>This post raises an interesting question. Is our goal to find new >vulnerabilities and attack vectors to help secure users and critical >infrastructures, or is our goal to ease exploitation of existing >vulnerabilities? Interesting viewpoint from someone who willfully published code that caused a worm to spread (and infact admitted to that he expected no less) and I quote http://www.pcworld.com/news/article/0,aid,84324,00.asp "The worm is a modified version of our example code. We never intended for anybody to copy the code, although we kind of expected it would happen," said Thor Larholm, one of the two Europeans who demonstrated how specially crafted code on a Web page could take over MSN Messenger. "We published the example to put pressure on Microsoft to patch vulnerabilities that they are fully aware of." >There are no new vulnerabilities or techniques highlighted in this >attack (which is what it is), >just a combination of several already >known vulnerabilities. This is not a proof-of-concept designed to >highlight how a particular vulnerability works, Untrue , normally content accessed in the temporary internet files folder is in the restricted zone Liu pointed out that this can be bypassed. this is the new and crucial ingredient in the mix without it, one would not be able to exploit this in this fashion >but an exploit designed >specifically to compromise your machine. All a malicious viruswriter has >to do is exchange the EXE file. >Believe me, I am all in for full disclosure and detailing every aspect >of a vulnerability to prevent future occurances of similar threats, but >I don't particularly think that we should actively be trying to help >malicious persons. There are many reasons imaginable why you want to do this - It proofs the relevance of liu's cache exploit - There are workarounds for some issues, many might not bother applying them because they dismiss it as not being important enough to bother - One vulnerability used in this is *OVER 2 YEARS OLD* microsoft bloody well needs to wake up and smell the coffee, putting some pressure on them is just what is needed - If liu can do it theres a big chance that somewhere someone can do the same, you could get hacked without knowing about it, I prefer to know whats out there so I can take countermeasures - He obviously takes great pride in his work, you can see he worked long and hard at it, six steps thats quite a feat, working past every obstactle there's a lot of stuff going on that researchers can look at and learn from - It may give him the media attention to land a job much, which he seems to be seeking, it's a proven concept, you did get your job over at pivx after publishing the wormcode -----Original Message----- From: Liu Die Yu [mailto:liudieyuinchina@yahoo.com.cn] Sent: Wednesday, November 05, 2003 2:35 AM To: bugtraq@securityfocus.com Subject: Six Step IE Remote Compromise Cache Attack Snip http://www.securityfocus.com/archive/1/343464/2003-11-02/2003-11-08/0
