[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]
From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
Date: Thu, 15 Dec 2005 19:06:40 -0000

Valdis.Kletnieks@xxxxxx wrote in 
news:200512151842.jBFIgnLu012104@xxxxxxxxxxxxxxxxxxxxxxx
On Wed, 14 Dec 2005 16:27:57 PST, Geoff Shively said:
>> In the attacks, Paller said, the perpetrators "were in and out with no
>> keystroke errors and left no fingerprints, and created a backdoor in less
>> than 30 minutes. How can this be done by anyone other than a military
>> organization?"
>> [/snip]
>>
>> Yes, it must have been military, becuase they rooted the box in under 30
>> minutes, BAH!
>
>On the other hand, let's think about this for a moment.  They weren't *IN*
>in 30 minutes, they were *IN AND OUT* in 30 minutes.
>
>Sure, *anybody* can just r00t a box and leave a backdoor in 30 seconds. 
>But
>that doesn't actually *accomplish* anything

  Your argument here isn't addressing the issue.  We're tackling the false 
assumption that "anyone other than a military organization" *could* do this. 
You're tackling the issue of whether anyone other than a military 
organization *would* do it.

  I agree with Geoff: it's a massive and essentially fraudulent 
extrapolation to go from "in and out in 30 minutes" and "didn't make typos" 
to "must have been done by a military organisation", because neither of 
those things are things that only military organisations can do.

>You hack into a big Oracle server. You're sitting there looking at a '#'
>prompt. *NOW* what do you do?

>You hack into a file server.  You're sitting there looking at a '#' prompt.
>*NOW* what do you do?

  As it suggests in the article, I don't do anything except create a 
backdoor and leave.  Then I can come back at my leisure, perhaps repeatedly 
over a long period, taking my time to see what's on the filing system and 
making as many un-logged typos as I wish.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers]
  - From: Geoff Shively
- Re: [Full-disclosure] Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers]
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] TPM - will it work as pushed to the public?
Next by Date: Re: [Full-disclosure] Fwd: WSLabs, Phishing Alert: Internal Revenue (FAO Todd Towles)
Previous by thread: Re: [Full-disclosure] Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers]
Next by thread: [Full-disclosure] Symlink attack techniques
Index(es):
- Date
- Thread