On Tue, 26 Feb 2002, Matt Conover wrote: > It appears that there is an intentional effort to give out false and > misleading information to confuse people. Consider that in the last two > weeks alone, there has been a fake snmp exploit from zen (which he says he > didn't send), a fake (or really old) w00w00 exploit, fake TESO cowboy > exploit, and several different rumors of vulnerabilities in apache and > php. It's hard to know what's accurate and what isn't. In some cases > (i.e., the fake zen snmp exploit), it is actually cause harm to the person > running the exploit. I think that was the point. It would appear the > intention is to confuse hackers and script kiddies so that they cannot > tell the difference between what is and isn't real. This will obviously > slow efforts in harvesting new exploits, because a hacker or script kiddie > would have to sort through which new exploits are and aren't real. That is clearly the case. We've had fake exploits here in the past, and likely will in the future. Currently, it happens infrequently. As I've said several times in the past, readers of the list must always treat code posted with suspicion. In general, I don't look too hard at code posted here, though I have refused obvious trojans on several occasions. If it gets to an unreasonable level, I'll simply have to examine every bit of code more carefully before I allow it. > this part of the campaign to be somewhat honorable. However, I think > another part of the campaign is to make the sources of security > information (i.e., BugTraq and Vuln-Dev) untrustable, and that I disagree > with. I'm aware that there is an active campaign to do exactly that by a handful of people. Again, I have blocked some of the attempts in the past, while no doubt some of them have gotten through. The group that I am aware of is collapsing in on itself, much like a defacement group will eventually break apart. It is very much a case of ignore them, and they will go away. I don't want to have any further discussions on the topic here, because that would be feeding the trolls. BB
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 16:43:04 PST