Re: Disorganization campaign

From: Blue Boar (blueboarat_private)
Date: Tue Feb 26 2002 - 14:20:18 PST

Next message: 3APA3A: "Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)"

Previous message: Blue Boar: "Administrivia"
In reply to: Matt Conover: "Disorganization campaign"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Feb 2002, Matt Conover wrote:

> It appears that there is an intentional effort to give out false and
> misleading information to confuse people. Consider that in the last two
> weeks alone, there has been a fake snmp exploit from zen (which he says he
> didn't send), a fake (or really old) w00w00 exploit, fake TESO cowboy
> exploit, and several different rumors of vulnerabilities in apache and
> php. It's hard to know what's accurate and what isn't. In some cases
> (i.e., the fake zen snmp exploit), it is actually cause harm to the person
> running the exploit. I think that was the point. It would appear the
> intention is to confuse hackers and script kiddies so that they cannot
> tell the difference between what is and isn't real. This will obviously
> slow efforts in harvesting new exploits, because a hacker or script kiddie
> would have to sort through which new exploits are and aren't real.

That is clearly the case.  We've had fake exploits here in the past, and 
likely will in the future.  Currently, it happens infrequently.  As I've 
said several times in the past, readers of the list must always treat code 
posted with suspicion.  In general, I don't look too hard at code posted 
here, though I have refused obvious trojans on several occasions.  If it 
gets to an unreasonable level, I'll simply have to examine every bit of 
code more carefully before I allow it.  

> this part of the campaign to be somewhat honorable. However, I think
> another part of the campaign is to make the sources of security
> information (i.e., BugTraq and Vuln-Dev) untrustable, and that I disagree
> with.

I'm aware that there is an active campaign to do exactly that by a handful 
of people.  Again, I have blocked some of the attempts in the past, while 
no doubt some of them have gotten through.  

The group that I am aware of is collapsing in on itself, much like a 
defacement group will eventually break apart.  It is very much a case of 
ignore them, and they will go away.  I don't want to have any further 
discussions on the topic here, because that would be feeding the trolls.

					BB

Next message: 3APA3A: "Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)"
Previous message: Blue Boar: "Administrivia"
In reply to: Matt Conover: "Disorganization campaign"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 16:43:04 PST