Full Disclosure mailing list archives
RE: Name One Web Site Compromised by Download.Ject?
From: "Edge, Ronald D" <edge () indiana edu>
Date: Wed, 30 Jun 2004 14:49:07 -0500
-----Original Message----- From: Morning Wood [mailto:se_cur_ity () hotmail com] Sent: Wednesday, June 30, 2004 12:56 PM To: Edge, Ronald D; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Name One Web Site Compromised by Download.Ject?Legal liability question: Has anyone contacted an attorneyyet aboutdamage done by either of these two possibly negligent actionsare you serious? this "hunt" is laughable. Why is this any different than anything else?
...
The problem is UNPATCHED BROWSERS period. They could have just as well compromised HP 4550 printers and embeded a malicious script that contained the same IE bug.
...
my 2bits m.wood
Uh, actually, I think you sorta missed the point of my post, which was pretty much the purpose of this list, namely, full disclosure. Not only are we not getting full disclosure on just what sites were involved, we are not getting ANY worth speaking of. Thus it is part of the same coverup of the growing trend of computer exploits over the past 15 years with the growth of the Internet that has been so assiduously pursued by businesses, mainly to hide their own embarrassment and potential liability exposure. Now the criminal activity has reached a fever pitch since the beginning of the MSBlast exploits and their followups, and now we see the next major phase, three major exposures of trojans loaded from web sites to browsers (not just IE, see latest exploit of help features in multiple browsers). Covering up like this by not naming and exposing the sites just isn't going to cut it much longer. Just as companies sticking their heads in the sand and hiding the fact does not ultimately help, it harms. Back to the point: full-exposure just happens to be the name of this list. My point had little to do with the specific exploits, and everything to do with legal and social context of the what I see as a pathetic coopting of the media to hide the identities of compromised web sites, which according to rumor include some major league sites. My 02.5 cents worth. Ron. Ronald D. Edge Director of Information Systems Indiana University Intercollegiate Athletics edge () indiana edu (812)855-9010 http://iuhoosiers.com Corporate IT's reaction to spyware has been surprising: it's been largely swept under the rug. The problem is that you can't hide an elephant by sweeping it under the rug. It leaves quite a bulge. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Name One Web Site Compromised by Download.Ject? Edge, Ronald D (Jun 30)
- Re: Name One Web Site Compromised by Download.Ject? Morning Wood (Jun 30)
- Re: Name One Web Site Compromised by Download.Ject? Valdis . Kletnieks (Jun 30)
- Re: Name One Web Site Compromised by Download.Ject? Gregory A. Gilliss (Jun 30)
- <Possible follow-ups>
- RE: Name One Web Site Compromised by Download.Ject? Carlos Kramer (Jun 30)
- RE: Name One Web Site Compromised by Download.Ject? Edge, Ronald D (Jun 30)
- RE: Name One Web Site Compromised by Download.Ject? Paul Schmehl (Jun 30)
- Re: Name One Web Site Compromised by Download.Ject? Morning Wood (Jun 30)