lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: steven_fruchter at hotmail.com (Steven Fruchter) Subject: DCOM/RPC story (Analogy) That is completely moronic to act as if he did not do anything but just hex edit the code and change the name for example on the .exe . He also like a moron had the infected drones contact his website (which he is registered to) so that he can see who has been infected to control them. This means that he had more than just wanting to change the name of an .exe for example, it shows his intent. Yes you are right about the 7,000 being exploited anyways, and yes this kid definitely should not get such harsh treatment, but the sad fact is, he probably will get all of punishment from what someone else did, he is just a lame kid who should not of took someone else's code to try and be cool first of all, and now he is paying the price for trying to be cool. I have had some many people come up to me and tell me they caught the guy that released the blaster worm and than I have to yell at them and say, "NO they didn't! They just caught some kid who made a lame variant using the original worm." Regardless of what he did or didn't do, he will probably get the blame of the entire thing, guess this will make worm writers a little more scared and they will start to watch their steps a little more carefully now and not have the damn drones contact their own website which is registered to their name. -SF -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Kristian Hermansen Sent: Sunday, August 31, 2003 10:53 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] DCOM/RPC story (Analogy) I also agree with you. The kid is guilty of nothing more than "Unethical use of a hex editor". And here's my MAIN FUCKING POINT SO LISTEN UP ALL OF YOU: THE 7000 COMPUTERS THAT HE SUPPOSEDLY INFECTED WOULD HAVE BEEN INFECTED BY THE "ORIGINAL" WORM HAD THEY NOT BEEN COMPROMISED BY HIS VARIANT FIRST. SO WHAT'S THE FUCKING CRIME? READ BELOW... The analogy is this: A scientist drops a monkey infected with the Ebola virus into a large tank containing 20,000 other monkeys. Some monkeys have been given a shot to protect them from infection, so as the virus spreads they do not become a carrier. The outbreak starts at the far west end of the container and is working its way to the east side, infecting every monkey exponentially as they all pass it on to their neighbors. One of the smarter monkeys gets infected and realizes what is happening. For some strange reason this monkey knows that drinking a certain liquid (on the floor of the container) will slightly alter the properties of the virus he has become infected with immediately. He stirs up the other end of the container by hurling a pile of his own feces. Now, the outbreak has not reached that end of the tank yet (but most definitely will in time) and the outbreak is now spreading from the west and east ends toward the center. After the outbreak has reached its infection maximum and looking at all of the dead monkeys on the tank floor, the uninfected monkeys start asking questions as to what the hell happened to their brothers and sisters. Weeks go by and no one has an answer. Finally, one monkey overhears a conversation about how one guy threw his shit all the way across the tank. That's the guy we need to punish they concluded. They apprehend the monkey on his death bed for throwing his own shit and causing the outbreak at the east end of the tank, which supposedly killed 7000 monkeys. They continued looking for the original infectioner, but the scientist was never discovered. Some of the monkeys started to blame God for allowing this infection to be possible. "Why the hell does God want to torture us? We are but mere mortals!", exclaimed one monkey. "God works in funny ways...", sighed another monkey. Kris Hermansen ceo@...technology.com On Sat, Aug 30, 2003 at 10:39:53AM -1000, Jason Coombs wrote: > if he made the modifications and gave the modified worm to other people but > didn't cause it to infect anyone else's computers, then what crime is he > guilty of exactly? criminal misuse of a hex editor? it could certainly be argued that the "damage" caused by this copy of the program is no greater than it would have been if his home computer had simply been infected and passed it on in the usual way. in fact, maybe he is even the pioneer of a new art form where people, out of respect for the rights of the autonmous agent, refuse to remove these programs from their computers and use hex editors to tattoo their message onto the worms' backs. i can see web sites with worm poetry -- the random juxtaposition of sentences that trace a particular worm geneaology as it passes across the mesh, perhaps even paper-bound volumes. other than neglecting to install a program with a genocidal attitude towards certain processes, what exactly did this guy do wrong? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030831/7967f6e0/attachment.html
Powered by blists - more mailing lists