| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: csk_1975 at hotmail.com (Carlos Kramer) Subject: Name One Web Site Compromised by Download.Ject? If you use google/altavista et al to search for some of the more obvious parts of the javascript a few come up, for example "function gc099":- www.bifconference.com/bif2002/newsroom/Dunn_synop.rtf www.biketas.org.au/BikeTas/ meetings/2001-10-02-minutes.txt www.planetkc.com/sloth/sci/blklst.txt englishrosesuites.com/style.css www.nf.crimestoppers.ca/1992/92-93-11 www.afz.ch/Vereinigung/Accueil/ Association/Welcome/Examinations/rev.tabelleen.rtf etc, etc, etc... and although this one isn't infected its pretty funny to read:- www.milonic.com/mfa/2004-June/004443.html >From: "Edge, Ronald D" <edge@...iana.edu> >To: <full-disclosure@...ts.netsys.com> >Subject: [Full-Disclosure] Name One Web Site Compromised by Download.Ject? >Date: Wed, 30 Jun 2004 08:39:32 -0500 > >From the latest issue of: >************************************************************************ >* >SANS NewsBites June 30, 2004 Vol. 6, Num. >26 >************************************************************************ >* >Legal liability question: Has anyone contacted an attorney yet about >damage done by either of these two possibly negligent actions: (1) the >Wittie worm when the security software vendor may have allowed many >customers to have their systems disabled because selected users may not >have gotten the patch for weeks after it was ready, or (2) Download.Ject >damage done to consumers - through loss of identity data and banking >passwords -- by infected web sites that apparently did not tell their >clients that the site was infected? If you have gotten legal advice >about these, please let us know by emailing info@...s.org with subject >"legal liability." >================================ > >So here was my email to SANS: > >What I want to know is where the heck are the publicized identies of the >supposedly many major web sites that were infecting their >customers/visitors?? > >I have rarely seen such an obvious massive hush job and coverup. I have >searched the news articles on Download.Ject and to date I have not found >a SINGLE EXPOSED IDENTITY of a web site. > >I have pointed this out to a well known IT journalist I correspond with >by email regularly, and he replied that he thinks it is definitely a >story worth pursuing. > >I frankly am appalled that not a single site has been named, at least >not to my knowlege, and I have TRIED to find one named in the news >online. > >Ron. > >Ronald D. Edge >Director of Information Systems >Indiana University Intercollegiate Athletics >edge@...iana.edu (812)855-9010 >http://iuhoosiers.com > >Corporate IT's reaction to spyware has been surprising: it's been >largely swept under the rug. The problem is that you can't hide an >elephant by sweeping it under the rug. It leaves quite a bulge. > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html _________________________________________________________________ MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood! http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
Powered by blists - more mailing lists