lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200308181132.46583.jonathan@xcorps.net>
From: jonathan at xcorps.net (Jonathan Rickman)
Subject: Re: [Dshield] new msblaster on the loose?

-----BEGIN PGP SIGNED MESSAGE-----

On Monday 18 August 2003 10:20, Redaktion - Kryptocrew wrote:
> hi list,
>
> take a look to trendmicro, thats new:
> http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id
>=55745&VName=WORM_MSBLAST.D&VSect=T

Let's see...

Does it magically boot the system off known good media to check for 
rootkits/backdoors/trojans/[insert favorite evil here]??? 

No.

Does it magically monitor the traffic to and from the machine for a 
reasonable period of time to ensure that nothing is amiss???

No.

Does it reinstall the host OS from the original media and restore the last 
known good backup???

No.

So...what does it do? 

It patches the hole and wipes out the worm if present, then deletes itself 
in 2004. Great...except, MSBlaster wasn't the only thing that took 
advantage of the RPC/DCOM exploit. Oops. Now the system administrator has 
no cause to take any of the above steps because from his view, sitting in 
his office running the latest eEye scanner, the machine was never 
vulnerable.


When will folks figure out that these so called "good worms" are not a good 
thing?  The failure of the author to take note of such fundamental flaws in 
his or her logic suggests that they have no business doing anything, much 
less volunteering to correct the world's problems. Of course, this could be 
a deliberate cover-up...but somehow I think it's just another security 
cowboy trying to save the world.

- -- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBP0DxcTTwrX0N9QH/AQHK/QgAicqq+xHeOaZKJonUdRsHo+Fdj0ojGiUp
ZaSyBn4DjzwF7tr1VVbat2eUZj2EBfjaArV5CwVuGga28/JDeVRExtjRxW5sAOUI
IzvjZt6NTK+9RaMEfIAwFOlua+ov2gG8lo95S8DlBqaW4a4H/KvZHqrNHORpTGSB
wnrCBG5r9ah0tcwDVMhxQDupPzfgrTdoYeTq+5K1OYRRQEP/H7XFRC+uCt0gyoOM
Ljxb2Hcfl7qSatKgglQYIQU2sTXB3m1hoNXTSxUDOg6ZH3isAWupJIlZw+/3AJCG
h0EDgu18FnNOhlGYPa1hL3Wq2KpEjQmzN6Z5zFSFjtx5rfh3kTVjGg==
=qeAv
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ