lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <bf6826070501032347711fc400@mail.gmail.com>
From: sovrevage at gmail.com (Stian Øvrevåge)
Subject: phpBB Worm writers are dumb

On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <emiraga@...raga.com> wrote:
> lots has passed since releasing a phpbb worm by some stupid people, i will
> list my oppinion about it.
> 
> - why release a worm? not sure about newer ones, but first one did not do
> anything, so, whats the point?. Worm will warn whole world about
> vulnerability and most of servers will patch it, without worm it would stay
> just another bug in their forum and most non will worry about it. Security
> _penetators_ are loosing their jobs because of you.
> 

So, releasing a worm that does nothing but warn the world and getting
the holes patched? I would agree this is stupid from a black-hat's
point of view, but I think it's better that some kiddies exploit and
expose the vuln/exploit than some organized criminals. Have you ever
done something for the kick off it? The message I'm replying to now,
is there a point? Except saying they are stupid?


> - first worm sent a thousand requests before infection. The newer one do
> 'wget' it from static http location. STUPID. Simply worm could send his self
> by POST or FILE_UPLOAD method since they are not written in logs. In logs
> would be written a small request that most administrators will not notice.
> what's wrong with eval($_POST[x])?

It is possible for the authors to replace the scripts and hence, load
different payloads as time goes, it hasn't been done, but it is a
possibility. I would say this is harder with self-carrying code.

> - first worm wrote his self to current directory, we all know that in most
> cases this will fail. Better solution would be to write to /tmp, or even
> better to use upload $_FILES[worm][tmp_name]. So stupid!
> 
> - Why didn't they removed comments and replaced their variables with smaller
> ones, so worm will go faster.

Agree with this one, it's not very "nice" code to look at, especially
when it's in some strange foreign language.

> i just hope no one will rewrite its code with newer _version_ cuz then i will
> be the stupid one here.
> 
> just wanted to say that worm writing sucks and real programmer will never
> release one.
>
> greets

I myself are fascinated by worms, but then again I'm not a real programmer.

My two cents
- Stian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ