Full Disclosure mailing list archives

Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]

From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 15 Dec 2005 19:06:40 -0000


Valdis.Kletnieks () vt edu wrote in 
news:200512151842.jBFIgnLu012104 () turing-police cc vt edu
On Wed, 14 Dec 2005 16:27:57 PST, Geoff Shively said:

In the attacks, Paller said, the perpetrators "were in and out with no
keystroke errors and left no fingerprints, and created a backdoor in less
than 30 minutes. How can this be done by anyone other than a military
organization?"
[/snip]

Yes, it must have been military, becuase they rooted the box in under 30
minutes, BAH!


On the other hand, let's think about this for a moment.  They weren't *IN*
in 30 minutes, they were *IN AND OUT* in 30 minutes.

Sure, *anybody* can just r00t a box and leave a backdoor in 30 seconds. 
But
that doesn't actually *accomplish* anything


  Your argument here isn't addressing the issue.  We're tackling the false 
assumption that "anyone other than a military organization" *could* do this. 
You're tackling the issue of whether anyone other than a military 
organization *would* do it.

  I agree with Geoff: it's a massive and essentially fraudulent 
extrapolation to go from "in and out in 30 minutes" and "didn't make typos" 
to "must have been done by a military organisation", because neither of 
those things are things that only military organisations can do.

You hack into a big Oracle server. You're sitting there looking at a '#'
prompt. *NOW* what do you do?

You hack into a file server.  You're sitting there looking at a '#' prompt.
*NOW* what do you do?


  As it suggests in the article, I don't do anything except create a 
backdoor and leave.  Then I can come back at my leisure, perhaps repeatedly 
over a long period, taking my time to see what's on the filing system and 
making as many un-logged typos as I wish.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers] Geoff Shively (Dec 14)
- Re: Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers] InfoSecBOFH (Dec 14)
- Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers] sk / GroundZero (Dec 15)
  - Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers] c0ntex (Dec 15)
- RE: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers] Paul Melson (Dec 15)
- Re: Someone is running his mouth again... [Hacker attacks in US linked to Chinese military: researchers] Valdis . Kletnieks (Dec 15)
  - Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers] Dave Korn (Dec 15)