The question is whether the knoppix web server was compromised, or if an untrustworthy employee just threw it out there. Are we seeing, or have seen, any worm-like activity with this vulnerability? If so, how rampant is it? We here in the news that it's all over... Hundreds!.... Thousands!... But yet ask any one to name a site or confirm they have first hand experience, or have a friend or colleague with fist hand experience and all you get is them naming one of a handful of sites we all heard about through media reports. I'm not saying this isn't a real threat. I'm saying I believe it's exploit distribution has been greatly exaggerated.
> -----Original Message----- > From: Murad Talukdar [mailto:[EMAIL PROTECTED] > Sent: Sunday, January 08, 2006 10:20 PM > To: Brady McClenon; 'Drew Simonis'; 'Thor (Hammer of God)'; > 'Erin Carroll'; [email protected] > Cc: 'Larry Seltzer'; [email protected] > Subject: RE: New article on SecurityFocus > > That was it; SANS > http://handlers.dshield.org/jullrich/wmffaq.html > So it can even get onto 'Trusted' websites. > (At least they are saying they had a 'report'). > Digital whispers.... > > > Regards > Murad Talukdar > > -----Original Message----- > From: Brady McClenon [mailto:[EMAIL PROTECTED] > Sent: Saturday, January 07, 2006 2:29 AM > To: Drew Simonis; Thor (Hammer of God); Erin Carroll; > [email protected] > Cc: Larry Seltzer; [email protected] > Subject: RE: New article on SecurityFocus > > Just curious. I hear media reports and people saying that there's > hundreds or thousands of compromised web site from this, but > I have ask > where these numbers come from? Where is this data, or is it pure > speculation? I'm also curious how one could compromise a web server > with this exploit. Putting files on a web server to dole out and > compromise other computers I can see, but is the web server really > compromised in this case? If so, was it by way of the WMF exploit? > > One last question: Has anyone here experienced or know > anyone that has > a "legitimate" web server compromised (or serving out) by the WMF > exploit. I'm trying to determine if there are those with actual > knowledge that the sky is indeed falling, or if we are all > shaking over > unsubstantiated media hype. > > > > -----Original Message----- > > From: Drew Simonis [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 06, 2006 10:22 AM > > To: Thor (Hammer of God); Erin Carroll; [email protected] > > Cc: Larry Seltzer; [email protected] > > Subject: Re: New article on SecurityFocus > > > > > > > > Overall, I think community's coverage of wmf has been delivered > > > with an ounce of perception, and a pound of obscurity. > It's almost > > > as if people *want* it to be worse than it is. I'm not > surprised, > > > of course. But regardless, my call is that we'll see a little > > > activity here and there, the patch will come out, most > will install > > > it (or have it installed automatically) and the whole issue will > > > fade away. But that's all. > > > > > > We'll know for sure shortly, either way. > > > > > > > Thor, > > I think your path of thought is stuck a bit in the past. > > Worms are neat as a technical exercise, but we see more and > > more that the attackers are increasingly aware of the value > > of these vulnerabilities from a financial perspective, not > > merely for notoriety. As such, it benefits the attacker to > > have a less subtle attack, one that does not sensationalize > > the vulnerability. Complacency is their ally. > > > > That said, there are already numerous (hundreds+) > > "legitimate" web sites that have been compromised and had > > exploit images injected into their content. There are also > > already hundreds of thousands of machines that have been > > infected with Trojans or bots. These infected machines will > > patch, but they won't be safe, and the problem gets worse. > > > > So no, there won't be some catastrophic worm event. But I > > posit that what there will be could be much worse. > > > > -- > > ___________________________________________________ > > Play 100s of games for FREE! http://games.mail.com/ > > > > > > -------------------------------------------------------------- > > ------------- > > -------------------------------------------------------------- > > ------------- > > > > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > > > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
