| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: edge at indiana.edu (Edge, Ronald D) Subject: Name One Web Site Compromised by Download.Ject? >-----Original Message----- >From: Morning Wood [mailto:se_cur_ity@...mail.com] >Sent: Wednesday, June 30, 2004 12:56 PM >To: Edge, Ronald D; full-disclosure@...ts.netsys.com >Subject: Re: [Full-Disclosure] Name One Web Site Compromised >by Download.Ject? > >> Legal liability question: Has anyone contacted an attorney >yet about >> damage done by either of these two possibly negligent actions > >are you serious? this "hunt" is laughable. Why is this any >different than anything else? ... >The problem is UNPATCHED BROWSERS period. >They could have just as well compromised HP 4550 printers and >embeded a malicious script that contained the same IE bug. ... >my 2bits > >m.wood Uh, actually, I think you sorta missed the point of my post, which was pretty much the purpose of this list, namely, full disclosure. Not only are we not getting full disclosure on just what sites were involved, we are not getting ANY worth speaking of. Thus it is part of the same coverup of the growing trend of computer exploits over the past 15 years with the growth of the Internet that has been so assiduously pursued by businesses, mainly to hide their own embarrassment and potential liability exposure. Now the criminal activity has reached a fever pitch since the beginning of the MSBlast exploits and their followups, and now we see the next major phase, three major exposures of trojans loaded from web sites to browsers (not just IE, see latest exploit of help features in multiple browsers). Covering up like this by not naming and exposing the sites just isn't going to cut it much longer. Just as companies sticking their heads in the sand and hiding the fact does not ultimately help, it harms. Back to the point: full-exposure just happens to be the name of this list. My point had little to do with the specific exploits, and everything to do with legal and social context of the what I see as a pathetic coopting of the media to hide the identities of compromised web sites, which according to rumor include some major league sites. My 02.5 cents worth. Ron. Ronald D. Edge Director of Information Systems Indiana University Intercollegiate Athletics edge@...iana.edu (812)855-9010 http://iuhoosiers.com Corporate IT's reaction to spyware has been surprising: it's been largely swept under the rug. The problem is that you can't hide an elephant by sweeping it under the rug. It leaves quite a bulge.
Powered by blists - more mailing lists