lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200307270722.h6R7MQKp018526@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: RE: DCOM RPC exploit 

On Sat, 26 Jul 2003 23:49:05 PDT, "Steve W. Manzuik" said:

> A worm exploiting this might happen, but is it really that big of a deal?

Compare the number of boxes that have the bug Slapper exploited with the number
of boxes that have DCOM open to the world....

When I hear that a worm's finally been spotted,  I'm yanking my laptop off the
net and going home - and it's a Linux box.  I'm just expecting to not get any
useful connectivity for a while.

And of course, anybody who's got half a clue and writes a worm is going to have
it drop off a trojan/backdoor... And then those boxes get used as spam relays,
front-end boxes for porn websites, keyboard sniffers, etc etc.  Gonna take a
LONG time to clean that mess up.

Hell, we're *still* seeing Code Red traffic.  And what we've *NOT* seen in the
last 2 years is a CERT advisory of this magnitude against a Microsoft product
that didn't spawn a "Holy Shit" scale worm.

Unfortunately, we've gotten so lulled by the "Just another damned worm"
scenario that maybe it's NOT a big deal anymore.   And that's just as scary as
the actual worm.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030727/4351b4e5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ