Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] RE: new internet explorer exploit (was new worm)

from [Drew Copley] Network Security [Permanent Link]
Subject: [Full-Disclosure] RE: new internet explorer exploit (was new worm)
Date: Tue, 30 Mar 2004 10:59:41 -0800 
 


-----Original Message-----
From: Berend-Jan Wever [mailto:SkyLined@edup.tudelft.nl] 
Sent: Monday, March 29, 2004 3:35 PM
To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
Subject: Re: new internet explorer exploit (was new worm)

----- Original Message ----- 
From: "Drew Copley" <dcopley@eeye.com>

Yeah. It is a zero day worm, and it is very notable as such.

I can not recall a previous zero day worm. (AV is not my 

job, but I do

try and follow zero day.)

Hence, IE has birthed us the first zero day worm.

We should be thankful it was not coded better, because it could have
caused some really serious problems. A hundred thousand systems is
really a low target when you consider 94% of all browsers 

being used are

IE and the internet population is around the 400 million figure.


Just be thankfull the guy didn't take the time to find a 0day 
xss issues in
webbased e-mail services like hotmail/yahoo/etc... I still 
wonder why these
have not been exploited by email virii: They're not that hard 
to find (check
your archives) and it's just too easy to code a small worm in 
javascript for
these sites (I know from experience). 


Yeah, we have one with Yahoo in pending. Though, it was a bit difficult
to find. (It has not be added to our upcoming advisory list, yet.) 

In fact, I am good friends with several of the guys who found the last
ones... Dror Shalev and http-equiv. (Never really talked to Greymagic,
just by chance, I suppose.)

These are top bugfinders, though, and they are very skilled people. I do
not dismiss the skills of any of the people who have found these bugs...
but I do believe there are more in there.



The only propagation 
limiting problem
is that all trafic goes through centralized servers which can 
be easily
updated (check your archives for site-specific responds 
times). But if you
combine it with your regular e-mail worm techniques, you can be sure
propagation continues after that fix.


Right, I find these security holes extremely alarming. In fact, I
accidentally flamed a bug finder once because I thought he posted Yahoo
zero day... and I am known as a guy that is patient and apologetic for
those who post zero day without going to the vendor first. (Because I
know all too well, for one thing, that they don't have to post it at
all.)

And, I know what it feels like to have this Yahoo zero day in my pocket
here. It is a dangerous thing.

That's why this business is so much funner then writing database
programs.



Cheers,
SkyLined
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Full-Disclosure] RE: new internet explorer exploit (was new worm), Drew Copley
Next by Date:  [Full-Disclosure] phpkit suffers (realy stupid) XSS vuln., Yanosz
Previous by Thread:  [Full-Disclosure] Re: new internet explorer exploit (was new worm), - -
Next by Thread:  [Full-Disclosure] Wanted, mordant
Indexes:  [Date] [Thread] [Top] [All Lists]