Firewall Wizards mailing list archives

Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare)

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 10 Jan 2002 09:29:57 -0500 (EST)


While I agree  with Crispin about w00w00 not doing this deliberatly, I do
feel the person that wrote the filter did do what w00w00 described
delberately.  My only area of wonderment with the w00w00 announcment of
the trojaning discovery is how they down played the issue.  I think it's
actually a bit more serious then their advisory described.

Thanks,

Ron DuFresne

On Wed, 9 Jan 2002, Crispin Cowan wrote:

Chad Schieken wrote:

Looks like we have a new form of attack. It seems akin the types of 
"semantic" attacks that Bruce Schneier talked about. Here the attacker 
publishes a vulnerability in a piece of widely used software, and 
points to another piece of software as the "solution". The solution 
contains the exploit code.


Are you seriously suggesting that w00w00 did this deliberately?  That is 
a pretty serious accusation. If they were unheard-of, that might be 
plausible, but they have been constructively contributing to the 
security community for years. I have a hard time believing that w00w00 
deliberately released an advisory with a malicious work-around.

Or are you suggesting that the author of the AIM Filter (who clearly did 
deliberately include spyware) also social engineered w00w00 into 
recomending AIM Filter as a work-around? While possible, this seems like 
a streach. More likely, AIM Filter was put out there simply hoping that 
chumps would use it, and w00w00 stepped into the trap.

Exactly how does a firewall protect against this type of attack?


By blocking IM protocols so you won't use these vulnerable applications :-)

Crispin


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  sysinfo.com
                  http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: w00w00 on AIM Filter (Backdoors & SpyWare) Chad Schieken (Jan 09)
- Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Crispin Cowan (Jan 10)
  - Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
  - Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Joseph S D Yao (Jan 11)
  - Re: Re: w00w00 on AIM Filter (Backdoors & SpyWare) M. Dodge Mumford (Jan 11)
- <Possible follow-ups>
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Carl Friedberg (Jan 10)
  - RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) R. DuFresne (Jan 11)
- RE: Re: w00w00 on AIM Filter (Backdoors & SpyWare) Frank Knobbe (Jan 12)