lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030831223123.GC28897@styx.org>
From: ww at STYX.ORG (ww@...X.ORG)
Subject: DCOM/RPC story (Analogy)

On Sun, Aug 31, 2003 at 12:19:35PM -0700, Steven Fruchter wrote:
> That is completely moronic to act as if he did not do anything but just
> hex edit the code and change the name for example on the .exe .  He also
> like a moron had the infected drones contact his website (which he is
> registered to) so that he can see who has been infected to control them.
> This means that he had more than just wanting to change the name of an
> .exe for example, it shows his intent.

I was not aware of this. Yes, it changes the scenario somewhat:
it mitigates the amount of "damage" of that could be caused by
the worm if he had just changed some text strings.

Consider: all drones controlled by a single entity or drones 
controlled by multiple uncoordinated entities. Which has the
greatest potential for, say, a coordinated DDOS attack?

Of course distrupting the worm's control mechanism probably
wasn't his intent. So maybe he's a bit misguided but mostly
harmless.

> Regardless of what he did or didn't do, he will
> probably get the blame of the entire thing

Trial by media anyone?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ