Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: WMF Threat OK , but no huge attack ... WHY ?

From: "Ward, Patrick James" <patrick.ward () hp com>
Date: Mon, 9 Jan 2006 15:46:29 -0800
Well, it seems to me you are making a huge assumption here:  That not
much bad actually happened.  It has been my experience that when people
who know what they are doing set out to exploit a system, there is very
little, if any, evidence left.  Why do you assume that an attack (or
more likely, many attacks) did not occur that simply have not been
detected/observed?  

It is not difficult to create an exploit for this issue that is not
detectable via antivirus or IDS/IPS, and is also relatively easy to
create something that is very covert in what it does to avoid
observation.  And with the "me too" attention that this issue is
generating (i.e. the follow on WMF exploits posted today by cocoruder -
which are not addressed by MS06-001), I don't think that we have seen
the end of these WMF issues, not by a long shot.

Cheers,

Patrick 

-----Original Message-----
From: pejman.gohari () gmail com [mailto:pejman.gohari () gmail com] 
Sent: Monday, January 09, 2006 9:34 AM
To: incidents () securityfocus com
Subject: WMF Threat OK , but no huge attack ... WHY ?

Hi,

The WMF threat was and continues to be important.
But I'm curious to know why we didn't observe any important attack on
Internet? 

WMF was a perfect Zero-Day attack and a scenario like the blackout of
Internet was possible ... but nothing ... or no important attack! 
No BOT virus deployed? No DOS worm attack? ... 

All hackers become white-hat? 
Or they attacked and we didn't see anything? 

Any hypothese / explanation ? 

Regards,
Pejman
Previous By Date Next
Previous By Thread Next

Current thread: