| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2007 23:30:55 -0400 (EDT)
From: Jay Sulzberger <jays@...ix.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: mac trojan in-the-wild
On Thu, 1 Nov 2007, Paul Schmehl <pauls@...allas.edu> wrote:
> --On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <jays@...ix.com>
> wrote:
>>
>> On Thu, 1 Nov 2007, Paul Schmehl <pauls@...allas.edu> wrote:
>>
>>> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
>>> <adamst.onge@...il.com> wrote:
>>>
>>>> So if i put a picture of a naked girl on a website and said to see more
>>>> you must open a terminal and enter "rm -rf".
>>>>
>>>>
>>>> Would we consider this a trojan...or just stupidity?
>>>>
>>> I would consider it stupidity to think that that is comparable to a
>>> trojan.
>>>
>>> Paul Schmehl (pauls@...allas.edu)
>>
>> I think, under the standard Unix system of permissions, this is a
>> Trojan. Under the standard Unix system of permissions, every
>> application running in my home directory can issue an
>> 'rm -rf /home/me' and, without proper near in time backup, cause
>> me much annoyance. The defect lies in the system of permissions.
>> There exist systems of rolling off-machine backups and minimum
>> privilege permissions systems, but they are not yet standard.
>>
> Perhaps you don't understand what a trojan is. Its purpose is
> to take control of a machine to use it for purposes other than
> those to which its owner would put it and without the owners
> knowledge or permission. Destroying the machine is contrary to
> the design and purpose of a trojan.
>
> Paul Schmehl (pauls@...allas.edu)
If today, common usage of the word "trojan" in this context
requires that the system continue to operate without alerting the
legitimate user that the system has been compromised, then yes,
my use of the word was wrong. But the Wikipedia article
http://en.wikipedia.org/wiki/Trojan_horse_(computing)
suggests that the "Do 'rm -rf .' to see the pretty picture."
Trojan satisfies the definition of Trojan:
<blockquote
from="http://en.wikipedia.org/wiki/Trojan_horse_(computing)">
< ... />
In the context of computing and software, a Trojan horse, often
rendered without capitalization or simply as trojan, is a
software which purports to do a certain type of action, but in
fact, performs another.
< ... />
Types of Trojan horse payloads
Trojan horse payloads are almost always designed to do various
harmful things, but can also be harmless. They are broken down in
classification based on how they breach and damage systems. The
nine main types of Trojan horse payloads are:
* Remote Access.
* Email Sending
* Data Destruction
< ... />
</blockquote>
The thing I call a "Trojan", and you do not, meets the first
condition of the quote. And it seems to me to have a payload
which commits "Data Destruction".
If I have used the word in a way tending to confusion, I
apologize to all full-disclosurists.
oo--JS.
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists