RE: [Full-Disclosure] aside: worm vs. worm?
In fact, you could probably take that kaht2 source and modify it to drop a patch payload instead of a Trojan. Please whatever you do, don't write a worm, we already have enough traffic for the moment ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew J Homan Sent: Monday, August 11, 2003 9:55 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] aside: worm vs. worm? It seems that between the time dcom.c first starting popping up around the internet and today, there was ample time for someone to write and release a worm designed to patch infected systems and remove any sign of itself. Given that on the 16th of this month windowsupdate.com will be DDOSed, does anyone else see this as an opportunity for a war of worms with windowsupdate.com at stake? Would anyone consider releasing a patching worm on their own network if they knew it wouldn't spread to the rest of the internet or is there a downside to this notion which I'm not realizing? Andrew J. Homan Software Engineering Intern http://www.cnt.com/ NOTE: Views and/or opinions expressed are not those of CNT. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is unlikley, While entirely possible, worms that wipe out hard drives
generally dont live long because they are wiping out the very mediums they
are using to spred.
However, I'm almost getting to the point were I think we SHOULD have a worm
that wipes out peoples hard drives. Even after this dcom I have clients who
are still refusing to take the treat of viruses, hacking, and general network
security seriously.
The reason behind it is because they just call me, and I can sit something on
their borders to go thru the internal network and clean all the machines
remotly. Then block port 135 & 137 and its done. The only time they lost was
the time it took me to get there +10 minutes.
And even after having most of the network owned they still dont take seriously
the threats that exist on the internet. Why? because they didnt lose any
work, and there wasnt much downtime.
Unfortunatly, most businesses implement reactive security policies. And this
is a policy that unfortunatly is rewarded since we havent had a truley
destructive to the functioning of a corperation (ie - Destruction of data)
When that happens, I think your going to see a renewed interest in security.
On August 12, 2003 06:35 am, Joey wrote:
> imagine if the bug wiped out the infected computers'
> harddrives. microsoft would be put out of business.
>
> --- Darren Reed <[EMAIL PROTECTED]> wrote:
> > But it's Microsoft's own web site that is being
> > targeted and it is
> > through their own bug that it is being made
> > possible. As much as
> > they would like to point the finger at others for
> > making the code
> > available to do it, if their software didn't have
> > the bug, it would
> > not be possible it all. Hrm, I don't really want to
> > start _THAT_
> > discussion again, but I don't think you will find
> > much, if any,
> > sympathy for Microsoft being targetted by this worm.
> > They're a
> > large, rich, monopoly of a company. Do they really
> > deserve any
> > nice sympathy at all ? I suspect I'm not alone in
> > these feelings.
> >
> > Darren
>
> __
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
- --
- -
**
Stephen Clowater
Sam: What's going on, Normie?
Norm: My birthday, Sammy. Give me a beer, stick a candle in
it, and I'll blow out my liver.
-- Cheers, Where Have All the Floorboards Gone
Woody: Hey, Mr. P. How goes the search for Mr. Clavin?
Norm: Not as well as the search for Mr. Donut.
Found him every couple of blocks.
-- Cheers, Head Over Hill
The 3 case C++ function to determine the meaning of life:
char *meaingOfLife(){
#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ?
/dev/null:/dev/random);
#endif
#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif
#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif
return Meaning_of_your_life;
}
*
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/OPJmcyHa6bMWAzYRAoMpAJ4+i6pZYlrsVv+udTr55UnwMeKIDgCgmaBf
LMx+hB5a0U0KYucI7hRxVXM=
=SNDU
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
lol yeah andI guess we would all need to move to a better platform or a different job :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Sent: Tuesday, 12 August 2003 9:36 p.m. To: Darren Reed; Andrew J Homan Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] aside: worm vs. worm? imagine if the bug wiped out the infected computers' harddrives. microsoft would be put out of business. --- Darren Reed <[EMAIL PROTECTED]> wrote: > But it's Microsoft's own web site that is being > targeted and it is > through their own bug that it is being made > possible. As much as > they would like to point the finger at others for > making the code > available to do it, if their software didn't have > the bug, it would > not be possible it all. Hrm, I don't really want to > start _THAT_ > discussion again, but I don't think you will find > much, if any, > sympathy for Microsoft being targetted by this worm. > They're a > large, rich, monopoly of a company. Do they really > deserve any > nice sympathy at all ? I suspect I'm not alone in > these feelings. > > Darren > __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
I'm sure they have plenty of bandwidth to spare, yes extra bandwidth costs more money.. but the company does make over a billion dollars a month, and has 49 billion in cash reserve. - Original Message - From: "Darren Reed" <[EMAIL PROTECTED]> To: "Andrew J Homan" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 1:13 AM Subject: Re: [Full-Disclosure] aside: worm vs. worm? > In some mail from Andrew J Homan, sie said: > > > > It seems that between the time dcom.c first starting popping up around the > > internet and today, there was ample time for someone to write and release a > > worm designed to patch infected systems and remove any sign of itself. > > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > > anyone else see this as an opportunity for a war of worms with > > windowsupdate.com at stake? Would anyone consider releasing a patching > > worm on their own network if they knew it wouldn't spread to the rest of > > the internet or is there a downside to this notion which I'm not realizing? > > You know, if the DDoS was targetted at someone innocent, I might be > more sympathetic towards the problem of a web site being DDoS'd. > > But it's Microsoft's own web site that is being targeted and it is > through their own bug that it is being made possible. As much as > they would like to point the finger at others for making the code > available to do it, if their software didn't have the bug, it would > not be possible it all. Hrm, I don't really want to start _THAT_ > discussion again, but I don't think you will find much, if any, > sympathy for Microsoft being targetted by this worm. They're a > large, rich, monopoly of a company. Do they really deserve any > nice sympathy at all ? I suspect I'm not alone in these feelings. > > Darren > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
I disagree.. MS would have been hit harder than other OS's regardless of the number of paying customers. The argument that Microsoft is the most popular and therefore the most hacked is inaccurate. Apache is on more than 2/3 of all web servers and IIS is STILL the most hacked. Sendmail is on the majority of all (internet facing) email servers and Exchange is the most hacked. Do I think Microsoft tries to screw up? NO.. they just seem to have a gift. It is very hard to retrofit a ship to be a submarine, and the same is true when you try and make a non-networked application (windows) a networked OS. Unix/Linux/etc.. were designed to be networked and secure, that gives them the edge (and always will). -DB On Tue, 2003-08-12 at 07:44, Andrew Thomas wrote: > > From: Mike > > Sent: 12 August 2003 12:11 > > Subject: RE: [Full-Disclosure] aside: worm vs. worm? > > > > > > lol yeah andI guess we would all need to move to a better platform > > or a different job :) > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Joey > > Sent: Tuesday, 12 August 2003 9:36 p.m. > > To: Darren Reed; Andrew J Homan > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] aside: worm vs. worm? > > > > > > imagine if the bug wiped out the infected computers' > > harddrives. microsoft would be put out of business. > > Not that I disagree with the assessment of there perhaps being a > 'better platform' for a lot of operations, but by the same token > would linux or freebsd no longer be used if someone had written > or writes a malicious worm for these platforms? > > I doubt it. > > M$ may only be more vulnerable to this because of the fact that > they have paying customers. Sure, it'll hit them where it hurts > (financially) and they'd suffer more than an OS operating system, > but that wouldn't be any more a rational response than we generally > see from people when they're scared. > > -- > Andrew G. Thomas > Hobbs & Associates Chartered Accountants (SA) > (o) +27-(0)21-683-0500 > (f) +27-(0)21-683-0577 > (m) +27-(0)83-318-4070 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- --- Darren Bennett CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I Sr. Systems Administrator/Manager Science Applications International Corporation Advanced Systems Development and Integration --- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
hehehow do you think I pay my rent? :) Actually most businesses see costs of fixing comprimised as costs of doing business. And you can only charge so much and take so long before you get replaced :) Its what happens when you put business people in charge of IT departments. - Original Message - From: "Mike Fratto" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 11:47 AM Subject: RE: [Full-Disclosure] aside: worm vs. worm? > > > The reason behind it is because they just call me, and I can > > sit something on > > their borders to go thru the internal network and clean all > > the machines > > remotly. Then block port 135 & 137 and its done. The only > > time they lost was > > the time it took me to get there +10 minutes. > > Answer: Charge more money, don't get there so fast. :) > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
> From: Darren Bennett [mailto:[EMAIL PROTECTED] > Sent: 12 August 2003 08:07 > To: Andrew Thomas > Cc: 'Mike'; [EMAIL PROTECTED]; 'Darren Reed'; 'Andrew J > Homan'; Full Disclosure > Subject: RE: [Full-Disclosure] aside: worm vs. worm? > > > I disagree.. MS would have been hit harder than other OS's > regardless of the number of paying customers. The argument > that Microsoft is the most popular and therefore the most > hacked is inaccurate. Apache is on more than 2/3 of all web > servers and IIS is STILL the most hacked. Sendmail is on the > majority of all (internet facing) email servers and Exchange > is the most hacked. Do I think Microsoft tries to screw up? ... Where do you get your figures about MS Exchange being hacked? And sendmail vs exim vs qmail vs Exchange? I'm not disagreeing with them - just I am not aware of this being a regular method of systems penetration. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
In some mail from security snot, sie said: > > Darren, > > Had this worm been directed at any opensource vendor, would you feel the > same? If the Snort worm had been designed to launch attacks against > SourceFire, are you telling me you wouldn't bitch about the mean kids > picking on Marty and Brian? I don't think the situation is in any way comparable to what you're trying to paint. People who do opensource rarely get compensation for their work that is used as opensource and this generally leading them to not being large money making monopolies with billions in the bank and on top of that, as opensource is generally free the term "you get what you pay for" comes to mind. In case you're wondering, I'm deliberately not answering the direct question you asked because I don't believe it's relevant and that if you actually comprehended and understood the position my original email was making, you wouldn't need to ask it in the first place. Now that I think of it, I don't think that anyone has ever raised the question of is the price of windows software commensurate with the level of security you get? Bear in mind that the severity of incidents with Microsoft products is amplified by their prevalence on the Internet. If there was a choice between two Microsoft products, one was $20,000 and the other was $200 where the difference was (say) the $20,000 one didn't have bugs like this RPC DCOM problem (for whatever reason), what one would people buy ? Lets assume, for arguments sake, that the $20,000 one is 100 times better in terms of reliablity and security but otherwise all your games/office apps function the same. Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
imagine if the bug wiped out the infected computers' harddrives. microsoft would be put out of business. --- Darren Reed <[EMAIL PROTECTED]> wrote: > But it's Microsoft's own web site that is being > targeted and it is > through their own bug that it is being made > possible. As much as > they would like to point the finger at others for > making the code > available to do it, if their software didn't have > the bug, it would > not be possible it all. Hrm, I don't really want to > start _THAT_ > discussion again, but I don't think you will find > much, if any, > sympathy for Microsoft being targetted by this worm. > They're a > large, rich, monopoly of a company. Do they really > deserve any > nice sympathy at all ? I suspect I'm not alone in > these feelings. > > Darren > __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
>>However, I'm almost getting to the point were I think we SHOULD have a worm that wipes out peoples hard drives.<< seems to me there are enough old DOS virus that scramble the partition table that it wouldn't even take any brains to make that a reality. Infect, spread for 4 hours or till rebooted, scramble partition table. Instant and complete. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
I think you are probably missing the obvious privacy issues. However if this were something that stopped at your edge, then I would Refer to it more as an automated patch agent, rather than a worm. It's less threatening. Something like this would be trivial to write, especially if it were to be used in a controlled environment. You should also consider that if it were to only patch machines within your network, that possibly traversal would be unnecessary, a scanner that was capable of patching would do the trick. Even a Perl script to wrap one of the many DCOM exploits available that could tftp the patch to the machine and execute it would probably suffice in most cases, assuming there is a way to make the patch install silently and force a reboot. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew J Homan Sent: Monday, August 11, 2003 9:55 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] aside: worm vs. worm? It seems that between the time dcom.c first starting popping up around the internet and today, there was ample time for someone to write and release a worm designed to patch infected systems and remove any sign of itself. Given that on the 16th of this month windowsupdate.com will be DDOSed, does anyone else see this as an opportunity for a war of worms with windowsupdate.com at stake? Would anyone consider releasing a patching worm on their own network if they knew it wouldn't spread to the rest of the internet or is there a downside to this notion which I'm not realizing? Andrew J. Homan Software Engineering Intern http://www.cnt.com/ NOTE: Views and/or opinions expressed are not those of CNT. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
Are you basically saying that MS deserves no sympathy and should stand up and take responsibility for the silliness inherent in their OS source code? If that's what you're saying, then I have to agree. The word debacle comes to mind here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed Sent: Tuesday, August 12, 2003 4:13 AM To: Andrew J Homan Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] aside: worm vs. worm? In some mail from Andrew J Homan, sie said: > > It seems that between the time dcom.c first starting popping up around the > internet and today, there was ample time for someone to write and release a > worm designed to patch infected systems and remove any sign of itself. > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > anyone else see this as an opportunity for a war of worms with > windowsupdate.com at stake? Would anyone consider releasing a patching > worm on their own network if they knew it wouldn't spread to the rest of > the internet or is there a downside to this notion which I'm not realizing? You know, if the DDoS was targetted at someone innocent, I might be more sympathetic towards the problem of a web site being DDoS'd. But it's Microsoft's own web site that is being targeted and it is through their own bug that it is being made possible. As much as they would like to point the finger at others for making the code available to do it, if their software didn't have the bug, it would not be possible it all. Hrm, I don't really want to start _THAT_ discussion again, but I don't think you will find much, if any, sympathy for Microsoft being targetted by this worm. They're a large, rich, monopoly of a company. Do they really deserve any nice sympathy at all ? I suspect I'm not alone in these feelings. Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
Andrew J Homan <[EMAIL PROTECTED]> wrote: > It seems that between the time dcom.c first starting popping up around the > internet and today, there was ample time for someone to write and release a > worm designed to patch infected systems and remove any sign of itself. > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > anyone else see this as an opportunity for a war of worms with > windowsupdate.com at stake? ... Please can we not have this debate again? The believers on both sides are almost as trenchantly set in their beliefs as the pro and con full-disclosure camps and equally unlikely to move. If you really want to know people's views on this issue, please search the web for "good worms" and the like. > ... Would anyone consider releasing a patching > worm on their own network if they knew it wouldn't spread to the rest of > the internet or is there a downside to this notion which I'm not realizing? Why would anyone do that? Given they had the authority to make such patches, why were they not running one of the many freely available vulnerability scanners that search for just this vulnerability during the last few weeks and taking appropriate action based on the results? If they do not have the appropriate authority to do that they would not have the appropriate authority to run such a "worm". Yes -- it may save a few lazy, and a few grossly under-resourced, admins arses, but perhaps the kick in the pants their _organization_ will feel for failing to have taken suitable preparatory measures (which go far beyond simply having applied the MS03-026 patch sufficiently in advance of this worm's release!) will finally be what it takes for some of those organizations to finally wake up and smell the coffee??? Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
Darren, Had this worm been directed at any opensource vendor, would you feel the same? If the Snort worm had been designed to launch attacks against SourceFire, are you telling me you wouldn't bitch about the mean kids picking on Marty and Brian? My guess is this worm was written by Max Butler. -snot --- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - --- On Tue, 12 Aug 2003, Darren Reed wrote: > In some mail from Andrew J Homan, sie said: > > > > It seems that between the time dcom.c first starting popping up around the > > internet and today, there was ample time for someone to write and release a > > worm designed to patch infected systems and remove any sign of itself. > > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > > anyone else see this as an opportunity for a war of worms with > > windowsupdate.com at stake? Would anyone consider releasing a patching > > worm on their own network if they knew it wouldn't spread to the rest of > > the internet or is there a downside to this notion which I'm not realizing? > > You know, if the DDoS was targetted at someone innocent, I might be > more sympathetic towards the problem of a web site being DDoS'd. > > But it's Microsoft's own web site that is being targeted and it is > through their own bug that it is being made possible. As much as > they would like to point the finger at others for making the code > available to do it, if their software didn't have the bug, it would > not be possible it all. Hrm, I don't really want to start _THAT_ > discussion again, but I don't think you will find much, if any, > sympathy for Microsoft being targetted by this worm. They're a > large, rich, monopoly of a company. Do they really deserve any > nice sympathy at all ? I suspect I'm not alone in these feelings. > > Darren > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
> The reason behind it is because they just call me, and I can > sit something on > their borders to go thru the internal network and clean all > the machines > remotly. Then block port 135 & 137 and its done. The only > time they lost was > the time it took me to get there +10 minutes. Answer: Charge more money, don't get there so fast. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
> From: Mike > Sent: 12 August 2003 12:11 > Subject: RE: [Full-Disclosure] aside: worm vs. worm? > > > lol yeah and I guess we would all need to move to a better platform > or a different job :) > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joey > Sent: Tuesday, 12 August 2003 9:36 p.m. > To: Darren Reed; Andrew J Homan > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] aside: worm vs. worm? > > > imagine if the bug wiped out the infected computers' > harddrives. microsoft would be put out of business. Not that I disagree with the assessment of there perhaps being a 'better platform' for a lot of operations, but by the same token would linux or freebsd no longer be used if someone had written or writes a malicious worm for these platforms? I doubt it. M$ may only be more vulnerable to this because of the fact that they have paying customers. Sure, it'll hit them where it hurts (financially) and they'd suffer more than an OS operating system, but that wouldn't be any more a rational response than we generally see from people when they're scared. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
linux and bsd fans unite and write a worm that does! - and put ms out of buiness - just kidding! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joey Sent: Tuesday, August 12, 2003 3:06 PM To: Darren Reed; Andrew J Homan Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] aside: worm vs. worm? imagine if the bug wiped out the infected computers' harddrives. microsoft would be put out of business. --- Darren Reed <[EMAIL PROTECTED]> wrote: > But it's Microsoft's own web site that is being > targeted and it is > through their own bug that it is being made > possible. As much as > they would like to point the finger at others for > making the code > available to do it, if their software didn't have > the bug, it would > not be possible it all. Hrm, I don't really want to > start _THAT_ > discussion again, but I don't think you will find > much, if any, > sympathy for Microsoft being targetted by this worm. > They're a > large, rich, monopoly of a company. Do they really > deserve any > nice sympathy at all ? I suspect I'm not alone in > these feelings. > > Darren > __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] aside: worm vs. worm?
In some mail from Andrew J Homan, sie said: > > It seems that between the time dcom.c first starting popping up around the > internet and today, there was ample time for someone to write and release a > worm designed to patch infected systems and remove any sign of itself. > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > anyone else see this as an opportunity for a war of worms with > windowsupdate.com at stake? Would anyone consider releasing a patching > worm on their own network if they knew it wouldn't spread to the rest of > the internet or is there a downside to this notion which I'm not realizing? You know, if the DDoS was targetted at someone innocent, I might be more sympathetic towards the problem of a web site being DDoS'd. But it's Microsoft's own web site that is being targeted and it is through their own bug that it is being made possible. As much as they would like to point the finger at others for making the code available to do it, if their software didn't have the bug, it would not be possible it all. Hrm, I don't really want to start _THAT_ discussion again, but I don't think you will find much, if any, sympathy for Microsoft being targetted by this worm. They're a large, rich, monopoly of a company. Do they really deserve any nice sympathy at all ? I suspect I'm not alone in these feelings. Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] aside: worm vs. worm?
Andrew, # Would anyone consider releasing a patching # worm on their own network if they knew it wouldn't spread to # the rest of the internet or is there a downside to this notion which I'm # not realizing? A worm is a worm is a worm is a worm. I am most certainly not a big fan of software I can't control, executing in an arbitrary manner on hosts I hope to control... I understand what you mean, and where you are going, but if that is what you want, then I think Microsoft SMS, Shavlik, Pedestal, and others have highly effective solutions w/out releasing code that can potentially run in an arbitrary manner... My $0.01 USD, deprecated for current market value, Arian J. Evans ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
