[olug] luser trickery

Chris Garrity m0ntar3 at cox.net
Fri May 17 22:26:29 UTC 2002


Nothing happened to your system! If there's an unknown process running 
on a port on your computer, it was there before. The text message "Some 
Stupid exploit" just demonstrates at what point an exploit would be 
downloaded onto a local system.

If you look at the "src" tag in that page, you'll see the URI set to 
"file:///C:/" --- which under Windows (and IE) show you your C: drive. 
Some unwitting enduser, might, at this point, say, "OMG, anybody can see 
my drive!" and on impulse download a malevolent executable to do some 
damage; effectively shocking a person (because then don't stop to 
interpret what they're looking at) into hurting themself.

I admit a was a little confused about what I was looking at, at first. 
Then after thinking about it a second, I thought that Brian demonstrated 
something rather important, albeit novel.


Mark Martin wrote:

>Okay, Brian.  For those of us who were naive enough to trust you and followed 
>your link believing that you wouldn't risk damaging our systems and were 
>providing a link to a description of an exploit that we should avoid rather 
>than enticing us into compromising our systems with a cryptic "warning", 
>would you please explain what the (insert favorite expletive here) you have 
>done to our systems?  Galeon showed an almost completely blank page but I 
>found an uninvited server listening on the doom port (666) thereafter, which 
>I am guessing came from your exploit.  Do those of us who trusted you have to 
>waste more of our lives cleaning up after your joke?  Maybe the first 
>security lesson to learn from your message is not to trust you.
>
>Also, I'm guessing that "luser" is really "loser".  Ha, Ha.  I'm a loser.  
>Now, can you please tell us slower students what you did so we can stop 
>wasting our time and stop worrying about what nefarious code is covertly 
>running on our boxes?
>
>Mark
>
>On Friday 17 May 2002 07:00, Mark Martin wrote:
>  
>
>>Dear Brian,
>>
>>Does this URL point to a description of the exploit or an implementation of
>>the exploit?
>>
>>Mark
>>
>>On Wednesday 15 May 2002 23:08, Jonathan Warren wrote:
>>    
>>
>>>I just had to try it.  I got some stupid exploit on my box now.  :)
>>>
>>>On Wed, May 15, 2002 at 10:16:58PM -0500, Brian Roberson wrote:
>>>      
>>>
>>>>Sadly enough... people fall for this.. ( dont try it unless you are
>>>>running windoze )
>>>>
>>>>
>>>>http://olug.org/~roberson/windoze/stupid_trick1.php
>>>>        
>>>>
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
>For help contact olug-help at olug.org - run by ezmlm
>to unsubscribe, send mail to olug-unsubscribe at olug.org
>or `mail olug-unsubscribe at olug.org < /dev/null`
>(c)1998-2002 OLUG http://www.olug.org
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
>
>  
>



-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list