[13699] in cryptography@c2.net mail archive
Re: New toy: SSLbar
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jun 25 10:30:17 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: cryptography@metzdowd.com
Date: Wed, 25 Jun 2003 09:21:21 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <3EF985BD.FDF09E0D@systemics.com>, Ian Grigg writes:
>
>Also, to impune the plug-in arrangement is to
>impune all plug-ins, and to impune the download
>from an unknown is to impune all downloads from
>unknowns.
Sounds about right...
...
>
>I.e., "download this fantastic tool" which
>just so annoyingly includes a trojan from the
>person who manages the site doesn't seem to
>occur as a real attack with any frequency.
In fact, the "come and get it" method seems to exceed the "scan and
'sploit" method of building botnets. That is, Trojans are a very
active method of infection.
>
>(Partly because it takes a long time to find
>the right victim, and partly because it
>leaves the attacker static and vulnerable,
>I'm guessing. In comparison, it seems that
>attackers get much better results by using
>targetted mass mailings tools to deliver
>their EMD.)
Botnets communicate via IRC, among many other ways. Sometimes, they
even use encrypted channels....
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
