[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apache Killer
- To: root <root_@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Apache Killer
- From: Dan Kaminsky <dan@xxxxxxxxxxx>
- Date: Wed, 24 Aug 2011 23:42:05 -0700
On Wed, Aug 24, 2011 at 10:52 PM, root <root_@xxxxxxxxxxxxxxx> wrote:
>
> > Seriously. This is Zalewski we're talking about. If you've extended his
> > work, you're doing something right.
>
>
> Or perhaps, not. Respectfully, fuck this elitist bullshit.
> I'm sure you and your friend are good hard-working guys. But you should
> not be the focus of every press release, specially if you didn't find
> the damn bug.
>
>
OK, so I looked into it.
Zalewski's stuff in 2007 was about bandwidth amplification -- with a few
requests, you could get a server to send you a truly enormous amount of
data. Kingcope's attack shares the same vector (multiple range requests)
but uses it entirely differently, not as a drain of bandwidth on the client
but against memory on the server. Different DoS, same buggy code.
Think of it like memory corruption -- in one person's hands, the daemon
simply crashes. In another's, a reverse shell is born.
I don't think the press has made Zalewski the focus, though. I looked at
the various articles on Google News; here's the distribution of credit I
see:
Register: Credits both Kingcope and Zalewski by name
Computerworld: Credits both Kingcope and Zalewski by name
LWN/Apache: Credits neither, but links to Kingcope's post directly
H-Online: Credits neither, but links to Kingcope's post directly
ZDNet: Credits neither, but links to Kingcope's post directly
Slashdot: Links to Kingcope's post directly, credits Zalewski by name
CRN: Credits Kingcope exclusively
For the record, it's a solid find.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/