Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Facebook seems to think my Arch Linux box has malware on it
From: James Condron <james () zero-internet org uk>
Date: Fri, 20 Jan 2012 23:10:04 +0000

Yeah, you really weren't, you were telling us how you would have handled it, with all the buzzwords and terms you could 
have thought of.

Hell, I'm surprised you didn't manage to get the word 'synergy' in there.

" I would do a dns lookup and then compare those results to that of a public web service, and save the links for the 
AVs to check if they have any malicious history associated with them."

Reads like s bad Hollywood script

"First I would ping the phone number and see if I could telnet to the ICMP, then get the PTR of the MAC address and use 
an ARP overflow and spoof the TTL of the Window Size and..." (etc. etc.)

What are you suggesting; take a look at where the request is coming from and make a decision based on that whether the 
software is being punted by facebook or a third party?

Fine- just say that; make your suggestion and get on with your life. Its a little trite as advice goes, but if thats 
all you can contribute then go for it.

Coming in with your Marky-Mark talk of "First I'd get the first hijacker and use his head to kill the second hijacker 
and then I'd be all like 'yeah, lets land the plane here- let me drive'" is not very helpful

On 20 Jan 2012, at 22:37, Gage Bystrom wrote:

What the hell are you talking about? I was just giving some advice on how he could check if it was legit or not if it 
happens again.

What crawled up your ass and died this morning?

On Jan 20, 2012 2:21 PM, <james () zero-internet org uk> wrote:
You should tell us what you would have done had you been on one of the hijacked sept 11 planes.

Bet things would have gone down different then, amiright?

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Gage Bystrom <themadichib0d () gmail com>
Sender: full-disclosure-bounces () lists grok org uk
Date: Fri, 20 Jan 2012 13:29:01
To: Wesley Kerfoot<wjak56 () gmail com>; full-disclosure () lists grok org uk<full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Facebook seems to think my Arch Linux box has
 malware on it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault