>
> sgcccdc @
citec .
qld .
gov .
au wrote:
>
> > > It seems that there are a very small number of crackers out there who
> > > are actually writing significant new code; unfortunately for us, some
> > > of them are very talented. The majority of them are running code they
> > > got from somebody else, with little or no understanding of what it
> > > does or how it works.
> >
> > If this last statement is really true, why aren't the `good guys' planting
> > trojaned (sp?) sniffers or {cr,h}acking software on the BBS's or whatever
> > so that as the bad guys get to work, the good guys get notified by mail or
> > whatever?
> >
> > Even the thought that every time they pick something up means they MAY be
> > notifying the good guys may cause the bad guys to think twice or at least
> > make it hard to sustain attacks from a single host. Plant the seeds of
> > doubt. We (good guys :-) are paranoid, why shouldn't they (bad guys) be?
>
> This is a terribly interesting idea. hehe... I *really* like this one.
>
> Of course, this begs several questions:
> (1) What are the legal rammifications of such activity? If I were
> to write a trojan cracking tool, would I be able to be accused
> of criminal activity, even though I'm really a good guy?
It is never illegal to write anytype of software. But things like viruses
and cracking tools are only illegal when trying to spread the viruses or
apply the cracking tools illegally.
> (2) A number of us no doubt lurk in bad guy hangouts already, but
> how would we be able to propogate trojan cracking tools in the
> intruder community? It stands to reason that someone who knows
> what he's doing will examine the code at some point, understand
> what is happening, and spread the word... Maybe binary-only
> distribution?
Chances are, if you are perceived as anytype of security expert or know new
security vulnerabilities, you got more than just yourself reading your mail.
:) But probably most bad guys get their info from the same places you get
yours. For example, whenever that sendmail exploiting script was posted to
Firewalls, Brent mentioned that CERT had said that numerous reports of
sendmail attacks immediately followed within 2 hours of the posting, so I
assume not everyone on this list is a good guy.
> (3) Is anyone really interested in doing such a thing (assuming
> that such a thing won't get the author jailed)?
Sure. Below follows a new tool to get past ANY and ALL Firewalls.
Just cut and compile the following program:
---begin cut here----
/* An elite firewall hole vulnerability that gets you passed everything
and immediately gives you root shell on the host specified
This was written by Christopher Klaus and not to be used by Bad Guys */
main()
{
printf("\nFirewall Hole. Usage: firebug.exe hostname.\n);
system("echo Im an Evil Intruder, Arrest me | mail cert @
cert .
org");
}
---end cut here-----
--
Christopher William Klaus <cklaus @
shadow .
net> <iss @
shadow .
net>
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.
References:
|
|
