lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F028B146DACD54419D564A00090F66AD2A6A97@comail1.corp.idanalytics.com>
From: smacdougall at idanalytics.com (MacDougall, Shane)
Subject: Veriscum badness...

Hmmm, couldn't somebody so motivated create a distributed tool that
generates tons o' requests to random fake addresses? This would
effectively cause a de facto DOS attack on Veriscum, but I'm not sure if
it would be prosecutable since no actual site was being targeted...

After all, if you happen to hit fakesites1.com, fakesites2.com,
fakesites3.com, etc etc. who would be the affected party? 
The sites don't exist - there's no sysadmin scrambling to block the
traffic, there's no hardware being hammered (directly at least). I don't
think Veriscum would have a case because the requests weren't aimed at
Veriscum or any of their subsidiaries... Just because they decided to
point unresolved URLs to their site unilaterally doesn't seem to me to
be basis enough for a complaint. Of course I could be (and often am)
wrong.

Just wondering...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Shane MacDougall
Lead Security Officer
ID Analytics
San Diego, California USA
Direct: (858) 427-2860
Toll Free: 866-240-4484 x 2860
Fax: 858-427-2899


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ