How Linux will destroy the Internet

sexion8

sprkymrk wrote:

Okay, sounds good. But what is this script and how do you get it on the computer in the first place? I'm talking about the original script that parses the other files.... to create a script that runs in the /tmp? And if it can't find all the words necessary to create your script?

I won't argue either of those points.

Glad you asked... Its all browser based off of yet another concept... (That concept is proven too btw...)


http://www.securityfocus.com/archive/1/466175/30/180/threaded
http://www.infiltrated.net/index.php?id=news&do=2&item=8
http://www.securityfocus.com/archive/1/466017/30/30/threaded
http://www.infiltrated.net/exploder.java.txt (theory... pseudo proven... I won't publicize this portion)

keatron

Guys let's keep some things in mind. First of all there are literally HUNDREDS of undetectable rootkits in the wild for Windows and Linux based platforms. The ones we read about on security vulnerability sites are really nothing more than proof of concept versions of what most "smart" criminals are actually using. Just like we're familiar with 0day, which is a vulnerability that the finder has not released publically, there's also "unknown" rootkits or similar creations. I've been involved in no less than 50 cases where I was an expert witness or on a prosecuting team, and when we're talking big time compromises and big time crimes, there's stuff floating around that would give most people a headache trying to figure out how it works and the implications (i suffer from many of those as it is often my role to describe a) how the malicous piece of code works, b) how it violates any state, national, or international laws which include but are not limited to copyright laws, wire fraud acts, wire tapping laws, trade laws, export laws, and the list goes on and on and on. We also have to keep in mind that there are people who work 7 days a week creating rootkits and the like for various platforms (Windows and *Nix is the scratch of the surface). They do this in certain circles and launch attacks daily that for the most part are never disclosed to the general public. I have several clients who's workstations are re-imaged nightly, so unless you manage to get to the image servers (which are in most cases protected better than fort knox), and infect the images with your kit, then it doesn't matter where in the kernel you put it, it will be dev\null'd before sunrise.

Rootkits are still plentiful and still make a formadble advesary to most admins.

Also, I'm not quite sure I understand your point sexion8....

"That's actually a shame considering you supposedly have your CISSP. Funny thing is, I've been dealing with people with certs for over 12 years now and have sparred with the best right on down to IETF, IEEE, SAGE Engineers, and I have no problem explaining the concepts, theories and proving them. I'd hate to have a one sided thinker in my company. "A cert does not make an expert" words to live by told to me by a Columbia Professor"

I fail to see how that has anything to do with the discussion. The primary goal of this site is to assist people who are working to obtain various certifications, hence the name "Techexams.net". Your comment is just as inappropriate or as you put it "one sided" as someone thinking that a person lacks knowledge because they DON'T have certifications. In other words, we wouldn't take kindly to someone attacking you because you don't have certifications listed in your profile, and in the same spirit, we don't take kindly to you attacking someone who has a cert. If you have a bias against people with certs, then you're probably in the wrong place. And even if you choose to express that bias, you can certainly do it without personally attacking a fellow member. While you are correct in quoting "a cert does not make an expert", however neither does "dealing" with people with certs.

You have all presented interesting points of view, so let's keep it clean and keep em comin.

Keatron.