lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed May 11 18:08:24 2005
From: khaalel at gmail.com (khaalel)
Subject: KSpynix ::: the Unix version of KSpyware?
	(Proof Of Concept)

Hi,

before sending me such emails, read Kspynix before: Firefox is not
attacked by the POC,
and such malware already exists for Unix systems although their code
are not public... that's why I code this "small" malwares (if they can
be called malware...)

About the ethic, it's your problem if you think it's not ethical to
publish such code, Besides don't be afraid Unix systems are always
secure.

And i "waste" my time with what I want !!!
What's an ethical act for you? I wanted to publish a windows rootkit
this week, is it ethical?

On 5/11/05, khaalel <khaalel@...il.com> wrote:
> Hi,
> 
> before sending me such emails, read Kspynix before: Firefox is not
> attacked by the POC,
> and such malware already exists for Unix systems although their code
> are not public... that's why I code this "small" malwares (if they can
> be called malware...)
> 
> About the ethic, it's your problem if you think it's not ethical to
> publish such code, Besides don't be afraid Unix systems are always
> secure.
> 
> And i "waste" my time with what I want !!!
> What's an ethical act for you? I wanted to publish a windows rootkit
> this week, is it ethical?
> 
> 
> On 5/11/05, bkfsec <bkfsec@....lonestar.org> wrote:
> > James Tucker wrote:
> >
> > >Firefox was safe(r) for a time, now exposure has driven it to become a
> > >viable and "timeworthy" market for the spyware and malware
> > >communities. The same will come of operating systems and any other
> > >highly pervasive applications.
> > >
> > >
> > >
> > Well, yeah, but I still wouldn't be throwing away GNU/Linux just yet on
> > that front.   I would argue that it's still entirely possible to build a
> > GNU/Linux system that is more secure than a MS Windows system,
> > relatively speaking.  (Note: I am not saying that GNU/Linux doesn't have
> > its share of security issues and I am not saying that one can't create a
> > well-secured Windows server.)
> >
> > However, that's getting off track.  That would be getting into system
> > configuration and design as they relate to vulnerabilities.  That's
> > another discussion altogether.
> >
> > Going back on track, I wouldn't support the creation of packages such as
> > this for any OS.  I just don't think it's ethical.  Like I said, there's
> > a big difference between a POC and a worm.  Coding POCs is just fine, if
> > it's done ethically.  Coding worms as an example, however, is where you
> > cross the line from just creating a proof of concept and into turning
> > that proof onto others in order to harm them.  Also, I'm not getting
> > into rights here, I'm just talking about the ethics of the situation.
> >
> > In the case of spyware, no proof of concept was needed because anyone
> > with any knowledge of systems at all could tell you that it could be done.
> >
> >              -Barry
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ