Full Disclosure mailing list archives

Re: DCOM RPC exploit (dcom.c)

From: "Justin Shin" <zorkshin () tampabay rr com>
Date: Sun, 27 Jul 2003 16:38:15 -0400

Well people I guess this post, which was originally about me not being able to compile this (because I am stoooooopid
:) is now about something completely different.

My opinion: released vulnerabilities are good. Why? Two reasons. One, they allow the security admins to take a look at
how the vulnerability technically looks (as I did with this source) and configure their IDS and firewall systems to
block dangerous net traffic. Second, released vulnerabilities create a "scare" atmosphere and that is truly what we
need right now. I don't know if any of yall saw it, but on July 26 they were talking on CNN about a 'dangerous new
Windows bug that is a hacker's dream.' Hopefully the scare from the media and press will be enough to convince users to
patch their systems.

However, a worm is N-E-V-E-R good and A-L-W-A-Y-S malicious. What would be the "good" intent of releasing any program
that self-replicates to other vulnerable system and wreaks havoc? Obviously none. I don't know when a worm is going to
surface for this, but when it does ... and if the media and press and Microsoft do not absolutely make the users piss
their pants ... the world's M$ users could all be in for a nasty little shocker. This exploit makes Nimda and Slammer
look like minor threats.

Also, I think it is time to sue corporations that sell buggy/vulnerable software AND make little effort to make people
aware of the problems. Microsoft is improving, actually, but in my opinion they should make security updates mandantory
when connected to the net. Also, I should say that no one can sue the ASF (apache software foundation) for vulnerable
software because it is free! It is like getting a free doorlock from a guy on the street, applying it to your door, and
suing the guy because someone broke in.

-- Justin Shin

Free Mumia Abu-Jamal!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
  - Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
- Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
  - Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) El Guille (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
  - Re: Re: DCOM RPC exploit (dcom.c) David R. Piegdon (Jul 27)
    - Re: Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Justin Shin (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
    - Re: Re: DCOM RPC exploit (dcom.c) Dan Stromberg (Jul 28)
    - Re: DCOM RPC exploit (dcom.c) Curt Purdy (Jul 31)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: DCOM RPC exploit (dcom.c) dhtml (Jul 27)
- Re: DCOM RPC exploit (dcom.c) dhtml (Jul 27)
- Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 28)
  - RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 28)

(Thread continues...)