On Wed, Aug 24, 2011 at 10:52 PM, root <[email protected]> wrote:
> > > Seriously. This is Zalewski we're talking about. If you've extended his > > work, you're doing something right. > > > Or perhaps, not. Respectfully, fuck this elitist bullshit. > I'm sure you and your friend are good hard-working guys. But you should > not be the focus of every press release, specially if you didn't find > the damn bug. > > OK, so I looked into it. Zalewski's stuff in 2007 was about bandwidth amplification -- with a few requests, you could get a server to send you a truly enormous amount of data. Kingcope's attack shares the same vector (multiple range requests) but uses it entirely differently, not as a drain of bandwidth on the client but against memory on the server. Different DoS, same buggy code. Think of it like memory corruption -- in one person's hands, the daemon simply crashes. In another's, a reverse shell is born. I don't think the press has made Zalewski the focus, though. I looked at the various articles on Google News; here's the distribution of credit I see: Register: Credits both Kingcope and Zalewski by name Computerworld: Credits both Kingcope and Zalewski by name LWN/Apache: Credits neither, but links to Kingcope's post directly H-Online: Credits neither, but links to Kingcope's post directly ZDNet: Credits neither, but links to Kingcope's post directly Slashdot: Links to Kingcope's post directly, credits Zalewski by name CRN: Credits Kingcope exclusively For the record, it's a solid find.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
