RE: New article on SecurityFocus

The question is whether the knoppix web server was compromised, or if an
untrustworthy employee just threw it out there.  Are we seeing, or have
seen, any worm-like activity with this vulnerability?  If so, how
rampant is it?  We here in the news that it's all over... Hundreds!....
Thousands!... But yet ask any one to name a site or confirm they have
first hand experience, or have a friend or colleague with fist hand
experience and all you get is them naming one of a handful of sites we
all heard about through media reports.  I'm not saying this isn't a real
threat.  I'm saying I believe it's exploit distribution has been greatly
exaggerated.
 

> -----Original Message-----
> From: Murad Talukdar [mailto:talukdar_m@subway.com] 
> Sent: Sunday, January 08, 2006 10:20 PM
> To: Brady McClenon; 'Drew Simonis'; 'Thor (Hammer of God)'; 
> 'Erin Carroll'; pen-test@securityfocus.com
> Cc: 'Larry Seltzer'; focus-ms@securityfocus.com
> Subject: RE: New article on SecurityFocus
>
> That was it; SANS
> http://handlers.dshield.org/jullrich/wmffaq.html
> So it can even get onto 'Trusted' websites.
> (At least they are saying they had a 'report').
> Digital whispers....
>
>
> Regards
> Murad Talukdar
>
> -----Original Message-----
> From: Brady McClenon [mailto:BMcClenon@uamail.albany.edu] 
> Sent: Saturday, January 07, 2006 2:29 AM
> To: Drew Simonis; Thor (Hammer of God); Erin Carroll;
> pen-test@securityfocus.com
> Cc: Larry Seltzer; focus-ms@securityfocus.com
> Subject: RE: New article on SecurityFocus
>
> Just curious.  I hear media reports and people saying that there's
> hundreds or thousands of compromised web site from this, but 
> I have ask
> where these numbers come from?  Where is this data, or is it pure
> speculation?  I'm also curious how one could compromise a web server
> with this exploit.  Putting files on a web server to dole out and
> compromise other computers I can see, but is the web server really
> compromised in this case?  If so, was it by way of the WMF exploit?
>
> One last question:  Has anyone here experienced or know 
> anyone that has
> a "legitimate" web server compromised (or serving out) by the WMF
> exploit.  I'm trying to determine if there are those with actual
> knowledge that the sky is indeed falling, or if we are all 
> shaking over
> unsubstantiated media hype.
>
>
> > -----Original Message-----
> > From: Drew Simonis [mailto:simonis@myself.com] 
> > Sent: Friday, January 06, 2006 10:22 AM
> > To: Thor (Hammer of God); Erin Carroll; pen-test@securityfocus.com
> > Cc: Larry Seltzer; focus-ms@securityfocus.com
> > Subject: Re: New article on SecurityFocus
> >
> > > Overall, I think community's coverage of wmf has been delivered 
> > > with an ounce of perception, and a pound of obscurity.  
> It's almost 
> > > as if people *want* it to be worse than it is.  I'm not 
> surprised, 
> > > of course.  But regardless,  my call is that we'll see a little 
> > > activity here and there, the patch will come out, most 
> will install 
> > > it (or have it installed automatically) and the whole issue will 
> > > fade away.  But that's all.
> > >
> > > We'll know for sure shortly, either way.
> >
> > Thor,
> > I think your path of thought is stuck a bit in the past.  
> > Worms are neat as a technical exercise, but we see more and 
> > more that the attackers are increasingly aware of the value 
> > of these vulnerabilities from a financial perspective, not 
> > merely for notoriety.  As such, it benefits the attacker to 
> > have a less subtle attack, one that does not sensationalize 
> > the vulnerability.  Complacency is their ally.  
> >
> > That said, there are already numerous (hundreds+) 
> > "legitimate" web sites that have been compromised and had 
> > exploit images injected into their content.  There are also 
> > already hundreds of thousands of machines that have been 
> > infected with Trojans or bots.  These infected machines will 
> > patch, but they won't be safe, and the problem gets worse.  
> >
> > So no, there won't be some catastrophic worm event.  But I 
> > posit that what there will be could be much worse.  
> >
> > -- 
> > ___________________________________________________
> > Play 100s of games for FREE! http://games.mail.com/
> >
> >
> > --------------------------------------------------------------
> > -------------
> > --------------------------------------------------------------
> > -------------
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------