-
September 20th, 2001, 04:35 PM
#1
Member
Security Specialists: Volation
Recently, on a popular security awareness mailing list, Carolyn Meinel, author of "The Happy Hacker blah blah blah", was responsible for a post of supposed full disclosure information on wuftpd version 2.6.1. This post included a bit of seemlying harmless code that was actually a malicious rm -rf ~/* code.
Seeing Carolyn's place in the security field, and her experience, would one have trusted code that was released by her?
Well, I did. I did check over the C source, it looked good, pushing large amounts of data into the USER variable of the FTP daemon, typical buffer overflow.
So, I compiled it, and ran it as per the "usage" instructions in the header, and low and behold, I get rm: responses of not being able to delete certain things in my directory. Interesting.
I go open the code, and poof, it's gone as is everything in that directory that wasn't owned by root.
The malicious bit of code was int eh shellcode of the buffer over. As I sit now, I regret not taking that assembly language class, but that is here nor there..
My question to you all is, is this ethical? Should this be allowed? Would this tarnish the reputation of a once, supposed, respectable security specialist? Should this be thought of as a "lesson to script kiddies" ( which I am not )? OR thought of as a violation of the "full disclosure" and open source idea? The idea of being able to share information without fear for the advancement of knowledge, isn't that why we're all here.
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
-
September 20th, 2001, 05:01 PM
#2
Ok. That's just assinine. What kind of security expert has you delete your own home directory?? What if you were doing this on a home system logged in as root? Now, you shouldn't be but some people do out of habit. Some systems have / as the home directory of root while others have a home directory of /root. If it's the first option, then the whole system gets erased.
Very bad IMHO.
Goofiness if you ask me. I wouldn't trust her judgement and based on reviews I've seen on her books, I'd take a lot of what she says with a huge grain of salt.
No one is perfect mind you but one doesn't have people remove their directories without adding lines (remark lines) as to the purpose of this removal.
-
September 21st, 2001, 12:26 AM
#3
Junior Member
well...
was the asm code specifically designed to take out your home directory, or was it aimed at removing the entire HD? if it was aimed at the HD and you ran it as a non-root user then only your home directory would have been deleted, but if you ran it as root and it only killed your home directory then it's slightly less harmless. I'm just curious as to how much damage she wanted to cause....
-
September 21st, 2001, 01:38 AM
#4
A little bit TOO happy of a hacker....
I read many of the hh's gtmhh, and I had, for a while, come to respect meinel. Not any more. I recieved the same e-mail, but I never got around to compiling the code. I'm glad that I had too many other things to do. I no longer have any respect for meinel. The whole thing would be some-what okay if she had put a disclaimer in there or something. I hope the damage to your computer wasn't too bad.
I know you\'re out there. I can feel you now. I know that you\'re afraid. You\'re afraid of us. You\'re afraid of change. I don\'t know the future. I didn\'t come here to tell you how this is going to end. I came here to tell you how it\'s going to begin. I\'m going to hang up this phone, and then I\'m going to show these people what you don\'t want them to see. I\'m going to show them a world without you, a world without rules and controls, without borders or boundaries. A world where anything is possible. Where we go from there is a choice I leave to you.
-
September 21st, 2001, 06:29 AM
#5
Member
Afte rit had happend, I inspected the code closer.. It was intentional that it did what it did. There was misleading information, and outright lies. She knew what it was. There was no excuse or reason.
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
-
September 21st, 2001, 06:54 AM
#6
But why would she give up her reputation as a newbie's friend to do that? It doesn't quite click together in my head...
I know you\'re out there. I can feel you now. I know that you\'re afraid. You\'re afraid of us. You\'re afraid of change. I don\'t know the future. I didn\'t come here to tell you how this is going to end. I came here to tell you how it\'s going to begin. I\'m going to hang up this phone, and then I\'m going to show these people what you don\'t want them to see. I\'m going to show them a world without you, a world without rules and controls, without borders or boundaries. A world where anything is possible. Where we go from there is a choice I leave to you.
-
September 21st, 2001, 05:50 PM
#7
If she is a "newbie" friend the only possible logical reasoning is that she didn't write the code herself, didn't look at it and just passed it on.
Jparker however did do one mistake that we all do: made an assumption and didn't look at the code. No matter who you get code or tools from, examine them first before utilizing them.
-
September 22nd, 2001, 02:36 AM
#8
Member
Ya.. I suck. :-/ I just glanced over it and it looked workable. OH well, we've all learned a lesson.. Not to mention, there was an article written about it!
http://www.newsbytes.com/news/01/170392.html
Carolyn seems to be telling people that SHE was "hacked" and that her webserver AND e-mail server were violated.. Right..
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
-
September 22nd, 2001, 05:20 AM
#9
heh
Carolyn Meinel...working with a computer forensics expert to find out who the perpetrators were.
Thats like when OJ said he was hunting down the "real" killers.
if she is l33t enough to write a damn book.....she should be able to find out who broke into her box. lame ass wench.
alas...she beat me to it...although I wouldn't have rm ~/* 'd you parker
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
September 29th, 2001, 05:35 AM
#10
Junior Member
Paranoia is a good thing
Trust no one
Trust no one
Trust no one
Jesus you people are trusting. Be paranoid. I don't compile or run anything i get on a Email, I don't care if god sent me an email saying run this attachment and you'll go to heven. It's hard to surprise someone who thinks their out to get him.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|