Gobbles

Encyclopedia : G : GO : GOB : Gobbles

GOBBLES Security made their first appearance on the Bugtraq mailinglist in November 2001 with an advisory on a vulnerability in the Berkeley finger daemon. With their broken English, their sarcasm and irony they continued to ridicule the whole security industry during the next years.

Due to their sometimes obscene language, some of their posts to SecurityFocus mailinglists Bugtraq and Vuln-Dev were denied by moderators Dave Ahmad and the Blue Boar.

Because of the trolling nobody took them seriously. This changed when they posted a series of working remote exploits for Apache web servers in July 2002, proving several well renowned companies and independent security researchers wrong in a dispute whether the recently published bug in Apache was exploitable or not. The Apache bug was initially found a couple of years earlier by a former ADM member but never reported as it was deemed unexploitable. The exploit made headlines even in ordinary news as it affected the most popular web server software on the Internet.

In the beginning of July 2002 they yet again made it to the news by posting the first publicly known remote root exploit ever for the OpenBSD operating system, an OS synonymous with high security.

In January 2003 they caused a stir in the peer-to-peer and info sec community by claiming to have developed a worm called 'The Hydra' for the RIAA, following their advisory on how specifically crafted mp3 files could be used to run arbitrary code when played by certain mp3 players. This was a couple of months later revealed to be a hoax.

Comics

They released a few comics on their site, http://www.bugtraq.org/ which was later hosted by Dave Aitel on http://www.immunitysec.com/GOBBLES/ as a group of people continuously used up their limited bandwidth.

Advisories

[Archived GOBBLES advisories]

Gobbles

Comics

Advisories

See also