w00w00 recommends spyware with backdoors
From: Russ (Russ.Cooper@RC.ON.CA)Date: 01/09/02
- Previous message: Mark Wiater: "PGP 7.0 Outlook Plug-in flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jan 2002 02:01:18 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
A group claiming to be a "Security Team" recommended recently, in their AIM advisory, the use of a piece of software which they have now publicly acknowledged was full of spyware and backdoors.
Jordan Ritter <jpr5@darkridge.com>, speaking for himself and the w00w00 "Security Team" said, in a message posted to SecurityFocus' Bugtraq mailing list on 1/8/2002;
"It has recently come to our attention that AIM Filter, which we recommended as an appropriate temporary solution for the AIM buffer overflows we published, actually contains backdoors and spyware. This became obvious when the source was released on January 5th, 2002."
Interestingly, Karl Levinson <klevinson@chesapeakecapital.com> reported to me and the NTBugtraq list on 1/2/2002 (in a message I didn't put through to the list) the very same thing. Seems that w00w00 took 6 days to figure out what Karl found out in a few hours or less (from another website). I chose not to put the message through because I felt the risk of such software/recommendation should have been obvious to NTBugtraq readers.
Jordan, in the same Bugtraq post, goes on to say;
"We only took the time to verify that it blocked the attack, since an analysis of AIM filter wasn't our priority."
Clearly their priority wasn't to protect the people they were sending the advisory to, but just to get the advisory out (they were quoted in the press as saying the advisory went out when it did because it was some sort of anniversary for w00w00.)
When I saw the message Jordan sent to Bugtraq today, I emailed him and asked if he would mind sending the message to NTBugtraq. I prefer to have such messages come from their original authors, especially when there are corrections or admissions of mistakes. Jordan's response was;
----
"Russ,
I'm sorry, but we (w00w00) collectively do not feel that your
forum or history of moderation reflects well on the industry. We
respectfully decline posting to your forum.
You're certainly free to do with the advisory as you wish..
Cheers,
--jordan and the w00w00 Security Team"
----
Presumably my comments to the media over the AIM exploit disclosure stung them for some reason. They didn't mind posting before the press asked me what I thought of the AIM Advisory.
Judge for yourselves what reflects well on the industry.
In future I'll report any valid w00w00 discoveries as summaries, thereby avoiding the possibility that they recommend spyware backdoor'd hacker tools as security filter mechanisms again.
You should, as always, carefully consider the use of any tools/sites/etc recommended in messages posted to NTBugtraq.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
"Oh to be a kid again and not be responsible to anyone..."
======================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
======================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
======================================
- Previous message: Mark Wiater: "PGP 7.0 Outlook Plug-in flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
