Re: [Fwd: SANS Flash Alert For Solaris]

["R. DuFresne" <dufresne () sysinfo com>]

Since when does one need 'source' for a mere script?  more script would
satisfy me for sure...

Thanks,

Ron DuFresne

On Tue, 4 Jan 2000, James Triplett wrote:

> On Tue, Jan 04, 2000 at 03:08:49PM -0800, Peter J Dinauer wrote:
> > The hunt is on . . . .
>
> > Received: from SpoolDir by ROADRUNNER (Mercury 1.44); 4 Jan 00 13:10:19 pst8pdt
> > If you have a lot of experience with software that is still a bit 
> > green, you could really make a contribution to the community by 
> > running and testing the scanning program.
> >
> > If you are less experienced you might want to delay a day or two. 
> > But don't delay long, the tool may have a short life span, as the 
> > attackers will begin to modify the trojan code to evade detection.
> >
> > Where to find the software:
> >
> > The host-based tool from NIPC may be found at:
> > http://www.fbi.gov/nipc/trinoo.htm
>
> I suppose this is legit.  However, they are asking us to run
> AS ROOT, some unknown executable on all our important systems.
> Goes against the most basic security procedures!
>
> No source provided, no way to ensure that this isn't just another trojan...
> (even the fbi.gov site could be hacked, and anyway how do they know what
> is in the executable?)
>
> James

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!