Full Disclosure mailing list archives
alleged bios infection - was Re: OpenBSD 'pf' port (was FreeBSD heap to Linux)
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 29 Jan 2004 14:32:02 +1000
Juari, You were right, that was a time waster, but you're fishing with that comment. If you have the time to talk shop, then I'd like to ask about your virus findinings. You appear to have gone to a lot of trouble to debug this virus but you've left out some fairly critical information;
It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.
1. Which TCP port does it listen on? 2. Which BIOS (or motherboard) is this likely to occur on? (hard one - what instructions does it use to enable write to the chip - the LinuxBIOS project should then help me find the boards that this will affect). Whether my anti-virus company wants me to wear this or not, I'd like to minimise the impact of any vulnerability that you may be able to identifty in this regard. Thanks for your time, ----- Original Message -----
From: "Juari Bosnikovich" <juarib () m-net arbornet org> To: "Ian Latter" <itsecurity () mq edu au> Subject: Re: [Full-disclosure] OpenBSD 'pf' port (was FreeBSD heap to Linux) Date: Wed, 28 Jan 2004 21:36:23 -0500 On Thu, 29 Jan 2004, Ian Latter wrote:Human-readable syntax. Lucid syntax is an indispensable security measure. Errors should be GLARING and obvious!Ok - Fair enuff. Though there's nothing quite as obvious as a new home page painted by your fav' 1337 cr3w to show holes in firewall rules ;o]you has alot of free time to say useless things my monkey once told me "why oh why do you keep doing it". the thing with monkeys is you only have to give them a banana to make them shut up.-- Ian Latter IT Security Officer Macquarie University
-- Ian Latter Internet and Networking Security Officer Macquarie University Meet me at the Australian Unix and open systems User Group (AUUG) Security Symposium; 2004 http://www.auug.org.au/events/2004/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- alleged bios infection - was Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Ian Latter (Jan 29)