Thursday, July 19, 2007

I am not LMH...

I am sorry to disappoint but I am not LMH. The email that was sent out to all the various security mailing lists claiming to be from me is faked by a desperate person who doesn’t want their identity discovered or reported to their employer.

Lets put aside the fact the email makes almost no sense, there are several glaring errors in the post such as Sherrod never worked for GaTech. I never call Rob by the name Robert, my manager at Secureworks wasn’t Jon Rammsey it was Allen Wilson, and Chris Rouland wasn’t part of the X-Force Advanced Research team, he was the CTO of ISS.

The glaring errors are not the most damning to the validity of this claim, the method it was carried out is. I wanted to “reveal” myself, I have this blog as a pulpit to do it from. No need to fake an email to a lot of different lists, most of which I don’t read or even subscribe to.

Also the unmask.py program shows a low likelihood I am the author of the email.

Comparing two stores located at store/post.pkl and store/lmh.pkl
Compared to store/post.pkl with match value of: 31.0

So to all the reporters, readers, and other people that were duped by this email, in the future if the email is not signed by a verified PGP key, don’t fall for it.

3 comments:

Robert Graham said...

Somebody needs to get creative and write an ununmask.py that points out the words in a message that are anomalous that need to be changed. Then, you you can post a message that will match 100% with the intended spoofee.

MusclePup said...

Its good to see you are keeping out of trouble after leaving GT ;)

Sherrod said...

Security drama is one of my favourite types of drama. <3