> On Jul 12, 2004, at 9:51 AM, Jochem van Dieten wrote:
>>
>> You were hacked through the SSL exploits before te patch came out?
>
> The day before.
You have reported that to the proper authorities, haven't you?
AFAIK there is a common belief that the patch was there before
public exploits. (For the SSL issues at least, not necessarily so
for the LSASS issues.)
>> How did you trace it back to a particular exploit? If you didn't
>> discover it for a while, they had quite a while to cover their
>> tracks.
>
> It was a few days later, one of our customers had complained about SSL
> not working right, so I did some testing and uncovered some strange
> text being displayed via SSL but not port 80. I tracked it down on the
> server and realized pretty quickly what had happened.
I don't find that very convincing evidence for a zero day attack.
Not to dispute that you were attacked, but what makes you believe
it was a zero day?
> A co-worker
> found the specific exploit via a search, and within a short while the
> server was patched accordingly.
You claim to have been hacked by somebody with sufficient skill
to launch a zero day attack, yet you do not take the server apart
and completely rebuild it afterwards? How do you know your server
isn't completely Trojaned, has all sorts of extra accounts for
remote administration and who knows what else?
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
