George Toft wrote: > > On the one hand, to not anticipate the worst, leads to a lack of > preparation, and the downstream effects can be enormous. Effective > anticipation requires discussion and OPEN review. Security through > obscurity is a fancy term for sticking your head in the sand - you > can't see what's about to bite your behind. > > I first envisioned a BIOS writing virus in 1995. "Yeah right!" was > the response. CIH/Chernobyl Virus became a reality April 22, 1999. > > In the beginning of 2000, I wrote to yahoo, hotmail, mail.com, and > the qmail list about how to cycle mail traffic in an infinite, > exponentially growing loop. Yahoo told me it couldn't be done. I > accidentally did it to a QMail server and brought it down, despite > the developer's assurance it could not happen as QMail has looping > control. Apparently, the looping control only takes effect as > long as the mail doesn't leave the server. > > And, no, I have not intentionally try to bring down yahoo et. al., > although I am certain my concept is valid. Maybe we can discuss > this in a non-googlable forum? > > We, as White Hats, have a responsibility to share our knowledge > so we can defend against the Black Hats. True that. I crafted and verified workable a macro virus in 1991 that circumvented ALL protection mechanisms available, including the inteligent Symantec variant, even when set to paranoid, because it resided entirely within the data space, and had absolutely NO system code requirements. The targets were HyperCard stacks on the Apple Macintosh. At the time, the only HC viruses relied upon system resources. There were no script viruses that infected the "home" page (which always gets run) and resided entirely in script-space, stayed dormant, and attached themselves to the "open" and "close" stack commands. I didnt widely publicise this little thingy, and I never let it beyond the scope of boxes I controlled. It was just that I was absolutely positive I could create something that would expand beyond the scope of Symantic Anti-Virus's supposed perfect paranoia "even protects hypercard stacks" setting without popping up an alert. I never published the code, nor do I have a copy. I did inform people that it was possible. This happened when I was in high school, towards the end. So it would have been 1990-1992. Its entirely clear to me that SOMEONE at Microsoft should have forseen the potential for Macro viruses. I am currently of the believe that Microsoft deliberately is leaving vulnerable machines all over the net for some larger purpose. I do not know what that is. Speculation ranges from evolution of a .net inteligence to simple corporate espionage... -- jkenner @ mindspring . com__ I Support Linux: _> _ _ |_ _ _ _| Working Together To <__(_||_)| )| `(_|(_)(_| To Build A Better Future. |