[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] some considerations on Ettercap code
From: exploit dev <extraexploit () gmail ! com>
Date: 2010-12-29 19:53:28
Message-ID: AANLkTinWUftkVj=+0ujNr_9FSvXT8baR0UGFGnqDX6vE () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Wendel,
My post is not about the possibility that the Ettercap code was been
backdoored or not. I have only try to explain (with very few details) how is
possible find breaches in well known web sites (like sourceforge) starting
from the analaysis of source ode of a p(php/perl/python)bot.
Nothing else. If I have more time to spent for this, I will post an
explanation of my "mind map" that I used months ago for start to study this
kind of bot.
Regards.
On Wed, Dec 29, 2010 at 8:24 PM, Wendel Guglielmetti Henrique <
wsguglielmetti@gmail.com> wrote:
> Hi,
>
> One of the claims made in the zine was that they compromised the
> popular ARP-Spoofing toolkit – Ettercap, and implied that the code had
> been altered several years ago. The implication was that a backdoor
> was placed in the code. However, there is no evidence...
>
> We wrote a post about that @ SpiderLabs blog.
>
>
> http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html
>
> Best regards
>
> On Wed, Dec 29, 2010 at 12:32 PM, exploit dev <extraexploit@gmail.com>
> wrote:
> > If you are interested
> >
> http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html
> >
> > Regards
> >
> > --
> > http://extraexploit.blogspot.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Wendel Guglielmetti Henrique
> http://wsec.110mb.com/ - Personal HomePage
>
--
http://extraexploit.blogspot.com
[Attachment #5 (text/html)]
Hi Wendel,<br><br>My post is not about the possibility that the Ettercap code was been \
backdoored or not. I have only try to explain (with very few details) how is possible find \
breaches in well known web sites (like sourceforge) starting from the analaysis of source ode \
of a p(php/perl/python)bot. <br> Nothing else. If I have more time to spent for this, I will \
post an explanation of my "mind map" that I used months ago for start to study this \
kind of bot.<br><br>Regards.<br><br><br><div class="gmail_quote">On Wed, Dec 29, 2010 at 8:24 \
PM, Wendel Guglielmetti Henrique <span dir="ltr"><<a \
href="mailto:wsguglielmetti@gmail.com">wsguglielmetti@gmail.com</a>></span> wrote:<br> \
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid \
rgb(204, 204, 204); padding-left: 1ex;">Hi,<br> <br>
One of the claims made in the zine was that they compromised the<br>
popular ARP-Spoofing toolkit – Ettercap, and implied that the code had<br>
been altered several years ago. The implication was that a backdoor<br>
was placed in the code. However, there is no evidence...<br>
<br>
We wrote a post about that @ SpiderLabs blog.<br>
<br>
<a href="http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html" \
target="_blank">http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html</a><br>
<br>
Best regards<br>
<div><div></div><div class="h5"><br>
On Wed, Dec 29, 2010 at 12:32 PM, exploit dev <<a \
href="mailto:extraexploit@gmail.com">extraexploit@gmail.com</a>> wrote:<br> > If you are \
interested<br> > <a \
href="http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html" \
target="_blank">http://extraexploit.blogspot.com/2010/12/some-considerations-on-ettercap-source.html</a><br>
><br>
> Regards<br>
><br>
> --<br>
> <a href="http://extraexploit.blogspot.com" \
target="_blank">http://extraexploit.blogspot.com</a><br> ><br>
</div></div><div><div></div><div class="h5">> \
_______________________________________________<br> > Full-Disclosure - We believe in \
it.<br> > Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> > Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> ><br>
<br>
<br>
<br>
</div></div><font color="#888888">--<br>
Wendel Guglielmetti Henrique<br>
<a href="http://wsec.110mb.com/" target="_blank">http://wsec.110mb.com/</a> - Personal \
HomePage<br> </font></blockquote></div><br><br clear="all"><br>-- <br><a \
href="http://extraexploit.blogspot.com">http://extraexploit.blogspot.com</a><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic