lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F45757F.2071.7BDAD586@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: [inbox] Re: Fwd: Re: Administrivia: Binary
 Executables w/o Source

"Jason Coombs" <jasonc@...ence.org>, whose input is usually 
intelligent, considered and well-reasoned, chose to fall from his 
pedestal thus:

> Curt Purdy opined:
> > FWIW I disagree with any moderation at all.
> > The point is, this is a FREE forum, one of the few left in the world.
> 
> I agree completely. The sobig spam is valuable -- it shows us who we
> should not trust to operate a computer.

_If_ you know what to take from the headers _AND_ have omniscient 
access to the mythical IP-to-user mapping address list...

You -- like several incredibly clueless posters today -- are entirely 
incorrect in this case.

Look up any vaguely competent description of the workings of this 
virus.  Then explain how you would divine the real victim, as opposed 
to the addresses spoofed by the virus, from Sobig's mail.

Better yet, save yourself the time trying, as the answer is you cannot.

> It also reveals the identity of people who have us in their address
> books without our consent.

D'oh! number two.

Sobig gathers Email addresses from _many_ file types it finds on its 
victims' machines including the file types of the Email message 
"folder" files used by mailers, HTML files. .HLP files and .TXT files.

Your comment again shows an uncharacteristically ignorant view of the 
actual situation.

> By blocking 2,000+ copies launched at the list we've been saved some
> bandwidth ...

"some" = approx 200MB (each virus message is approx 100KB).

> ... but we've been deprived of the opportunity to point and laugh
> at the people who subscribe to full-disclosure who got hit by the silly
> thing.

Or, if you understood how the virus really works, you were saved the 
embarrassment of being shown to be a fool by your pointing and laughing 
at the wrong people.

So how ironic that you were then silly enough to post this drivel so 
those of us who do know how Sobig works get to laugh at you and others 
like the clown of Clowater...

> Just as some people in business refuse to do business with any person or
> company who sends spam, some of us also refuse to do business with
> anyone incompetent enough to get hit by a virus or worm.

Indeed, but the truly cluefull refuse to do business with those who 
clearly don't know anything important about something they should.

What's that saying -- better you be thought a fool than open your mouth 
and remove all doubt?

> Perhaps Len could send a single digest message to the list revealing the
> identity of each subscriber who tried to spam us with a sobig attachment
> -- it's the least he could do after intentionally covering up for these
> people.

And, if your address were on that list?

_That_ wouldn't make me laugh at all because I understand that your 
address would be there because you were _NOT_ infected (well, almost 
certainly not...).  And, I know for a fact that I am not and have not 
been infected (well, I deliberately infected machines in my test 
network but that's not connected to the Internet and has not "released" 
anything) _BUT_ I'd not be at all surprised to see my address on that 
list as I've received several dozen bounces for apparently sending the 
virus.

As it seems to be the day for it -- go stand at the back of Clowater's 
cluestick queue.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ