Full Disclosure mailing list archives
Re: Possible apache2/php 4.3.9 worm
From: dk <dk () pwarchitects com>
Date: Mon, 27 Dec 2004 19:20:03 -0600
DanB UK wrote:
Do read the code carefully though Dan. Right off hand I can see errors that were also in the code posted to bugtraq on the 20th; K-OTik may have added more, dunno.It is probable that they have added errors in. To curb the script kiddies picking things up and modifying it and releasing it.
Yeah, I think it has been mentioned here that K-otik does this with their posted code, which is fine by me. :)
I have a bit of a worry about that and my talk, whether or not to release my sample code. It could be used quite evilly if the intention was there. I probably won't.
I have had concern about this as well, but remain a staunch supported of the Full Disclosure concept sprinkled with some common sense. With the time to live for virii/worms/exploits this year (from disclosure of bug to malware exploiting it) it's obvious that the "bar" is getting progressively lower each year in regards to the skill set it takes to develop this code. Which is a shame, as developing that skill over time lends itself to a better understanding of the responsibility that comes with it.
So a PoC or code that is missing key parts (that a skilled person could decipher), or an Advisory that informs the author(s) before the general public seems a socially responsible way to address bugs in our current climate. It /is/ hard not to share your work with others, and ultimately does everyone a disservice in the end not to disseminate the knowledge. :)
There has been an interesting discussion regarding this on Bugtraq in regards to Prof D. J. Bernstein's class "MCS 494: Unix
Security Holes" at UofI @ Chicago.I was a bit surprised how vocal both he and one of his students, Jonathan Rockway, were in the thread(s) concerning disclosure; but it was nice to see them participate in it (and disclose the bugs they found in the first place of course). Yet they both seemed to disassociated themselves with many of the real-world effects their disclosure decisions have. It would seem the comfort of Academia colors things to those within it's walls. It was a shame to see an obviously intelligent, skilled & adept math/cs professor miss the mark on some of the social implications his work has on the world -- outside of the constrained scope of his coursework.
To me, it just highlighted the very problem he was trying to address. Namely, that some individuals or teams do not take responsibility for their actions outside of the limited issues they directly identify with; whether that be application coder or bug hunter. :(
-- dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Possible apache2/php 4.3.9 worm Alex Schultz (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Pamela Patterson (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Paul Schmehl (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Ron Brogden (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Brendan Dolan-Gavitt (Dec 21)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 22)
- Re: Possible apache2/php 4.3.9 worm Barrie Dempster (Dec 22)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 22)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 23)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 27)
- Re: Possible apache2/php 4.3.9 worm milw0rm Inc. (Dec 22)
- <Possible follow-ups>
- Re: Possible apache2/php 4.3.9 worm Feher Tamas (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Joe Stewart (Dec 21)
- Re: Re: Possible apache2/php 4.3.9 worm morning_wood (Dec 22)
- RE: Re: Possible apache2/php 4.3.9 worm Patrick Nolan (Dec 22)
- Re: Re: Possible apache2/php 4.3.9 worm Max Valdez (Dec 23)
- RE: Possible apache2/php 4.3.9 worm Randal, Phil (Dec 21)
- RE: Possible apache2/php 4.3.9 worm Todd Towles (Dec 21)