[extropy-chat] SPAM: more news
Rik van Riel
riel at surriel.com
Wed Feb 25 22:11:43 UTC 2004
On Mon, 16 Feb 2004, Russell Evermore wrote:
> But here's the thing. Why do I keep getting stuck on the notion that
> IE and Outlook Express may simply "appear" more vulnerable because a
> gajillon seething, anti-Microsoft, Gates bashing,
> jealous-of-the-fact-a-geeky-nerd-actually-made-it-big, vandal
> mentality hackers keep relentlessly attacking these products?
The current wave of spam zombie trojans definately isn't
being written by hobbyists. Lists of IP address / port
number combinations for spam proxies are being SOLD by the
professional criminals creating the software.
The crackers finding security bugs for status seem to hang
out on bugtraq and full-disclosure nowadays, writing up neat
looking reports on how they discovered the bug, how they
told the vendor and often a demo exploit attached.
I wouldn't be surprised if those folks kept track of who
discovered the most security holes ;)
The internet has opened up a whole new way to measure "who's
the best security hole finder" than the 1990's "lets see how
many machines get infected with my virus" ...
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
More information about the extropy-chat