Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: InfoSec News (isn_at_c4i.org)
Date: Thu Jan 30 2003 - 02:51:26 CST
Forwarded from: security curmudgeon <jerichoattrition.org>
> By Dennis Fisher
> January 27, 2003
> Signatures within the worm's source code indicate that a group known
> as the Honker Union of China - also known as the Hacker Union of
> China - may be responsible for writing the code, according to
> security experts who have analyzed the code. However, experts
> caution that although they are certain of the code's origins,
> someone else may have actually loosed the worm on the Internet.
> "We're 100 percent certain this was based on the CNHonker code,"
> said Chris Rouland, director of the X-Force research team at
> Internet Security Systems Inc., in Atlanta. "But that doesn't mean
> they released it."
Forwarded from the Full Disclosure mailing list:
On Wed, 29 Jan 2003, David Litchfield wrote:
: [Some have suggested that the worm used (a person known as) lion's
: code as a template - in fact lion's code is an exact cut and paste of
: my code - so any suggestions that lion or the Chinese group he belongs
: to are responsible are probably erroneous. Also the suggestion that
: because there were 8 NOPs in the worm code this "proved" it was a
: hacker known as nop (of the same Chiense group) and this was his/her
: signature is also very wide of the mark - the presence of the NOPs is
: simply as a result of my code.]
Wonder if Rouland would like to respond to that and his 100% certainty
or if this was factored into the 'research' that lead to this
And while we're on the topic of ISS and their "brief" (notice the
legalise is longer than the content posted ) of the Slammer worm, I
wonder why ISS then recommends using ISS Realsecure and ISS Scanner to
help mitigate the worm. Checking SQLSecurityForum, we see that both
products include SQL Server/MSDE that is vulnerable to same thing they
are trying to protect against. Hope we see some advisories on these
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.