|
| Heh! Good point.
|
| It's clean. Here's a PNG version, if you're still feeling paranoid.
|
| http://tinypic.com/lzj1j
|
- --
+--+
| Gerry Eisenhaur | ||
| Cisco Sec
After looking in to what the AV companies base their signature on, it
appears that they use the \xff\xfe\x00\x00 or \xff\xfe\x00\x01 string in
the vulnerable JPEG. If you change the size to a valid size, the AV is
not triggered.
I know there is some talk about other sections being vulnerable to
Yea I boned it, I missed the point. For some reason (read: lack of sleep
and food), I miss-read/assumed that admin was an admin...stupid me...
/gerry
Tig wrote:
On Wed, 25 Aug 2004 19:43:47 -0400
Gerry Eisenhaur <[EMAIL PROTECTED]> wrote:
I am confused, you said you knew about some SSH sc
I am confused, you said you knew about some SSH scanning going on, then
set up those accounts on a box. Now you are curious way that box got rooted?
Maybe I am missing something, but it seems you already have a pretty
good assumption of why it got rooted.
The software, as you seem to know, is a
