lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <018e01c67536$a0399590$2201a8c0@ngssoftware.com>
Date: Thu May 11 21:08:13 2006
From: davidl at ngssoftware.com (David Litchfield)
Subject: MS06-019 - How long before this develops into
	aself propagating email worm

>> > "Thereeeeeees zero-day in the wild, you're going to get haaaaaxx3d"
>>
>> It's more like "We now know about a zero-day that's been on the loose
>> for some unknown amount of time, and you may already be hax0red. And if
>> you haven't, you probably will be as soon as the script kiddies who are
>> even more lame than our security professionals find the zero-day. HAND".

>Code alone is not a threat. Its obvious these security companies never
>have specific intelligence of worms being planned. All they can base
>their threat meters on is a generalization.

>Which one is the threat:

>"A gun store has opened on the corner, someone might buy a gun and shoot"

>or

>"I overheard a conversation that johnny average is annoyed at bob and
>spoke about revenge, he's really into .... snip


They both are. The first is, of course, more general and is based upon 
increased _opportunity_. The second is a specific threat based upon specific 
intelligence. Bringing this back to the world of computer security: most 
major Internet worms that use an overflow as their vector have exploit 
previously announced flaws - with a patch being available - for example 
Blaster, Slammer, Code Red. With the current situation, we have increased 
opportunity: that is, there is a pre-authentication attack vector in a 
commonly used product which is not commonly firewalled. In other words, 
almost all the right ingredients for an Internet worm. If passed experience 
is anything to go by the only missing ingredient is proof of concept code 
released by a well meaning security researcher!
Cheers,
David Litchfield

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ