Re: [Fwd: Re: AIM Password theft]
From: Thor Larholm (thor_at_PIVX.COM)
Date: 09/24/03
- Previous message: Jeffrey Thomas: "Re: Windows 2000 server issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Sep 2003 12:57:30 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Don't you just hate it when your bad predictions turn out true? At least 200
people that subscribe to the list did not see that post, and that is just the
people whose malfunctioning antivirus actively bounce the message and whose
bounces were not caught by my mailserver filters.
"Antigen found VIRUS= Exploit-ObjectData (NAI) virus", "ALERT - GroupShield",
"TFS Virus Alert" - the list goes on and on.
Seriously, if you are going to subscribe to a SECURITY mailinglist you will have
to expect that exploit code, proof-of-concepts and code snippets thereof are
posted to the list from time to time. I honestly believe that this should be a
very valid reason for a forced unsubscribe by the list administrator, just as
OutOfOffice bounces are, and would recommend to include a tiny POC in any troll
bounce-trigger message the administrator sends out.
Add to the fact that there was actually NO exploit code, or even functional
HTML, in the post and you only intensify the problem by continuing to use
antivirus which simply do NOT work, adding to your sense of false security.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities
-----Original Message-----
From: Thor Larholm
Sent: Tue 9/23/2003 2:05 PM
To: Mark Coleman; bugtraq@securityfocus.org
Subject: RE: [Fwd: Re: AIM Password theft]
<snip>
Now, if any mind-boggling lame antivirus system shouts back at me for
repeating GM#001 or the Object Data HTTP header, I reserve the right to
mail your system administrator and notify him of his malfunctioning
software.
---- Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER! With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. And now, for a limited time, you can save 33% off of the TICSA certification exam! To learn more about the TICSA certification, and to register as a TICSA candidate online, just go to http://www.trusecure.com/offer/s0100/ ----
- Previous message: Jeffrey Thomas: "Re: Windows 2000 server issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
