>... just wanted to add my 2 cents: >folks, >regardless whether any progy/os is crackable or not (btw please add >office-xp to the list) >what I find incredible and a true issue to this newsgroup is micro$oft's >intention to 100% implement >the raw sockets specification. (see more info at Steve Gibson' >http://grc.com/dos/winxp.htm) >welcome to the jungle, >ricardo Oh puleeese! 1) It's not too tough to "crack" any software registration program when someone yahoo shares their enterprise license key - this is not cracking - this is a known registration number that is now warez. 2) Gibson has just admitted how *not* bright he is. His scenario involves getting a piece of code onto a WIndows XP box on the Internet. I'll skip the piece about how you must first compromise a system or get a user to launch a piece of code - so just for arguments sake, let's assume we send an email to an XP user and get them to launch the code. The code is a zombie client that is launched as part of a DDOS attack and uses raw sockets to spoof the originating IP address Here is where Gibson's thesis falls apart. Gibson claims that in order to do this kind of attack on NT4 or Windows 2000, you must first load a special packet driver (and reboot), then load a special IP stack (and then I'm guessing, reboot), and then write special code to leverage all of this. If this were indeed the case, Gibson might have a point - it would be difficult to write script kiddie code to do this. However, it is far simpler than all of this. I guess he's never heard of dynamically loading packet drivers or winpcap! Any thirteen year old has already figured out how to do this. All he'd have to do is add one additional file to his trojan package - and he could get any NT4 or Win2K machine to be part of his DDOS army. Weld Pond has much more to say about this at HNN (http://www.stake.com/security_news/arch.html?060501) If Gibson isn't bright enough to figure out how to write a script kiddie trojan to dynamically load the packet driver, I don't trust him enough to be telling the world that he thinks there's a problem. Besides, if this was really a problem, we'd already see this occuring on Win32 systems, Unix systems, Mac systems, etc - all of which support raw sockets. Methinks Gibsons diatribe was one more of wanting publicity for himself or his site than making a legitimate statment. He's also shown that he thoroughly misunderstands IDS products, and how to protect himself from being trojaned: http://www.theregister.co.uk/content/8/19469.html with something that should have been detected with his antivirus product =============== Fenris, The Wolf cAre to lend a hAnd? ===============
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 07:33:36 PDT