[Dshield] WMF - SETABORTPROC alarms
Timothy A. Holmes
tholmes at mcaschool.net
Thu Jan 5 16:06:14 GMT 2006
> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Fielder, Wayne (CPE)
> Sent: Tuesday, January 03, 2006 1:50 PM
> To: 'General DShield Discussion List'; bschnzl at cotse.net
> Subject: Re: [Dshield] WMF - SETABORTPROC alarms
> A couple things really jumped out at me in Mr. Scherr's note, the idea
> "safe computing" might mitigate this and the idea that propogation
> serious issue with this thing.
> First, on Safe Computing Mr. Truitt hits the packet on the header, not
> everyone has or does practice perfect standards all the time. I would
> that everyone one of us has a machine or two that we would LOVE to
> up but because of policy, business case, or personalities we simply
> and that machine is watched like a hawk. It may be that machine or
> our Road Warriors that brings this "visitor" into our networks.
> The idea of following "Best Practices" is the ideal and one worth
> Unfortunately most of us can't reach that golden ring all the time.
> Second, the propogation of this thing could explode at any minute. As
> coding anything, it's an exercise in lego building. We take a piece
> and a piece of that to make what we want. Vx coders are no different
> can almost hear the keystrokes as I type this. What we have seen up
> now is the same PoC with different shell code. Metasploit is a
> tool and soon someone will come up with the shell to transport this
> This vulnerability is just screaming for a reliable transport agent.
> betting on one of the IM applications as the primary target with email
> attachments(the bane of everyone's existence) a close second.
> Wayne Fielder GSECG, GCIHG
> Join the Plain Text Email Campaign!
[Timothy A. Holmes]
In all honesty, the threat that scares me to death right now is not so
much e-mail or IM, but the possibility of hacked web servers hosting the
infected file, and triggering every time someone views the file (like a
web page banner)
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
More information about the list