I'd like to thank y'all for doing my rebuttal for me :-) This is exactly
my point:
1) bo2k is the same type of remote control program as PC Anywhere, Carbon
Copy, Remotely Possible (yes I know its name has changed...), vnc,
Microsoft's SMS, Tivoli, etc. I've seen it demo'ed at Defcon. It's quite
cool. Don't knock it 'till you've tried it! It was just reviewed by
Windows NT Magazine even... http://www.hackernews.com/arch.html?102899#2
2) In order for a program to be a trojan (short for "Trojan Horse"), it
must trick a user into installing it by pretending to be something else.
bo2k does _NOT_ do this. That's not to say that someone couldn't deliver
bo2k as a payload. But they could deliver any program as a payload. BTW,
bo2k doesn't search for other hosts that have it running. It doesn't even
have a default port number, so how could it know which ports to probe?!
kill -9 <this thread> and "Think twice, click once" before sending
scathing, wayward flames that will be archived for years of enjoyment.
-Jason
On Fri, 29 Oct 1999, Matt Doughty wrote:
> Date: Fri, 29 Oct 1999 10:46:24 +0900
> From: Matt Doughty <[EMAIL PROTECTED]>
> To: W Joel Gridley <[EMAIL PROTECTED]>
> Cc: Jason Axley <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Subject: Re: BO2k source code
>
> On Thu, Oct 28, 1999 at 04:46:04AM -0400, W Joel Gridley wrote:
> > >
> > >If you want to write about _real_ trojan horses, you'll have to look
> > >elsewhere. Here's one definition of 'Trojan Horse', which bo2k does not
> > >meet: http://www.whatis.com/trojanho.htm
> > >
> >
> > Exactly how does BO2K not meet the criteria in this link? Fits fine to me.
> from the above link:
> In computers, a Trojan horse is a program in which malicious or harmful code is
>contained inside apparently harmless programming or data in such a way that it can
>get control and do its chosen form of damage, such as ruining the file allocation
>table on your hard disk
>
> Therefore while you could have Bo2K be a payload in a trojan. for example,
> here is my tetris game installer that installs BO on the slide. Basically
> BO does exactly what it says it does. A program that is supposed to securely
> store your passwords, but also secretly mails your passwords to the creator
> is a trojan. The missing piece here is the deception... ie the hidden
> warriors in the horse.... BO is out in the open.. It doesn't lie about what
> it does.... hell the source code is even available.. therefore it doesn't
> meet the definition given above..
>
> >
> > So you're saying that I can use the PCAnywhere client, scan the internet for
> > a random victim already infected with the server side of PCAnywhere, and
> > remotely
> > control the machine? I hadn't heard of this.
> >
> > The "network administration tool" argument is a very weak argument.
>
> He didn't say it was the same thing as PCAnywhere... he never suggested
> it was a good choice for network administration... He said that, while
> intent is certainly different, they are fundamentally the same type of
> product (remote control programs) and they don't fit the common definition
> of trojan. (which they don't)
>
> People need to calm down...
>
> Matt Doughty-BOT BSC Japan.
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
