lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <03781128C7B74B4DBC27C55859C9D7380B9DDF74@es06snlnt.sandia.gov>
From: deicher at sandia.gov (Eichert, Diana)
Subject: recent RPC/DCOM worm thought

I've been thinking about how "poorly" this worm was 
written and how it really wasn't very malicious, just 
very time consuming, forcing people/companies to 
install patches to their systems.

Now here's an alternative thought about it.

What if "someone" purposely wrote this worm to get 
the attention of people to patch their systems, not 
to DOS the mickeysoft upgrade site.  If they really 
wanted to create a DOS against a website they wouldn't 
have postponed it for 4 days.  That's a long time in 
today's world.

I mean if you were mickeysoft and there was a known 
security hole wouldn't it be in you best interest to 
have the first real exploit of it be relatively benign?
It gets everyone's attention and they are forced to 
install the latest security patch.

anyway, my US$.02 worth

Powered by blists - more mailing lists