Re: BackOrifice == DDoS Server???

[11a () GMX NET (Bluefish)]

> 2 years ago when Back Orifice made its debut, I've noticed the command
> "PROCSPAWN".
> (Unix Back Orifice Source Code available at www.rootshell.com.)

Additionally, remember that it is possible to code plugins for BO. It
could be made into an even more dangerous attack.

The big question though, is if BO is more easily used (= more scriptkidz
using it) or more stealthed (higher % of the users installing it without
understanding it) than other available DDoS tools. Otherwise this is
simply yet another tool.

> Im not too sure if many people knew about this, but it's here for those
> who didn't know, and to expose that programs written for another use
> could be abused for something of its original intent.

BO is written to serve dual purposes (to be used and abused). That, added
to it's bad security (two of the cryptographic plugins were broken due to
flawed MD5 implementation, and because it was written to serve dual
pruposes, no one has bothered to analyse the security of it) sugest that
it now only is usefull for abuse..... Given how week the original
cryptographic modules were (same key always - MD5 gave a static response)
it would seem the authors didn't bother to investigate the security of it
very much.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team