On 08/25/2011 03:42 AM, Dan Kaminsky wrote: > On Wed, Aug 24, 2011 at 10:52 PM, root <[email protected]> wrote: > >> >>> Seriously. This is Zalewski we're talking about. If you've extended his >>> work, you're doing something right. >> >> >> Or perhaps, not. Respectfully, fuck this elitist bullshit. >> I'm sure you and your friend are good hard-working guys. But you should >> not be the focus of every press release, specially if you didn't find >> the damn bug. >> >> > OK, so I looked into it. > > Zalewski's stuff in 2007 was about bandwidth amplification -- with a few > requests, you could get a server to send you a truly enormous amount of > data. Kingcope's attack shares the same vector (multiple range requests) > but uses it entirely differently, not as a drain of bandwidth on the client > but against memory on the server. Different DoS, same buggy code. > > Think of it like memory corruption -- in one person's hands, the daemon > simply crashes. In another's, a reverse shell is born. > > I don't think the press has made Zalewski the focus, though. I looked at > the various articles on Google News; here's the distribution of credit I > see: > > Register: Credits both Kingcope and Zalewski by name > Computerworld: Credits both Kingcope and Zalewski by name > LWN/Apache: Credits neither, but links to Kingcope's post directly > H-Online: Credits neither, but links to Kingcope's post directly > ZDNet: Credits neither, but links to Kingcope's post directly > Slashdot: Links to Kingcope's post directly, credits Zalewski by name > CRN: Credits Kingcope exclusively > > For the record, it's a solid find. >
Maybe I overreacted. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
