> Perhaps we all ought to oblige them by sending them bogus /etc/passwd files > and let them spin there wheels trying to crack the passwords. Why bother giving them the attention they want...? > Or alternately, grab a few hundred megabytes of random garbage to send > them... I'm sure they don't host it themselves and mail.com won't appreciate anyone flooding it's mail boxes. Asking mail.com staff nicely to remove the account might be a more positive way of dealing with it. umm and perhaps el8.8m.com should do some analytical research before posting '0-day' code. $.02 -xbud On Friday 21 December 2001 09:18 am, Wall, Kevin wrote: > Michal Zalewski, > > > Most recent (third) issue of "el8" zine, available at > > http://el8.8m.com, > > among other things claims to have a "0-day" dcron exploit, allegedely > > coded by me and Rafal Wojtczuk (Nergal). > > ... it appears to be a very nicely crafted trojan horse. > > It does send your /etc/passwd file to a fixed address > > your-addressat_private > > > ... this mailbox is probably valid and attended): > > Perhaps we all ought to oblige them by sending them bogus /etc/passwd files > and let them spin there wheels trying to crack the passwords. > > Or alternately, grab a few hundred megabytes of random garbage to send > them... > > dd if=/dev/random ibs=4K count=102400 | mail your-addressat_private > > and overflow their mailbox. Anything to keep them busy over the holidays. > --- > Kevin W. Wall Qwest Communications International, Inc. > Kevin.Wallat_private Phone: 614.932.5542 > "Wipe Info uses hexadecimal values to wipe files. This provides more > security than wiping with decimal values." > -- Norton System Works 2002 manual, pg 160
This archive was generated by hypermail 2b30 : Fri Dec 21 2001 - 16:18:00 PST