Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another new worm???

From: jlegate () SITESMITH COM (Jason Legate)
Date: Thu, 22 Jun 2000 16:39:44 -0700

*nod*  However, the trojan idea could still work against a "trusted
user".  If you send them something over their AOL public IP, and they
accept it, then the trojan would capture them using the TOD server, giving
you perhaps the phone number, and how to interact with it.  If you were a
real professional, you could even snag the key from the Defender key, and
the "secret code" to unlock it.

*comes down from his pipe dream*

-j

On Thu, Jun 22, 2000 at 06:24:18PM -0500, David Knaack wrote:

From: Jason Legate <jlegate () sitesmith com>

AFAIK, the TODs are not signed, but after speaking with an ex-aol
employee, she has said that they use a private lan, with a backdoor phone
number.


Such a setup would probably require a fairly involved effort to
compromise.  Professional black hat stuff I guess.

A more likely senerio would be to attack groups of users by routing
their traffic to server that understands AOLP and delivers the TOD
after the inital connection, then forces them to disconnect.
Subsequent connections would be to the real AOL server.

DK


-- 
/--------------------------/ Jason Legate \------------------------\
|     jlegate () sitesmith com       |         SiteSmith, Inc.        |
|        24x7 Call Center         |    http://www.sitesmith.com    |
|          888.898.7667           |     PGP Key ID - 0xE29C48B     |
+---------------------------------+--------------------------------+
| Fingerprint - 769E 8DB4 C4DB C555 2697  51C6 3181 7D6E E299 C48B |
\------------------------------------------------------------------/


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: