[18520] in bugtraq
Re: New DDoS?
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Jan 10 13:19:56 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200101100557.QAA04214@caligula.anu.edu.au>
Date: Wed, 10 Jan 2001 16:57:07 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: ryan@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.30.0101091109020.19401-100000@mail> from Ryan Russell
at "Jan 9, 1 11:16:30 am"
In some mail from Ryan Russell, sie said:
[...]
> The attack would have to be subtle (i.e. not crash the browser) and the
> site would have to be popular, but not very carefully watched by the
> administrators. In fact, given a powerful enough hole, this is a good way
> to build an army of traditional zombies. Or steal loads of personal info
> off of clients.
What about placement (or addition) of an ActiveX control (which downloads
into IE on the quiet) that's not quite so benign ?
Darren
