Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 04 Mar 2004 16:46:21 +1300
"Larry Seltzer" <larry () larryseltzer com> asked "'Thor Larholm'":
if you can read the users login credentials to his corporate mailserver you are farbetter off. Rather casually put. How would you do this? I've heard how Swen asks the user for their credentials, but if you know a general crack for obtaining them I'd say that's news.
Think outside the square Larry. Think "cached passwords". Think "what use are they if a program cannot ask for them?". Think "key logger". Think "what do minimum privilege and XP Home have in common?" Hell, just _think_. It's not difficult -- well, if you work at Redmond it may be, but in the real world we pretty much knew how to avoid writing really insecure software for quite some time before Microsoft put the opposite into practise, implementing it all as a proof of concept in the guise of an OS that was then accidentally sent to the marketing group instead of the "fix the security flaws" group as a test for the latter... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 06)
- Email legislation does not exist Thor Larholm (Mar 04)
- RE: Email legislation does not exist Bill Royds (Mar 04)
- RE: Email legislation does not exist Ron DuFresne (Mar 05)
- Re: Email legislation does not exist Oliver Schneider (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- ProFtp bufferoverflow. Frederic Charpentier (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: ProFtp bufferoverflow. Epic (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)