lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <001801c36125$8ffb9660$250a640a@navi>
From: gml at phrick.net (gml)
Subject: aside:  worm vs. worm?

Are you basically saying that MS deserves no sympathy and should stand up
and take responsibility for the silliness inherent in their OS source code?
If that's what you're saying, then I have to agree.  The word debacle comes
to mind here.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Darren Reed
Sent: Tuesday, August 12, 2003 4:13 AM
To: Andrew J Homan
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] aside: worm vs. worm?

In some mail from Andrew J Homan, sie said:
> 
> It seems that between the time dcom.c first starting popping up around the
> internet and today, there was ample time for someone to write and release
a
> worm designed to patch infected systems and remove any sign of itself. 
> Given that on the 16th of this month windowsupdate.com will be DDOSed,
does
> anyone else see this as an opportunity for a war of worms with
> windowsupdate.com at stake?  Would anyone consider releasing a patching
> worm on their own network if they knew it wouldn't spread to the rest of
> the internet or is there a downside to this notion which I'm not
realizing?

You know, if the DDoS was targetted at someone innocent, I might be
more sympathetic towards the problem of a web site being DDoS'd.

But it's Microsoft's own web site that is being targeted and it is
through their own bug that it is being made possible.  As much as
they would like to point the finger at others for making the code
available to do it, if their software didn't have the bug, it would
not be possible it all.  Hrm, I don't really want to start _THAT_
discussion again, but I don't think you will find much, if any,
sympathy for Microsoft being targetted by this worm.  They're a
large, rich, monopoly of a company.  Do they really deserve any
nice sympathy at all ?  I suspect I'm not alone in these feelings.

Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists