Re: New article on SecurityFocus

From: Socrates (socrates@newsguy.com)
Date: Fri Jan 06 2006 - 14:13:14 EST


What about a trojaned avatar for your username in a forum? How about a
malicious iframe inclusion in HTML enabled forums?

Brady McClenon wrote:
> Just curious. I hear media reports and people saying that there's
> hundreds or thousands of compromised web site from this, but I have ask
> where these numbers come from? Where is this data, or is it pure
> speculation? I'm also curious how one could compromise a web server
> with this exploit. Putting files on a web server to dole out and
> compromise other computers I can see, but is the web server really
> compromised in this case? If so, was it by way of the WMF exploit?
>
> One last question: Has anyone here experienced or know anyone that has
> a "legitimate" web server compromised (or serving out) by the WMF
> exploit. I'm trying to determine if there are those with actual
> knowledge that the sky is indeed falling, or if we are all shaking over
> unsubstantiated media hype.
>
>
>
>>-----Original Message-----
>>From: Drew Simonis [mailto:simonis@myself.com]
>>Sent: Friday, January 06, 2006 10:22 AM
>>To: Thor (Hammer of God); Erin Carroll; pen-test@securityfocus.com
>>Cc: Larry Seltzer; focus-ms@securityfocus.com
>>Subject: Re: New article on SecurityFocus
>>
>>
>>>Overall, I think community's coverage of wmf has been delivered
>>>with an ounce of perception, and a pound of obscurity. It's almost
>>>as if people *want* it to be worse than it is. I'm not surprised,
>>>of course. But regardless, my call is that we'll see a little
>>>activity here and there, the patch will come out, most will install
>>>it (or have it installed automatically) and the whole issue will
>>>fade away. But that's all.
>>>
>>>We'll know for sure shortly, either way.
>>>
>>
>>Thor,
>>I think your path of thought is stuck a bit in the past.
>>Worms are neat as a technical exercise, but we see more and
>>more that the attackers are increasingly aware of the value
>>of these vulnerabilities from a financial perspective, not
>>merely for notoriety. As such, it benefits the attacker to
>>have a less subtle attack, one that does not sensationalize
>>the vulnerability. Complacency is their ally.
>>
>>That said, there are already numerous (hundreds+)
>>"legitimate" web sites that have been compromised and had
>>exploit images injected into their content. There are also
>>already hundreds of thousands of machines that have been
>>infected with Trojans or bots. These infected machines will
>>patch, but they won't be safe, and the problem gets worse.
>>
>>So no, there won't be some catastrophic worm event. But I
>>posit that what there will be could be much worse.
>>
>>--
>>___________________________________________________
>>Play 100s of games for FREE! http://games.mail.com/
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:19 EDT