Penetration Testing mailing list archives
RE: New article on SecurityFocus
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 6 Jan 2006 12:08:18 -0800
I can confirm that this is indeed a legitimate issue and there is real traffic happening. I can't give specifics but where I work we've blacklisted 2 entire subnets due to this issue, a /19 and /20 respectively. The majority of the sites hosted within the subnets are porn but there are also legitimate sites that appear to have been compromised with tagged payloads that are not related to the ad network Larry mentions. -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: Larry Seltzer [mailto:larry () larryseltzer com] Sent: Friday, January 06, 2006 8:48 AM To: 'Brady McClenon'; 'Drew Simonis'; 'Thor (Hammer of God)'; 'Erin Carroll'; pen-test () securityfocus com Cc: focus-ms () securityfocus com Subject: RE: New article on SecurityFocus The numbers come mostly from porn sites that use a low browad networkthat is inserting the graphics into the sites. If youreally want tosee one, go to 600pics[dot]com, but be forewarned of hardcore porn. I haven't seen any reports of innocent sites being affected by this. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: Brady McClenon [mailto:BMcClenon () uamail albany edu] Sent: Friday, January 06, 2006 11:29 AM To: Drew Simonis; Thor (Hammer of God); Erin Carroll; pen-test () securityfocus com Cc: Larry Seltzer; focus-ms () securityfocus com Subject: RE: New article on SecurityFocus Just curious. I hear media reports and people saying that there's hundreds or thousands of compromised web site from this, but I have ask where these numbers come from? Where is this data, oris it purespeculation? I'm also curious how one could compromise aweb serverwith this exploit. Putting files on a web server to dole out and compromise other computers I can see, but is the web server really compromised in this case? If so, was it by way of the WMF exploit? One last question: Has anyone here experienced or know anyone that has a "legitimate" web server compromised (or serving out)by the WMFexploit. I'm trying to determine if there are those with actualknowledge thatthe sky is indeed falling, or if we are all shaking over unsubstantiated media hype.-----Original Message----- From: Drew Simonis [mailto:simonis () myself com] Sent: Friday, January 06, 2006 10:22 AM To: Thor (Hammer of God); Erin Carroll; pen-test () securityfocus com Cc: Larry Seltzer; focus-ms () securityfocus com Subject: Re: New article on SecurityFocusOverall, I think community's coverage of wmf has beendelivered withan ounce of perception, and a pound of obscurity. It'salmost as ifpeople *want* it to be worse than it is. I'm not surprised, of course. But regardless, my call is that we'll see a little activity here and there, the patch will come out, mostwill installit (or have it installed automatically) and the wholeissue willfade away. But that's all. We'll know for sure shortly, either way.Thor, I think your path of thought is stuck a bit in the past. Worms are neat as a technical exercise, but we see more andmore thatthe attackers are increasingly aware of the value of these vulnerabilities from a financial perspective, not merely for notoriety. As such, it benefits the attacker to have aless subtleattack, one that does not sensationalize the vulnerability. Complacency is their ally. That said, there are already numerous (hundreds+)"legitimate" websites that have been compromised and had exploit imagesinjected intotheir content. There are also already hundreds of thousands of machines that have been infected with Trojans or bots.These infectedmachines will patch, but they won't be safe, and the problem gets worse. So no, there won't be some catastrophic worm event. But Iposit thatwhat there will be could be much worse. -- ___________________________________________________ Play 100s of games for FREE! http://games.mail.com/ -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 1/5/2006-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 1/5/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 1/5/2006 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: New article on SecurityFocus, (continued)
- RE: New article on SecurityFocus Navroz Shariff (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Erin Carroll (Jan 06)
- Re: New article on SecurityFocus Socrates (Jan 07)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- Re: New article on SecurityFocus Robin (Jan 06)
- RE: New article on SecurityFocus Jim Clausing (Jan 07)
- RE: New article on SecurityFocus Erin Carroll (Jan 07)
- Re: New article on SecurityFocus Drew Simonis (Jan 07)
- Re: New article on SecurityFocus Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jan 07)
- RE: New article on SecurityFocus Derick Anderson (Jan 09)
- RE: New article on SecurityFocus Brady McClenon (Jan 09)
- RE: New article on SecurityFocus Larry Seltzer (Jan 09)
- RE: New article on SecurityFocus Brady McClenon (Jan 09)
- RE: New article on SecurityFocus Richard Zaluski (Jan 09)