Firewall Wizards mailing list archives
Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare)
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 10 Jan 2002 09:29:57 -0500 (EST)
While I agree with Crispin about w00w00 not doing this deliberatly, I do feel the person that wrote the filter did do what w00w00 described delberately. My only area of wonderment with the w00w00 announcment of the trojaning discovery is how they down played the issue. I think it's actually a bit more serious then their advisory described. Thanks, Ron DuFresne On Wed, 9 Jan 2002, Crispin Cowan wrote:
Chad Schieken wrote:Looks like we have a new form of attack. It seems akin the types of "semantic" attacks that Bruce Schneier talked about. Here the attacker publishes a vulnerability in a piece of widely used software, and points to another piece of software as the "solution". The solution contains the exploit code.Are you seriously suggesting that w00w00 did this deliberately? That is a pretty serious accusation. If they were unheard-of, that might be plausible, but they have been constructively contributing to the security community for years. I have a hard time believing that w00w00 deliberately released an advisory with a malicious work-around. Or are you suggesting that the author of the AIM Filter (who clearly did deliberately include spyware) also social engineered w00w00 into recomending AIM Filter as a work-around? While possible, this seems like a streach. More likely, AIM Filter was put out there simply hoping that chumps would use it, and w00w00 stepped into the trap.Exactly how does a firewall protect against this type of attack?By blocking IM protocols so you won't use these vulnerable applications :-) Crispin
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: w00w00 on AIM Filter (Backdoors & SpyWare) Chad Schieken (Jan 09)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Crispin Cowan (Jan 10)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Joseph S D Yao (Jan 11)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) M. Dodge Mumford (Jan 11)
- <Possible follow-ups>
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Carl Friedberg (Jan 10)
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Frank Knobbe (Jan 12)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Crispin Cowan (Jan 10)