Vulnerability Development mailing list archives
Re: Has anyone verified whether is is valid?
From: mrousseau () SECURED ORG (Maxime Rousseau)
Date: Fri, 14 Apr 2000 21:47:13 -0400
Hello,
From what i read so far, its nothing much. The key is only an communication
obsfucation key used to obsfucate traffic between the client and the server dll's. It allows you to do nifty stuff but I wouldnt describe this as a backdoor with the ammount of info i have so far. There is no known (to me) evidence that supports the thesis of a 'backdoor to r00t every web site' the media like to spread. If you did not have access to the web site in the first place this isnt going to get you access. So its a media hype (wow, big surprise. they really love to make fool of themselves). You might want to check NTBugtraq on this, it has valuable info. Rain Forest Puppy (RFP) also released a little advisory describing (very breifly) the problem and included a small snippet of code to show what it does. Relevant URLs are: http://www.ntbugtraq.com http://www.wiretrip.net Hope this helps, M. Secured Industries Why fear the unknown? PS: the key is however very interesting, i wonder what netscape engineers think of it :)
Current thread:
- Has anyone verified whether is is valid? M J (Apr 14)
- Re: Has anyone verified whether is is valid? Joe (Apr 14)
- Re: Has anyone verified whether is is valid? Ron DuFresne (Apr 14)
- Re: Has anyone verified whether is is valid? Ryan Permeh (Apr 14)
- Re: Has anyone verified whether is is valid? Maxime Rousseau (Apr 14)
- <Possible follow-ups>
- Re: Has anyone verified whether is is valid? Hugo Gayosso (Apr 14)
- Re: Has anyone verified whether is is valid? Marc (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Marc (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 15)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Marc (Apr 15)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 14)
- Oulook password Hap2782 (Apr 15)
- Re: Oulook password Blue Boar (Apr 15)
- [Fwd: R: Oulook password] Blue Boar (Apr 15)