lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200401290432.i0T4W3b09233@singularity.tronunltd.com>
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: alleged bios infection - was Re: OpenBSD 'pf' port (was FreeBSD heap to Linux)

Juari,

You were right, that was a time waster, but you're fishing with that
comment.

If you have the time to talk shop, then I'd like to ask about your virus
findinings.  You appear to have gone to a lot of trouble to debug
this virus but you've left out some fairly critical information;

> It was also unknown that the virus infects the BIOS of the computer it
> infects by injecting a 624bytes backdoor written in FORTH which will open
> port tcp when Mydoom will be executed AFTER febuary 12.

1.  Which TCP port does it listen on?
2.  Which BIOS (or motherboard) is this likely to occur on? (hard one -
      what instructions does it use to enable write to the chip - the 
      LinuxBIOS project should then help me find the boards that this
      will affect).

Whether my anti-virus company wants me to wear this or not, I'd
like to minimise the impact of any vulnerability that you may be able
to identifty in this regard.


Thanks for your time,






----- Original Message -----
>From: "Juari Bosnikovich" <juarib@...et.arbornet.org>
>To: "Ian Latter" <itsecurity@...edu.au>
>Subject:  Re: [Full-Disclosure] OpenBSD 'pf' port (was FreeBSD heap to Linux)
>Date: Wed, 28 Jan 2004 21:36:23 -0500
>
> 
> 
> On Thu, 29 Jan 2004, Ian Latter wrote:
> 
> >
> > > Human-readable syntax.
> > >
> > > Lucid syntax is an indispensable security measure.  Errors should be GLARING
> > > and obvious!
> >
> > Ok - Fair enuff.
> >
> >   Though there's nothing quite as obvious as a new home page painted
> > by your fav' 1337 cr3w to show holes in firewall rules ;o]
> 
> you has alot of free time to say useless things
> my monkey once told me "why oh why do you keep doing it".
> the thing with monkeys is you only have to give them a banana to make them
> shut up.
> 
> > --
> > Ian Latter
> > IT Security Officer
> > Macquarie University
> 
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

 Meet me at the Australian Unix and open systems
   User Group (AUUG) Security Symposium; 2004
  http://www.auug.org.au/events/2004/security/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ