Vulnerability Development: Gibson (was Crack Office XP)

[Fenris () HammerofGod com]

>... just wanted to add my 2 cents:

>folks,
>regardless whether any progy/os is crackable or not (btw please add
>office-xp to the list)
>what I find incredible and a true issue to this newsgroup is micro$oft's
>intention to 100% implement
>the raw sockets specification. (see more info at Steve Gibson'
>http://grc.com/dos/winxp.htm)

>welcome to the jungle,

>ricardo

Oh puleeese!

1) It's not too tough to "crack" any software registration program when 
someone yahoo shares their enterprise license key - this is not cracking - 
this is a known registration number that is now warez.
2) Gibson has just admitted how *not* bright he is.  His scenario involves 
getting a piece of code onto a WIndows XP box on the Internet.  I'll skip 
the piece about how you must first compromise a system or get a user to 
launch a piece of code - so just for arguments sake, let's assume we send 
an email to an XP user and get them to launch the code.  The code is a 
zombie client that is launched as part of a DDOS attack and uses raw 
sockets to spoof the originating IP address
Here is where Gibson's thesis falls apart.  Gibson claims that in order to 
do this kind of attack on NT4 or Windows 2000, you must first load a 
special packet driver (and reboot), then load a special IP stack (and then 
I'm guessing, reboot), and then write special code to leverage all of 
this.  If this were indeed the case, Gibson might have a point - it would 
be difficult to write script kiddie code to do this.  However, it is far 
simpler than all of this.  I guess he's never heard of dynamically loading 
packet drivers or winpcap!  Any thirteen year old has already figured out 
how to do this.
All he'd have to do is add one additional file to his trojan package - and 
he could get any NT4 or Win2K machine to be part of his DDOS army.  Weld 
Pond has much more to say about this at HNN 
(http://www.stake.com/security_news/arch.html?060501)
If Gibson isn't bright enough to figure out how to write a script kiddie 
trojan to dynamically load the packet driver, I don't trust him enough to 
be telling the world that he thinks there's a problem.  Besides, if this 
was really a problem, we'd already see this occuring on Win32 systems, Unix 
systems, Mac systems, etc - all of which support raw sockets.  Methinks 
Gibsons diatribe was one more of wanting publicity for himself or his site 
than making a legitimate statment.  He's also shown that he thoroughly 
misunderstands IDS products, and how to protect himself from being 
trojaned: http://www.theregister.co.uk/content/8/19469.html with something 
that should have been detected with his antivirus product
===============
Fenris, The Wolf
cAre to lend a hAnd?
===============