http://www.extrapepperoni.com/2007/01/11/moab-feh/ Chris Pepper on whatever (the non-Julia blog) Tue, 06 Jan 2009 04:17:34 +0000 http://wordpress.org/?v=2.7 hourly 1 http://www.extrapepperoni.com/2007/01/11/moab-feh/comment-page-1/#comment-7 .:Computer Defense:. » Oracle to release pre-patch notifications; Drama from MOAB. Fri, 12 Jan 2007 02:59:19 +0000 http://www.extrapepperoni.com/2007/01/11/moab-feh/#comment-7 <p>[...] Secondly it seems there’s been some interesting activities spurred from the MOAB project.  Apparently some “enterprising” individuals were scanning the directories where the new MOABs were being posted. To put a stop to this LMH put up a backdoored exploit ( Article 1 | Article 2 ). I’m not sure I’m impressed with this… After reading LMH’s blog post on the subject and seeing this line, “It’s just that you’ve been caught doing a rather unethical business.”, yet I would say that backdooring the “pre-release” file is much worse. There are those that would say that putting something on a public website, whether or not you provide a link to it, makes it publicly available. If you don’t want people to have it, don’t add it to the website. In the first article I linked, there was mention of MOAB saying, “We didn’t install it, the user did”… and as the first article says, this is how plenty of malware spreads… Blaming the user is just wrong. [...]</p> [...] Secondly it seems there’s been some interesting activities spurred from the MOAB project.  Apparently some “enterprising” individuals were scanning the directories where the new MOABs were being posted. To put a stop to this LMH put up a backdoored exploit ( Article 1 | Article 2 ). I’m not sure I’m impressed with this… After reading LMH’s blog post on the subject and seeing this line, “It’s just that you’ve been caught doing a rather unethical business.”, yet I would say that backdooring the “pre-release” file is much worse. There are those that would say that putting something on a public website, whether or not you provide a link to it, makes it publicly available. If you don’t want people to have it, don’t add it to the website. In the first article I linked, there was mention of MOAB saying, “We didn’t install it, the user did”… and as the first article says, this is how plenty of malware spreads… Blaming the user is just wrong. [...]

]]> http://www.extrapepperoni.com/2007/01/11/moab-feh/comment-page-1/#comment-6 On the Month of Apple Bugs, Backdoor Drama, and Why Security Researches Need Exceptional Ethics | securosis.com Thu, 11 Jan 2007 23:19:36 +0000 http://www.extrapepperoni.com/2007/01/11/moab-feh/#comment-6 <p>[...] Being on the road this week, I missed the latest drama at the Month of Apple Bugs pointed out in this post by Chris Pepper. (One thing Chris doesn’t mention is that this backdoor was only included in a pre-release version of the exploit, not the released proof of concept code). [...]</p> [...] Being on the road this week, I missed the latest drama at the Month of Apple Bugs pointed out in this post by Chris Pepper. (One thing Chris doesn’t mention is that this backdoor was only included in a pre-release version of the exploit, not the released proof of concept code). [...]

]]>