Lance M. Havok

If there has been a noteworthy troll since GOBBLES that is Lance M. Havok, a Polish shock commando who infiltrated the security industry and fooled the press and media until he had enough of it.

Biography

Born last Thursday circa 100 years ago, at Tarzana, California, of Polish lineage, developed fine skills in the art of trolling and waging drama at different public figures and potentially profitable targets. Among his other less known skills, he was known to jerk left-handed and develop reliable exploits for disruption of life and peace, known to be a fanatical follower of the Cult of the Turkey.

	“	How is your banana?	„
	—Lance M. Havok

At the age of 6, he had already blown up his very own toy computer with a BASIC fork bomb, and was hired by Mustafa Al Shadir to wage cyberwar against the Evroni Army and Israel. At 12 he completed a degree in "Geopolitical Trolling", excelling at verbal attacks and written blasphemy.

After being abducted by unknown forces, he landed back on Earth as a Messiah and prepared to lead the resistance against security faggotry, in a war that would span over another 100 years, defeating, causing wreckage in the lifes of figures like Thomas Ptacek, Gadi Evron, David Maynor and several other bitch titted individuals.

During his late pilgrimage, several people could enjoy his humor on the DailyDave list, especially tricking Andre Gironda, Thomas Ptacek (lead of the Anti Havok Defamation League) and other subscribers, trolling the hell out of their careers.

Month of Apple Trollage

In the holy year of 2007, Lance initiated a campaign targeting Apple hipsters and other basement dwellers of the Apple cult. His tactics consisted of releasing exploits and other crap over the utterly flawed, vulnerable and buggy Mac OS X un-operating system (basically a copy of FreeBSD and OpenBSD with added flaws).

Some individuals expressed their discontent with Lance due to his decision of teaming up with Kevin Finisterre, of SNOSOFT infamy (where Simon Smith - Adriel Desautels had his share of interest). Even though this unfortunate relationship has been long lasting, the outcome of their efforts was well received by the Apple fanboy community, who promptly offered to blow their cocks off.

	“	SUP DAWG. WE HEARD YOU LIKE OBNOXIOUSLY RUDE JEWS WITHOUT HUMOR, SO WE PUT 600 GADI EVRONS IN THE ASHTRAY!	„
	—Lance M. Havok

A proof showing the good reception of the Apple users:

Return-Path: <[email protected]>
Received: from goonies.be (shed.goonies.be [64.62.190.177])
Received: from localhost (localhost [127.0.0.1])
  (uid 1001)
  by goonies.be with local; Fri, 05 Jan 2007 13:01:10 -0500
Date: Fri, 5 Jan 2007 13:01:10 -0500
From: Greg Alexander <[email protected]>
To: /dev/null,/dev/linenoise
Subject: vendor notification
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
User-Agent: Mutt/1.5.13 (2006-08-11)

Hello -

You are correct, in general vendors are very bad at responding to
bug reports.  In fact, I've many times been the subject of various
disciplinary action for releasing/using exploits because vendors
and administrators have refused to resolve the issue.

However, we do not know if Apple is very bad at this.  You say they
are, but yet you specifically refuse to prove that they are.  Why
not simply give them one week's notice and then publish?  It is a
short enough time period that it is not "insanely long," yet it is
a long enough time period that if they are an excellent vendor they
will have a chance to prove it.

Microsoft has set the bar for smugness very high, and so far you
haven't demonstrated that Apple has even had an opportunity to be
smug in the face of vulnerability notifications.

There, I managed to get across my point without calling you a
dipshit.  MOAB must represent the most actual work ever put into a
troll.

Cheers,
- Greg

An elite Princeton student feels insulted:

Received: from [192.168.1.64] (ppp200-144.adsl.forthnet.gr [62.1.149.144])
	(authenticated bits=0)
	by smtpserver1.Princeton.EDU (8.12.9/8.12.9) with ESMTP id l07AuOU0006701
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
	for <pleas>; Sun, 7 Jan 2007 05:56:27 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: Mudkips Anti Defamation League
From: =?ISO-8859-1?Q?"Vincent_C._M=FCller"?= <[email protected]>
Subject: MOAB-05-01-2007 - the tone makes the music
Date: Sun, 7 Jan 2007 12:56:20 +0200
X-Mailer: Apple Mail (2.752.3)

Hi,

whatever one might think about your site, surely I don't deserve  
being insulted just for reading it?

"If you still don't understand the concept, please read this again  
from the beginning or fuck off."

http://projects.info-pull.com/moab/MOAB-05-01-2007.html

Yours,

And great legal threats from lawyers and fags alike:

Return-Path: <[email protected]>
Received: from mta15.adelphia.net (mta15.mail.adelphia.net [68.168.78.77])
        Fri, 05 Jan 2007 01:27:36 -0800 (PST)
Received: from [192.168.0.11] (really [70.39.2.74]) by mta15.adelphia.net
          (InterMail vM.6.01.05.04 201-2131-123-105-20051025) with ESMTP
          id <20070105091558.FIMQ25578.mta15.adelphia.net@[192.168.0.11]>;
          Fri, 5 Jan 2007 04:15:58 -0500
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: Roflcoptland State Attorney
From: Orlando Smith <[email protected]>
Subject: Negligence in releasing a vulnerability before Apple has had an opportunity to patch it.
Date: Fri, 5 Jan 2007 04:27:30 -0200
X-Mailer: Apple Mail (2.752.2)

Dear Messrs. LMH and Finisterre:  I certainly hope that you two have  
taken counsel and have adequate resources to defend against the  
lawsuits of anyone injured by your joint act of publishing security  
flaws that exposes users of Mac OS X to security risks, before  
notifying Apple of those flaws and affording Apple a fair opportunity  
to patch any such flaws.  In society, we owe each other a duty of  
care.  That duty evolves over time as new circumstances, such as new  
technology, present new risks associated with social behavior.  It is  
now well established that the responsible way to investigate and  
publish any alleged security flaw in an operating system (OS) is to  
first inform the maker of that OS and afford them a reasonable period  
of time to patch the flaw before publishing that flaw and/or any code  
exploiting that flaw.  It is also clear that you must be aware of the  
responsible way of publishing security flaws and the risks that you  
pose to others by not adopting it, because of the many emails to you  
and reports in the press discussing your departure from the  
responsible method publishing security flaws and the risks that such  
conduct poses to others.  In my opinion, your decision to instantly  
publish both security flaws and exploits, before affording Apple or  
any other manufacturer of an OS a reasonable opportunity to patch  
those flaws, raises a prima facie issue of whether that decision  
violates your duty of care to others, so that your are liable to  
anyone injured by that decision under a theory of negligence.

Orlando Smith, Esq.

Maynor manifesto

At some point, Lance and David Maynor became one with the Universe. Maynor was proud of his arrogant bitching and ranting to his loyal cyberfriends and finally decided to acknowledge that he and Lance were, in fact, the same person:

From: Lance M. Havok lmh at info-pull.com
Date: Thu Jul 19 01:48:51 CDT 2007

Hi,

Since the cover is becoming more difficult to maintain, I've decided
to stop this. It simply can't stand anymore and I can't let this harm
my company and its customers.

I am David Maynor. I made up the LMH identity for bashing Apple and
appearing on the media while I was preparing for launching Errata
Security with Robert. Since my credibility was severely damaged after
the wireless driver exploit, I needed a sock puppet.

The idea of LMH and the Month of Apple Bugs came a while after I
resigned from SecureWorks. I know some malicious people out there
(including the Infosec Sellout, also known as Jon Ramsey... my
old manager at SecureWorks) claim I was fired, but that's simply false.

It seemed like a flawless public relations campaign for boosting the
start of Errata and a great opportunity to attack Apple safely. It was
also a safe from the standpoint of my old employer, SecureWorks, which
had an agreement with Apple.

After the Month of Apple bugs, the whole LMH thing became useless and
there was no attention from media anymore. Although, the identity
behind Infosec Sellout was unknown to me and Robert, thus I thought I
could still give it a good use. I attempted to contact Infosec
Sellout, writing a fake log of a SILC conversation with a story that
seemed to be consistent. Surprisingly I managed to make him believe it
was legitimate and he replied enthusiastically about publishing a post
about it. Not a long while afterwards, I contacted my friend from
StillSecure, Martin McKeay (we met at RSA with some other people) and
decided to spread gossip and simulate a 'leak' about LMH's identity. I
also feared that some people started to be suspicious, about LMH
being, in fact, no other but myself: David Maynor. Again I had a way
to cover up and find out who was behind the Infosec Sellout blog.

Now the cover is not possible anymore, since Robert McMillan published
information quoting H.D. Moore and Thomas Ptacek, stating that
'Infosec Sellout can't be LMH'. It mentions Dave Aitel's unmask.py
tool being used to statically analyze the text of the different
postings. This represents the inevitable failure of my intentions to
maintain the LMH identity secret, and hence my decision to recognize
it publicly before it gets back to Errata and our customers. I've been
always a responsible professional in the information security
industry.

Those who have worked with me, including my ISS team: Chris Rouland,
Tom Cross and David Dewey, can provide references and information about
my skill base, my personal integrity and professionalism throughout my career
in the industry. Tom was even sitting right next to me and David is
now in a management position. They could explain why I decided to quit
ISS to pursue
a position at SecureWorks. Also others like Sherrod from the
Georgia Institute of Technology.

bca2fee517ff50ddd01bb7d6ed9c3043
The above MD5 hash of a text file should serve as a proof in case
someone attempts to deny the statements of this message.

-- David Maynor aka LMH,
CTO, Errata Security

Pwnpress

Possibly one of the best episodes of hate ensued after Lance M. Havok released Pwnpress, the exploitation tool for pwnage of blogs. Someone apparently used the efficient Jewish weapon against Gadi Evron, leading to disruption in his weight loss blogging efforts.

CISSP efforts

Covert trolling is part of the strategy followed by Lance and his minions, often sending well written and sound messages to respected mailing lists. One of them produced a fascinating thread about how CISSP certifications are shit and people advertising them are nothing but arrogant fucktards.

From tehshape at info-pull.com  Mon Sep  3 10:37:22 2007
From: tehshape at info-pull.com (Michael Myers)
Date: Mon, 3 Sep 2007 16:37:22 +0200
Subject: [Dailydave] Information security certifications diversity and
	getting lost
Message-ID: <[email protected]>

The CISSP is the undisputed king of information security
certifications. Currently, every now and then a security company
starts pushing their employees towards certification programs. These
are usually known for featuring insanely long exams, absurdly pedantic
requirements and other kinds of doubtfully respectable necessities.

We all know that there are several other certifications, but CISSP
brings, without doubt, the very best. Be it a security operations
manager, a field operative or some other kind of consulting freak, a
CISSP will always deliver.

The problem is that we end with such a diverse, heterogeneous (no
sexual connotations here), span of certifications that newcomers
really don't know where to start. Thus, most people approaching a
prospective career in the information security industry, feel prompted
to attempt the long way: getting every certification possible. This is
causing disruption by several means, for example with overly intrusive
e-mail signatures (not counting the pointless confidentiality
disclaimer that plagues us all), wasting quite some expensive network
traffic, as well as pine stack-based buffer overruns.

My question for people out there, is this madness _that_ necessary? Do
we have a good reason for spending loads of budget on certification
programs and wasting our companies' money in such investments?

Employees feel constrained since they might lose the certification
after quitting their jobs, surfing towards another employer as
intrusive and wasteful as the previous one, etc.

Last but not least, we have the eternal problem of evaluation
authorities: How are we supposed to trust a closed organization to
evaluate our hard-working employees? Are they skilled enough to
determine if our employee is worth his job? Are the operational needs
equal to the knowledge that these certifications require?  Does a
potential attacker need to know what ISO standard describes security
guidelines for processing credit card operations?

Joseph shouts in the background: "Hey, they just need to know how
banks use DES for generating CVV numbers!". I shouldn't hear these
details or I will end distrusting my edgy colleagues. But I'm pretty
sure the CISSP exam doesn't have such a question. Imagine: "Where does
the CVV of credit cards come from?"

a) The bank.
b) ISO-6667, XYZ-2000, PCI compliant security organization.
c) A DES generation system on card series-basis, using a key for each
bank branch, which once compromised leaves the poor taxpayers for
global fraud and spoliation of their monetary assets, covered by
insurance companies who boost these crimes for more profit.

Paraphrasing the Christian community, instead of Jesus, What would a CISSP do?

If certifications exist for ethical hackers, are we going to see
certifications for unethical hackers anytime soon? What if the mob and
shady underground organizations needed to certify that they are
employing the very best of the federal prison's Module 5? Will a
Certified Unethical Software Security Expert (CUSSE) certification
ever exist? "My name is Lincoln Six Echo, Certified Information
Insecurity Systems Professional".

Apparently a company already tried to start such a venture, although
it appears to be off-line, probably hacked by Islamic Jihad crackers:
http://64.233.183.104/search?q=cache:fItEgjbgRZQJ:cusse.org/+cusse.org
http://www.cusse.org

Regards,
-- 
Michael Myers - CISSP, CISA, HIV, GCIA, GSEC
Chief Security Officer (CSO) - Info-pull.com Inc.
"Serious business since the night I came home."
+1 (305) 374-8431 - Haddonfield, Illinois (USA).

JizzBSD

Rumored to be the final piece of work from this prolific man, no one has truly seen it yet. Apparently, it is something Theo de Raadt will be proud of, since it involves ASCII animations of a cock jizzing on OpenBSD.

Released on July 1st to the joy of cockmonglers everywhere

Death and resurrection

Unverified sightings from last Thursday report Lance has been seen crossing the United States - Mexico border, starting an epic pilgrimage to the land of Zion, carrying an human portable atomic bomb. It is unknown if the origin of the bomb is the Island of Java, where Lance was reportedly holding captive the wife of Gadi Evron, interrogating her for the details on Gadi's work for the Israeli government as a IT technician repairing arab porn invaded workstations.

Lance quotes

Friedrich Nietzsche would be proud of Lance. We have a handful quotes extracted from his emails and written texts, which show the essence of a wise man with a sense of lulz like no other in a long time since GOBBLES:

• And trust me when I say that if Myers confirms the trollability of someone or something else, it's really trollable.
• He's got the final, last word on all that is demagogic in this world.
• SUP DAWG, WE HEARD YOU LIKE DRAMA, SO WE PUT A DAVID MAYNOR COMPUTER IN YOUR CAR (SO YOU CAN BLOG WHILE YOU DRIVE).
• SUP DAWG. WE HEARD YOU LIKE OBNOXIOUSLY RUDE JEWS WITHOUT HUMOR, SO WE PUT 600 GADI EVRONS IN THE ASHTRAY.
• The crowd of home wifes that represents maybe the highest percent of female population in the whole world, knows this since taper ware became mainstream.
• The security industry is so full of shit that apparently there's nothing interesting but competing against each other to see who gets the jenkem first.
• Writing some half-assed crap or bragging about Asterisk 0day is not research.
• Cambodia still uses hi-tech Elephant powered transportation
• Spy books should be banned from geeks.
• For now, the only taps worrying me are ass taps. He he he.
• It sounds more like the KKK employing some academic geniuses.
• In 10 years, there will be no need to pay for anyone to read code and then write bullshit about it.
• I managed to get an exclusive reseller license for fgrep, if someone wants to hook up some serious business for this static code analysis tool, I'll be more than happy to outline a flawless business plan. "Fgrep: string match your ego and beyond". Only PHP and objdump output supported at the moment.
• It's common knowledge that generally, all grsecurity copycats, with no exception, suck at stealing spender's touch.
• The power of grsecurity as a backdoor, doesn't rely on grsecurity being the backdoor itself, but because of its code obfuscation, turns every code theft into failure and remote rooting.
• Cuban coke is not Colombian coke and vice versa; one drills a hole in your nose, the other one makes you trip on communism.
• New Apple's operating system, should be named Bang Octopus (like Bang Bus, but with more and bigger tentacles).
• He doesn't have pornography (generally, communists only like pornography if it's about Lenin). (talking about Gadi Evron)
• Somehow, at some point, the whole network is just fucking raped and they wonder how something like that could happen.
• Just because CVS exploits don't get stolen, does not mean they were not stolen already.
• Gadi, the fence will show you fear in a handful of dust.

Poem

He wrote this anti-Semite poem for Gadi Evron:

Because I do not hope to know
The infirm glory of the positive hour
Because I do not think
Because I know I shall not know
The one veritable transitory power

...

Because these _wings_ are no longer wings to _fly_
But merely vans to beat the air
The air which is now thoroughly small and dry
Smaller and dryer than the will
Teach us to care and not to care Teach us to sit still.

Wavering between the profit and the loss
In this brief transit where the dreams cross
The dreamcrossed twilight between birth and dying
...

The token of the word unheard, unspoken
Till the wind shake a thousand whispers from the jew
And after this our exile...

Full fathom five your Bleistein lies
Under the flatfish and the squids.
Graves' Disease in a dead Jew's eyes!
Where the _crabs_ have eat the lids.

My house is a decayed house,
and the jew squats on the window sill, the owner,

Spawned in some estaminet of Antwerp,
Blistered in Brussels, patched and peeled in London.
The goat coughs at night in the field overhead;
Rocks, moss, stonecrop, iron, merds.

References

• LMH and InfoSec Sellout unmasked? (The Register)
• The truth (Fuzzing mailing list)
• http://info-pull.com/code/pwnpress.rb
• http://lists.immunitysec.com/pipermail/dailydave/2007-September.txt
• http://lists.immunitysec.com/pipermail/dailydave/2007-September/004584.html
• http://lists.immunitysec.com/pipermail/dailydave/2007-September/004590.html
• http://lists.immunitysec.com/pipermail/dailydave/2007-October/004699.html

Lance M. Havok is part of a series on Security Faggots

1337 h4x0rz Captain Crunch • Cult of the Dead Cow • David L. Smith • Gary McKinnon • GOBBLES • HD Moore • Jeff Moss • Kevin Mitnick • Lance M. Havok • Robert Morris • Theo de Raadt • weev • Woz Try-Hards 2cash • AnonOps • Brian Salcedo • Fearnor • Fry Guy • Gadi Evron • g00ns • Hack This Site • Hacking Team • hann • Joanna Rutkowska • John Field • Joseph Camp • Lizard Squad • LulzSec • Mark Zuckerberg • MarshviperX • Masters of Deception • Michael Lynn • Krashed • Raven • r000t • Ryan • Steve Gibson • th3j35t3r • The Regime • Sabu • Zeekill Related Shit Avira • Ciscogate • Cloudflare • Conficker • CyberDefender • Defcon • The Gibson • The Great Em/b/assy Security Leak of 2007 • Heartbleed • I GOT NORTON! • Is Your Son a Computer Hacker? • Operation Sundevil • PIFTS.exe • Social engineering • Stylometry • SubSeven • Zone-H

Lance M. Havok is part of a series on Trolls Visit the Trolls Portal for complete coverage.

Lance M. Havok is part of a series on Softwarez Visit the Softwarez Portal for complete coverage.