[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9D25EC9CEF02EE449A4D64BFFA413AC8015BD8F4@iu-mssg-mbx05.exchange.iu.edu>
From: edge at indiana.edu (Edge, Ronald D)
Subject: Name One Web Site Compromised by Download.Ject?
>-----Original Message-----
>From: Morning Wood [mailto:se_cur_ity@...mail.com]
>Sent: Wednesday, June 30, 2004 12:56 PM
>To: Edge, Ronald D; full-disclosure@...ts.netsys.com
>Subject: Re: [Full-Disclosure] Name One Web Site Compromised
>by Download.Ject?
>
>> Legal liability question: Has anyone contacted an attorney
>yet about
>> damage done by either of these two possibly negligent actions
>
>are you serious? this "hunt" is laughable. Why is this any
>different than anything else?
...
>The problem is UNPATCHED BROWSERS period.
>They could have just as well compromised HP 4550 printers and
>embeded a malicious script that contained the same IE bug.
...
>my 2bits
>
>m.wood
Uh, actually, I think you sorta missed the point of my post,
which was pretty much the purpose of this list, namely, full
disclosure. Not only are we not getting full disclosure on just
what sites were involved, we are not getting ANY worth speaking of.
Thus it is part of the same coverup of the growing trend of
computer exploits over the past 15 years with the growth of the
Internet that has been so assiduously pursued by businesses, mainly
to hide their own embarrassment and potential liability exposure.
Now the criminal activity has reached a fever pitch
since the beginning of the MSBlast exploits and their followups,
and now we see the next major phase, three major exposures of
trojans loaded from web sites to browsers (not just IE, see latest
exploit of help features in multiple browsers). Covering up like
this by not naming and exposing the sites just isn't going to
cut it much longer. Just as companies sticking their heads in the
sand and hiding the fact does not ultimately help, it harms.
Back to the point: full-exposure just happens to be the name of
this list. My point had little to do with the specific exploits,
and everything to do with legal and social context of the what I
see as a pathetic coopting of the media to hide the identities of
compromised web sites, which according to rumor include some
major league sites.
My 02.5 cents worth.
Ron.
Ronald D. Edge
Director of Information Systems
Indiana University Intercollegiate Athletics
edge@...iana.edu (812)855-9010
http://iuhoosiers.com
Corporate IT's reaction to spyware has been surprising: it's been
largely swept under the rug. The problem is that you can't hide an
elephant by sweeping it under the rug. It leaves quite a bulge.
Powered by blists - more mailing lists