lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <81637804AB36A644BBDE3ED9DD4E73FDC66677@hermes.eCompany.gov> From: dcopley at eeye.com (Drew Copley) Subject: RE: new internet explorer exploit (was new worm) > -----Original Message----- > From: Berend-Jan Wever [mailto:SkyLined@...p.tudelft.nl] > Sent: Monday, March 29, 2004 3:35 PM > To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com > Subject: Re: new internet explorer exploit (was new worm) > > ----- Original Message ----- > From: "Drew Copley" <dcopley@...e.com> > > Yeah. It is a zero day worm, and it is very notable as such. > > > > I can not recall a previous zero day worm. (AV is not my > job, but I do > > try and follow zero day.) > > > > Hence, IE has birthed us the first zero day worm. > > > > We should be thankful it was not coded better, because it could have > > caused some really serious problems. A hundred thousand systems is > > really a low target when you consider 94% of all browsers > being used are > > IE and the internet population is around the 400 million figure. > > Just be thankfull the guy didn't take the time to find a 0day > xss issues in > webbased e-mail services like hotmail/yahoo/etc... I still > wonder why these > have not been exploited by email virii: They're not that hard > to find (check > your archives) and it's just too easy to code a small worm in > javascript for > these sites (I know from experience). Yeah, we have one with Yahoo in pending. Though, it was a bit difficult to find. (It has not be added to our upcoming advisory list, yet.) In fact, I am good friends with several of the guys who found the last ones... Dror Shalev and http-equiv. (Never really talked to Greymagic, just by chance, I suppose.) These are top bugfinders, though, and they are very skilled people. I do not dismiss the skills of any of the people who have found these bugs... but I do believe there are more in there. > The only propagation > limiting problem > is that all trafic goes through centralized servers which can > be easily > updated (check your archives for site-specific responds > times). But if you > combine it with your regular e-mail worm techniques, you can be sure > propagation continues after that fix. Right, I find these security holes extremely alarming. In fact, I accidentally flamed a bug finder once because I thought he posted Yahoo zero day... and I am known as a guy that is patient and apologetic for those who post zero day without going to the vendor first. (Because I know all too well, for one thing, that they don't have to post it at all.) And, I know what it feels like to have this Yahoo zero day in my pocket here. It is a dangerous thing. That's why this business is so much funner then writing database programs. > > Cheers, > SkyLined > > > >
Powered by blists - more mailing lists