See inline.
> -----Original Message----- > From: matthew patton [mailto:[EMAIL PROTECTED] > Sent: Sunday, January 08, 2006 3:33 PM > To: [email protected] > Subject: RE: New article on SecurityFocus > > --- Brady McClenon <[EMAIL PROTECTED]> wrote: > > > And, is the server hosting the forum > > truly infected/compromised? > > well, at least it's untrustworthy through no fault of it's own. If I > wanted to 'own' a lot of boxes I would indeed put a bad WMF/JPG up as > my avatar. Nobody would even think that they had a problem. I would argue that any server that allows web users to upload content should be considered untrustworthy to begin with. > > > It > > only indexes what is ALREADY on your hard drive. How did it get > > there to begin with?!? > > How about wget running on a DOS box? That's a highly likely scenario. You truly think that many people, especially the "unknowing" use wget? Especially the same folk that run Google desktop on their pc? Plus a DOS box is not susceptible to the WMF exploit anyway. > > > Obviously the user interacted with it at some point in > > the past in order to put it there. > > er, see above. > > I guess my earlier response didn't go to the list. The WMF exploit is > another nifty way to own a box after exploiting another configuration > problem. My webservers have logs in them with people trying to use PHP > bugs to download malicious WMF TO my webserver and execute them there > and thus try to own my webserver. Doesn't work too hot when the OS is > Linux, buy hey. I've not seen much that would lead me to believe that an IIS server responding to a get request would infect the windows server either. It's an image rendering exploit. The web server wouldn't be rendering the image. > > > > __________________________________________ > Yahoo! DSL - Something to write home about. > Just $16.99/mo. or less. > dsl.yahoo.com > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
