Thought I might weigh in with a serious comment (although I might regret it later ;) ).
Any Web hack attack can be sent using the openssl s_client program. You pipe your attack over an SSL connection to port 443 (or to whatever port is defined as an SSL port on the victim host). This has been around for ages. Actually, I am a little surprised in retrospect that I haven't seen much use of it. Maybe I took this a little too seriously but this is nothing new. Job On 9-Jun-2004 03:00:18 +0200, you wrote: > We're all feeling a little silly today. This thread has kept me chuckling all > day tho. I don't know what's funnier, the tongue-in-cheek replies or the > serious ones! > > > > On Tuesday 08 June 2004 16:06, Picciano, Anthony wrote: > > Did I pick or weird day to join this maillist, or is it always this silly? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Micah > > McNelly > > Sent: Tuesday, June 08, 2004 4:32 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely > > Discovered! > > > > > > Greatest post of all time. > > > > /me claps. > > > > /m > > ----- Original Message ----- > > From: "Goudie, Derek" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, June 08, 2004 1:54 PM > > Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely > > Discovered! > > > > > Thanks! I needed that.... > > > > > > -----Original Message----- > > > From: Jakob J�nger [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, June 08, 2004 1:01 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely > > > Discovered! > > > > > > Hi, > > > > > > I just can admit to what Billy wrote. The Firewall of my PDA is getting > > > hot. It plays "Yellow Submarine" everytime I press the escape-key. It > > > has to be something like this crypto-thing. I don't know what "crypto" > > > means but it seems to be encrypted with EnglishLanguageProtocol. > > > Believe me, I have been the administrator of my PDA since I was three > > > years old. > > > > > > Jakob > > > > > > > Whatever ssl is, I don't know but it's using the so-called "ssl" > > > > port on the web servers. > > > > > > > > But this port 443 is not SSH! Why should it be encrypted? And what > > > > is this "ssl" thing? I've been in IT for many years and I am now IT > > > > Director here at the bank... I would think that I would know what > > > > "ssl" would be. I don't think this worm has anything to do with > > > > whatever "ssl" is. Does anybody even still use ssl? That's probably > > > > why the hackers chose it. > > > > > > > >Sorry to say but it is not! I checked my incoming traffic again this > > > > > > morning > > > > > > >and the attack on port 443 is still coming in full steam ahead! I > > > > > > don't know > > > > > > >what's going on, but I am about to block that port on my firewall. > > > > > > Some > > > > > > >nitwit (probably the idiot that was here before I became IT Director) > > > >somehow, for some reason, deliberately opened port 443 on the > > > > > > firewalls! > > > > > > >I am beginning to think that this is the first wave of the new coming > > > > > > global > > > > > > >crypto-storm! > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
