last Thursday report Lance has been seen crossing the United States - Mexico border, starting an epic pilgrimage to the land of Zion, carrying an human portable atomic bomb. It is unknown if the origin of the bomb is the Island of Java, where Lance was reportedly holding captive the wife of Gadi Evron, interrogating her for the details on Gadi's work for the Israeli government as a IT technician repairing arab porn invaded workstations.
Friedrich Nietzsche would be proud of Lance. We have a handful quotes extracted from his emails and written texts, which show the essence of a wise man with a sense of lulz like no other in a long time since GOBBLES:
- And trust me when I say that if Myers confirms the trollability of someone or something else, it's really trollable.
- He's got the final, last word on all that is demagogic in this world.
- SUP DAWG, WE HEARD YOU LIKE DRAMA, SO WE PUT A DAVID MAYNOR COMPUTER IN YOUR CAR (SO YOU CAN BLOG WHILE YOU DRIVE).
- SUP DAWG. WE HEARD YOU LIKE OBNOXIOUSLY RUDE JEWS WITHOUT HUMOR, SO WE PUT 600 GADI EVRONS IN THE ASHTRAY.
- The crowd of home wifes that represents maybe the highest percent of female population in the whole world, knows this since taper ware became mainstream.
- The security industry is so full of shit that apparently there's nothing interesting but competing against each other to see who gets the jenkem first.
- Writing some half-assed crap or bragging about Asterisk 0day is not research.
- Cambodia still uses hi-tech Elephant powered transportation
- Spy books should be banned from geeks.
- For now, the only taps worrying me are ass taps. He he he.
- It sounds more like the KKK employing some academic geniuses.
- In 10 years, there will be no need to pay for anyone to read code and then write bullshit about it.
- I managed to get an exclusive reseller license for fgrep, if someone wants to hook up some serious business for this static code analysis tool, I'll be more than happy to outline a flawless business plan. "Fgrep: string match your ego and beyond". Only PHP and objdump output supported at the moment.
- It's common knowledge that generally, all grsecurity copycats, with no exception, suck at stealing spender's touch.
- The power of grsecurity as a backdoor, doesn't rely on grsecurity being the backdoor itself, but because of its code obfuscation, turns every code theft into failure and remote rooting.
- Cuban coke is not Colombian coke and vice versa; one drills a hole in your nose, the other one makes you trip on communism.
- New Apple's operating system, should be named Bang Octopus (like Bang Bus, but with more and bigger tentacles).
- He doesn't have pornography (generally, communists only like pornography if it's about Lenin). (talking about Gadi Evron)
- Somehow, at some point, the whole network is just fucking raped and they wonder how something like that could happen.
- Just because CVS exploits don't get stolen, does not mean they were not stolen already.
- Gadi, the fence will show you fear in a handful of dust.
Because I do not hope to know The infirm glory of the positive hour Because I do not think Because I know I shall not know The one veritable transitory power ... Because these _wings_ are no longer wings to _fly_ But merely vans to beat the air The air which is now thoroughly small and dry Smaller and dryer than the will Teach us to care and not to care Teach us to sit still. Wavering between the profit and the loss In this brief transit where the dreams cross The dreamcrossed twilight between birth and dying ... The token of the word unheard, unspoken Till the wind shake a thousand whispers from the jew And after this our exile... Full fathom five your Bleistein lies Under the flatfish and the squids. Graves' Disease in a dead Jew's eyes! Where the _crabs_ have eat the lids. My house is a decayed house, and the jew squats on the window sill, the owner, Spawned in some estaminet of Antwerp, Blistered in Brussels, patched and peeled in London. The goat coughs at night in the field overhead; Rocks, moss, stonecrop, iron, merds.
- LMH and InfoSec Sellout unmasked? (The Register)
- The truth (Fuzzing mailing list)
Lance M. Havok is part of a series on Security Faggots
2cash • AnonOps • Brian Salcedo • Dshocker • Fearnor • Fry Guy • Gadi Evron • g00ns • Hack This Site • Hacking Team • hann • Joanna Rutkowska • John Field • Joseph Camp • Lizard Squad • LulzSec • Mark Zuckerberg • MarshviperX • Masters of Deception • Michael Lynn • Krashed • Raven • r000t • Ryan • Steve Gibson • th3j35t3r • The Regime • Sabu • Zeekill
Avira • Back Orifice • Botnet • Brute Forcing • Caller ID Spoofing • Cain and Abel • Ciscogate • CISSP • Cloudflare • Conficker • CyberDefender • Dangerous Kitten • DEF CON • Embedded Files • Encryption • Ethical Hacker • Exploit • The Gibson • The Great Em/b/assy Security Leak of 2007 • h4xx1n9 • Heartbleed • I GOT NORTON! • Is Your Son a Computer Hacker? • NSA • Operation Sundevil • PIFTS.exe • Social engineering • Stylometry • SubSeven • Tor • Zone-H
Lance M. Havok is part of a series on
Visit the Trolls Portal for complete coverage.
Lance M. Havok is part of a series on
Visit the Softwarez Portal for complete coverage.