lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4136BD30.8000005@paradigmo.com>
From: stephane.nasdrovisky at paradigmo.com (stephane nasdrovisky)
Subject: Viral infection via Serial Cable


Most viruses use the user (they expect to contact a stupid user which 
will execute it), they don't care how it reached your pc, it knows the 
user will spread it somehow (i.e. it's a nice porno exe which will be 
sent to friends, ...). Current viruses do not even need user 
interaction, some expect to contact a stupid user who's using some 
outlook flavor.
The worms are using servers and their vulnerabilities (and the admin 
lazyness), ip or higher level email features.
Current viruses and worms are not very different as they do not always 
need user action. Some viruses could be called worms as they spread 
automatically, using server features of some clients.
Back in the 80s and early 90s, I was using fidonet (a modem/rs232 based 
network), file and email transfers were automatic (using a software like 
binkley term). There were no known way for automatically execute the 
files you received (outlook or outlook express did not exist, not even 
windows nt, just msdos), but viruses were working anyway.  It was the 
begining of companies like mcafee! That was the time I first checked my 
executables before executing anything on my PC.


?ber GuidoZ wrote:

>James Tucker said:
>  
>
>>4. Most viruses in circulation today use TCP/IP or higher level
>>protocols, not native RS232.
>>    
>>
>
>AND
>
>  
>
>>Personally I never saw or heard of a virus which tries to communicate
>>with another computer attached to an RS232 port (maybe a laplink
>>virus or the like??), as this is an unusual scenario.
>>    
>>
>
>Exactly the point I was trying to make. Nothing more, nothing less.
>  
>
I too never heard such a think, which doesn't mean:
-such a virus/worm does not exist
-the software on any side of the rs232 link is not vulnerable (I guess 
the risk will not come from a virus/worm but a targeted attack by 
someone knowing the vulnerabilities of this soft and also knowing your 
network infrastructure and that you have this soft)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040902/5046e5d1/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ