Firewall Wizards mailing list archives
Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare)
From: Crispin Cowan <crispin () wirex com>
Date: Wed, 09 Jan 2002 21:26:38 -0800
Chad Schieken wrote:
Looks like we have a new form of attack. It seems akin the types of "semantic" attacks that Bruce Schneier talked about. Here the attacker publishes a vulnerability in a piece of widely used software, and points to another piece of software as the "solution". The solution contains the exploit code.
Are you seriously suggesting that w00w00 did this deliberately? That is a pretty serious accusation. If they were unheard-of, that might be plausible, but they have been constructively contributing to the security community for years. I have a hard time believing that w00w00 deliberately released an advisory with a malicious work-around.
Or are you suggesting that the author of the AIM Filter (who clearly did deliberately include spyware) also social engineered w00w00 into recomending AIM Filter as a work-around? While possible, this seems like a streach. More likely, AIM Filter was put out there simply hoping that chumps would use it, and w00w00 stepped into the trap.
Exactly how does a firewall protect against this type of attack?
By blocking IM protocols so you won't use these vulnerable applications :-) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: w00w00 on AIM Filter (Backdoors & SpyWare) Chad Schieken (Jan 09)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Crispin Cowan (Jan 10)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Joseph S D Yao (Jan 11)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) M. Dodge Mumford (Jan 11)
- <Possible follow-ups>
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Carl Friedberg (Jan 10)
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Frank Knobbe (Jan 12)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Crispin Cowan (Jan 10)