Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

WinXP raw sockets (was RE: Crack Office XP)

From: "Graham, Randy (RAW) " <RAW () y12 doe gov>
Date: Mon, 11 Jun 2001 09:11:26 -0400
This exact topic has been quite the discussion motivator on the firewalls
list (http://lists.gnac.net/) for the past week or so.  Most people there
(myself included, although I am not an expert) feel that this concern is
highly over-inflated.  Win95/98 already have this capability with the simple
loading of the Windows version of the libpcap library.  Now, many think
"Hey, that means most users machines can't be used for spoof attacks since
they won't have winpcap loaded."  Thing is, the latest version of winpcap is
loadable and usable *WITHOUT* reboot.

So, once a user's system gets taken over by the trojan of the day, whoever
controls said trojan can just install winpcap remotely and start spoofing.
Or, if for some reason the library doesn't work and they need a reboot, they
can just force a blue-screen, and when the user reboots, winpcap will load.
Finally, with DDoS attacks, spoofing really isn't even necessary, so there
is little concern over whether or not the address is spoofed.  A flood is a
flood, even if you know where it is coming from.

Oh yeah, and Office XP was cracked and distributed at least 4 days prior to
being on store shelves.

Randy Graham
-- 
You're kind of trying to pick between "horible disaster" and "attrocious
disaster"  -- Paul D. Robertson (on VNC vs. PPTP)
http://www.theregister.co.uk/content/2/19442.html - Mankind's greatest
invention?



-----Original Message-----
From: ricardo_x [mailto:ricardo_x () hotmail com]
Sent: Sunday, June 10, 2001 3:27 PM
To: vuln-dev () securityfocus com
Subject: Re: Crack Office XP



.... just wanted to add my 2 cents:

folks,
regardless whether any progy/os is crackable or not (btw please add
office-xp to the list)
what I find incredible and a true issue to this newsgroup is 
micro$oft's
intention to 100% implement
the raw sockets specification. (see more info at Steve Gibson'
http://grc.com/dos/winxp.htm)

welcome to the jungle,

ricardo


----- Original Message -----
From: <bill_weiss () att net>
To: <vuln-dev () securityfocus com>
Sent: Sunday, June 10, 2001 2:21 AM
Subject: Re: Crack Office XP



bill_weiss () att net(bill_weiss () att net)@Sat, Jun 09, 2001 at

01:25:07PM -0600:

Blue Boar(BlueBoar () thievco com)@Fri, Jun 08, 2001 at 

09:54:38PM -0700:

Nicolás Gómez wrote:


I went to the launching of the Office XP... in the 

entering of the
Ballroom

they bring to you a bag with some products....One of 

them was a
Office XP

trial for 30 days

if someone has that crack or has some place to search 

for it, i'd
appreciate

it


Several people have already replied that "this is the 

wrong list",

or "go buy the software".  Including one guy who made 

that comment,

and then included a serial number.  Go figure.

Anyway, I let it through because there have been news 

stories that

it has been cracked, and MS denies it.  I was hoping 

for an answer.

Second, I was hoping for a discussion of how the copy protection
in XP products works.  Yes, it's a bit off-topic for vuln-dev,
and I usually toss such queries.  However, this is 

going to affect a

lot more people, and I think it's also going to touch on privacy
issues.



And here we thought you were losing your mind :)

I, personally, have no intentions of ever touching this 

OS, if I can.

But, some of my friends who are active in the warez scene 

have been
running

beta builds of it, sometimes since the day they come out. 

 For more
info,

I refer you to this site:
http://winblowz.orcon.net.nz/whistler.html
and, if that goes down, it's found at
http://kickme.to/winblowz98
And clicking on "Windows Whistler/XP"


Arrgghh...  Office != Windows (thanks to the person who 

pointed this out).


Same site (http://kickme.to/winblowz98), different link.  I 

imagine you
can

find it.
Previous By Date Next
Previous By Thread Next

Current thread: