lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200212130620.gBD6K9Xg090415@mailserver3.hushmail.com>
From: gobbbles at hushmail.com (gobbbles@...hmail.com)
Subject: Re: How often are IE security holes exploited?

-----BEGIN PGP SIGNED MESSAGE-----

Richard M. Smith wrote:
> Has anyone ever looked into how often security holes in Internet
> Explorer are actually used in viruses, worms, Trojan horses, and other
> malware?  My sense is that very few of them are actually used in the
> wild.

If you look at "hacker kit" codes which would do this...

The question is, how can they be detected, if they are not detected by any user? How will anti-virus learn of it, if the trojaned exploit code is unknown to them and no user has found it? Or, what if that user browses pedophile newsgroups and mailing lists? Would they be so anxious to report a trojan on their system? And, how would they ever figure out how they got it?

Was it spam email number 76876, or maybe website number 565579?

And, why wouldn't someone want to be able to say... target all neo-nazi's reading alt.politics.white-power... if they realize they have their whole audience right there in the newsgroup?

Or, what about that company that has all of its' employees firewalled? Kind of conveniant way to grab a few of them to make one's way into the system.

Also, as you may have noticed, email is rather insecure/private/can be really hard to trace. Especially if you use enough proxies and then feed it through your most paranoid remailer.


Lamont Cranston

"My names in the book, look it up"


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wl0EARECAB0FAj35fJIWHGdvYmJibGVzQGh1c2htYWlsLmNvbQAKCRCLwwkA1HDM9XFz
AJ99jvYJa/sSiWyFBtK984qToeYF+gCfduGV4EuSCWum9Pu70x6XV+q7e/0=
=LHb9
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ