lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F242F66.3030703@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: DCOM RPC exploit  (dcom.c)

security snot wrote:

> I don't understand how having any of the
> poorly written public exploits for this vulnerability will help in the
> securing process in any way.  Unless you mean that the threat of a worm is
> more realistic because now hackers, along with security professionals,
> both have access to some form of exploits they can use to create a worm
> with, and this threat is enough to convince Asian nations to update all
> their machines.
> 
> Other than that, could you please explain how the distribution of such
> materials actually will "help prepare", as you say, for the upcoming worm?

Troll though this may be, I'll go ahead an answer for the benefit of anyone 
else who might have been curious about the same thing.

There's a decent chance the work will be based on an existing exploit.  If 
one has made any effort (IDS rules, etc) to detect the exploit, then they 
will be prepared for the worm as well.

What kinds of evidence does the exploit leave behind?  If one can try the 
exploit(s), then they can determine what an exploited machine looks like.

						BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ