lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00aa01c415e6$750c7ab0$0100a8c0@grotedoos>
Date: Tue, 30 Mar 2004 01:35:02 +0200
From: "Berend-Jan Wever" <SkyLined@...p.tudelft.nl>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: Re: new internet explorer exploit  (was new worm)


----- Original Message ----- 
From: "Drew Copley" <dcopley@...e.com>
> Yeah. It is a zero day worm, and it is very notable as such.
>
> I can not recall a previous zero day worm. (AV is not my job, but I do
> try and follow zero day.)
>
> Hence, IE has birthed us the first zero day worm.
>
> We should be thankful it was not coded better, because it could have
> caused some really serious problems. A hundred thousand systems is
> really a low target when you consider 94% of all browsers being used are
> IE and the internet population is around the 400 million figure.

Just be thankfull the guy didn't take the time to find a 0day xss issues in
webbased e-mail services like hotmail/yahoo/etc... I still wonder why these
have not been exploited by email virii: They're not that hard to find (check
your archives) and it's just too easy to code a small worm in javascript for
these sites (I know from experience). The only propagation limiting problem
is that all trafic goes through centralized servers which can be easily
updated (check your archives for site-specific responds times). But if you
combine it with your regular e-mail worm techniques, you can be sure
propagation continues after that fix.

Cheers,
SkyLined


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ