Incidents
Possible Mail server compromise ? Feb 04 2008 06:28PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 12 2008 11:41PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 18 2008 07:19PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:43AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:33PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 02:38AM
Eduardo Tongson (propolice gmail com)
Re: Possible Mail server compromise ? Feb 19 2008 05:35PM
Bob Toxen (vger verysecurelinux com) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:14AM
Jon Oberheide (jon oberheide org) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 05:11PM
Valdis Kletnieks vt edu (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:25PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 11:07PM
Peter Kosinar (goober ksp sk) (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 10:49AM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
RE: Possible Mail server compromise ? Feb 22 2008 12:38AM
Richard C Lewis (chad mr-lew com) (1 replies)
Re: Possible Mail server compromise ? Feb 26 2008 04:19PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Hi all,
Actually my reply was - intended to be private and secondly wasn't
even finished (made a whoopsie - and the mail went off)
the phrase actually was intended to go like: Have you ever coded an
exploit that checks whether it's in a VM and then decides
to take another execution path ? I heard of multi-payload exploits
capable of doing so, but I'm not sure..

Sorry if this lead to confusion.

Regards,
Faas

On Fri, Feb 22, 2008 at 1:38 AM, Richard C Lewis <chad (at) mr-lew (dot) com [email concealed]> wrote:
> Okay everyone, let's take a break from the keyboard, have an adult beverage
> of your choice and remind ourselves of the PURPOSE of this list...
>
> Sharing of information...
>
> The "Have you ever coded an exploit?" and "My ____ is bigger than your ____"
> attitude doesn't serve to IMPROVE our profession. IF someone really is
> clueless in their response(s), why not include some data/proof to back up
> the argument that they are wrong? This way everyone gets a little education
> in the process and at the very least gets to see a different point of view
> or approach to achieving their objective.
>
> My .02,
> Chad
>
> -----Original Message-----
> From: Faas M. Mathiasen [mailto:faas.m.mathiasen (at) googlemail (dot) com [email concealed]]
> Sent: Thursday, February 21, 2008 5:50 AM
> To: Peter Kosinar
> Cc: incidents (at) securityfocus (dot) com [email concealed]
> Subject: Re: Possible Mail server compromise ?
>
>
>
> Dear Peter,
> > Wrong
> Have you ever coded an exploit ?
>
> On Thu, Feb 21, 2008 at 12:07 AM, Peter Kosinar <goober (at) ksp (dot) sk [email concealed]> wrote:
> > > Nope, you have to distinguish between a sandbox (code is run) to an AV
> > > scanner scanning code in a VM, when the av scanner scans the code, the
> > > code is not executed and cannot decide whether it is inside a VM =)
> >
> > Wrong. This would be true only if the AV didn't have the parsing bug in
> > the first place. If the AV is buggy and allows some form of arbitrary
> code
> > execution, the attacker -does- have the code executed inside the VM; and
> > nothing stands in his way of detecting whether it's a real machine or
> not.
> > If, on the other hand, the AV was not vulnerable... then, what would be
> > the gain of running it inside a VM? :-)
> >
> > Peter
> >
> > --
> > [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
> >
> >
> >
>
>
>

[ reply ]
Re: Possible Mail server compromise ? Feb 19 2008 06:46PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:48PM
Eygene Ryabinkin (rea-sec codelabs ru) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 10:59PM
Valdis Kletnieks vt edu (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 10:31AM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 05:13PM
Paul Schmehl (pauls utdallas edu)
Re: Possible Mail server compromise ? Feb 20 2008 07:10PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Re: Possible Mail server compromise ? Feb 20 2008 07:05AM
Bob Toxen (vger VerySecureLinux com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:25PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Re: Possible Mail server compromise ? Feb 20 2008 01:51AM
Valdis Kletnieks vt edu
Re: Possible Mail server compromise ? Feb 13 2008 09:55AM
Michael Loftis (mloftis wgops com)
Re: Possible Mail server compromise ? Feb 13 2008 05:09AM
Jon Oberheide (jon oberheide org)
Re: Possible Mail server compromise ? Feb 04 2008 07:05PM
Jon R. Kibler (Jon Kibler aset com) (1 replies)
Re: Possible Mail server compromise ? Feb 04 2008 09:39PM
Tony Maupin (tony themaupins com) (1 replies)
Re: Possible Mail server compromise ? Feb 04 2008 09:57PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 05 2008 05:49PM
Valdis Kletnieks vt edu
RE: Possible Mail server compromise ? Feb 04 2008 06:58PM
Worrell, Brian (BWorrell isdh IN gov)


 

Privacy Statement
Copyright 2010, SecurityFocus