[ISN] Security geek developing WinXP raw socket exploit

From: InfoSec News (isnat_private)
Date: Tue Jun 12 2001 - 10:24:26 PDT

  • Next message: InfoSec News: "[ISN] Hackers break into computers at IU again"

    http://www.theregister.co.uk/content/6/19623.html
    
    By Thomas C Greene in Washington
    Posted: 12/06/2001 at 05:36 GMT
    
    Repent, for the Kingdom of Heaven is at hand! 
       -- Matthew 3:2 
    
    Security specialist Steve Gibson has created quite a fracas with his
    increasingly vocal opposition to the raw-socket connectivity planned
    for Windows-XP, and upon which he bases predictions of impending chaos
    for the entire Internet, so he's decided to exploit the very threat he
    claims will make the Internet permanently unstable.
    
    The raw sockets which have Gibson so steamed enable a machine to send
    or capture data independent of the operating system -- quite handy if
    you're a software developer or an advanced hobbyist. And while it's
    true that this also enhances the packet-flooding capabilities of a
    Windows machine by making it easy to spoof packets, it's also true
    that this function is already included in most other operating
    systems, and can be added to an existing Win-9x, 'ME, or '2K machine
    quite easily with a library called WinPcap.
    
    All right, we'll allow that there'll be a few s'kiddies who might
    prefer to use their Win-XP boxes for such purposes. But they can
    already do so simply by installing Linux and doing a bit of reading.
    
    There will also be more Windows clients available for malicious misuse
    as 'XP grows in popularity; but one can already do heaps of packeting
    from Windows machines with SubSeven, and even launch the attack in
    bulk from IRC.
    
    True, the boxes will eventually be found because their IPs are
    traceable, and admins will contact the owners and let them know
    they're infected -- but only long after the damage is done. Raw
    sockets in 'XP only marginally improve the situation for a malicious
    party. We really don't see an immense growth in packeting on the
    horizon.
    
    Gibson, on the other hand, tells it like a loner in the desert,
    living, we would imagine, on locusts and wild honey for a bit too long
    a time.
    
    After being packeted into submission last month by a thirteen-year-old
    computer enthusiast called "Wicked", he's become obsessed with the
    mission of dissuading Microsoft from outfitting 'XP with the same
    capabilities as most of its competitors.
    
    He's written thousands of words on his Web site, denouncing Microsoft
    for putting something like real power into a consumer operating
    system. He's written memos to the company; he's warned all his site's
    visitors; but he's still not satisfied. The "XP Christmas of Death" is
    coming, he warns, immediately after which all the little s'kiddies
    will gleefully baptize us with fire.
    
    According to Gibson's paranoid delusions, everyone with a computer is
    a potential criminal, and the only reason the entire Net population
    hasn't yet exploded in some mass orgy of evil is because Microsoft has
    thus far refrained from unleashing the uncontrollable power of the raw
    socket.
    
    He'll show the bastards 
    
    Unfortunately, not enough of the right people are listening to him
    with the proper degree of attentiveness. So he's decided to show the
    bastards: Gibson is developing a free tool which he calls
    'Spoofarino'.
    
    "We need a tool to hold ISPs accountable and publicly demonstrate
    individual ISP irresponsibility," Gibson says.
    
    "Given the universal reluctance they have demonstrated so far, I
    believe that only active public scrutiny will bring about the changes
    required to insure [sic] a reliable and secure future for the
    Internet."
    
    From that we infer that Spoofarino will enable Netizens to test
    whether or not their ISP allows them to send spoofed packets to
    Gibson's site. We imagine that any ISP which fails to filter outbound
    spoofed packets will be identified for a solid public shaming.
    
    It sounds like a tool with which one could generate raw packets,
    though probably in a controlled manner. But if that's the case, it
    would lay much of the ground work for an EZ malicious version
    leveraging the very threat Gibson is decrying.
    
    "The threat represented by Microsoft's forthcoming Windows-XP
    operating system, with its confirmed ability to easily generate
    malicious Internet traffic -- for NO good reason -- can not be
    overstated," he warns.
    
    "The proper executives within Microsoft MUST be reached with this
    message so that those plans can be reviewed in light of the potential
    for their system's massive abuse of the inherently trusting Internet."
    
    And so Steve Gibson is going to show us all.
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 00:20:56 PDT