RE: [ISN] The Code Red hype Hall of Shame

From: InfoSec News (isnat_private)
Date: Tue Aug 14 2001 - 03:01:19 PDT

  • Next message: InfoSec News: "[ISN] Stuph for 8.14.01 (Can't we all just get along?)"

    Forwarded from: Thomas C. Greene <tcgreeneat_private>
    that's what i like about maiffret -- always quick with a shallow
    "so's-your-old-man" reply to a serious question.  i actually did
    stumble upon the discussion on bugtraq (though Heaven knows how a dumb
    hack like me even heard of the place).
    richard smith raised an important issue.  i don't agree with him, but
    that hardly means the guy doesn't have a point worth debating. i was
    surprised that elias closed the thread when he did.
    maiffret's reply boils down to "shut up, asshole, i'm smarter than
    you." well -- except for a bit of gibson-esque doubletalk:
    "Someone found an unknown buffer overflow vulnerability within the IIS
    .htr ISAPI filter, without any data from eEye. Someone exploited that
    unknown buffer overflow vulnerability in order to execute code on
    remote systems, without any data from eEye. Someone took that exploit
    even further and turned it into a worm (Which is what CodeRed is
    explicitly based off of) and launched it at the Internet, without any
    data from eEye."
    but that's the delivery mechanism, not the sploit.  that shit won't
    a better argument would have been that the actual code-red exploit is
    different from the .ida hole as described by eeye, meaning that the CR
    author (or more properly, assembler) would have done some creative
    work instead of mechanically applying what he learned from eeye's
    noisy .ida hole announcements.  i sense that this is what maiffret was
    trying to say.  maybe he was writing in haste and it just didn't come
    out right.
    of course, he seems to do an awful lot of writing in haste, and sounds
    progressively more defensive and paranoid as time goes by.  i just
    wonder -- assuming he's half the genius he thinks he is -- why he
    can't mount a simple, effective argument in defence of his actions.
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private] On Behalf
    Of InfoSec News
    Sent: Monday, August 13, 2001 1:21 AM
    To: isnat_private
    Subject: RE: [ISN] The Code Red hype Hall of Shame
    Forwarded from: Marc Maiffret <marcat_private>
    Wow. Two writers fighting over who wrote an inaccurate story first.
    What fun.
    Since neither Tommy nor Danny have any technical understanding of
    CodeRed nor the .ida exploit (yet write about it and point fingers
    anyway) they both might want to go look at the thread called "Can we
    afford full disclosure of security holes?" that was on Bugtraq just
    recently. You will actually see knowledgeable people who understand
    the topic rather than two writers just looking to meet their weekly
    quota of articles.
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    F.949.349.9538 - Network Security Scanner - Network Traffic Analyzer - Web Application Firewall
    | -----Original Message-----
    | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf
    | Of InfoSec News
    | Sent: Friday, August 10, 2001 11:40 PM
    | To: isnat_private
    | Cc: thomas.greeneat_private
    | Subject: Re: [ISN] The Code Red hype Hall of Shame
    | Forwarded from: Dan Verton <Dan_Vertonat_private>
    | Greene Writes:
    | We're still at a loss to explain how eEye Digital Security, which
    | discovered and publicized the .ida hole that Code Red and Code Red
    | Junior exploit, has managed to escape questioning by the press for its
    | part in the whole fiasco. Indeed, their role is tantamount to a
    | pharmaceutical company unintentionally releasing a disease germ.
    | I throw this out as an FYI... I raised the issue as far back as July
    | 20 and when I was done I felt like a mailman who had just walked into
    | a yard full of rabid dogs.
    | Story is here and was one of the early ones.
    | "Security experts question release of Code Red worm's exploit data"
    | Unfortunately, the commentators who comment on the commentators, don't
    | always get it either. The truth, like politics, is local. Perceptions
    | are reality and most perceptions differ greatly. Like the sys admin
    | who had to spend 30 hours cleaning up his system in the aftermath of
    | Code Red because he did'nt have the patch installed. But he was warned
    | like the rest of them. Unfortunately, he probably thought it was all
    | just more FUD. He, like hundreds of thousands of others, was wrong.
    | Dan Verton
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 05:03:55 PDT