[Full-Disclosure] Viral infection via Serial Cable
Hi all OK - here is a basic question - sorry if this is totally clueless. I have a client who runs a heavy engineering shop. To date all his computerised punches and bend breaks etc. have been driven via a windows CAD workstation talking to them on a serial cable - basically a data dump to the machine which runs a modified dos based OS. So he buys a new sheet metal laser cutter and they bring the system online whilst I'm busy throwing shielded cabling for serial comms to the new machine - lo and behold the system boots to windows 2000 (the concept of a high powered laser metal cutting device driven by windows is another conversation entirely...) So I have a closer look at the beast and it is basically a pc built into a very large machine - has all the usual LAN / USB etc. The system even comes pre-installed with Norton AV. We (read me) make a management decision not to park said machine on the LAN (concept of disgruntled employee and said laser) also the data suite that talks to the laser is now windows based and not an old dos prompt data suite to the older machines. So the question is, is a pc / machine connected to another pc via serial cable only using specialised windows software to move data to the machine at all vulnerable to viruses? Can they transmit themselves across a serial cable? Jean --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] RealVNC server 4.0 remote ddos vulnerability with exploit
if you try to connection request about 80 90 times on same time.. it gets a crash.. i attached a ddos exploit to this mail.. -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze vncdos.c Description: Binary data
Re: [Full-Disclosure] short of some worm
Would just the source code work? Or do you need to have it already compiled? Try Google... there are plenty of places online that allow you to download virus/worm source code. Some of them even have them even have the compiled binaries posted to boot. ~G On Mon, 30 Aug 2004 12:46:41 -0500, Willem Koenings [EMAIL PROTECTED] wrote: hi list, despite that my honeynet is up for some 8 months now, i'm still missing some rpc and lsass worms, namely: enilora.exe penis32.exe mspatch.exe Avserve2.exe can some kind person provide me those in mail attachment, password protected. big thanks, Willem. -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Peace. ~G ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Bootable Memorystick?
Agree with your answer - in fact, I've successfully booted the Live Knoppix version from a 1GB USB stick. Took some configuring, but runs beautifully once done. If you can get it to work, or worried it might, it has EVERYTHING to do with a security mailing list! Lets say I have physical access to a secured machine. I can't crack the password, nor can I hack into a user account, etc. No worries, I just pop in my memory and stick and pull the power plug. Turn the system back, boot to the memory stick, and voila! I can now navigate the file system and copy anything I want to save. (This includes the SAM accounts from a Windows box for later cracking.) I've even enabled full NTFS write support, as I currently use it for virus repair and troubleshooting. Plus, all my activity is completely undetectable, minus the computer being off or not logged in. These things happen frequently in larger environments... power surge for example. Also, many server systems are left in a logged-out state for security reasons, so it's possible it would never be detected, besides some server downtime. A problem also arises by these memory sticks with the Autorun feature enabled in Windows. Plug in a stick with a specially crafted autorun and you can copy files without even touching the keyboard or mouse. (I've seen a successfully written autorun copy the My Documents folder of the currently logged in user, the SAM accounts from the machine, and the IE favorites from the currently logged in user.) All just by plugging in the USB Stick. There are more possibilities as well, as imagination is the limit. Not going to say more as it's not good to give up all my secrets just yet. ;) ~G On Mon, 30 Aug 2004 15:32:38 +0200, Thorsten Peter [EMAIL PROTECTED] wrote: why shouldnt you be able to boot to a memory stick? almost every vendor lists bootable as a feature of their sticks.you simply need a board that is able to boot from USB devicethat's it. regards Thorsten but i don't get what this question got to do with security mailing lists ;-) Samuel wrote: Has anyone already, or does anyone think it would be possible to boot to a memory-stick instead of a floppy? Ofcourse you would have to have an 8-in-1 card reader first, but once you have one of those, each card comes up as another drive, so seemingly you could boot to one of those drives. ___ No banners. No pop-ups. No kidding. Make My Way your home on the Web - http://www.myway.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Peace. ~G ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] RealVNC 4.0 remote ddos vulnerability with stupid Exploit
if you try to about 80 or 90 conection request to the VNC server same time.. it gets crash.. i attached a stupid ddos exploit for this hole.. -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze vncdos.c Description: Binary data
Re: [Full-Disclosure] Viral infection via Serial Cable
Very interesting situation. To be honest I've never tried to experiment with such a setting in a virus lab, however I do know that viruses can travel via any electronic means of communication. Back before RJ-45 jacks were used much, NICs had serial or BNC plugs instead. Viruses traversed through them just like they do today. It completely depends on the communication setup I suppose. Granted, I doubt your everyday worm would be able to make the jump via specialized instructions to the serial outlet, however if something was programed to do such a thing, I'm sure it's possible. If it's just connected to the LAN as a PC, then you have a lot more to worry about obviously. (Depending on the network protocol, there may be little limitations at all.) Are you able to update this Windows 2000 install? Is it extremely customized for this laser, or does the laser software just work on Windows? ~G On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg [EMAIL PROTECTED] wrote: Hi all OK - here is a basic question - sorry if this is totally clueless. I have a client who runs a heavy engineering shop. To date all his computerised punches and bend breaks etc. have been driven via a windows CAD workstation talking to them on a serial cable - basically a data dump to the machine which runs a modified dos based OS. So he buys a new sheet metal laser cutter and they bring the system online whilst I'm busy throwing shielded cabling for serial comms to the new machine - lo and behold the system boots to windows 2000 (the concept of a high powered laser metal cutting device driven by windows is another conversation entirely...) So I have a closer look at the beast and it is basically a pc built into a very large machine - has all the usual LAN / USB etc. The system even comes pre-installed with Norton AV. We (read me) make a management decision not to park said machine on the LAN (concept of disgruntled employee and said laser) also the data suite that talks to the laser is now windows based and not an old dos prompt data suite to the older machines. So the question is, is a pc / machine connected to another pc via serial cable only using specialised windows software to move data to the machine at all vulnerable to viruses? Can they transmit themselves across a serial cable? Jean --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Peace. ~G ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] m$ realizes it loses the bug war? :)
as reported on /. there is an interview with a slave of the empire: http://www.wired.com/wired/archive/12.09/view.html?pg=3 - Q: Seems like you're fighting a losing battle. A: It's not a switch that can be flipped. Software written by humans will always contain errors. - hohohohohoho -- Where do you want Bill Gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RealVNC 4.0 remote dos vulnerability with stupid Exploit
i'm working to say that is not ddos it must be just dos.. i hope this mail reach.. - Original Message - From: Orhan BAYRAK [EMAIL PROTECTED] Date: Tue, 31 Aug 2004 02:58:20 +0800 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] RealVNC 4.0 remote ddos vulnerability with stupid Exploit if you try to about 80 or 90 conection request to the VNC server same time.. it gets crash.. i attached a stupid dos exploit for this hole.. -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze vncdos.c -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Viral infection via Serial Cable
lol, well if they don't allow us (IT staff) to do our jobs, then they will REALLY be upset when it's offline for 18 DAYS since it's broke. =) I'm sure there are viruses out there (older ones mind you) that would be aware of a serial connection. The reason no newer ones would... who uses a serial connection for communication to others computers anymore? Like 0.1% of the population. (This isn't including USB even though it's officially a serial connection... the assumtion is talking about RS232 specs: http://www.google.com/search?q=rs232 I think we're all aware a virus can most certainly traverse through a USB connection.) The same reason there are so many Windows viruses... 90 something % of the people online are using Windows, that's thats what the viruses are after. Back in the day when serial connections were the only means of communication possible, viruses weren't very possible. I doubt you'll find a live one running around unless you try to use a 10 yr old floppy no one has touched forever. (And you'd hope that this NAV that was preinstalled could take care of stuff like that. =/ ) I did some Google hunting because you got me curious, but came up blank about a virus targetinging a serial device. I don't think it's the same type of thing, but of course external modems can pass viruses through the serial port, assuming they are attached that way. But, then again, you're talking about a direct connection to a translation device, not a raw dump thru your DB9 or whatever. Waiting on other thoughts, but I think you're pretty safe. =) ~G On Mon, 30 Aug 2004 21:21:19 +0200, Jean Gruneberg [EMAIL PROTECTED] wrote: Hi all Thanks for the info. I presumed there wasn't anything running around that normally would 'see' a serial connection and keeping the machine off an ordinary network system will protect it machine... Need to look at the pc more to see if and what patches / sp etc have been applied as well, if it is a vanilla system etc Pity the machine runs 18 hours a day and they don't like taking it offline for the IT guy to have a look see ;-) Jean -- Peace. ~G ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] U.S. National Security Awareness Day (NSAD)
Dibs on December 32nd! On Fri, 27 Aug 2004, Nomen Nescio wrote: Rhetorical question: Does anyone know of a day of the year when it is not someone's security awareness day? If they are not all taken, maybe I'll proclaim my own. -- Galt's sci-fi paradox: Stormtroopers versus Redshirts to the death. Who is John Galt? [EMAIL PROTECTED], that's who! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] write events log to CD?
BIG ASS SNIP SUMMARY: IMHO even using packet writing this is not a good solution for log handling, but maybe ok for log archiving on a remote log server (which we would hope not to be compromised until after logs were written, at worst). DOWN TO IT: The principle of using WORM media for storing logs is an interesting one. The reason for it is obvious; as with the discussion that has ensued its not quite as simple as it maybe should be. Most CD formats (i.e. ISO 9660 based) don't really allow for over-time progressive writing of data, which is why this is difficult. It is also important to note that with most multi session systems a file with the same name will only appear once when you dir or ls the folder. There are some CD packages which allow you to select the session you care to read from; I may google one later, but I don't have one immediately to hand. Remember please that this IS possible, as nothing on a CD-R is ever re-written on a multi session disc. The next obvious problem is that multi session-ing actually takes up more space than just the file you add/change on the disk. In fact IIRC it's around the region of 20mb, maybe more. This is obviously inappropriate for appending lines on a few log files (100 bytes with 20mb overhead, about as efficient as drinking water to increase your blood sugar levels). Some googled details on packet writing support on CDR's: Track at Once writing is a form of incremental writing which mandates a minimum track length of 300 blocks and a maximum of 99 tracks per disc. A Track at Once written track has 150 blocks of overhead for run-in, run-out, pre-gap and linking. Packet writing is a method whereby several write events are allowed within a track, thus reducing the overhead. These packets are bounded by 7 blocks for run-in (4), run-out (2) and link (1). A Mode 1 CD is typically 2048 bytes per block, or 2k. Thats 14k overhead per packet. Lets say maybe we want to use this system to write logs. Assuming that we know we are going to have overhead and will deal with it, we can optimise the write frequency based upon this overhead (in other words how often do we want to have to change the media in best case?). Of course we can't ever guarantee how BIG the logs will get, so unless you have a writing rack you may run out of space and logs wont be written till a new disk. Even with a rack there would be a delay during the disc change, various malicious actions could be taken during this time, though I would hope bad stuff has happened which has already been logged, and that an attacker could not tell this timing until the system has already logged at least some actions. Guaranteeing this would be contradictory to most generic security principles though, no matter how Mission Impossible it sounds to break into a system during the 3/4 seconds it takes a robotic arm to switch cd's. So, back to the math... on a CD we have somewhere in the order of 665000kbytes which we can use for our own data (it's more, but this is well clear of overheads at all levels). That means we can get over 45000 packets onto a packet written cd. I am not sure how accessible this is, nor could I find any information on the limitations of writing a high number of packets to the CD, I imagine trying to access a CD with 45k packets would have a VERY high latency as it reads all the overhead portions; furthermore this would actually end up being a memory intensive process. Its also important to note that this leaves no space for actual data. Anyway, to continue... If we we're to write empty packets every half an hour, we can write around 20 days worth of packets on a single cd; not too unreasonable to me. This is still without data however. The likelihood is you will want to be changing the CD on a daily basis, but the above value will tell you that if you are planning on changing discs once a day; you will need to ensure that your logs are no bigger than ~250k / write. This should be reasonable, but would be easy to attack with log filling. Again, an automatic disc loader would be most reliable; but not a perfect solution. We still have the 1/2 hour / write problem, but for log archiving purposes this may be appropriate. I don't have too much more time to devote to this, but the concept using a packet writing system looks ok so far, mind you log filling (which is used quite allot as its common to find that logs have a limited size and are overwritten after such a size on many systems) will completely kill this solution purely for the lack of write speed, and the log write time delay. What would you expect the system to do if it cant fit all the data into a single cd packet? (meaning it needs to be a custom system anyway, file redirection alone wont be safe to use here). I think this is an interesting idea, but for general log handling IMHO it's just not quite good enough, how about DVD's maybe? Probably too expensive in terms of media though, and the block size is probably different. Now,
Re: [Full-Disclosure] Bootable Memorystick?
Missed this email - for some reason Gmail sent it to the spam folder. (?) I've yet to have an issue booting to my 6-in-1 card reader. Maybe I'm lucky since I noticed the Sony Memeory stick I was booting from (for Knoppix, before I purchased a 1GB USB Stick) is the first drive listed when plugging it into a Windows box. The way it works, it adds all 6 drives (the CF, SD, MMC, etc) to My Computer, even though only where you have something plugged in is accessable. Maybe if the memory stick was, say, the 4th drive down, it wouldn't find it to boot. But on mine there has been no headaches, once I allowed the BIOS to boot from USB. Very good thought/point though Arnaud. I believe it was just luck of the draw in this case. I'm going to grab a CF card just to test this theory since you got me curious now. (The CF card's drive is the 2nd one in the list.) -- Peace. ~G On Mon, 30 Aug 2004 15:46:35 +0200, Arnaud Jacques / Securiteinfo.com [EMAIL PROTECTED] wrote: Has anyone already, or does anyone think it would be possible to boot to a memory-stick instead of a floppy? Ofcourse you would have to have an 8-in-1 card reader first, but once you have one of those, each card comes up as another drive, so seemingly you could boot to one of those drives. Hello, I don't know any BIOSes able to boot on a 8-in-1 card reader. USB flash disk is more suitable. Regards, ___ Arnaud Jacques Consultant Sécurité Securiteinfo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MSInfo Buffer Overflow
# Application: MSInfo Vendors: http://www.microsoft.com Platforms: Windows 2000 Bug:Msinfo32.exe BOF Risk: Low Exploitation:Local Date: 30 August 2004 Author: Emmanouel Kellinis e-mail:me[at]cipher(dot)org(dot)uk web: http://www.cipher.org.uk # === Product === Microsoft System Information collects system information, such as devices that are installed in your computer or device drivers loaded in your computer, and provides a menu for displaying the associated system topics. You can use Microsoft System Information to diagnose computer issues, for example, if you are having display issues, you can use Microsoft System Information to determine what display adapter is installed on your computer and view the status of its drivers. === Bug === MSINFO32 is having an option which let you Open a specific NFO or CAB file msinfo32 /msinfo_file=filename The buffer of msinfo_file can be overflowed and overwrite the Code register. The BOF works if you exceed 258 characters as an input to msinfo_file. if you put at the possition of 259 of a string a hex value then the redirection will go a memory location with address which is a decimal number created by the following pattern : e.g. 0x05 - 0x79 0x06 - 0x7A 0x07 - 0x7B . and so on I've tested values up to 0xFF which points to 0x0173 there is a possibility to broad the range of memory values you control if you feed more characters in the BOF string. Although in tests this bug wouldnt lead to dangerous situations.. I wouldnt bet 100% on that ! Microsoft know about it since 9th of May = Proof Of Concept Code = C:\Program Files\Common Files\Microsoft Shared\MSInfo msinfo32 /msinfo_file= AA AA AA AA AAA = *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt = ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RealVNC server 4.0 remote 'd'dos vulnerabilitywith exploit
Yes it must be just DOS - Original Message - From: KF_lists [EMAIL PROTECTED] Date: Mon, 30 Aug 2004 17:39:43 -0400 To: Orhan BAYRAK [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] RealVNC server 4.0 remote ddos vulnerabilitywith exploit And why exactly is this a ddos? I see nothing distributed about it. How about you drop one of the d's in your description. -KF Orhan BAYRAK wrote: if you try to connection request about 80 90 times on same time.. it gets a crash.. i attached a ddos exploit to this mail.. -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RealVNC server 4.0 remote ddos vulnerability with exploit
And why exactly is this a ddos? I see nothing distributed about it. How about you drop one of the d's in your description. -KF Orhan BAYRAK wrote: if you try to connection request about 80 90 times on same time.. it gets a crash.. i attached a ddos exploit to this mail.. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] m$ realizes it loses the bug war? :)
Quoting Stephen Toulouse, Microsoft's security program manager, Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system. We're working around the clock to make Internet Explorer safer, and we're making changes with our Windows XP Service Pack 2 to make browsing a lot more secure. Excellent, at least their security program manager knows enough to use Firefox... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Viral infection via Serial Cable
I might also suggest that it is likely (although not guaranteed, maybe ask the manufacturer) that the application will put a full lock on the RS232 comms, and as such, a virus could only transfer data to the OS / program if the lock was removed (program was closed). As for viral infections via this route in more general terms, anyone ever tried hacking a serial port thats not running an app on the other end? Good luck hacking the black hole of a dead end. Of course it would be quite amusing now if a virus was written to break in there, a DoS caused by a CAD/CAM laser burn down of the building :S If the software can run over the network, and that is why you are considering using the NIC then you might consider using the IPSec settings to close all ports except the one used by the cutting application. I would not recommend installing updates or software, as it is likely that the machine is built for stability, changes may alter that stability too (as is typical with such software in my experience). On Mon, 30 Aug 2004 14:54:14 -0400, Über GuidoZ [EMAIL PROTECTED] wrote: Very interesting situation. To be honest I've never tried to experiment with such a setting in a virus lab, however I do know that viruses can travel via any electronic means of communication. Back before RJ-45 jacks were used much, NICs had serial or BNC plugs instead. Viruses traversed through them just like they do today. It completely depends on the communication setup I suppose. Granted, I doubt your everyday worm would be able to make the jump via specialized instructions to the serial outlet, however if something was programed to do such a thing, I'm sure it's possible. If it's just connected to the LAN as a PC, then you have a lot more to worry about obviously. (Depending on the network protocol, there may be little limitations at all.) Are you able to update this Windows 2000 install? Is it extremely customized for this laser, or does the laser software just work on Windows? ~G On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg [EMAIL PROTECTED] wrote: Hi all OK - here is a basic question - sorry if this is totally clueless. I have a client who runs a heavy engineering shop. To date all his computerised punches and bend breaks etc. have been driven via a windows CAD workstation talking to them on a serial cable - basically a data dump to the machine which runs a modified dos based OS. So he buys a new sheet metal laser cutter and they bring the system online whilst I'm busy throwing shielded cabling for serial comms to the new machine - lo and behold the system boots to windows 2000 (the concept of a high powered laser metal cutting device driven by windows is another conversation entirely...) So I have a closer look at the beast and it is basically a pc built into a very large machine - has all the usual LAN / USB etc. The system even comes pre-installed with Norton AV. We (read me) make a management decision not to park said machine on the LAN (concept of disgruntled employee and said laser) also the data suite that talks to the laser is now windows based and not an old dos prompt data suite to the older machines. So the question is, is a pc / machine connected to another pc via serial cable only using specialised windows software to move data to the machine at all vulnerable to viruses? Can they transmit themselves across a serial cable? Jean --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Peace. ~G ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MSInfo Buffer Overflow
I think at best you could succeed in crashing the process or executing code in the context of the user running msinfo32. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E.Kellinis Sent: Monday, August 30, 2004 11:17 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] MSInfo Buffer Overflow SNIP Although in tests this bug wouldnt lead to dangerous situations.. I wouldnt bet 100% on that ! = Proof Of Concept Code = C:\Program Files\Common Files\Microsoft Shared\MSInfo msinfo32 /msinfo_file= AA AA AA AA AAA ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Using rkhunter [As Seen On Full-Disclosure]
First of I would like to explain the first reason of this short solicitation e-mail. As most of you know a major part of subscribers to this mailling list are system administrators using full-disclosure as a tool to stay up to date on security. For many system administrators it is not always easy to analyse such security tools. For purpose consult `http://www.rkhunter.org/projects/rootkit_hunter.html`. ROOT KIT HUNTER is a very reliable tool because it uses many advanced methodes to hunt inside your system for signs of rootkits. A good thing in root kit hunter is it does not look for specific signs but also unspecific signs that is very very advanced say compared to tripwire or even chkrootkit. It comes with an installer so it's very user-friendly. That's also a plus. 55808 http://www.intrusec.com/55808.html OVERALL: RKHUNTER is a very good tool but do not let people know you use it because you may look stupid because it can replace most security professionals with at the cost of a dot slash. No wonder why that Sponsored by: « Buy me a book and get your company on this place! » banner has been idling on rkhunter.org for months. The trick of real hackers: chkrootkit + rkhunter + porn Keep up the good work. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Viral infection via Serial Cable
On Mon, 30 Aug 2004, Jean Gruneberg wrote: So the question is, is a pc / machine connected to another pc via serial cable only using specialised windows software to move data to the machine at all vulnerable to viruses? Can they transmit themselves across a serial cable? You are confusing the different layers. There is no difference (to a virus) between a fiber, a cat-5, a serial cable, etc. These are all layer-1 choices. Moving up the stack, the answer to your question is a qualified yes: if the serial port is configured as a data transport which the virus can see, then propagation across it is possible. And, for the record, there are a variety of serial-port based LANs. Jean -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF ...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them. Osama Bin Laden - - - There aught to be limits to freedom!George Bush - - - Which one scares you more? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Viral infection via Serial Cable
Über GuidoZ wrote: even though it's officially a serial connection... the assumtion is talking about RS232 specs: http://www.google.com/search?q=rs232 I think we're all aware a virus can most certainly traverse through a USB connection.) hm, i fail to see the point here. isn't a serial connection to the outside world just another link? who cares, if it is a serial connection or ethernet? maybe i am biased with SLIP under linux - Serial Line IP, so the serial device really gets an ip-address and then it's tcp/ip all the way and no application/virus would care if this is serial link. or is all data just sent to com1? thanks, Christian. -- BOFH excuse #310: asynchronous inode failure ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Viral infection via Serial Cable
Über GuidoZ wrote: even though it's officially a serial connection... the assumtion is talking about RS232 specs: http://www.google.com/search?q=rs232 I think we're all aware a virus can most certainly traverse through a USB connection.) hm, i fail to see the point here. isn't a serial connection to the outside world just another link? who cares, if it is a serial connection or ethernet? maybe i am biased with SLIP under linux - Serial Line IP, so the serial device really gets an ip-address and then it's tcp/ip all the way and no application/virus would care if this is serial link. or is all data just sent to com1? thanks, Christian. -- BOFH excuse #416: We're out of slots on the server ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Gwee ported to Win32
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gwee (generic web exploitation engine) has been ported to Microsoft Windows (x86), the 1.36 version tarball comes with gwee.exe - precompiled with https support. Get it at: http://tigerteam.se/dl/gwee/ gwee (Generic Web Exploitation Engine) can be used to exploit input validation vulnerabilities in web scripts, such as Perl CGIs, PHP, etc. gwee is much like an exploit, except more general-purpose. It features several reverse (connecting) shellcodes (x86 Linux, FreeBSD, NetBSD, Perl script (universal), Python script (universal)), 4 methods of injecting (executing) them, built-in http/https client and built-in server (listener) for receiving connections (and remote shell) from injected shellcodes. - -- Michel Blomgren http://tigerteam.se __ PGP: http://www.cycom.se/misc/pubkeymichel.asc 886A 7B17 1747 6C82 7A7E EAC0 A3F1 2943 101C 18FA -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBM+Uto/EpQxAcGPoRAuOxAKCEY/+VTnXTiSUK2dPVKmcZlP9JcQCfRD9l IA0g9iA/QzLyM9WybfBNqQg= =MBTZ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Viral infection via Serial Cable
So the question is, is a pc / machine connected to another pc via serial cable only using specialised windows software to move data to the machine at all vulnerable to viruses? Can they transmit themselves across a serial cable? It all really depends on how transport independent the virus/worm is. If it uses only TCP/IP to transmit itself, and the serial link is using some other protocol, then the answer is of course no. If the worm simply expects to see a network transport then the answer would be yes. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html