'Re: [Full-disclosure] some considerations on Ettercap code'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] some considerations on Ettercap code
From:       exploit dev <extraexploit () gmail ! com>
Date:       2010-12-29 19:53:28
Message-ID: AANLkTinWUftkVj=+0ujNr_9FSvXT8baR0UGFGnqDX6vE () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Wendel,

My post is not about the possibility that the Ettercap code was been
backdoored or not. I have only try to explain (with very few details) how is
possible find breaches in well known web sites (like sourceforge) starting
from the analaysis of source ode of a p(php/perl/python)bot.
Nothing else. If I have more time to spent for this, I will post an
explanation of my "mind map" that I used months ago for start to study this
kind of bot.

Regards.


On Wed, Dec 29, 2010 at 8:24 PM, Wendel Guglielmetti Henrique <
wsguglielmetti@gmail.com> wrote:

> Hi,
>
> One of the claims made in the zine was that they compromised the
> popular ARP-Spoofing toolkit – Ettercap, and implied that the code had
> been altered several years ago. The implication was that a backdoor
> was placed in the code. However, there is no evidence...
>
> We wrote a post about that @ SpiderLabs blog.
>
>
> http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html
>
> Best regards
>
> On Wed, Dec 29, 2010 at 12:32 PM, exploit dev <extraexploit@gmail.com>
> wrote:
> > If you are interested
> >
> http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html
> >
> > Regards
> >
> > --
> > http://extraexploit.blogspot.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Wendel Guglielmetti Henrique
> http://wsec.110mb.com/ - Personal HomePage
>



-- 
http://extraexploit.blogspot.com

[Attachment #5 (text/html)]

Hi Wendel,<br><br>My post is not about the possibility that the Ettercap code was been \
backdoored or not. I have only try to explain (with very few details) how is possible find \
breaches in well known web sites (like sourceforge) starting from the analaysis of source ode \
of a p(php/perl/python)bot. <br> Nothing else. If I have more time to spent for this, I will \
post an explanation of my &quot;mind map&quot; that I used months ago for start to study this \
kind of bot.<br><br>Regards.<br><br><br><div class="gmail_quote">On Wed, Dec 29, 2010 at 8:24 \
PM, Wendel Guglielmetti Henrique <span dir="ltr">&lt;<a \
href="mailto:wsguglielmetti@gmail.com">wsguglielmetti@gmail.com</a>&gt;</span> wrote:<br> \
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid \
rgb(204, 204, 204); padding-left: 1ex;">Hi,<br> <br>
One of the claims made in the zine was that they compromised the<br>
popular ARP-Spoofing toolkit – Ettercap, and implied that the code had<br>
been altered several years ago. The implication was that a backdoor<br>
was placed in the code. However, there is no evidence...<br>
<br>
We wrote a post about that @ SpiderLabs blog.<br>
<br>
<a href="http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html" \
target="_blank">http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html</a><br>
 <br>
Best regards<br>
<div><div></div><div class="h5"><br>
On Wed, Dec 29, 2010 at 12:32 PM, exploit dev &lt;<a \
href="mailto:extraexploit@gmail.com">extraexploit@gmail.com</a>&gt; wrote:<br> &gt; If you are \
interested<br> &gt; <a \
href="http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html" \
target="_blank">http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html</a><br>
 &gt;<br>
&gt; Regards<br>
&gt;<br>
&gt; --<br>
&gt; <a href="http://extraexploit.blogspot.com" \
target="_blank">http://extraexploit.blogspot.com</a><br> &gt;<br>
</div></div><div><div></div><div class="h5">&gt; \
_______________________________________________<br> &gt; Full-Disclosure - We believe in \
it.<br> &gt; Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> &gt; Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> &gt;<br>
<br>
<br>
<br>
</div></div><font color="#888888">--<br>
Wendel Guglielmetti Henrique<br>
<a href="http://wsec.110mb.com/" target="_blank">http://wsec.110mb.com/</a> - Personal \
HomePage<br> </font></blockquote></div><br><br clear="all"><br>-- <br><a \
href="http://extraexploit.blogspot.com">http://extraexploit.blogspot.com</a><br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic