On the one hand, to not anticipate the worst, leads to a lack of preparation, and the downstream effects can be enormous. Effective anticipation requires discussion and OPEN review. Security through obscurity is a fancy term for sticking your head in the sand - you can't see what's about to bite your behind. I first envisioned a BIOS writing virus in 1995. "Yeah right!" was the response. CIH/Chernobyl Virus became a reality April 22, 1999. In the beginning of 2000, I wrote to yahoo, hotmail, mail.com, and the qmail list about how to cycle mail traffic in an infinite, exponentially growing loop. Yahoo told me it couldn't be done. I accidentally did it to a QMail server and brought it down, despite the developer's assurance it could not happen as QMail has looping control. Apparently, the looping control only takes effect as long as the mail doesn't leave the server. And, no, I have not intentionally try to bring down yahoo et. al., although I am certain my concept is valid. Maybe we can discuss this in a non-googlable forum? We, as White Hats, have a responsibility to share our knowledge so we can defend against the Black Hats. George "John (EBo) David" wrote: > > George Toft wrote: > > > > ... > > > > Now, let's see how long it takes some miscrant to combine this > > infection method with a BIOS nuker (CIH Virus), a monitor killer > > (one that monkeys with the H & V refresh settings), and is written > > in 100% assembly so it runs under Linux also (W32.Winux). This > > will result in something that kills your monitor ($$$), cannot be > > easily removed by the average person without buying a new MOBO ($$$), > > and spreads to everything. With 200,000 people replacing their > > computers and monitors, it should jumpstart the economy, right? > > > > *This* would make nimda look wimpy. > > ummm... guys. Let's not dream up worser things here. If the > originators of CR, NIMBA, or simililar viri/worms hears about it they > just might do it. > > Let's not GIVE THEM IDEAS! > > EBo -- > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss