Re: yet another fake exploit making rounds

[xbud <xbud () g0thead com>]

> Perhaps we all ought to oblige them by sending them bogus /etc/passwd files
> and let them spin there wheels trying to crack the passwords.

Why bother giving them the attention they want...?

> Or alternately, grab a few hundred megabytes of random garbage to send
> them...
I'm sure they don't host it themselves and mail.com won't appreciate anyone 
flooding it's mail boxes.   

Asking mail.com staff nicely to remove the account might be a more positive 
way of dealing with it.

umm and perhaps el8.8m.com should do some analytical research before posting 
'0-day' code.

$.02
-xbud

On Friday 21 December 2001 09:18 am, Wall, Kevin wrote:
> Michal Zalewski,
>
> > Most recent (third) issue of "el8" zine, available at
> > http://el8.8m.com,
> > among other things claims to have a "0-day" dcron exploit, allegedely
> > coded by me and Rafal Wojtczuk (Nergal).
> > ... it appears to be a very nicely crafted trojan horse.
> > It does send your /etc/passwd file to a fixed address
>
> your-address () mail com
>
> > ... this mailbox is probably valid and attended):
>
> Perhaps we all ought to oblige them by sending them bogus /etc/passwd files
> and let them spin there wheels trying to crack the passwords.
>
> Or alternately, grab a few hundred megabytes of random garbage to send
> them...
>
>       dd if=/dev/random ibs=4K count=102400 | mail your-address () mail com
>
> and overflow their mailbox. Anything to keep them busy over the holidays.
> ---
> Kevin W. Wall         Qwest Communications International, Inc.
> Kevin.Wall () qwest com       Phone: 614.932.5542
> "Wipe Info uses hexadecimal values to wipe files. This provides more
> security than wiping with decimal values."
>               -- Norton System Works 2002 manual, pg 160