lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CB1F49F2B508604292985807CF68F5F505953810@csexchange.cs.state.ny.us>
From: JMC13 at mail3.cs.state.ny.us (Clairmont, Jan)
Subject: Culprit Bio: Perfect Storm Averted or Just 
	Ahead?

The guy who wrote this virus and/or unleashed it should not be too hard
to track down.  One, they are a Forth programmer, old school.
I once met the Guy who invented Forth('83) and was in a seminar where
he talked it up, not too many programmer then, not now.  This language is
very compact and powerful allowing a lot of functionality in a compact
environment.  There is the CVS tag that mentions Andy.  So there is an
association with Andy and Forth.  Finally, the person knows communications
programming, old school,
tcp, ports, and sockets not portals etc, probably in assembler or C.

Lastly, this person has a big Ego, so they have probably published on
security, sockets, communications, SMTP, bios and/or forth.  This person
knows
the ins and out of many computer architectures UNIX, PC, attacking Bios is
old school int 20 , 21 stuff.  Probably really hates Intel, Gates and 
MS, 8-> boy that's about everyone on this list. ;->  

Anyone with information, a reward is going to be posted. 

Regards,
Jan Clairmont

-----Original Message-----
From: Collin R. Mulliner [mailto:collin@...aversion.net] 
Sent: Thursday, January 29, 2004 8:48 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Mydoom: Perfect Storm Averted or Just Ahead?


Hi,

> That'd be an interesting defense.  Has anyone tried renaming their 
> incoming MX machine so that it includes one of these strings?

I think all email addresses which contain the unwanted strings are filtered
out before asking for the mx host for a specific domain - so this defense
wont work. Everything else would be to slow.

... Collin

-- 
Collin Mulliner <collin@...aversion.net>
BATAVERSiON Systems [www.betaversion.net]
fom: To know recursion, you must first know recursion.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ