[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Multiple 0-days in Dark Comet RAT

To: Philip Whitehouse <philip@xxxxxxxxx>
Subject: Re: [Full-disclosure] Multiple 0-days in Dark Comet RAT
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2012 14:06:06 -0700

It's InfoSec. Nothing has any meaning anymore.  Or, better stated, things means 
whatever people want them to mean in order to forward their agenda.  When we 
talked about full disclosure a while back, somebody said I was "jaded" as if it 
meant I had "clouded judgement."  They were actually right though, as jaded" 
means "negative by way of experience."  

I remember when people started using metrics like "moderately critical" to 
describe their [what they called] 0-day XSS vulnerability for some ancient CRM 
package. That way they get to say they published 14,000 0-days on their 
marketing material. 

Some dude recently posted on a professional list how he routinely cracks the 
NTLMv2 hashes for 10,000 users in 36 hours with rainbow tables.  Of course 
every single part of the statement is complete BS but no one (except me) even 
blinked. 

People talk about how stupid users are, but I think the people in the industry 
are far worse. 

Sent from whatever device will keep us from debating which one is better.

On Oct 9, 2012, at 9:59 AM, Philip Whitehouse <philip@xxxxxxxxx> wrote:

> Does 0-day have any meaning any more? It used to mean there were exploits in 
> the wild used to cause damage before the vendor patched it not merely that a 
> security researcher found it and disclosed it to the public before the vendor 
> did.
> 
> If a 0 day is everything found by a security team before a vendor then the 
> term will loose all purpose and meaning because almost all work done by such 
> researchers is finding vulns. before the vendor.
> 
> End rant.
> 
> Philip Whitehouse
> 
> On 8 Oct 2012, at 21:33, "Hertz, Jesse" <jesse_hertz@xxxxxxxxx> wrote:
> 
>> SQL Injection and Arbitrary File Access present in Command and Control 
>> server of DarkComet RAT
>> 
>> for more info see:
>> http://matasano.com/research/PEST-CONTROL.pdf
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Multiple 0-days in Dark Comet RAT
  - From: Hertz, Jesse
- Re: [Full-disclosure] Multiple 0-days in Dark Comet RAT
  - From: Philip Whitehouse

Prev by Date: [Full-disclosure] binfmt_script kernel stack data disclosure during exec
Next by Date: [Full-disclosure] FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010
Previous by thread: Re: [Full-disclosure] Multiple 0-days in Dark Comet RAT
Next by thread: Re: [Full-disclosure] Multiple 0-days in Dark Comet RAT
Index(es):
- Date
- Thread