| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jeremiah at nur.net (Jeremiah Cornelius) Subject: smarter dcom worm On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote: <SNIP> > You are correct in that "this worm sucks" but I think you could more > eloquently put it as "this is probably the biggest pile of shit glued > together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT > to say it is not being affective and damaging though. It is definitely a > bad one. <SNIP> Thanks for getting this out there, Marc! I have been trying to indicate to victims in my customer base that they should be glad that this first round is a bit of a hassle, but maybe a blessing for them, because the worm is junk code - just short of a dud. Hey! Free, unscheduled assessment! We will undoubtably see a transition to a more robust transport and exploit code, coupled with a more threatening payload - like the Code Red / Nimda transition in 2001. I am afraid that the number of vectors will go up, though. All the port-blocks and ACLs that drop Blaster will be conveniently avoided for the next wave here. Anyone who cherry-picked symptomatic approaches over a holistic application of depth defenses are still going to be hit - and they'll wonder just how it could have happened again! -- Jeremiah Cornelius, CISSP, CCNA, MCSE Information Security Technology email: jcorneli@...mail.com - mobile: 415.235.7689 "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson
Powered by blists - more mailing lists