New toy: SSLbar
Steven M. Bellovin
smb at research.att.com
Wed Jun 25 09:21:21 EDT 2003
In message <3EF985BD.FDF09E0D at systemics.com>, Ian Grigg writes:
>
>Also, to impune the plug-in arrangement is to
>impune all plug-ins, and to impune the download
>from an unknown is to impune all downloads from
>unknowns.
Sounds about right...
...
>
>I.e., "download this fantastic tool" which
>just so annoyingly includes a trojan from the
>person who manages the site doesn't seem to
>occur as a real attack with any frequency.
In fact, the "come and get it" method seems to exceed the "scan and
'sploit" method of building botnets. That is, Trojans are a very
active method of infection.
>
>(Partly because it takes a long time to find
>the right victim, and partly because it
>leaves the attacker static and vulnerable,
>I'm guessing. In comparison, it seems that
>attackers get much better results by using
>targetted mass mailings tools to deliver
>their EMD.)
Botnets communicate via IRC, among many other ways. Sometimes, they
even use encrypted channels....
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list