Full Disclosure mailing list archives

Re: DCOM RPC exploit (dcom.c)


From: Neeko Oni <neeko () haackey com>
Date: Sun, 27 Jul 2003 10:31:20 -0700 (PDT)

(I originally quoted parts of the original message here, but I decided to
make a generic, reusable summary incase more PaidtoPlay admins come out.)  

Joe Admin of Faceless Corp wrote:
blah, blah, blah ... can't be expected to secure our machines ... blah ...
willing to sacrifice the routers of the world when we get infected ... 
blah ... blah ... you just don't understand business ... blah ... blah ...
need time for porn and CS ... blah ... blah ... blah ... $$$ ... $$$ ...
... lots of servers ... too lazy to patch ... shouldn't be expected to ...
$$$ ... $$$ ...

AND THEN ...
[buzzword] ... $$$ ... $$$ ... $$$ ... [buzzword]


When someone makes a hole public, consider it exploited.  When the exploit
goes public it just means people like Chris can make a dollar off it, and
your would-be attackers will be clueless hordes instead of refined attackers.

Very little actually changes between advisory release and exploit release;  
it's just enough to make you guys put away the games and work for a bit, and
boo-hoo for you.

It's amazing how defensive you guys get when your CS&Porn paychecks are 
threatened; don't worry!  I doubt your managers read F-D/etc. 
:)

.Neek
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: