lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEW7ACkwwQCqS7XxpCySv=jKjukPWX=C7uw1VOG7PK+XysVb9Q@mail.gmail.com>
Date: Wed, 24 Aug 2011 23:42:05 -0700
From: Dan Kaminsky <dan@...para.com>
To: root <root_@...ertel.com.ar>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache Killer

On Wed, Aug 24, 2011 at 10:52 PM, root <root_@...ertel.com.ar> wrote:

>
> > Seriously.  This is Zalewski we're talking about.  If you've extended his
> > work, you're doing something right.
>
>
> Or perhaps, not. Respectfully, fuck this elitist bullshit.
> I'm sure you and your friend are good hard-working guys. But you should
> not be the focus of every press release, specially if you didn't find
> the damn bug.
>
>
OK, so I looked into it.

Zalewski's stuff in 2007 was about bandwidth amplification -- with a few
requests, you could get a server to send you a truly enormous amount of
data.  Kingcope's attack shares the same vector (multiple range requests)
but uses it entirely differently, not as a drain of bandwidth on the client
but against memory on the server.  Different DoS, same buggy code.

Think of it like memory corruption -- in one person's hands, the daemon
simply crashes.  In another's, a reverse shell is born.

I don't think the press has made Zalewski the focus, though.  I looked at
the various articles on Google News; here's the distribution of credit I
see:

Register:  Credits both Kingcope and Zalewski by name
Computerworld:  Credits both Kingcope and Zalewski by name
LWN/Apache:  Credits neither, but links to Kingcope's post directly
H-Online:  Credits neither, but links to Kingcope's post directly
ZDNet:  Credits neither, but links to Kingcope's post directly
Slashdot:  Links to Kingcope's post directly, credits Zalewski by name
CRN: Credits Kingcope exclusively

For the record, it's a solid find.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ