lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27014B9129@dc1ms2.msad.brookshires.net>
Date: Mon Aug 22 20:29:03 2005
From: toddtowles at brookshires.com (Todd Towles)
Subject: Zotob Worm Remover

Umm..you mean like my article I wrote last year -
http://myitforum.techtarget.com/articles/16/view.asp?id=7410

You stated that wireless is the main reason that the worm got into
networks. Wireless not nothing to do with the spread of the worm, worms
spread on unpatched machines..they can be on thicknet or Internet2..it
isn't matter the access medium. Tried of talking about this already...

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
> Sent: Monday, August 22, 2005 2:01 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Zotob Worm Remover
> 
> On 8/22/05, Todd Towles <toddtowles@...okshires.com> wrote:
> > Wireless really isn't a issue.
> 
> Thats your opinion, to me its the issue of today/tomorrow. 
> Its the main way hackers are going to hack corporations in 
> the future. It'll be the basis of many an incident for 
> response teams to handle.  You may not be on my mind set but 
> i've been at this game a while now, and I try and warn 
> corporations weekly of the threat of wireless hacking.
> 
> Employees of Yahoo Inc have been taking pictures of cars 
> outside at Sunnyvale, this is also a security risk for them. 
> However Yahoo fail to see what I see, and thats a major 
> breach in security where employees are helping hackers to 
> identify cars belonging to employees/partners/day visitors 
> and students who visit Yahoo. .
> 
> http://www.flickr.com/photos/ycantpark Yahoo aren't doing an 
> internal investigation into those behind this Flickr account 
> and my calls for it to be shutdown have been ignored. New 
> pictures are published periodically.
> 
> The photos are ment to be showing cars in bad parking 
> positions but the wireless threat outweighs that of bad 
> parking. The owners of those cars didn't get a choice to 
> weather thier car and number plates were published on the 
> internet by Y employees who are ment to be responsible adults?
> 
> Funnily the responsible adults did hide the telephone number 
> of "mission control" but didn't see the problem in publishing 
> the cars themselves and the number plates of those cars in 
> full display on an intended public Flickr account.
> 
> This issue has been on-going since an employee working for 
> Yahoo Search published the link to the Flickr account on his 
> high profile blog.
> 
> Within hours of his blog entry being published I attempted to 
> IM him to ask him to remove the entry, he ignored me. The 
> media then picked up on the blog entry, but only running the 
> story in the context the blog entry intended (bad parking), 
> however no one to date, apart from me has raised security 
> fears on the situation.
> 
> After being ignored by the blog author, I later made attempts 
> to contact Yahoo to have a full internal investigation into 
> those employees behind the Flickr account. Those employees to 
> this day remain anonymous, and updates to the Flickr account 
> have been made, signaling that no actions behind the scenes 
> have been taken to stop future photos of cars outside of 
> Yahoo being published on the internet without full consent by 
> the owner of the automobiles featured on the Flickr account.
> 
> -
> The blog entry which sparked this off is still online to this day.
> -
> -
> The Flickr account is still being updated and no one is 
> listening to my calls for it to be shutdown.
> -
> Security at Yahoo don't see the security threat posed here. I 
> know different.
> -
> Its now August and i've been trying since June/July 2005 to 
> get something done, before Yahoo gets hacked because of these 
> Yahoo employees who are putting these pics online.
> -
> International hackers will end up using these pictures to 
> compromise computers within Yahoo's HQ.
> -
> Don't wait for the worst to happen before something is done. 
> Take preemptive measures now.
> -
> If you think this is off-topic from worms like Zotob, think again.
> -
> http://www.geocities.com/n3td3v
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ