Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare)

[Crispin Cowan <crispin () wirex com>]

Chad Schieken wrote:

> Looks like we have a new form of attack. It seems akin the types of 
> "semantic" attacks that Bruce Schneier talked about. Here the attacker 
> publishes a vulnerability in a piece of widely used software, and 
> points to another piece of software as the "solution". The solution 
> contains the exploit code. 

Are you seriously suggesting that w00w00 did this deliberately?  That is 
a pretty serious accusation. If they were unheard-of, that might be 
plausible, but they have been constructively contributing to the 
security community for years. I have a hard time believing that w00w00 
deliberately released an advisory with a malicious work-around.

Or are you suggesting that the author of the AIM Filter (who clearly did 
deliberately include spyware) also social engineered w00w00 into 
recomending AIM Filter as a work-around? While possible, this seems like 
a streach. More likely, AIM Filter was put out there simply hoping that 
chumps would use it, and w00w00 stepped into the trap.

> Exactly how does a firewall protect against this type of attack? 

By blocking IM protocols so you won't use these vulnerable applications :-)

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards