It's only a matter of time . . .

Jason plug-discuss@lists.PLUG.phoenix.az.us
Mon, 24 Sep 2001 21:08:08 +0000 

George Toft wrote:
> 
> On the one hand, to not anticipate the worst, leads to a lack of
> preparation, and the downstream effects can be enormous.  Effective
> anticipation requires discussion and OPEN review.  Security through
> obscurity is a fancy term for sticking your head in the sand - you
> can't see what's about to bite your behind.
> 
> I first envisioned a BIOS writing virus in 1995.  "Yeah right!" was
> the response.  CIH/Chernobyl Virus became a reality April 22, 1999.
> 
> In the beginning of 2000, I wrote to yahoo, hotmail, mail.com, and
> the qmail list about how to cycle mail traffic in an infinite,
> exponentially growing loop.  Yahoo told me it couldn't be done.  I
> accidentally did it to a QMail server and brought it down, despite
> the developer's assurance it could not happen as QMail has looping
> control.  Apparently, the looping control only takes effect as
> long as the mail doesn't leave the server.
> 
> And, no, I have not intentionally try to bring down yahoo et. al.,
> although I am certain my concept is valid.  Maybe we can discuss
> this in a non-googlable forum?
> 
> We, as White Hats, have a responsibility to share our knowledge
> so we can defend against the Black Hats.

True that. I crafted and verified workable a macro virus in 1991 that
circumvented ALL protection mechanisms available, including the
inteligent Symantec variant, even when set to paranoid, because it
resided entirely within the data space, and had absolutely NO system
code requirements.

The targets were HyperCard stacks on the Apple Macintosh. At the time,
the only HC viruses relied upon system resources. There were no script
viruses that infected the "home" page (which always gets run) and
resided entirely in script-space, stayed dormant, and attached
themselves to the "open" and "close" stack commands. I didnt widely
publicise this little thingy, and I never let it beyond the scope of
boxes I controlled. It was just that I was absolutely positive I could
create something that would expand beyond the scope of Symantic
Anti-Virus's supposed perfect paranoia "even protects hypercard
stacks" setting without popping up an alert.

I never published the code, nor do I have a copy. I did inform people
that it was possible. This happened when I was in high school, towards
the end. So it would have been 1990-1992. Its entirely clear to me
that SOMEONE at Microsoft should have forseen the potential for Macro
viruses.

I am currently of the believe that Microsoft deliberately is leaving
vulnerable machines all over the net for some larger purpose. I do not
know what that is. Speculation ranges from evolution of a .net
inteligence to simple corporate espionage...

-- 
jkenner @ mindspring . com__
I Support Linux:           _> _  _ |_  _  _     _|
Working Together To       <__(_||_)| )| `(_|(_)(_|
To Build A Better Future.       |                   <s>