Full Disclosure mailing list archives

Re: Multiple 0-days in Dark Comet RAT

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 10 Oct 2012 14:06:06 -0700

It's InfoSec. Nothing has any meaning anymore.  Or, better stated, things means whatever people want them to mean in 
order to forward their agenda.  When we talked about full disclosure a while back, somebody said I was "jaded" as if it 
meant I had "clouded judgement."  They were actually right though, as jaded" means "negative by way of experience."  

I remember when people started using metrics like "moderately critical" to describe their [what they called] 0-day XSS 
vulnerability for some ancient CRM package. That way they get to say they published 14,000 0-days on their marketing 
material. 

Some dude recently posted on a professional list how he routinely cracks the NTLMv2 hashes for 10,000 users in 36 hours 
with rainbow tables.  Of course every single part of the statement is complete BS but no one (except me) even blinked. 

People talk about how stupid users are, but I think the people in the industry are far worse. 

Sent from whatever device will keep us from debating which one is better.

On Oct 9, 2012, at 9:59 AM, Philip Whitehouse <philip () whiuk com> wrote:

Does 0-day have any meaning any more? It used to mean there were exploits in the wild used to cause damage before the 
vendor patched it not merely that a security researcher found it and disclosed it to the public before the vendor did.

If a 0 day is everything found by a security team before a vendor then the term will loose all purpose and meaning 
because almost all work done by such researchers is finding vulns. before the vendor.

End rant.

Philip Whitehouse

On 8 Oct 2012, at 21:33, "Hertz, Jesse" <jesse_hertz () brown edu> wrote:

SQL Injection and Arbitrary File Access present in Command and Control server of DarkComet RAT

for more info see:
http://matasano.com/research/PEST-CONTROL.pdf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 09)
- Re: Multiple 0-days in Dark Comet RAT Philip Whitehouse (Oct 10)
  - Re: Multiple 0-days in Dark Comet RAT Thor (Hammer of God) (Oct 10)
  - Re: Multiple 0-days in Dark Comet RAT Pascal Ernster (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Gage Bystrom (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Julius Kivimäki (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 14)
    - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 15)
    - Re: Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 17)
- Re: Multiple 0-days in Dark Comet RAT kaveh ghaemmaghami (Oct 18)
  - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 18)
- <Possible follow-ups>
- Re: Multiple 0-days in Dark Comet RAT scriptjunkie (Oct 18)