lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200308130936.10642.jeremiah@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: smarter dcom worm

On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote:
<SNIP>
> You are correct in that "this worm sucks" but I think you could more
> eloquently put it as "this is probably the biggest pile of shit glued
> together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT
> to say it is not being affective and damaging though. It is definitely a
> bad one.
<SNIP>

Thanks for getting this out there, Marc!

I have been trying to indicate to victims in my customer base that they should 
be glad that this first round is a bit of a hassle, but maybe a blessing for 
them, because the worm is junk code - just short of a dud.

Hey!  Free, unscheduled assessment!   

We will undoubtably see a transition to a more robust transport and exploit 
code, coupled with a more threatening payload - like the Code Red / Nimda 
transition in 2001.  I am afraid that the number of vectors will go up, 
though.  All the port-blocks and ACLs that drop Blaster will be conveniently 
avoided for the next wave here.  Anyone who cherry-picked symptomatic 
approaches over a holistic application of depth defenses are still going to 
be hit - and they'll wonder just how it could have happened again!

-- 
Jeremiah Cornelius, CISSP, CCNA, MCSE
Information Security Technology
email: jcorneli@...mail.com - mobile: 415.235.7689

"What would be the use of immortality to a person who cannot use well a half 
hour?"
--Ralph Waldo Emerson


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ