[olug] luser trickery

[Chris Garrity]

It's a good example of why large organizations don't (or shouldn't) 
allow Joe and Jane Enduser to have unlimited permissions on their 
desktops, and why it's good not to operate as "root" in Unix. "One slip, 
and down the hole you fall ... takes no time at all." (Ref. "Shooting 
Yourself in the Foot").

% ls
foo.o foo.c
% rm * .o
% ls
No such file or directory

Chris Garrity wrote:

> Nothing happened to your system! If there's an unknown process running 
> on a port on your computer, it was there before. The text message 
> "Some Stupid exploit" just demonstrates at what point an exploit would 
> be downloaded onto a local system.
>
> If you look at the "src" tag in that page, you'll see the URI set to 
> "file:///C:/" --- which under Windows (and IE) show you your C: drive. 
> Some unwitting enduser, might, at this point, say, "OMG, anybody can 
> see my drive!" and on impulse download a malevolent executable to do 
> some damage; effectively shocking a person (because then don't stop to 
> interpret what they're looking at) into hurting themself.
>
> I admit a was a little confused about what I was looking at, at first. 
> Then after thinking about it a second, I thought that Brian 
> demonstrated something rather important, albeit novel.
>
>
> Mark Martin wrote:
>
>> Okay, Brian.  For those of us who were naive enough to trust you and 
>> followed your link believing that you wouldn't risk damaging our 
>> systems and were providing a link to a description of an exploit that 
>> we should avoid rather than enticing us into compromising our systems 
>> with a cryptic "warning", would you please explain what the (insert 
>> favorite expletive here) you have done to our systems?  Galeon showed 
>> an almost completely blank page but I found an uninvited server 
>> listening on the doom port (666) thereafter, which I am guessing came 
>> from your exploit.  Do those of us who trusted you have to waste more 
>> of our lives cleaning up after your joke?  Maybe the first security 
>> lesson to learn from your message is not to trust you.
>>
>> Also, I'm guessing that "luser" is really "loser".  Ha, Ha.  I'm a 
>> loser.  Now, can you please tell us slower students what you did so 
>> we can stop wasting our time and stop worrying about what nefarious 
>> code is covertly running on our boxes?
>>
>> Mark
>>
>> On Friday 17 May 2002 07:00, Mark Martin wrote:
>>  
>>
>>> Dear Brian,
>>>
>>> Does this URL point to a description of the exploit or an 
>>> implementation of
>>> the exploit?
>>>
>>> Mark
>>>
>>> On Wednesday 15 May 2002 23:08, Jonathan Warren wrote:
>>>   
>>>
>>>> I just had to try it.  I got some stupid exploit on my box now.  :)
>>>>
>>>> On Wed, May 15, 2002 at 10:16:58PM -0500, Brian Roberson wrote:
>>>>     
>>>>
>>>>> Sadly enough... people fall for this.. ( dont try it unless you are
>>>>> running windoze )
>>>>>
>>>>>
>>>>> http://olug.org/~roberson/windoze/stupid_trick1.php
>>>>>       
>>>>
>>
>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>>
>> For help contact olug-help at olug.org - run by ezmlm
>> to unsubscribe, send mail to olug-unsubscribe at olug.org
>> or `mail olug-unsubscribe at olug.org < /dev/null`
>> (c)1998-2002 OLUG http://www.olug.org
>>
>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>>
>>
>>  
>>
>
>
>
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
> For help contact olug-help at olug.org - run by ezmlm
> to unsubscribe, send mail to olug-unsubscribe at olug.org
> or `mail olug-unsubscribe at olug.org < /dev/null`
> (c)1998-2002 OLUG http://www.olug.org
>
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
>



-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_